Sending electronic transaction message, digital signature derived therefrom, and sender identity information in AADS system

US 7,089,421 B2
Filed: 08/26/2004
Issued: 08/08/2006
Est. Priority Date: 11/09/1998
Status: Expired due to Term

First Claim

Patent Images

1. In a system for performing an action, in response to an electronic communication regarding an account, which electronic communication is received from a sender by a receiver, a method comprising the steps of:

(a) initially, associating by the receiver, sender identity information and a public key of a public-private key pair wit the account such that the public key is retrievable based on the sender identity information, wherein the account comprises transactional account information, and wherein the public key is associated with the account in a computer database; and

thereafter(b) receiving the electronic communication from the sender,(i) wherein the electronic communication was created after the association of the sender identity information and the public key with the account in step (a),(ii) wherein the electronic communication comprises,(A) the sender identity information, and(B) a digital signature derived using the private key of the pair from an electronic message possessed first by the sender before the receiver, the sender identity information being different from the electronic message, and(iii) wherein the electronic communication is communicated electronically from the sender; and

(c) validating the identity of the sender for the electronic communication by only performing the steps of,(i) utilizing the sender identity information received in the electronic communication to retrieve the public key based on the association of the sender identity information and the public key with the account performed in step (a), and(ii) comparing a function of the public key and the digital signature with a function of the electronic message, wherein the function of the public key and the digital signature comprises decrypting the digital signature using the public key,whereby a comparison resulting in a match validates the identity of the sender.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a system for performing an action regarding an account in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. The digital signature is derived from an electronic message possessed first by the sender before the receiver. The sender identity information may be different from the electronic message.

25 Citations

View as Search Results

38 Claims

1. In a system for performing an action, in response to an electronic communication regarding an account, which electronic communication is received from a sender by a receiver, a method comprising the steps of:
- (a) initially, associating by the receiver, sender identity information and a public key of a public-private key pair wit the account such that the public key is retrievable based on the sender identity information, wherein the account comprises transactional account information, and wherein the public key is associated with the account in a computer database; and
  
  thereafter(b) receiving the electronic communication from the sender,(i) wherein the electronic communication was created after the association of the sender identity information and the public key with the account in step (a),(ii) wherein the electronic communication comprises,(A) the sender identity information, and(B) a digital signature derived using the private key of the pair from an electronic message possessed first by the sender before the receiver, the sender identity information being different from the electronic message, and(iii) wherein the electronic communication is communicated electronically from the sender; and
  
  (c) validating the identity of the sender for the electronic communication by only performing the steps of,(i) utilizing the sender identity information received in the electronic communication to retrieve the public key based on the association of the sender identity information and the public key with the account performed in step (a), and(ii) comparing a function of the public key and the digital signature with a function of the electronic message, wherein the function of the public key and the digital signature comprises decrypting the digital signature using the public key,whereby a comparison resulting in a match validates the identity of the sender.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 5. The method of claims 1, 2, 3, or 4, wherein the electronic communication includes the electronic message.
  - 6. The method of claims 1, 2, 3, or 4, wherein the electronic message is implied from the receipt of the electronic communication.
  - 7. The method of claims 1, 2, 3, or 4, wherein the digital signature is derived within a smart card of the sender.
  - 8. The method of claims 1, 2, 3, or 4, wherein the digital signature is received from the sender within a terminal of a third-party and then forwarded to the receiver.
  - 9. The method of claims 1, 2, 3, or 4, wherein the electronic communication is received over a secure network.
  - 10. The method of claims 1, 2, 3, or 4, wherein the electronic communication is received over an insecure network.
  - 11. The method of claim 10, wherein the network comprises the Internet.
  - 12. The method of claims 1, 2, 3, or 4, wherein the electronic communication is received encrypted.
  - 13. The method of claims 1, 2, 3, or 4, wherein the electronic communication is received unencrypted.
  - 14. The method of claims 1, 2, 3, or 4, wherein the receiver is a financial institution and the action on the account comprises a financial transaction.
  - 15. The method of claims 1, 2, 3, or 4, wherein the electronic communication includes the public key.
  - 16. The method of claims 1, 2, or 4, wherein the sender identity information comprises the account number.
  - 17. The method of claims 1, 2, or 4, wherein the sender identity information comprises other than the account number.
  - 18. The method of claims 1, 2, 3, or 4, wherein the public key was associated with the account when the account was first established.
  - 19. The method of claim 18, wherein the public key was provided by the sender to the receiver.
  - 20. The method of claim 18, wherein the public key was provided to the sender by the receiver.
  - 21. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes information required to process the action.
  - 22. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes a personal identification number (PIN).
  - 23. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes an account balance representing funds in the account.
  - 24. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes information validated when the account was established.
  - 25. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes information that was validated in a face-to-face acknowledgement between the sender and the receiver.
  - 26. The method of claims 1, 2, 3, or 4, wherein the account comprises a checking account.
  - 27. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes a history of ledger transactions in the account.
  - 28. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes the social security number of the sender.
  - 29. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes the address of the sender.
  - 30. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes the mother'"'"'s maiden name of the sender.
  - 31. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes entity information of the sender.
  - 32. The method of claims 1, 2, 3, or 4, wherein the transactional account information only includes entity information of the sender.
  - 33. The method of claims 1, 2, 3, or 4, wherein the transactional account information includes business process information.
  - 34. The method of claims 1, 2, 3, or 4, wherein the transactional account information is stored in fields in records in a computer database.
  - 35. The method of claim 34, wherein the records comprise an account file.
  - 36. The method of claim 35, wherein the records further comprise a transactions file.
  - 37. The method of claims 1, 2, 3, or 4, wherein the digital signature is derived within a hand-held device of the sender.
  - 38. The method of claims 1, 2, 3, or 4, wherein the function of the electronic message comprises applying a hashing algorithm to the electronic message.

2. In a system for performing an action, in response to an electronic communication regarding an account, which electronic communication is received from a sender by a receiver, a method comprising the steps of:
- (a) initially, associating by the receiver, sender identity information and a public key of a public-private key pair with the account such that the public key is retrievable based on the sender identity information, wherein the account comprises transactional account information, and wherein the public key is associated with the account in a computer database; and
  
  thereafter(b) receiving the electronic communication from the sender,(i) wherein the electronic communication was created after the association of the sender identity information, and the public key with the account in step (a),(ii) wherein the electronic communication comprises,(A) the sender identity information, and(B) a digital signature derived using the private key of the pair from an electronic message possessed first by the sender before the receiver, the sender identity information being different from the electronic message, and(iii) wherein the electronic communication is communicated electronically from the sender; and
  
  (c) validating the identity of the sender for the electronic communication by only performing the steps of,(i) utilizing the sender identity information received in the electronic communication to retrieve the public key based on the association of the sender identity information and the public key with the account performed in step (a), and(ii) comparing a function of the public key and the digital signature with a function of the electronic message, wherein the function of the public key and the digital signature comprises decrypting the digital signature using the public key,whereby a comparison resulting in a match validates the identity of the sender, and wherein neither a PIN nor a password is required to be transmitted to the receiver for validating the identity of the sender.

3. In a system for performing an action, in response to an electronic communication regarding an account, which electronic communication is received from a sender by a receiver, a method comprising the steps of:
- (a) initially, associating by the receiver, sender identity information and a public key of a public-private key pair with the account such that the public key is retrievable based on the sender identity information, wherein the account comprises transactional account information and the sender identity information comprises other than an account number, and wherein the public key is associated with the account in a computer database; and
  
  thereafter(b) receiving the electronic communication from the sender,(i) wherein the electronic communication was created after the association of the sender identity information and the public key with the account in step (a),(ii) wherein the electronic communication comprises,(A) the sender identity information, and(B) a digital signature derived using the private key of the pair from an electronic message possessed first by the sender before the receiver, the sender identity information being different from the electronic message, and(iii) wherein the electronic communication is communicated electronically from the sender; and
  
  (c) validating the identity of the sender for the electronic communication by,(i) utilizing the sender identity information received in the electronic communication to retrieve the public key based on the association of the sender identity information and the public key with the account performed in step (a), and(ii) comparing a function of the public key and the digital signature with a function of the electronic message, wherein the function of the public key and the digital signature comprises decrypting the digital signature using the public key,whereby a comparison resulting in a match validates the identity of the sender.

4. In a system for performing an action, in response to an electronic communication regarding an account, which electronic communication is received from a sender by a receiver, a method comprising the steps of:
- (a) initially, associating by the receiver sender identity information and a public key of a public-private key pair with the account such that the public key is retrievable based on the sender identity information, wherein the account comprises transactional account information, and wherein the public key is associated with the account in a computer database; and
  
  thereafter(b) receiving the electronic communication from the sender,(i) wherein the electronic communication was created after the association of the sender identity information and the public key with the account in step (a),(ii) wherein the electronic communication comprises,(A) the sender identity information, and(B) a digital signature derived using the private key of the pair from an electronic message possessed first by the sender before the receiver, the sender identity information being different from the electronic message, and(iii) wherein the electronic communication is communicated electronically from the sender, and(iv) wherein the electronic communication is the only electronic communication received from the sender by the receiver relating to the action; and
  
  (c) validating the identity of the sender for the electronic communication by,(i) utilizing the sender identity information received in the electronic communication to retrieve the public key based on the association of the sender identity information and the public key with the account performed in step (a), and(ii) comparing a function of the public key and the digital signature with a function of the electronic message, wherein the function of the public key and the digital signature comprises decrypting the digital signature using the public key,whereby a comparison resulting in a match validates the identity of the sender.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Zand, Kambiz

Application Number

US10/711,132
Publication Number

US 20050005118A1
Time in Patent Office

712 Days
Field of Search

713/170, 713/176
US Class Current

713/176
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/10   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3247   involving digital signatures

Sending electronic transaction message, digital signature derived therefrom, and sender identity information in AADS system

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Sending electronic transaction message, digital signature derived therefrom, and sender identity information in AADS system

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links