Apparatus and method for conducting secure financial transactions
First Claim
1. A system for effecting a secure financial transaction with trusted computing technology, comprising:
- a commercial computer system for creating and maintaining accounts for a plurality of users; and
a user computer system including;
a data storage device for storing a computer program code thereon;
a processor that executes said stored computer program code to implement the following components;
a trusted platform module embedded in said user computer system for storing security information relating to the user and at least one account associated with the commercial computer system, anda virtual appliance module for creating at least one protected environment for establishing a secure connection with an external computer system based on at least the security information stored in the trusted platform module;
wherein the commercial computer system creates at least a portion of the security information stored in or sealed by the trusted platform module; and
wherein the protected environment is inaccessible to applications running outside of the protected environment.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for conducting secure electronic transactions using dual-authentications. A secure server stores security information for a plurality of users and authorizes transactions being conducted by these users. A user computer system having a trusted platform module is used for storing security information relating to at least one user account. Protected environments are created to facilitate secure connections based on at least the security information stored in the trusted platform module. Transactions between the user/electronic merchants and between the user/secure server are conducted within protected environments. When a user conducts an electronic transaction with an electronic merchant, the transaction is authenticated by the secure server before can be completed.
-
Citations
18 Claims
-
1. A system for effecting a secure financial transaction with trusted computing technology, comprising:
-
a commercial computer system for creating and maintaining accounts for a plurality of users; and a user computer system including; a data storage device for storing a computer program code thereon; a processor that executes said stored computer program code to implement the following components; a trusted platform module embedded in said user computer system for storing security information relating to the user and at least one account associated with the commercial computer system, and a virtual appliance module for creating at least one protected environment for establishing a secure connection with an external computer system based on at least the security information stored in the trusted platform module; wherein the commercial computer system creates at least a portion of the security information stored in or sealed by the trusted platform module; and wherein the protected environment is inaccessible to applications running outside of the protected environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for conducting secure financial transactions with trusted computing technology, comprising:
-
a secure server for storing security information for a plurality of users and authorizing transactions initiated by the plurality of users; an electronic merchant providing a plurality of products and/or services for purchase; and a user computer system including; a data storage storing a computer program code thereon; a processor that executes said computer program to implement the following components; a trusted platform module embedded in said user computer system for storing security information relating to the user and at least one user account, wherein the security information stored in the trusted platform module is the same security information stored in the secure server, and a virtual appliance module for creating at least one protected environment for establishing a secure connection based on at least the security information stored in the trusted platform module, wherein the protected environment is inaccessible to applications running outside of the protected environment; wherein transactions between the user computer system and the electronic merchant are authenticated by the secure server. - View Dependent Claims (13, 14)
-
-
15. A method of effecting a secure financial transaction between a buyer and a seller via a communication network coupled to a buyer computer and a seller computer using trusted computing technology, said method comprising
establishing a trusted network connection between the computers of the buyer and seller, determining whether the buyer is authorized to perform secure transactions, based on information obtained by the seller computer from the buyer computer, if the buyer is determined to be authorized, establishing a trusted communication path between a secure server and both the seller computer and the buyer computer, transmitting transaction information to the secure server, wherein said transaction information includes secure buyer authentication information stored on a virtual appliance module in the buyer computer, determining, in the secure server, whether the transaction information can be verified, based on information stored in the secure server, and if the transaction information is verified in the secure server, transmitting approval for the transaction to both the seller computer and the buyer computer.
Specification