Authenticating electronic financial transactions
First Claim
1. A method for securing a financial transaction in an unsecured electronic communications environment, the method comprising:
- securely storing in a storage device of a user a cryptographic Private Key; and
creating a Public Key Certificate corresponding to said Private Key, the Public Key Certificate identifying a payment card of the user, and the Public Key Certificate being signed by or on behalf of a financial institution issuing the payment card;
wherein at a time of initiating a payment card financial transaction with a merchant, a data item associated with said financial transaction is signed using the Private Key, and the signed data item and the Public Key Certificate are conveyed to the merchant via the unsecured electronic communications environment.
1 Assignment
0 Petitions
Accused Products
Abstract
To improve security and simplify financial transactions in electronic communications environments, a cryptographic Private Key is securely stored in a storage device of a user. A Public Key Certificate corresponding to the Private Key is also created and can be stored in an online repository for merchant access. The Public Key Certificate identifies a payment card of the user, and is signed by or on behalf of a financial institution issuing the payment card. When initiating a payment card transaction with a merchant, a data item is signed using the Private Key. The signed data item and the Public Key Certificate are conveyed to the merchant, which enables the merchant to authenticate the transaction without needing to communicate with the user'"'"'s financial institution, and while avoiding the inconvenience and privacy issues associated with obtaining other card details and user details.
-
Citations
12 Claims
-
1. A method for securing a financial transaction in an unsecured electronic communications environment, the method comprising:
-
securely storing in a storage device of a user a cryptographic Private Key; and creating a Public Key Certificate corresponding to said Private Key, the Public Key Certificate identifying a payment card of the user, and the Public Key Certificate being signed by or on behalf of a financial institution issuing the payment card; wherein at a time of initiating a payment card financial transaction with a merchant, a data item associated with said financial transaction is signed using the Private Key, and the signed data item and the Public Key Certificate are conveyed to the merchant via the unsecured electronic communications environment. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A client application for effecting secure financial transactions in an unsecured electronic communications environment, the client application comprising:
-
code for effecting communication with a merchant via the unsecured electronic communications environment in relation to a financial transaction; code for causing a Private Key associated with a payment card of a user to sign a data item which is associated with said financial transaction; code for causing the signed data item to be conveyed to the merchant via the unsecured electronic communications environment to effect the financial transaction, wherein the merchant uses a Public Key Certificate corresponding to said Private Key to authenticate the signed data item, the Public Key Certificate identifying the payment card and being signed by or on behalf of a financial institution issuing the payment card. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A merchant application for effecting secure financial transactions in an unsecured electronic communications environment, the merchant application comprising:
-
code for effecting communication with a customer via the unsecured electronic communications environment in relation to a financial transaction; code for receiving a Public Key Certificate identifying the payment card of the customer, and for authenticating that the Public Key Certificate has been signed by or on behalf of an issuing financial institution; and code for using a Public Key contained in the Public Key Certificate to authenticate that a signed data item associated with said financial transaction was signed by a Private Key associated with the payment card, and for making completion of the financial transaction conditional upon such authentication. - View Dependent Claims (12)
-
Specification