Authenticating electronic financial transactions

US 8,286,865 B2
Filed: 04/14/2009
Issued: 10/16/2012
Est. Priority Date: 04/14/2008
Status: Active Grant

First Claim

Patent Images

1. A method for securing a financial transaction in an unsecured electronic communications environment, the method comprising:

securely storing in a storage device of a user a cryptographic Private Key; and

creating a Public Key Certificate corresponding to said Private Key, the Public Key Certificate identifying a payment card of the user, and the Public Key Certificate being signed by or on behalf of a financial institution issuing the payment card;

wherein at a time of initiating a payment card financial transaction with a merchant, a data item associated with said financial transaction is signed using the Private Key, and the signed data item and the Public Key Certificate are conveyed to the merchant via the unsecured electronic communications environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To improve security and simplify financial transactions in electronic communications environments, a cryptographic Private Key is securely stored in a storage device of a user. A Public Key Certificate corresponding to the Private Key is also created and can be stored in an online repository for merchant access. The Public Key Certificate identifies a payment card of the user, and is signed by or on behalf of a financial institution issuing the payment card. When initiating a payment card transaction with a merchant, a data item is signed using the Private Key. The signed data item and the Public Key Certificate are conveyed to the merchant, which enables the merchant to authenticate the transaction without needing to communicate with the user'"'"'s financial institution, and while avoiding the inconvenience and privacy issues associated with obtaining other card details and user details.

Citations

12 Claims

1. A method for securing a financial transaction in an unsecured electronic communications environment, the method comprising:
- securely storing in a storage device of a user a cryptographic Private Key; and
  
  creating a Public Key Certificate corresponding to said Private Key, the Public Key Certificate identifying a payment card of the user, and the Public Key Certificate being signed by or on behalf of a financial institution issuing the payment card;
  
  wherein at a time of initiating a payment card financial transaction with a merchant, a data item associated with said financial transaction is signed using the Private Key, and the signed data item and the Public Key Certificate are conveyed to the merchant via the unsecured electronic communications environment.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the storage device comprises a mobile (cellular) telephone subscriber identification module (SIM) card separate to the payment card.
  - 3. The method of claim 1, wherein the creating of the Public Key Certificate includes inserting information which identifies the payment card by including the payment card number.
  - 4. The method of claim 1, further comprising storing the Public Key Certificate in a storage device accessible to a merchant.
  - 5. The method of claim 1, further comprising storing the Public Key Certificate in a storage device of the user.

6. A client application for effecting secure financial transactions in an unsecured electronic communications environment, the client application comprising:
- code for effecting communication with a merchant via the unsecured electronic communications environment in relation to a financial transaction;
  
  code for causing a Private Key associated with a payment card of a user to sign a data item which is associated with said financial transaction;
  
  code for causing the signed data item to be conveyed to the merchant via the unsecured electronic communications environment to effect the financial transaction, wherein the merchant uses a Public Key Certificate corresponding to said Private Key to authenticate the signed data item, the Public Key Certificate identifying the payment card and being signed by or on behalf of a financial institution issuing the payment card.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The client application of claim 6 further comprising code configured to require interfacing of the storage device at the time of each such transaction, in order to require that the user demonstrate possession of the Private Key.
  - 8. The client application of claim 6 comprising code to obtain a transaction-specific message to serve as the data item to be signed by the Private Key.
  - 9. The client application of claim 6, comprising code configured to cause signing using the Private Key to be effected by cryptographic computing power of the storage device itself.
  - 10. The client application of claim 6, wherein the Public Key Certificate includes information which identifies the payment card by including the payment card number, the client application further comprising code to convey the payment card number to the merchant only as part of the Public Key Certificate and not in any raw alphanumeric form.

11. A merchant application for effecting secure financial transactions in an unsecured electronic communications environment, the merchant application comprising:
- code for effecting communication with a customer via the unsecured electronic communications environment in relation to a financial transaction;
  
  code for receiving a Public Key Certificate identifying the payment card of the customer, and for authenticating that the Public Key Certificate has been signed by or on behalf of an issuing financial institution; and
  
  code for using a Public Key contained in the Public Key Certificate to authenticate that a signed data item associated with said financial transaction was signed by a Private Key associated with the payment card, and for making completion of the financial transaction conditional upon such authentication.
- View Dependent Claims (12)
- - 12. The merchant application of claim 11 further comprising, following authentication, carrying out CNP transaction instructions to effect settlement with the relevant issuing financial institution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lockstep Technologies Pty Ltd
Original Assignee
Lockstep Technologies Pty Ltd
Inventors
Wilson, Stephen
Primary Examiner(s)
Haupt, Kristy A

Application Number

US12/937,700
Publication Number

US 20110031310A1
Time in Patent Office

1,281 Days
Field of Search

235/380, 235/382
US Class Current

235/380
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/02   Banking, e.g. interest calc...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Authenticating electronic financial transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating electronic financial transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links