Three party account authority digital signature (AADS) system

US 8,620,814 B2
Filed: 05/17/2001
Issued: 12/31/2013
Est. Priority Date: 11/09/1998
Status: Expired due to Fees

First Claim

Patent Images

1. In a system for making purchases by customers from merchants, a method comprising the steps of:

(a) initially, for each of a plurality of customers,(i) associating a public key with identity information regarding an account from which payment may be made,(ii) wherein said associating is performed by or on behalf of a financial institution with which the account is maintained; and

, thereafter(b) for a purchase by a particular one of the customers from a merchant,(i) receiving by the merchant both,(A) encoding information for an electronic message representing an account payment instruction, and(B) identity information;

(ii) forwarding with the electronic message, to the financial institution for an account authorization, said received encoding information and said received identity information;

(iii) upon receipt by the financial institution the electronic message, said forwarded encoding information, and said forwarded identity information,(A) retrieving from said associated public keys the public key that is associated with said forwarded identity information, and(B) determining a validation result as a function of the electronic message, said forwarded encoding information, and said retrieved public key and without need of a digital certificate from a certification authority; and

(iv) upon successful validation, performing an account authorization.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for making a purchase by a customer from a merchant, wherein an electronic message represents an instruction for payment from an account with a financial institution, includes a method of: associating a public key with identity information regarding the account; receiving by the merchant both encoding information for the electronic message and the identity information; forwarding by the merchant the electronic message, encoding information, and identity information; upon receipt of the electronic message, the encoding information, and identity information, retrieving the public key associated with the identity information; and determining a validation result as a function of the electronic message, the encoding information, and the retrieved public key. Upon successful validation, an account authorization is performed or payment from the account is made.

125 Citations

72 Claims

1. In a system for making purchases by customers from merchants, a method comprising the steps of:
- (a) initially, for each of a plurality of customers,(i) associating a public key with identity information regarding an account from which payment may be made,(ii) wherein said associating is performed by or on behalf of a financial institution with which the account is maintained; and
  
  , thereafter(b) for a purchase by a particular one of the customers from a merchant,(i) receiving by the merchant both,(A) encoding information for an electronic message representing an account payment instruction, and(B) identity information;
  
  (ii) forwarding with the electronic message, to the financial institution for an account authorization, said received encoding information and said received identity information;
  
  (iii) upon receipt by the financial institution the electronic message, said forwarded encoding information, and said forwarded identity information,(A) retrieving from said associated public keys the public key that is associated with said forwarded identity information, and(B) determining a validation result as a function of the electronic message, said forwarded encoding information, and said retrieved public key and without need of a digital certificate from a certification authority; and
  
  (iv) upon successful validation, performing an account authorization.
- View Dependent Claims (2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 32, 33)
- - 2. The system of claim 1, wherein the electronic message, encoding information, and identity information are communicated over a network by the merchant to the financial institution.
  - 3. The system of claim 2, wherein the network is closed and secure.
  - 4. The system of claim 2, wherein the network is open and insecure.
  - 5. The system of claim 4, wherein the network comprises the Internet.
  - 7. The system of claim 1 or 6, wherein both (i) the encoding information for the electronic message, and (ii) the identity information are received from the customer by the merchant through a merchant point-of-sale terminal.
  - 8. The system of claim 7, further comprising receiving the electronic message from the customer through the merchant point-of-sale terminal.
  - 9. The system of claim 7, wherein the encoding information and the identity information are communicated from a smart card of the customer.
  - 10. The system of claim 7, further comprising first communicating by the merchant data representing the electronic message to the customer for generation of the encoding information by the customer.
  - 11. The system of claim 10, wherein the data representing the electronic message is received within a smart card of the customer.
  - 12. The system of claim 11, further comprising encrypting the received data within the smart card of the customer, the encoding information comprising the encrypted data.
  - 13. The system of claim 11, further comprising calculating a hash value for the received data within the smart card and encrypting the calculated hash value, the encoding information comprising the encrypted hash value.
  - 14. The system of claim 1 or 6, wherein the accounts are maintained for the benefit of the customers.
  - 15. The system of claim 1 or 6, wherein the electronic message is received by the merchant from the customer.
  - 16. The system of claim 1 or 6, wherein the encoding information and identity information are received over a network by the merchant from the customer.
  - 17. The system of claim 16, wherein the network is closed and secure.
  - 18. The system of claim 16, wherein the network is open and insecure.
  - 19. The system of claim 16, wherein the network comprises the Internet.
  - 20. The system of claim 1 or 6, wherein said step for each customer of associating a public key with identity information regarding an account comprises recording the public key in a database such that the public key is retrievable from the database based on the identity information.
  - 21. The system of claim 1 or 6, wherein the encoding information comprises a digital signature.
  - 22. The system of claim 1 or 6, wherein the identity information comprises account information.
  - 23. The system of claim 22, wherein the account information comprises an account number.
  - 24. The system of claim 22, wherein the account information comprises an identifier of the financial institution.
  - 25. The system of claim 1 or 6, wherein said step of determining a validation result comprises,(a) applying said retrieved public key to said forwarded encoding information to produce unencoded information,(b) calculating a hash value for the electronic message, and(c) comparing the unencoded information with the hash value.
  - 26. The system of claim 25, wherein said step of determining a validation result further comprises confirming the availability of sufficient funds in the account to satisfy payment from the account.
  - 32. The system of claim 1, 6, 27, or 28, wherein the public key associated with said forwarded identity information is not provided, by either the merchant or the customer, to the entity that determines the validation result.
  - 33. The system of claim 1, 6, 27, or 28, wherein no digital certificate is received from the merchant for use in determining the validation result.

6. In a system for making purchases by customers from merchants, a method comprising the steps of:
- (a) initially, for each of a plurality of customers,(i) associating a public key with identity information regarding an account from which payment may be made,(ii) wherein said associating is performed by or on behalf of a financial institution with which the account is maintained; and
  
  , thereafter(b) for a purchase by a particular one of the customers from a merchant,(i) receiving by the merchant both,(A) encoding information for an electronic message representing an account payment instruction to a financial institution, and(B) identity information;
  
  (ii) forwarding with the electronic message, to the financial institution, said received encoding information and said received identity information;
  
  (iii) upon receipt by the financial institution of the electronic message, said forwarded encoding information, and said forwarded identity information,(A) retrieving from said associated public keys the public key associated with said forwarded identity information, and(B) determining a validation result as a function of the electronic message, said forwarded encoding information, and said retrieved public key and without need of a digital certificate from a certification authority; and
  
  (iv) upon successful validation, making payment from the account.

27. In a system for making purchases by customers from merchants, wherein electronic messages represent payments from accounts with financial institutions, and wherein, for each customer, identity information regarding an account has been associated with a public key by or on behalf of a financial institution, a method comprising the steps of:
- (a) receiving from a merchant,(i) an electronic message,(ii) encoding information for the electronic message, and(iii) identity information;
  
  (b) retrieving from said associated public keys the public key that is associated with said received identity information;
  
  (c) determining a validation result as a function of said received electronic message, said received encoding information, and said retrieved public key and without need of a digital certificate from a certification authority; and
  
  (d) upon successful validation, performing an account authorization.
- View Dependent Claims (29, 30, 31, 43, 44, 45, 46, 47, 48, 49, 51, 52, 53, 54, 55, 56, 57, 58)
- - 29. The system of claim 27 or 28, further comprising recording, for each customer, the public key in a database such that the public key is retrievable from the database based on the identity information, whereby the public key is associated with the identity information.
  - 30. The method of claim 27 or 28, wherein said step of determining a validation result comprises,(a) applying said retrieved public key to said forwarded encoding information to produce unencoded information,(b) calculating a hash value for the electronic message, and(c) comparing the unencoded information with the hash value.
  - 31. The method of claim 30, wherein said step of determining a validation result further comprises confirming the availability of sufficient funds in the account to satisfy payment from the account.
  - 43. The system of claim 27, 28, 34, 35, 36, or 37, wherein both (i) the encoding information for the electronic message, and (ii) the identity information are received from the customer through a merchant point-of-sale terminal.
  - 44. The system of claim 43, further comprising receiving the electronic message from the customer through the merchant point-of-sale terminal.
  - 45. The system of claim 43, wherein the encoding information and the identity information are communicated from a smart card of the customer.
  - 46. The system of claim 43, further comprising first communicating by the merchant data representing the electronic message to the customer.
  - 47. The system of claim 46, wherein the data is received within a smart card of the customer.
  - 48. The system of claim 47, further comprising encrypting the received data within the smart card of the customer, the encoding information comprising the encrypted data.
  - 49. The system of claim 47, further comprising calculating a hash value for the received data within the smart card and encrypting the calculated hash value, the encoding information comprising the encrypted hash value.
  - 51. The system of claim 27, 28, 34, 35, 36, or 37, wherein the electronic message is received by the merchant from the customer.
  - 52. The system of claim 27, 28, 34, 35, 36, or 37, wherein the encoding information and identity information is received over a network by the merchant from the customer.
  - 53. The system of claim 52, wherein the network is closed and secure.
  - 54. The system of claim 52, wherein the network is open and insecure.
  - 55. The system of claim 54, wherein the network comprises the Internet.
  - 56. The system of claim 27, 28, 34, 35, 36, or 37, wherein the encoding information comprises a digital signature.
  - 57. The system of claim 27, 28, 34, 35, 36, or 37, wherein the identity information comprises an account number.
  - 58. The system of claim 27, 28, 34, 35, 36, or 37, wherein the identity information comprises an identifier of the financial institution.

28. In a system for making purchases by customers from merchants, wherein electronic messages represent payments from accounts with financial institutions, and wherein, for each customer, identity information regarding an account has been associated with a public key by or on behalf of a financial institution, a method comprising the steps of:
- (a) receiving from a merchant,(i) an electronic message,(ii) encoding information for the electronic message, and(ii) identity information;
  
  (b) retrieving from said associated public keys the public key that is associated with said received identity information;
  
  (c) determining a validation result as a function of said received electronic message, said received encoding information, and said retrieved public key and without need of a digital certificate from a certification authority; and
  
  (c) upon successful validation, making payment from the account.

34. In a system for making a purchase by a customer from a merchant, wherein an electronic message represents payment from an account with a financial institution, and wherein identity information regarding the account has been associated with a public key by or on behalf of the financial institution, a method comprising the steps of:
- (a) receiving from the customer,(i) encoding information for the electronic message, and(ii) the identity information that has been associated with the public key;
  
  (b) forwarding, with the electronic message, to a validation entity for authorization of payment from the account,(i) said received encoding information and(ii) said received identity information,(iii) but without forwarding to the validation entity the public key associated with said forwarded identity information, whether in a digital certificate or otherwise; and
  
  (c) receiving from the validation entity an account authorization following a successful validation by the validation entity that is a function of the electronic message, said forwarded encoding information, and the public key associated with said forwarded identity information and wherein the successful validation does not require a digital certificate to bind the public key to the identity information.
- View Dependent Claims (39, 40, 41, 42, 50)
- - 39. The system of claim 34, 35, 36, or 37, wherein the encoding information for the electronic message is received from the customer through a merchant POS terminal.
  - 40. The system of claim 34, 35, 36, or 37, wherein the public key is associated with the identity information by recording the public key in a database such that the public key is retrievable from the database based on the identity information.
  - 41. The system of claim 34, 35, 36, or 37, wherein the successful validation results from,(a) applying the associated public key to the encoding information to produce unencoded information,(b) calculating a hash value for the electronic message, and(c) matching the unencoded information with the hash value.
  - 42. The system of claim 41, wherein the successful validation further results from the availability of sufficient funds in the account to satisfy payment from the account.
  - 50. The system of claim 34, 35, 36, or 37, wherein the account is maintained for the benefit of the customer.

35. In a system for making a purchase by a customer from a merchant, wherein an electronic message represents payment from an account with a financial institution, and wherein identity information regarding the account has been associated with a public key by or on behalf of the financial institution, a method comprising the steps of:
- (a) receiving from customer,(i) encoding information for the electronic message, and(ii) the identity information that has been associated with the public key;
  
  (b) forwarding, with the electronic message, to the financial institution for payment from the account,(i) said received encoding information, and(ii) said received identity information,(iii) but without forwarding to the financial institution the public key associated with said forwarded identity information; and
  
  (c) receiving payment from the account following a successful validation by the financial institution that is a function of the electronic message, said forwarded encoding information, and the public key associated with said forwarded identity information and wherein the successful validation does not require a digital certificate to bind the public key to the identity information.

36. In a system for making a purchase by a customer from a merchant, wherein an electronic message represents payment from an account with a financial institution, and wherein identity information regarding the account has been associated with a public key by or on behalf of the financial institution, a method comprising the step of providing to the merchant,(i) encoding information for the electronic message, and(ii) the identity information that has been associated with the public key, both for forwarding with the electronic message to a validation entity, whereby authorization for payment from the account is received from the validation entity following a successful validation by the validation entity that is a function of the electronic message, said provided encoding information, and the public key associated with said provided identity information and wherein the successful validation does not require a digital certificate to bind the public key with the identity information,wherein the public key that is associated with said provided identity information is not provided to the merchant, whether in a digital certificate or otherwise.
- View Dependent Claims (38)
- - 38. The system of claim 36 or 37, wherein the encoding information for the electronic message is communicated to a merchant POS terminal.

37. In a system for making a purchase by a customer from a merchant, wherein an electronic message represents payment from an account with a financial institution, and wherein identity information regarding the account has been associated with a public key by or on behalf of the financial institution, a method comprising the step of providing to the merchant,(i) encoding information for the electronic message, and(ii) the identity information that has been associated with the public key, both for forwarding with the electronic message to the financial institution, whereby payment from the account is made following a successful validation by the financial institution that is a function of the electronic message, said provided encoding information, and the public key associated with said provided identity information and wherein the successful validation does not require a digital certificate to bind the public key to the identity information,wherein the public key that is associated with said provided identity information is not provided to the merchant, whether in a digital certificate or otherwise.

59. In a system for validating the identity of a sender of an electronic communication received regarding an action on an account with a financial institution, a method comprising the steps of:
- (a) associating, by or on the behalf of the financial institution, a public key with identity information regarding the account;
  
  (b) the sender deriving, in connection with a specific transaction with a merchant, a digital signature for an electronic message regarding the action on the account;
  
  (c) providing the digital signature and the identity information to the merchant without providing to the merchant a digital certificate for validating the digital signature; and
  
  (d) the merchant forwarding said provided digital signature and said provided identity information to the financial institution without modification of the digital signature, and without forwarding to the financial institution a digital certificate for validating the digital signature, whereupon the identity of the sender of the electronic communication is validated without use of digital certificates.
- View Dependent Claims (60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
- - 60. The system of claim 59, wherein the digital signature is forwarded by the merchant as part of the electronic communication from the sender.
  - 61. The system of claim 59, wherein the electronic communication includes the electronic message.
  - 62. The system of claim 59, wherein the electronic message is implied from the receipt of the electronic communication.
  - 63. The system of claim 59, wherein the digital signature is derived within a smart card of the sender.
  - 64. The system of claim 59, wherein the digital signature is received from the sender within a terminal of the merchant.
  - 65. The system of claim 59, wherein the electronic communication is encrypted when forwarded.
  - 66. The system of claim 59, wherein the electronic communication is unencrypted when forwarded.
  - 67. The system of claim 59, wherein the electronic communication includes the public key.
  - 68. The system of claim 59, wherein the public key is associated with the account when the account is first established.
  - 69. The system of claim 59, wherein the merchant forwards the digital signature to the financial institution in conjunction with other information.
  - 70. The system of claim 59, wherein the electronic communication is forwarded over a secure network.
  - 71. The system of claim 59, wherein the electronic communication is forwarded over an insecure network.
  - 72. The system of claim 71, wherein the network comprises the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Anne Mcafee, Wheeler, Lynn Henry
Primary Examiner(s)
Elisca, Pierre E

Application Number

US09/860,083
Publication Number

US 20020032860A1
Time in Patent Office

4,611 Days
Field of Search

713/162, 713/193, 380/201, 705/40, 705/50, 705/51
US Class Current

705/50
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/10   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3247   involving digital signatures

Three party account authority digital signature (AADS) system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

125 Citations

72 Claims

Specification

Use Cases

Quick Links

Others

Three party account authority digital signature (AADS) system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

72 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others