Electronic commerce with cryptographic authentication
First Claim
1. A method of implementing a cryptographic transaction related to an electronic transaction between a vendor device and a user device, the method comprising:
- storing, by a secure server, one or more private keys of a user from a plurality of private cryptographic keys, first one or more authentication data of the user, and a first user identifier of the user, wherein the one or more private keys of the user is unknown to the user;
receiving, by the vendor device, a transaction request and a second user identifier from the user device;
generating, by the vendor device, a unique transaction identifier (TID) of the current transaction, wherein the TID uniquely identifies the current transaction between the vendor and the user;
sending from the vendor device a cryptographic transaction request, the TID, and a current authentication data request to the user device;
sending from the vendor device the TID and the second user identifier to the secure server;
querying the user for second one or more authentication data based on the current authentication data request using the user device;
receiving from the user the second one or more authentication data; and
sending from the user device the TID sent from the vendor device and the second one or more authentication data to the secure server;
retrieving, by the secure server, the first one or more authentication data using the first user identifier and the second user identifier;
comparing, by the secure server, the first one or more authentication data and the second one or more authentication data; and
retrieving, by the secure server, the one or more private keys of the user and performing, by the secure server, one or more cryptographic functions employing the one or more private keys based on the comparison.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for facilitating an authentication related to an electronic transaction between a first and a second user is provided. Authentication data is received from the first user along with transaction data defining the first user and the electronic transaction to be authenticated. This authentication data is compared to enrollment authentication data associated with the first user in order to verify the identity of the first user. When the user is properly verified, access to at least one private cryptographic key stored on a secure server is available for use in securing the electronic transaction. The particular private cryptographic key need not be released from the secure server. Data indicating the status of the authentication may then be sent to one of either the first or second user.
-
Citations
9 Claims
-
1. A method of implementing a cryptographic transaction related to an electronic transaction between a vendor device and a user device, the method comprising:
-
storing, by a secure server, one or more private keys of a user from a plurality of private cryptographic keys, first one or more authentication data of the user, and a first user identifier of the user, wherein the one or more private keys of the user is unknown to the user; receiving, by the vendor device, a transaction request and a second user identifier from the user device; generating, by the vendor device, a unique transaction identifier (TID) of the current transaction, wherein the TID uniquely identifies the current transaction between the vendor and the user; sending from the vendor device a cryptographic transaction request, the TID, and a current authentication data request to the user device; sending from the vendor device the TID and the second user identifier to the secure server; querying the user for second one or more authentication data based on the current authentication data request using the user device; receiving from the user the second one or more authentication data; and sending from the user device the TID sent from the vendor device and the second one or more authentication data to the secure server; retrieving, by the secure server, the first one or more authentication data using the first user identifier and the second user identifier; comparing, by the secure server, the first one or more authentication data and the second one or more authentication data; and retrieving, by the secure server, the one or more private keys of the user and performing, by the secure server, one or more cryptographic functions employing the one or more private keys based on the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification