Establishing trust for conducting direct secure electronic transactions between a user and service providers
First Claim
Patent Images
1. A method of establishing trust among a user, a device, and a service provider, comprising:
- establishing trust between a transaction service provider and an electronic transaction facility deployed on a mobile phone operated by the user comprising registering the electronic transaction facility with the transaction service provider through a registration process that includes the transaction service provider certifying keys generated by the electronic transaction facility, wherein the keys comprise electronic transaction facility identification information;
establishing trust between the transaction service provider and the user via the trusted electronic transaction facility comprising receiving, decrypting and authenticating an encryption of a first one-time activation code (OTAC) known to the transaction service provider, the first OTAC received by the user from the transaction service provider, input by the user to the electronic transaction facility and encrypted by the electronic transaction facility;
establishing initial trust between the transaction service provider and a service provider comprising transmitting security certificates between the transaction service provider and the service provider and installing the security certificates as trusted SSL/HTTPS credentials; and
in response to the user opting to use a transaction service from the service provider, dynamically establishing direct secure transaction trust between the trusted electronic transaction facility and the trusted service provider by the transaction service provider transmitting a certificate representing the electronic transaction facility'"'"'s security credentials to the trusted service provider and providing a certificate representing the service provider'"'"'s security credentials to the electronic transaction facility;
authenticating, by the service provider, the electronic transaction facility by verifying a second OTAC received by the service provider directly from the handheld device after being encrypted by the handheld device using the credentials of the service provider, wherein prior to the authentication the second OTAC is sent from the service provider to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Ensuring security of electronic transactions between a user and a service provider involves establishing electronic trust among a user, device, transaction service provider, and service providers through OTAC processing, key generation and exchange, and verification.
-
Citations
7 Claims
-
1. A method of establishing trust among a user, a device, and a service provider, comprising:
-
establishing trust between a transaction service provider and an electronic transaction facility deployed on a mobile phone operated by the user comprising registering the electronic transaction facility with the transaction service provider through a registration process that includes the transaction service provider certifying keys generated by the electronic transaction facility, wherein the keys comprise electronic transaction facility identification information; establishing trust between the transaction service provider and the user via the trusted electronic transaction facility comprising receiving, decrypting and authenticating an encryption of a first one-time activation code (OTAC) known to the transaction service provider, the first OTAC received by the user from the transaction service provider, input by the user to the electronic transaction facility and encrypted by the electronic transaction facility; establishing initial trust between the transaction service provider and a service provider comprising transmitting security certificates between the transaction service provider and the service provider and installing the security certificates as trusted SSL/HTTPS credentials; and in response to the user opting to use a transaction service from the service provider, dynamically establishing direct secure transaction trust between the trusted electronic transaction facility and the trusted service provider by the transaction service provider transmitting a certificate representing the electronic transaction facility'"'"'s security credentials to the trusted service provider and providing a certificate representing the service provider'"'"'s security credentials to the electronic transaction facility; authenticating, by the service provider, the electronic transaction facility by verifying a second OTAC received by the service provider directly from the handheld device after being encrypted by the handheld device using the credentials of the service provider, wherein prior to the authentication the second OTAC is sent from the service provider to the user. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
registering an electronic transaction facility deployed on a mobile device operated by a user with a transaction service provider by certifying electronic transaction facility identifying keys generated by the electronic transaction facility; receiving, decrypting and authenticating an encryption of a first one-time activation code (OTAC) known to the transaction service provider from the mobile device, the first OTAC received by the user from the transaction service provider, provided to the electronic transaction facility by the user and encrypted by the electronic transaction facility; installing security certificates communicated between the transaction service provider and a service provider as trusted SSL/HTTPS credentials; and providing, in response to the user opting to use a transaction service from the service provider, a certificate representing the electronic transaction facility'"'"'s security credentials to the service provider and providing a certificate representing the service provider'"'"'s security credentials to the electronic transaction facility; authenticating, by the service provider, the electronic transaction facility by verifying a second OTAC received by the service provider directly from the handheld device after being encrypted by the handheld device using the credentials of the service provider, wherein prior to the authentication the second OTAC is sent from the service provider to the user.
-
-
6. A method of establishing trust among a user, a device, and a service provider, comprising:
-
establishing trust between a transaction service provider and an electronic transaction facility deployed on a mobile phone operated by the user comprising registering the electronic transaction facility with the transaction service provider through a registration process that includes the transaction service provider certifying keys generated by the electronic transaction facility, wherein the keys comprise electronic transaction facility identification information; establishing initial trust of a service provider comprising transmitting security certificates between the transaction service provider and the service provider and installing the security certificates as trusted SSL/HTTPS credentials; and establishing trust between the trusted service provider and the user via the trusted electronic transaction facility comprising the transaction service provider forwarding a key-exchange request and response between the trusted electronic transaction facility and the trusted service provider, wherein the key-exchange request is encrypted by the trusted electronic transaction facility using a first one-time activation code (OTAC) known to the user and to the trusted service provider, the first OTAC input by the user to the electronic transaction facility; in response to the user opting to use a transaction service from the service provider, dynamically establishing direct secure transaction trust between the trusted electronic transaction facility and the trusted service provider by the transaction service provider transmitting a certificate representing the electronic transaction facility'"'"'s security credentials to the trusted service provider and providing a certificate representing the service provider'"'"'s security credentials to the electronic transaction facility; authenticating, by the service provider, the electronic transaction facility by verifying a second OTAC received by the service provider directly from the handheld device after being encrypted by the handheld device using the credentials of the service provider, wherein prior to the authentication the second OTAC is sent from the service provider to the user. - View Dependent Claims (7)
-
Specification