System and method for partner key management

US 10,762,501 B2
Filed: 02/16/2017
Issued: 09/01/2020
Est. Priority Date: 06/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securely processing an online transaction between a user and a first institution, the method comprising:

storing, by an institution computer of the first institution, a file comprising a stored policy statement mutually agreed upon by the first institution and the user, wherein the stored policy statement comprises security procedures governing transactions between the first institution and the user;

generating a credential to execute a plurality of online transactions with the first institution and a second institution;

generating a digital signature with the credential using Portable Security Transaction Protocol;

registering, by the institution computer, the credential to represent the user with regard to a plurality of online transactions with the first institution based on a determination that a request for registration of the credential by the user complies with registration requirements established by the first institution;

receiving, by the first institution computer, a request from the user for a transaction comprising a received policy statement and the digital signature, wherein the received policy statement comprises security procedures governing transactions between the first institution and the user;

verifying the identity of the user by examining the digital signature;

determining whether the received policy statement complies with the stored policy statement; and

executing the requested online transaction based on successful verification of the identity of the user and determining that the received policy statement complies with the stored policy statement.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for implementing an interoperable credential management protocol for processing online transactions. The protocol, referred to as the Partner Key Management (PKM) protocol provides an improved alternative to traditional public key infrastructure (PKI), particularly for use in high-value commercial transactions which require additional controls on the use of credentials for authentication and authorization. According to the PKM protocol, a user may take advantage of credential interoperability by using the same credential at a plurality of different financial institutions for authentication or digital signatures. Additionally, the credential interoperability achieved according to the PKM protocol allows the user to employ the same credential at a plurality of financial institutions for the purpose of digital or electronic signatures.

649 Citations

20 Claims

1. A method for securely processing an online transaction between a user and a first institution, the method comprising:
- storing, by an institution computer of the first institution, a file comprising a stored policy statement mutually agreed upon by the first institution and the user, wherein the stored policy statement comprises security procedures governing transactions between the first institution and the user;
  
  generating a credential to execute a plurality of online transactions with the first institution and a second institution;
  
  generating a digital signature with the credential using Portable Security Transaction Protocol;
  
  registering, by the institution computer, the credential to represent the user with regard to a plurality of online transactions with the first institution based on a determination that a request for registration of the credential by the user complies with registration requirements established by the first institution;
  
  receiving, by the first institution computer, a request from the user for a transaction comprising a received policy statement and the digital signature, wherein the received policy statement comprises security procedures governing transactions between the first institution and the user;
  
  verifying the identity of the user by examining the digital signature;
  
  determining whether the received policy statement complies with the stored policy statement; and
  
  executing the requested online transaction based on successful verification of the identity of the user and determining that the received policy statement complies with the stored policy statement.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the transaction request is signed by the user using the digital signature.
  - 3. The method of claim 1, wherein the user-credential is registered with the first institution.
  - 4. The method of claim 1, wherein the credential is interoperable and the interoperable credential is used to secure a transaction with the second institution.
  - 5. The method of claim 1, wherein the credential is interoperable and the interoperable credential includes a single credential designed to provide security which is accepted by a plurality of different institutions.
  - 6. The method of claim 1, wherein a plurality of other institutions respectively accept a credential that is the same as the credential registered with first institution.
  - 7. The method of claim 1, wherein the first institution and the second institution confirm that the credential is registered, thereby establishing the credential as an interoperable credential.
  - 8. The method of claim 1, further comprising authorizing by the first institution, the credential to represent the user with regard to an online transaction with the institution, wherein the credential is interoperable with at least one other institution.

9. A system for securely processing an online transaction between a user and a first institution, the system comprising:
- a first institution computer communicatively coupled over a network to a user module, the first institution computer comprising;
  
  a memory configured to store a file comprising a stored policy statement mutually agreed upon by the first institution and the user, wherein the stored policy statement comprises security procedures governing transactions between the first institution and the user; and
  
  a processor configured to;
  
  generate a credential to execute a plurality of online transactions with the first institution and a second institution;
  
  generate a digital signature with the credential using Portable Security Transaction Protocol;
  
  register the credential to represent the user with regard to a plurality of online transactions with the first institution based on a determination that a request for registration of the credential by the user complies with registration requirements established by the first institution;
  
  receive a request from the user for a transaction comprising a received policy statement and the digital signature, wherein the received policy statement comprises security procedures governing transactions between the first institution and the user;
  
  verify the identity of the user by examining the digital signature;
  
  determine whether the received policy statement complies with the stored policy statement; and
  
  execute the requested online transaction based on successful verification of the identity of the user and determining that the received policy statement complies with the stored policy statement.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the transaction request is signed by the user using the digital signature.
  - 11. The system of claim 9, wherein the credential is registered with the first institution.
  - 12. The system of claim 9, wherein the credential is interoperable and the interoperable credential is used to secure a transaction with the second institution.
  - 13. The system of claim 9, wherein the credential is interoperable and the interoperable credential includes a single credential designed to provide security which is accepted by a plurality of different institutions.
  - 14. The system of claim 9, wherein the first institution and the second institution confirm that the credential is registered, thereby establishing the credential as an interoperable credential.

15. A computer-readable medium comprising computer executable software code tangibly embodied thereon, the code for conducting an online transaction using an established interoperable credential, the code, when executed, causes a processor to perform the following:
- storing a file comprising a stored policy statement mutually agreed upon by the first institution and the user, wherein the stored policy statement comprises security procedures governing transactions between the first institution and the user;
  
  generating a credential to execute a plurality of online transactions with the first institution and a second institution;
  
  generating a digital signature with the credential using Portable Security Transaction Protocol;
  
  registering the credential to represent the user with regard to a plurality of online transactions with the first institution based on a determination that a request for registration of the credential by the user complies with registration requirements established by the first institution;
  
  receiving a request from the user for a transaction comprising a received policy statement and the digital signature, wherein the received policy statement comprises security procedures governing transactions between the first institution and the user;
  
  verifying the identity of the user by examining the digital signature;
  
  determining whether the received policy statement complies with the stored policy statement; and
  
  executing the requested online transaction based on successful verification of the identity of the user and determining that the received policy statement complies with the stored poliy statement.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable medium of claim 15, wherein the transaction request is signed by the user using the digital signature.
  - 17. The computer-readable medium of claim 15, wherein the credential is registered with the first institution.
  - 18. The computer-readable medium of claim 15, wherein the credential is interoperable and the interoperable credential is used to secure a transaction with the second institution.
  - 19. The computer-readable medium of claim 15, wherein the credential is interoperable and the interoperable credential includes a single credential designed to provide security which is accepted by a plurality of different institutions.
  - 20. The computer-readable medium of claim 15, wherein the first institution and the second institution confirm that the credential is registered, thereby establishing the credential as an interoperable credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Benson, Glenn, Croston, Sean
Primary Examiner(s)
Coppola, Jacob C.

Application Number

US15/434,215
Publication Number

US 20170161737A1
Time in Patent Office

1,293 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 2220/00   Business processing using c...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

System and method for partner key management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

649 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for partner key management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

649 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links