Personal website for electronic commerce on a smart Java card with multiple security check points
First Claim
1. A method for enabling multiple security check points during electronic transactions between a smart card and a host computer, the smart card having one or more personal Web pages stored therein, the method comprising:
- using a processing computer to establish communications between the smart card and the host computer;
receiving verification data from a user to identify the authenticity of the user;
transmitting data from the smart card to the host computer;
the host computer processing the data from the smart card to verify the authenticity of the smart card;
the host computer transmitting data from the host computer to the smart card;
the smart card processing the data from the host computer to verify the authenticity of the host computer;
providing the smart card with an encryption engine to encode data on the card and to decode data sent to the card;
if each of the user, the smart card, and the host computer is verified as authentic, then the smart card transmitting one or more of said personal Web pages to the host computer for display;
further comprising the step of storing in the smart card user identification data and a secure key or security certificate from a given institution; and
wherein;
the step of transmitting data from the smart card to the host computer includes the steps of;
i) inserting the smart card into a reader, and ii) sending the secure key or security certificate to the host computer when the smart card is inserted into the reader;
the step of the host computer processing the data includes the step of the host computer combining the secure key or security certificate with the user identification data to form combined data;
the step of the host computer transmitting data to the smart card includes the step of the host computer sending the combined data to the smart card; and
the step of the smart card processing the data includes the step of the smart card decoding the combined data to recover therefrom the user identification data, and comparing the recovered user identification data with the stored user identification data.
1 Assignment
0 Petitions
Accused Products
Abstract
A Method and system are disclosed for accessing personal Web site or executing electronic commerce with security in a smart Java card. A personal Web site which includes personal or private information is stored in a personal smart Java card. Before a user can access the Web site stored in the smart Java card, the user is validated by any one of or in combination of PIN, facial images, hand images, eye image, voice characteristics, and finger prints. In addition, an encryption engine embedded in the smart Java card decodes and compares the entered PIN combined with a secure key or security certificate to verify the identity of the user. Before the bank account can be accessed freely by the user, the bank'"'"'s computer system checks the combined secure data to ensure the authenticity of the card and the user'"'"'s identity with multiple check points using Internet security protocols via Web browsers.
46 Citations
36 Claims
-
1. A method for enabling multiple security check points during electronic transactions between a smart card and a host computer, the smart card having one or more personal Web pages stored therein, the method comprising:
-
using a processing computer to establish communications between the smart card and the host computer;
receiving verification data from a user to identify the authenticity of the user;
transmitting data from the smart card to the host computer;
the host computer processing the data from the smart card to verify the authenticity of the smart card;
the host computer transmitting data from the host computer to the smart card;
the smart card processing the data from the host computer to verify the authenticity of the host computer;
providing the smart card with an encryption engine to encode data on the card and to decode data sent to the card;
if each of the user, the smart card, and the host computer is verified as authentic, then the smart card transmitting one or more of said personal Web pages to the host computer for display;
further comprising the step of storing in the smart card user identification data and a secure key or security certificate from a given institution; and
wherein;
the step of transmitting data from the smart card to the host computer includes the steps of;
i) inserting the smart card into a reader, and ii) sending the secure key or security certificate to the host computer when the smart card is inserted into the reader;
the step of the host computer processing the data includes the step of the host computer combining the secure key or security certificate with the user identification data to form combined data;
the step of the host computer transmitting data to the smart card includes the step of the host computer sending the combined data to the smart card; and
the step of the smart card processing the data includes the step of the smart card decoding the combined data to recover therefrom the user identification data, and comparing the recovered user identification data with the stored user identification data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for processing a personal Web site stored in a smart card, the system comprising:
-
a smart card for storing one or more Web pages with personal secure data associated with a user;
a smart card reader device for reading and writing data from and to the smart card;
a processing computer to establish communications between the smart card and the smart card reader device;
means for receiving verification data from a user to identify the authenticity of the user;
means for transmitting data from the smart card to the smart card reader device;
the smart card reader device including means for processing the data from the smart card to verify the authenticity of the smart card;
the smart card reader device including means for transmitting data from the smart card reader device to the smart card;
the smart card including means for processing the data from the smart card reader device to verify the authenticity of the smart card reader device;
the smart card including an encryption engine to encode data on the card and to decode data sent to the card;
the smart card including means for transmitting one or more of said personal Web pages to the host computer for display if each of the user, the smart card, and the host computer is verified as authentic;
the smart card including user identification data and a secure key or security certificate from a given institution; and
wherein;
the means for transmitting data from the smart card to the smart card reader device includes;
i) means for receiving the smart card into the smart card reader device, and ii) means for sending the secure key or security certificate to the host computer when the smart card is inserted into the reader;
the smart card reader device including means for combining the secure key or security certificate with the user identification data to form combined data, and for sending the combined data to the smart card; and
the smart card including means for decoding the combined data to recover therefrom the user identification data, and comparing the recovered user identification data with the stored user identification data. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for enabling multiple security check points during electronic transactions with between a smart card and a host computer, the smart card having one or more personal Web pages stored therein, the method steps comprising:
-
using a processing computer to establish communications between the smart card and the host computer;
receiving verification data from a user to identify the authenticity of the user;
transmitting data from the smart card to the host computer;
the host computer processing the data from the smart card to verify the authenticity of the smart card;
the host computer transmitting data from the host computer to the smart card;
the smart card processing the data from the host computer to verify the authenticity of the host computer;
providing the smart card with an encryption engine to encode data on the card and to decode data sent to the card;
if each of the user, the smart card, and the host computer is verified as authentic, then the smart card transmitting one or more of said personal Web pages to the host computer for display;
further comprising the step of storing in the smart card user identification data and a secure key or security certificate from a given institution; and
wherein;
the step of transmitting data from the smart card to the host computer includes the steps of;
i) inserting the smart card into a reader, and ii) sending the secure key or security certificate to the host computer when the smart card is inserted into the reader;
the step of the host computer processing the data includes the step of the host computer combining the secure key or security certificate with the user identification data to form combined data;
the step of the host computer transmitting data to the smart card includes the step of the host computer sending the combined data to the smart card; and
the step of the smart card processing the data includes the step of the smart card decoding the combined data to recover therefrom the user identification data, and comparing the recovered user identification data with the stored user identification data. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification