Personal website for electronic commerce on a smart Java card with multiple security check points

US 20050050366A1
Filed: 09/29/2004
Published: 03/03/2005
Est. Priority Date: 01/26/1999
Status: Active Grant

First Claim

Patent Images

1. A method for enabling multiple security check points during electronic transactions between a smart card and a host computer, the smart card having one or more personal Web pages stored therein, the method comprising:

using a processing computer to establish communications between the smart card and the host computer;

receiving verification data from a user to identify the authenticity of the user;

transmitting data from the smart card to the host computer;

the host computer processing the data from the smart card to verify the authenticity of the smart card;

the host computer transmitting data from the host computer to the smart card;

the smart card processing the data from the host computer to verify the authenticity of the host computer;

providing the smart card with an encryption engine to encode data on the card and to decode data sent to the card;

if each of the user, the smart card, and the host computer is verified as authentic, then the smart card transmitting one or more of said personal Web pages to the host computer for display;

further comprising the step of storing in the smart card user identification data and a secure key or security certificate from a given institution; and

wherein;

the step of transmitting data from the smart card to the host computer includes the steps of;

i) inserting the smart card into a reader, and ii) sending the secure key or security certificate to the host computer when the smart card is inserted into the reader;

the step of the host computer processing the data includes the step of the host computer combining the secure key or security certificate with the user identification data to form combined data;

the step of the host computer transmitting data to the smart card includes the step of the host computer sending the combined data to the smart card; and

the step of the smart card processing the data includes the step of the smart card decoding the combined data to recover therefrom the user identification data, and comparing the recovered user identification data with the stored user identification data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Method and system are disclosed for accessing personal Web site or executing electronic commerce with security in a smart Java card. A personal Web site which includes personal or private information is stored in a personal smart Java card. Before a user can access the Web site stored in the smart Java card, the user is validated by any one of or in combination of PIN, facial images, hand images, eye image, voice characteristics, and finger prints. In addition, an encryption engine embedded in the smart Java card decodes and compares the entered PIN combined with a secure key or security certificate to verify the identity of the user. Before the bank account can be accessed freely by the user, the bank'"'"'s computer system checks the combined secure data to ensure the authenticity of the card and the user'"'"'s identity with multiple check points using Internet security protocols via Web browsers.

46 Citations

View as Search Results

36 Claims

1. A method for enabling multiple security check points during electronic transactions between a smart card and a host computer, the smart card having one or more personal Web pages stored therein, the method comprising:
- using a processing computer to establish communications between the smart card and the host computer;
  
  receiving verification data from a user to identify the authenticity of the user;
  
  transmitting data from the smart card to the host computer;
  
  the host computer processing the data from the smart card to verify the authenticity of the smart card;
  
  the host computer transmitting data from the host computer to the smart card;
  
  the smart card processing the data from the host computer to verify the authenticity of the host computer;
  
  providing the smart card with an encryption engine to encode data on the card and to decode data sent to the card;
  
  if each of the user, the smart card, and the host computer is verified as authentic, then the smart card transmitting one or more of said personal Web pages to the host computer for display;
  
  further comprising the step of storing in the smart card user identification data and a secure key or security certificate from a given institution; and
  
  wherein;
  
  the step of transmitting data from the smart card to the host computer includes the steps of;
  
  i) inserting the smart card into a reader, and ii) sending the secure key or security certificate to the host computer when the smart card is inserted into the reader;
  
  the step of the host computer processing the data includes the step of the host computer combining the secure key or security certificate with the user identification data to form combined data;
  
  the step of the host computer transmitting data to the smart card includes the step of the host computer sending the combined data to the smart card; and
  
  the step of the smart card processing the data includes the step of the smart card decoding the combined data to recover therefrom the user identification data, and comparing the recovered user identification data with the stored user identification data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method as claimed in claim 1, wherein the step of displaying includes transmitting said one or more Web pages having personal secure information associated with the user.
  - 3. The method as claimed in claim 1, wherein the step of displaying includes transmitting said one or more Web pages having a link to the one or more other Web sites, said one or more other Web sites accessible over a computer network.
  - 4. The method as claimed in claim 3, wherein the method further includes:
    - accessing said one or more other Web sites from said one or more Web pages; and
      
      automatically providing security data required for accessing said one or more other Web sites from said one or more Web pages.
  - 5. The method as claimed in claim 1, wherein the step of transmitting includes displaying said one or more Web pages having a link to one or more other Web sites, said one or more other Web sites for processing electronic transactions over a computer network.
  - 6. The method as claimed in claim 1, wherein the step of displaying includes transmitting said one or more Web pages having a link to one or more other Web sites accessible over a computer network, said one or more other Web sites having additional personal secure information associated with the user.
  - 7. The method as claimed in claim 1, wherein the step of receiving verification data includes receiving any one of personal identification number (PIN), image data relating to physical attributes of the user, finger print data relating to the user, and voice characteristics relating to the user, or any combination thereof, the verification data used to verify user identity.
  - 8. The method as claimed in claim 1, wherein the step of processing the data from the smart card to verify the authenticity of the smart card includes validating a digital signature stored in the smart card.
  - 9. The method as claimed in claim 1, wherein the step of processing the data from the host card computer to verify the authenticity of the host computer includes:
    - receiving a security key generated using a public key;
      
      decrypting the security key with a private key; and
      
      determining whether the host computer is authentic.
  - 10. The method as claimed in claim 1, wherein the step of receiving verification data includes receiving a secondary PIN and the step of transmitting includes displaying a Web page having non-secure information.
  - 11. The method as claimed in claim 10, wherein the method further includes:
    - sending data signals to a law enforcement authority for apprising the law enforcement authority of an emergency situation when the secondary PIN is received from the user.
  - 12. The method as claimed in claim 1, wherein the method further includes:
    - decoding by using said PIN, a stored secure key associated with a remote account server accessible over a computer network, before accessing the remote account server.
  - 13. The method as claimed in claim 12, wherein the method further includes the remote account server validating the secure key combined with said PIN before allowing electronic transactions to be performed with the remote account server.
  - 14. The method as claimed in claim 1, wherein the method further includes:
    - encrypting secure contents of said one or more Web pages stored in the smart card when the smart card is not being used; and
      
      decrypting the secure contents before the step of checking the authenticity of the smart card.
  - 15. The method as claimed in claim 1, wherein the method further includes:
    - initiating a communication with the computer when the smart card is inserted into a card reading device; and
      
      invoking a Web browser in the host computer for processing said one or more Web pages stored in the smart card.
  - 16. The method as claimed in claim 1, wherein the method further includes:
    - recording in a one-time-programmable memory, the memory embedded in the smart card, selected events processed with the smart card.

17. A system for processing a personal Web site stored in a smart card, the system comprising:
- a smart card for storing one or more Web pages with personal secure data associated with a user;
  
  a smart card reader device for reading and writing data from and to the smart card;
  
  a processing computer to establish communications between the smart card and the smart card reader device;
  
  means for receiving verification data from a user to identify the authenticity of the user;
  
  means for transmitting data from the smart card to the smart card reader device;
  
  the smart card reader device including means for processing the data from the smart card to verify the authenticity of the smart card;
  
  the smart card reader device including means for transmitting data from the smart card reader device to the smart card;
  
  the smart card including means for processing the data from the smart card reader device to verify the authenticity of the smart card reader device;
  
  the smart card including an encryption engine to encode data on the card and to decode data sent to the card;
  
  the smart card including means for transmitting one or more of said personal Web pages to the host computer for display if each of the user, the smart card, and the host computer is verified as authentic;
  
  the smart card including user identification data and a secure key or security certificate from a given institution; and
  
  wherein;
  
  the means for transmitting data from the smart card to the smart card reader device includes;
  
  i) means for receiving the smart card into the smart card reader device, and ii) means for sending the secure key or security certificate to the host computer when the smart card is inserted into the reader;
  
  the smart card reader device including means for combining the secure key or security certificate with the user identification data to form combined data, and for sending the combined data to the smart card; and
  
  the smart card including means for decoding the combined data to recover therefrom the user identification data, and comparing the recovered user identification data with the stored user identification data.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system as claimed in claim 17, wherein said one or more Web pages include links to one or more other Web sites accessible over a computer network.
  - 19. The system as claimed in claim 18, wherein the smart card further includes:
    - an encryption engine for encrypting and decrypting data with secure keys stored in the smart card; and
      
      a processor which receives data generated by the encryption engine data for use in authenticating before any one of said one or more Web pages and one or more other Web sites are accessed.
  - 20. The system as claimed in claim 19, wherein the smart card further includes:
    - a one-time-programmable memory whose contents cannot be erased, the one-time-programmable memory for storing secure data.
  - 21. The system as claimed in claim 20, wherein the one-time-programmable memory further stores selected events processed by the smart card.
  - 22. The system as claimed in claim 17, where said one or more Web pages include platform-independent computer instructions executable by any computer platform.

23. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for enabling multiple security check points during electronic transactions with between a smart card and a host computer, the smart card having one or more personal Web pages stored therein, the method steps comprising:
- using a processing computer to establish communications between the smart card and the host computer;
  
  receiving verification data from a user to identify the authenticity of the user;
  
  transmitting data from the smart card to the host computer;
  
  the host computer processing the data from the smart card to verify the authenticity of the smart card;
  
  the host computer transmitting data from the host computer to the smart card;
  
  the smart card processing the data from the host computer to verify the authenticity of the host computer;
  
  providing the smart card with an encryption engine to encode data on the card and to decode data sent to the card;
  
  if each of the user, the smart card, and the host computer is verified as authentic, then the smart card transmitting one or more of said personal Web pages to the host computer for display;
  
  further comprising the step of storing in the smart card user identification data and a secure key or security certificate from a given institution; and
  
  wherein;
  
  the step of transmitting data from the smart card to the host computer includes the steps of;
  
  i) inserting the smart card into a reader, and ii) sending the secure key or security certificate to the host computer when the smart card is inserted into the reader;
  
  the step of the host computer processing the data includes the step of the host computer combining the secure key or security certificate with the user identification data to form combined data;
  
  the step of the host computer transmitting data to the smart card includes the step of the host computer sending the combined data to the smart card; and
  
  the step of the smart card processing the data includes the step of the smart card decoding the combined data to recover therefrom the user identification data, and comparing the recovered user identification data with the stored user identification data.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 24. The program storage device as claimed in claim 23, wherein the method step of displaying further includes transmitting said one or more Web pages having personal secure information associated with the user.
  - 25. The program storage device as claimed in claim 23, wherein the method step of displaying further includes transmitting said one or more Web pages having a link to one or more other Web sites, said one or more other Web sites accessible over a computer network.
  - 26. The program storage device as claimed in claim 23, wherein the method steps further include:
    - accessing said one or more other Web sites from said one or more Web pages; and
      
      automatically providing security data required for accessing said one or more other Web sites from said one or more Web pages.
  - 27. The program storage device as claimed in claim 23, wherein the method step of displaying further includes transmitting said one or more Web pages having a link to one or more other Web sites, said one or more other Web sites for processing electronic transactions over a computer network.
  - 28. The program storage device as claimed in claim 23, wherein the method step of transmitting further includes displaying said one or more Web pages having a link to one or more second other Web sites accessible over a computer network, said one or more other Web sites having additional personal secure information associated with the user.
  - 29. The program storage device as claimed in claim 23, wherein the method step of receiving verification data includes receiving any one of personal identification number (PIN), image data relating to physical attributes of the user, finger print data relating to the user, and voice characteristics relating to the user, or any combination thereof.
  - 30. The program storage device as claimed in claim 23, wherein the method step of processing the data from the smart card to verify the authenticity of the smart card includes validating an authorization key stored in the smart card by decrypting with a private encryption key.
  - 31. The program storage device as claimed in claim 23, wherein the method step of receiving verification data includes receiving a secondary PIN and the step of transmitting includes displaying a Web page having none-secure information.
  - 32. The program storage device as claimed in claim 31, wherein the method steps further include:
    - sending data signals to a law enforcement authority for notifying the law enforcement authority of an emergency situation when the secondary PIN is received from the user.
  - 33. The program storage device as claimed in claim 29, wherein the method steps further include:
    - decoding by using said PIN, a stored secure key associated with a remote account server accessible over a computer network, before accessing the remote account server.
  - 34. The program storage device as claimed in claim 33, wherein the method steps further include the remote account server validating the secure key combined with said PIN before allowing electronic transactions to be performed with the remote account server.
  - 35. The program storage device as claimed in claim 23, wherein the method steps further include:
    - initiating a communication with the computer when the smart card is inserted into a card reading device; and
      
      invoking a Web browser in the computer for processing said one or more Web pages stored in the smart card.
  - 36. The program storage device as claimed in claim 23, wherein the method steps further include:
    - recording in a one-time-programmable memory, the memory embedded in the smart card, selected events processed with the smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
International Business Machines Corporation
Inventors
Kwok, Thomas Y., Mok, Lawrence S.

Granted Patent

US 7,571,461 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/19
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/363   with the personal data of a...

G06Q 20/40145   Biometric identity checks

G07F 7/0866   by active credit-cards adap...

G07F 7/1008   Active credit-cards provide...

Personal website for electronic commerce on a smart Java card with multiple security check points

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

36 Claims

Specification

Use Cases

Quick Links

Others

Personal website for electronic commerce on a smart Java card with multiple security check points

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

36 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others