US2016149873A1PendingUtilityA1

Electronic commerce with cryptographic authentication

50
Assignee: SECURITY FIRST CORPPriority: Sep 20, 1999Filed: Oct 5, 2015Published: May 26, 2016
Est. expirySep 20, 2019(expired)· nominal 20-yr term from priority
G06F 21/31H04L 63/0435H04L 63/061H04L 63/083H04L 9/0844G06F 2221/2113H04L 9/085G07F 7/1016H04L 2209/80G06Q 20/3825G06Q 20/3829H04L 9/3265G06Q 20/12H04L 9/3247G06F 21/64H04L 9/3231G06F 21/32H04L 63/0823G06Q 20/3823G06F 2221/2117H04L 9/3236H04L 63/06G06Q 20/02H04L 2209/56G06Q 20/04H04L 9/0897G06F 21/33G06F 2221/2115G06F 21/40G06Q 20/38215H04L 9/321H04L 63/105H04L 9/3073H04L 63/0428H04L 63/0853G06Q 20/3821G06F 21/41G06Q 20/382H04L 9/0825
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method for facilitating an authentication related to an electronic transaction between a first and a second user is provided. Authentication data is received from the first user along with transaction data defining the first user and the electronic transaction to be authenticated. This authentication data is compared to enrollment authentication data associated with the first user in order to verify the identity of the first user. When the user is properly verified, access to at least one private cryptographic key stored on a secure server is available for use in securing the electronic transaction. The particular private cryptographic key need not be released from the secure server. Data indicating the status of the authentication may then be sent to one of either the first or second user.

Claims

exact text as granted — not AI-modified
1 - 79 . (canceled) 
     
     
         80 . A method comprising:
 storing, by a secure server, one or more private keys of a user, first authentication data of the user, and a first user identifier of the user, wherein the one or more private keys of the user is unknown to the user;   receiving, by the secure server from a vendor device, a transaction identifier (TID) that identifies a transaction and a second user identifier, the transaction identifier identifying a transaction between a vendor and the user, the second user identifier identifying the user;   receiving, by the secure server from the user device, the TID and second authentication data of the user, the second authentication data of the user being provided from the user to the user device at the time of the transaction;   retrieving, by the secure server, the first authentication data based, at least in part, on the second user identifier;   comparing, by the secure server, the first authentication data and the second authentication data; and   if the first authentication data is the second authentication data or at least similar based on the comparison, retrieving, by the secure server, the one or more private keys of the user and performing, by the secure server, one or more cryptographic functions employing the one or more private keys.   
     
     
         81 . The method of  claim 80  wherein the one or more cryptographic functions include one of digital signing, encryption, decryption, hash creation, key generation, and key destruction. 
     
     
         82 . The method of  claim 80  wherein the transaction represents logging into a portal which provides access to one or more services that require authentication of the user. 
     
     
         83 . The method of  claim 82  additionally comprising unlocking a password vault associated with the user, the password vault providing access to additional data which is used to authenticate the user to additional services. 
     
     
         84 . The method of  claim 83  wherein the additional data comprises passwords associated with the user. 
     
     
         85 . The method of  claim 83  wherein the additional data comprises private cryptographic keys associated with the user. 
     
     
         86 . The method of  claim 83  wherein the vendor device includes a trust engine and the password vault is associated with the trust engine. 
     
     
         87 . The method of  claim 83  wherein the vendor device is the operator of the portal and the password vault is associated with the vendor. 
     
     
         88 . The method of  claim 83  wherein the password vault is stored on a system associated with the user. 
     
     
         89 . A non-transitory computer readable medium comprising executable instructions, the executable instructions being executable by a processor to perform a method, the method comprising:
 storing, by a secure server, one or more private keys of a user, first authentication data of the user, and a first user identifier of the user, wherein the one or more private keys of the user is unknown to the user;   receiving, by the secure server from a vendor device, a transaction identifier (TID) that identifies a transaction and a second user identifier, the transaction identifier identifying a transaction between a vendor and the user, the second user identifier identifying the user;   receiving, by the secure server from the user device, the TID and second authentication data of the user, the second authentication data of the user being provided from the user to the user device at the time of the transaction;   retrieving, by the secure server, the first authentication data based, at least in part, on the second user identifier;   comparing, by the secure server, the first authentication data and the second authentication data; and   if the first authentication data is the second authentication data or at least similar based on the comparison, retrieving, by the secure server, the one or more private keys of the user and performing, by the secure server, one or more cryptographic functions employing the one or more private keys.   
     
     
         90 . The computer readable medium of  claim 89  wherein the one or more cryptographic functions include one of digital signing, encryption, decryption, hash creation, key generation, and key destruction. 
     
     
         91 . The computer readable medium of  claim 89  wherein the transaction represents logging into a portal which provides access to one or more services that require authentication of the user. 
     
     
         92 . The computer readable medium of  claim 91  wherein the method additionally comprises unlocking a password vault associated with the user, the password vault providing access to additional data which is used to authenticate the user to additional services. 
     
     
         93 . The computer readable medium of  claim 91  wherein the additional data comprises passwords associated with the user. 
     
     
         94 . The computer readable medium of  claim 91  wherein the additional data comprises private cryptographic keys associated with the user. 
     
     
         95 . The computer readable medium of  claim 91  wherein the vendor device includes a trust engine and the password vault is associated with the trust engine. 
     
     
         96 . The computer readable medium of  claim 91  wherein the vendor device is the operator of the portal and the password vault is associated with the vendor. 
     
     
         97 . The computer readable medium of  claim 91  wherein the password vault is stored on a system associated with the user. 
     
     
         98 . A system comprising:
 a depository configured to store one or more private keys of a user, first authentication data of the user, and a first user identifier of the user, wherein the one or more private keys of the user is unknown to the user;   a transaction engine configured to receive, from a vendor device, a transaction identifier (TID) that identifies a transaction and a second user identifier, and to receive, from the user device, the TID and second authentication data of the user, the transaction identifier identifying a transaction between a vendor and the user, the second user identifier identifying the user, the second authentication data of the user being provided from the user to the user device at the time of the transaction;   an authentication engine configured to retrieve the first authentication data based, at least in part, on the second user identifier and to compare the first authentication data and the second authentication data; and   a cryptographic engine configured, if the first authentication data is the second authentication data or at least similar based on the comparison, retrieve the one or more private keys of the user and to perform one or more cryptographic functions employing the one or more private keys.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.