Electronic commerce with cryptographic authentication
Abstract
A method for facilitating an authentication related to an electronic transaction between a first and a second user is provided. Authentication data is received from the first user along with transaction data defining the first user and the electronic transaction to be authenticated. This authentication data is compared to enrollment authentication data associated with the first user in order to verify the identity of the first user. When the user is properly verified, access to at least one private cryptographic key stored on a secure server is available for use in securing the electronic transaction. The particular private cryptographic key need not be released from the secure server. Data indicating the status of the authentication may then be sent to one of either the first or second user.
Claims
exact text as granted — not AI-modified1 - 79 . (canceled)
80 . A method comprising:
storing, by a secure server, one or more private keys of a user, first authentication data of the user, and a first user identifier of the user, wherein the one or more private keys of the user is unknown to the user; receiving, by the secure server from a vendor device, a transaction identifier (TID) that identifies a transaction and a second user identifier, the transaction identifier identifying a transaction between a vendor and the user, the second user identifier identifying the user; receiving, by the secure server from the user device, the TID and second authentication data of the user, the second authentication data of the user being provided from the user to the user device at the time of the transaction; retrieving, by the secure server, the first authentication data based, at least in part, on the second user identifier; comparing, by the secure server, the first authentication data and the second authentication data; and if the first authentication data is the second authentication data or at least similar based on the comparison, retrieving, by the secure server, the one or more private keys of the user and performing, by the secure server, one or more cryptographic functions employing the one or more private keys.
81 . The method of claim 80 wherein the one or more cryptographic functions include one of digital signing, encryption, decryption, hash creation, key generation, and key destruction.
82 . The method of claim 80 wherein the transaction represents logging into a portal which provides access to one or more services that require authentication of the user.
83 . The method of claim 82 additionally comprising unlocking a password vault associated with the user, the password vault providing access to additional data which is used to authenticate the user to additional services.
84 . The method of claim 83 wherein the additional data comprises passwords associated with the user.
85 . The method of claim 83 wherein the additional data comprises private cryptographic keys associated with the user.
86 . The method of claim 83 wherein the vendor device includes a trust engine and the password vault is associated with the trust engine.
87 . The method of claim 83 wherein the vendor device is the operator of the portal and the password vault is associated with the vendor.
88 . The method of claim 83 wherein the password vault is stored on a system associated with the user.
89 . A non-transitory computer readable medium comprising executable instructions, the executable instructions being executable by a processor to perform a method, the method comprising:
storing, by a secure server, one or more private keys of a user, first authentication data of the user, and a first user identifier of the user, wherein the one or more private keys of the user is unknown to the user; receiving, by the secure server from a vendor device, a transaction identifier (TID) that identifies a transaction and a second user identifier, the transaction identifier identifying a transaction between a vendor and the user, the second user identifier identifying the user; receiving, by the secure server from the user device, the TID and second authentication data of the user, the second authentication data of the user being provided from the user to the user device at the time of the transaction; retrieving, by the secure server, the first authentication data based, at least in part, on the second user identifier; comparing, by the secure server, the first authentication data and the second authentication data; and if the first authentication data is the second authentication data or at least similar based on the comparison, retrieving, by the secure server, the one or more private keys of the user and performing, by the secure server, one or more cryptographic functions employing the one or more private keys.
90 . The computer readable medium of claim 89 wherein the one or more cryptographic functions include one of digital signing, encryption, decryption, hash creation, key generation, and key destruction.
91 . The computer readable medium of claim 89 wherein the transaction represents logging into a portal which provides access to one or more services that require authentication of the user.
92 . The computer readable medium of claim 91 wherein the method additionally comprises unlocking a password vault associated with the user, the password vault providing access to additional data which is used to authenticate the user to additional services.
93 . The computer readable medium of claim 91 wherein the additional data comprises passwords associated with the user.
94 . The computer readable medium of claim 91 wherein the additional data comprises private cryptographic keys associated with the user.
95 . The computer readable medium of claim 91 wherein the vendor device includes a trust engine and the password vault is associated with the trust engine.
96 . The computer readable medium of claim 91 wherein the vendor device is the operator of the portal and the password vault is associated with the vendor.
97 . The computer readable medium of claim 91 wherein the password vault is stored on a system associated with the user.
98 . A system comprising:
a depository configured to store one or more private keys of a user, first authentication data of the user, and a first user identifier of the user, wherein the one or more private keys of the user is unknown to the user; a transaction engine configured to receive, from a vendor device, a transaction identifier (TID) that identifies a transaction and a second user identifier, and to receive, from the user device, the TID and second authentication data of the user, the transaction identifier identifying a transaction between a vendor and the user, the second user identifier identifying the user, the second authentication data of the user being provided from the user to the user device at the time of the transaction; an authentication engine configured to retrieve the first authentication data based, at least in part, on the second user identifier and to compare the first authentication data and the second authentication data; and a cryptographic engine configured, if the first authentication data is the second authentication data or at least similar based on the comparison, retrieve the one or more private keys of the user and to perform one or more cryptographic functions employing the one or more private keys.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.