This invention generally relates to a method and apparatus for engaging in secure transactions between one or more other computers connected via common communications links and, more particularly, to a method and apparatus for engaging in secure transactions between computers connected to the Internet using a secure transaction account.
Communication networks are well known in the computer communications field. By definition, a network is a group of computers and associated devices that are connected by communications facilities or links. Network communications can be of a permanent nature, such as via cables, or can be of a temporary nature, such as connections made through telephone or radio links. Networks may vary in size, from a local area network (“LAN”) consisting of a few computers or workstations and related devices; to a wide area network (“WAN”) which interconnects computers and LANs that are geographically dispersed; to a remote access service (“RAS”) which interconnects remote computers via temporary communication links. An internetwork, in turn, is the joining of multiple computer networks, both similar and dissimilar, by means of gateways or routers that facilitate data transfer and conversion from various networks. A well-known abbreviation for the term internetwork is “Internet.” As currently understood, the capitalized term “Internet” refers to the collection of networks and routers that use the Transmission Control Protocol/Internet Protocol (“TCP/IP”) to communicate with one another.
A representative section of the Internet 40 is shown in
The Internet has recently seen explosive growth by virtue of its ability to link computers located throughout the world. As the Internet has grown, so has the World Wide Web (“Web”). The Web is a vast collection of interconnected or “hypertext” documents (also known as “Web pages”) written in HyperText Markup Language (“HTML”) that are electronically stored at “Web sites” throughout the Internet. A Web site is a server connected to the Internet that has mass storage facilities for storing hypertext documents and that runs administrative software for handling requests for those stored hypertext documents. A hypertext document normally includes a number of hyperlinks, i.e., highlighted portions of text that link the document to another hypertext document possibly stored at a Web site elsewhere on the Internet. Each hyperlink is associated with a Uniform Resource Locator (“URL”) that provides the exact location of the linked document on a server connected to the Internet. Thus, whenever a hypertext document is retrieved from any Web server, the document is considered to be retrieved from the Web.
A user is allowed to retrieve hypertext documents from the Web, i.e., a user is allowed to “surf the Web,” via a Web browser. A Web browser, such as NETSCAPE NAVIGATOR® or MICROSOFT® Internet Explorer, is a software program implemented by a Web client, i.e., a user's computer, to provide a graphical user interface to the Web. Upon request from the user via the Web browser, the Web client accesses and retrieves the desired hypertext document or Web page from the appropriate Web server using the URL for the document and a protocol known as HyperText Transfer Protocol (“HTTP”). HTTP is a higher-level protocol than TCP/IP and is designed specifically for the requirements of the Web. It is used on top of TCP/IP to transfer hypertext documents between servers and clients.
At the advent of the Web, the information stored on the Internet was freely transferred back and forth between those parties interested in the information. However, the Web is quickly becoming a channel of commercial activity, whereby a vast number of companies have developed their own Web sites for advertising and selling their goods and services. Commercial activity that takes place by means of connected computers is known as electronic commerce, or e-commerce, and can occur between a consumer and a merchant through an on-line information service, the Internet, a bulletin board system (“BBS”), or between consumer and merchant computers through electronic data interchange (“EDI”). A consumer (also referred to as a user, consumer or purchaser in the context of e-commerce) may “visit the Web site” of a company or merchant, i.e., retrieve the hypertext documents located on the Web server of a particular merchant, and order any good or service that the merchant has to offer. If that good or service is in the form of electronically stored information, such as a book, a video, a computer game, etc., the consumer may simply download the good or service from the company's Web site to his or her computer for immediate consumption and use. If the good or service is of a more tangible nature, such as an appliance or article of clothing ordered from an on-line catalog, a more conventional method of delivery, e.g., the postal service or a common carrier, is used.
A common method of engaging in electronic transactions is electronic credit, or c-credit. E-credit is a form of electronic commerce often involving credit card transactions carried out over the Internet. Traditional e-credit purchases are paid for by a major credit card, wherein the consumer is required to transmit his or her credit information, for example, an account number and expiration date, over the Internet to the company's Web site. Many consumers are concerned about the security and confidentiality of such electronic transmissions. Furthermore, many consumers do not have a major credit card with which to make such purchases. Alternative billing systems, such as providing credit information by facsimile or postal service, are much less convenient and often prove enough of a barrier to prohibit the sale altogether. Finally, the traditional methods of billing and payment do not adequately protect the merchant or consumer from fraudulent purchases.
Accordingly, a more effective method and apparatus for providing secure transactions for goods, services, content and other desirables over a network, and ultimately the Internet, is needed. The method and apparatus should protect the merchant and consumer from fraudulent purchases. Additionally, the method and apparatus should provide an element of non-repudiation to all transactions.
The present invention provides a method and system for implementing and using a secure transaction protocol for authenticating transactions between a plurality of computers. A typical secured transaction would be used when a consumer and a merchant wish to engage in some form of remote commercial transaction. The consumer wishes to receive something that the merchant wishes to provide, but both parties want the other to be bound once they have committed to the transaction. Each party also wishes to know with whom they are dealing. Additionally, each party wants to know all the terms of the transaction and that the other party has not altered or deviated from the terms in any manner. Finally, each party also wants to know that once both have agreed to the transaction that neither can deny they agreed to the transaction. By providing authentication, integrity and non-repudiation, the present invention is able to fulfill these wishes between the consumer and merchant.
According to one exemplary embodiment of the present invention, a consumer, a merchant and a Transaction Authority are parties to a transaction. To initiate the transaction the merchant sends a request for a transaction identifier to the Transaction Authority. The Transaction Authority then generates a new transaction identifier. The Transaction Authority then sends the transaction identifier back to the merchant. The merchant then creates an “offer” that includes the transaction identifier and sends the offer to the consumer. Before responding to the offer, the consumer sends an account list request to the Transaction Authority. The Transaction Authority authenticates the request and then constructs an account list of all accessible accounts for the consumer and sends the account list back to the consumer. The consumer receives the account list and then chooses an accessible account to use in the current transaction. Using the chosen account, the consumer responds to the merchant with an accepted purchase contract. Once the merchant has an accepted purchase contract, they forward it to the Transaction Authority who validates the contract and returns the validated contract back to the merchant. Once the merchant has a validated contract they are then able to request settlement of the transaction from the Transaction Authority, either immediately, or at some future date by sending a settlement request to the Transaction Authority. Once the Transaction Authority receives a settlement request, the request is checked for validity and if it is valid, the Transaction Authority responds in the manner called for in the settlement request, usually sending back a settlement response to the merchant.
In accordance with yet other aspects of the present invention, a secure transaction account can have associated sub-accounts. A sub-account can have a limited authority that is less than the main account credit limit. A sub-account may limit the merchant sites from which transactions may be engaged.
In accordance with further aspects of the present invention, purchases must be made by a registered consumer from a registered merchant. Security is ensured via authentication of the parties to a transaction. Authentication can be performed by verification of a digital certificate, or a digital signature, or by alternate authentication methods.
The foregoing aspects and many of the attendant advantages of this invention will become more readily appreciated as the same become better understood by reference to the following detailed description, when taken in conjunction with the accompanying drawings, wherein:
As previously described and shown in
More specifically, as shown in
In the exemplary embodiment of the present invention shown in
Finally, those of ordinary skill in the art will recognize that while only one consumer device 50, and one merchant server 51 are depicted in
The consumer device 50 also includes a processing unit 61, a display 62 and a memory 63. The memory 63 generally comprises a random access memory (“RAM”), a read-only memory (“ROM”) and a permanent mass storage device, such as a disk drive, tape drive, optical drive, floppy disk drive, or combination thereof. The memory 63 stores the program code and data necessary for ordering and paying for a product over the Internet 40 in accordance with the present invention. More specifically, the memory 63 stores a Web browser component 64, such as NETSCAPE NAVIGATOR® or MICROSOFT® Internet Explorer, a consumer authenticator component 65 formed in accordance with the present invention for authenticating a consumer as a registered participant of the secure transaction system prior to performing any secure transaction account transactions, and account records 66 for maintaining the information on the consumer's accounts. It will be appreciated that these components may be stored on a computer-readable medium and loaded into memory 63 of the consumer device 50 using a mechanism associated with the computer-readable medium, such as a floppy, DVD/CD-ROM drive, or the network interface.
As will be described in more detail below, the products ordered by the consumer are supplied by a merchant server 51, described next, following authorization from a remote server, i.e., a transaction server 52 described later, located elsewhere on the Internet, e.g., as illustrated in FIG 2.
The merchant server 51 also includes a processing unit 71, a display 72 and a memory 73. The memory 73 generally comprises a RAM, ROM, and a permanent mass storage device, such as a hard disk drive, tape drive, optical drive, floppy disk drive, or combination thereof.
The memory 73 also contains a commerce engine component 75 for purchasing a product from a merchant Web site. The commerce engine component 75 may be an existing commerce engine, such as MICROSOFT® Site Server, which allows for the payment of products ordered over the Internet using a major credit card, e.g., VISA® or MASTERCARD®. A transaction server adapter 76 is also provided to allow the commerce engine component 75 to interface with the transaction server 52. The transaction server adapter 76 uses and provides application programming interface (API) calls to interface with the commerce engine 75. Also included in memory is a merchant authenticator component 77 for verifying that the merchant is an authorized or registered merchant of the secure transaction system of the present invention and merchant account records 79. It will be appreciated that the commerce engine component 75, the transaction server adapter 76, the merchant authenticator component 77 and the merchant account records 79 may be stored on a computer-readable medium and loaded into memory 73 of the merchant server 51 using a mechanism associated with the computer-readable medium, such as a floppy, DVD/CD-ROM drive, or the network interface 70. Finally, memory 73 stores a Web server component 78 for handling requests for stored information received via the Internet and the Web.
The transaction server 52 also includes a processing unit 81, a display 82 and a memory 83. The memory 83 generally comprises a RAM, a ROM, and a permanent mass storage device, such as a hard disk drive, tape drive, optical drive, floppy disk drive, or combination thereof. The memory 83 stores the program code and data necessary for authorizing transactions between merchants and consumers in accordance with the present invention. More specifically, the memory 83 stores a transaction service component 84 formed in accordance with the present invention. An account database 88 and a transaction database are also stored in memory 83 for maintaining records of consumer and merchant accounts and transactions. A report service component 85 is also stored in memory 83 for processing requests for reports and consolidating information for requested reports. It will be appreciated that the transaction service component 84, the report service component 85, transaction database 89, and the account database 88 may be stored on a computer-readable medium and loaded into memory 83 of the transaction server 52 using a drive mechanism associated with the computer-readable medium, such as floppy, DVD/CD-ROM drive, or network interface 80. The memory 83 also stores a Web server component 87 for handling requests for stored information received via the Internet 40 and the Web.
Once an account is set up (through any method of account set up as is known in the art), the secure transaction system of the present invention is a closed system that provides consumers a secure method for engaging in transactions over the Internet. The closed system may include only a consumer device 50, a merchant server 51 and the transaction server 52 (administered by the Transaction Authority of the secure transaction system). Since the account information necessary for authenticating the consumer for the transaction is already in the account database 88 of the transaction server 52 the closed system of the present invention allows consumers to engage in secure transactions with merchants without transferring sensitive account information to the merchants over the Internet.
The illustrated embodiment also allows a consumer to create a custom package of sub-accounts. As will be readily recognized by those of ordinary skill in the art, the consumer may be provided with any number, type or combination of sub-accounts depending on the desires of those providing and administrating the secure transaction system of the present invention. Either a main account or all accounts will have an associated digital certificate signed by the Transaction Authority.
It will be appreciated that the digital certificate may be stored in the memory 63 of the consumer device 50 (e.g., in the account records 66), or on some form of device capable of interfacing with the consumer device such as, but not limited to, a secure token, smart card or as an encrypted file available from some other computer readable medium.
Once the secure transaction account has been registered, a digital certificate is transferred by the transaction server 52 and installed on the consumer device 50 or other device in communication with the consumer device 50. The digital certificate is then used in subsequent transactions as a unique credential to identify the consumer as a holder of a secure transaction account. In an actual embodiment of the present invention, a consumer or merchant is identified as account holder of the secure transaction system by the transaction server 52 verifying the Transaction Authority's digital signature on the digital certificate associated with the secure transaction account.
It will be appreciated that several levels of security can be imposed on secure transactions. Moving from the lower level security to the higher level security, there can be: (A) no security restrictions imposed; (B) minimal security, such as account name and password verification; (C) intermediate security, such as a digital certificate or secret key; (D) high security, such as a transaction signed with a digital signature using the consumer's secret key; or (E) maximum security, such as a digital signature and additional access controls, such as an account number, a last purchase verification, smart cards, secure tokens or some combination thereof. As will be described later, in one actual embodiment of the secure transaction system described herein, the term “digital certificate” is used to describe the authorization used; however, it will be appreciated that a higher level of security such as multiple digital signatures, or a digital signature with additional access controls may be desired in order to ensure the highest level of security for all parties involved (i.e., the consumer, the merchant and the transaction server in secure transactions.
In one exemplary embodiment of the secure transaction, the merchant server 51 digitally signs a transaction offer with a certificate issued by the transaction server 52 and sends it to the consumer device 50; the consumer device 50 digitally signs the transaction offer with a certificate issued by the transaction server 52 and sends it back to the merchant server 51; the merchant server 51 then forwards the doubly signed purchase offer to the transaction server 52; the transaction server 52 verifies both signatures and if they are both valid and the transaction is permissible then signs the doubly signed offer and returns the resulting triply signed purchase offer to the merchant server 51; the merchant server verifies the transaction server's 52 signature, and if it is valid, then the purchase transaction is complete. In the aforementioned example, the merchant server 51 may notify the consumer device 50 or it may not.
Once a consumer has his or her secure transaction account, he or she can immediately engage in secure transactions with merchants who also have accounts. If, however, the consumer's secure transaction account is only a prepaid account, prepayment must be made before the consumer can order products. In an alternate embodiment, the consumer with only a prepaid account can order products. However, shipment of the product will be held until the payment has been made. It will be appreciated that in yet another embodiment, consumer and merchant will use the same type of secure transaction accounts and that any consumer can therefore act as a merchant and vice versa. Additionally, it will be appreciated that a merchant can be an auction Web site in which a consumer uses his or her secure transaction account to pay for the goods, services and/or content purchased from the auction Web site, or may simply use the secure transaction account to form the agreement upon which a winning bid is secured. Therefore, even though the transaction is with a seller who does not have an account, the merchant acts on behalf of the seller in the auction.
In one actual embodiment of the present invention, the consumer may “surf the Web” and visit a merchant's Web site, using the Web browser 64. Once the consumer has selected the desired transaction, the consumer indicates a desire to start the transaction, for example, by clicking an “OK” or a “Buy” button.
After initiating the secure transaction, as depicted in
The consumer authenticator 65 determines whether a consumer is a registered holder of a secure transaction account or put another way, a registered participant in the closed secure transaction system of the present invention. The logic of
Next, in decision block 246, a test is made to determine if a digital certificate is installed on the consumer device 50. The digital certificate may be stored in the consumer device 50 memory 63, such as on the account records 66, or on some other device associated with the consumer device such as a secure token, a smart card or encrypted on some computer readable medium. It will be appreciated that other methods of digital identification can be used. If the digital certificate is installed, the digital certificate identification is inserted into an authentication container in block 248 and the authentication container is returned in block 250. The container can be any one of a variety of data formats, for example, in one embodiment of the present invention a proprietary protocol is used. In an actual embodiment of the present invention, a public key generated by the consumer's device and signed by the transaction server (thereby forming a digital certificate) is also inserted into the container. Secret keys are never transmitted across the network 41 in the secure transaction system of the present invention. The combination of the secret key and the digital certificate provides a heightened level of security to the consumer authentication process. A digital signature is generally a document that has been encrypted by the secret key of a public key pair. Only the public key of the same key pair will be able to decrypt the document to its original form. This is particularly useful in demonstrating that only the holder of the secret key is able to sign (or encrypt) the document. In practical terms, signing a large document using public key cryptography can be very time consuming. Almost equally effective is creating a cryptographic message digest (“hash”) of the document and then encrypting the hash with the secret key. Therefore those of ordinary skill in the art will appreciate that anyone knowing the corresponding public key and the digest algorithm will be able to verify that the message was not altered and that it originated from the holder of the corresponding secret key. It will be appreciated that the digital certificate as used herein refers to an authentication identifier that is recognized by the Transaction Authority that adheres to the Transaction Authority's non-repudiation transaction policies.
If, however, in decision block 246 it is determined that a digital certificate is not installed on the consumer device 50, the logic proceeds to a decision block 258 where a test is made to determine if the consumer wishes to apply for a secure transaction account. If the consumer wishes to apply for a secure transaction account, the logic proceeds to a block 260, in which the consumer is allowed to apply for a secure transaction account. Otherwise, the consumer authenticator 65 returns an unsuccessful authorization message in a block 261.
Referring back to
While the logic of authenticating a consumer as shown in
Returning to
However, if the consumer was successfully authenticated, the logic proceeds from decision block 226 to block 228 where a secure transaction account selection Web page 1170 as shown in
The logic then proceeds to a block 236 where the logic waits to receive the transaction validation status from merchant server 51. Once the transaction validation status is received from the merchant server 51, the logic proceeds to decision block 238 where if the transaction was validated, a valid transaction message is displayed in block 240, otherwise in block 227 a transaction error message is displayed. In any case, the logic ends at block 242.
The logic of
The commerce engine 75 is the component of the merchant server 51 that determines whether or not the order will be processed and whether the requested product will ultimately be provided to the consumer. It will be appreciated that commerce engines are well known in the art. The commerce engine component 75 used in conjunction with the transaction server adapter 76 allows the secure transaction system of the present invention to expand existing technology that is currently used for traditional credit and payment systems to encompass the secure transaction account of the present system. It will be further appreciated that while the embodiment shown and described modifies the commerce engine to achieve this functionality (which may be possible through existing API calls of the commerce engine), other embodiments are possible.
The transaction service component 84 of the transaction server 52 is responsible for interfacing with the other components of the system and determining whether or not a requested transaction should be allowed. One exemplary transaction service routine is illustrated in
If the transaction is not permissible, the logic transaction proceeds to a block 364 where the invalid transaction details are recorded to the transaction database 89. Then an invalid transaction response is sent to the requester (e.g., the merchant server 91) in block 366. The logic of
The logic then proceeds to a block 360 where the double signed transaction offer is signed with the Transaction Authority digital signature to create a triple signed transaction offer. Then in block 363 a signed transaction valid response with the triple signed transaction offer is sent to the requester (e.g., the transaction server adapter 76 or the Web browser 64, whichever the case may be).
The logic of
In one alternate embodiment where the merchant is an auction provider, the authorization 2340 sent by the transaction server 52 to the merchant server 51 includes information such as a consumer account identification, a merchant identification, a merchant sale offering, a consumer authentication, a merchant authentication, and a master identification, i.e., identification of the Transaction Authority. Particular to this type of response is an expiration date/time that is used to signal the shorter of the maximum times that the consumer and the merchant are willing to “reserve” funds associated with this transaction. If the transaction, i.e., settlement request 2365, is not received by the transaction server 52 before the expiration date/time of the transaction, the products and/or funds will be released back to their owners. At a later time, once the consumer has committed to the purchase, the consumer releases an authorization to the provider of the transaction server 52 knowing that the merchant has the proven ability to ship the products on demand without delay. This initiates the actual settlement of funds and triggers payment to the merchant in the next settlement batch, without any further interaction with the merchant. This payment method supports consumer-initiated, pre-approved purchases with expiration date/time, such as auction and gift-certificate purchases.
It will be appreciated that
It is often desirable for merchant's to have detailed reports available to judge the current state of their business. Accordingly, the present invention maintains records of transactions in readily retrievable formats. It is also desirable that competitors not have access to the same reports on the details of a merchant's business. Additionally, the present invention provides for secure authenticated access to transaction reports.
In one actual embodiment of the present invention, the transaction server 52 uses the transaction database 89 to store all transaction records. It will be appreciated by those of ordinary skill in the art, that a transaction database may be used to store information for report generation, yet may also store information relevant for other purposes.
In an alternate embodiment of the present invention, a merchant server 51 initiates a transaction by sending a request for a transaction identifier to the transaction server 52. The merchant server 51 digitally signs the request with a certificate that has been signed beforehand by the Transaction Authority. Upon receiving the request for a transaction identifier, the transaction server 52 checks the validity of the digital signature and the validity of the merchant's certificate.
The transaction server 52 then generates a new transaction identifier. This identifier is used to identify all further steps in the transaction and to differentiate the transaction from any other transactions between the parties. The identifier must also be sufficiently large and random such that it will not be readily repeatable in future transactions. The transaction server 52 may then activate the transaction identifier and set an expiration time when the transaction identifier will become inactive. The transaction server 52 then digitally signs the transaction identifier and expiration time with the Transaction Authority's certificate and sends the transaction identifier back to the merchant server 51.
The merchant then creates an “offer” for the consumer that includes the transaction identifier, the transaction expiration time, the merchant's name, the item(s), service(s), or other components of a transaction, any payment currency and any payment amount. The merchant server 51 then digitally signs the offer and sends it to the consumer device 50.
Before responding to the offer, the consumer device 50 digitally signs a request for their current account list with a certificate that has been signed by the Transaction Authority. The consumer then sends the account list request to the transaction server 52.
The transaction server 52 checks the validity of the digital signature on the account list request and the validity of the signing certificate. If both the certificate and the signature are valid, the transaction server 52 constructs an account list of all accessible accounts for the consumer and digitally signs the list. The transaction server 52 then sends the signed account list back to the consumer device 50.
The consumer device 50 receives the account list and validates that it has not been altered since coming from the transaction server 52 by checking the Transaction Authority's digital signature. The consumer then chooses an account from the account list to use in the current transaction. Using the chosen account, the consumer device 50 creates an accepted purchase contract and digitally signs it. The consumer device 50 then sends the signed contract to the merchant server 51.
Once the merchant has an accepted purchase contract, they forward it to the transaction server 52. The transaction server 52 checks the authenticity of both the merchant and the consumer's signatures and the corresponding certificates used to sign the contract.
If all the signatures and certificates are authenticated, and it is a purchase transaction, the transaction server 52 then checks to see if the consumer has available funds for the purchase. If there are sufficient funds available in the chosen account, the transaction server 52 reduces the “open-to-buy” amount for the chosen account by the purchase price. If there are sufficient funds or it is not a purchase transaction, but the signatures and certificate are valid, then the transaction server 52 creates and signs a validated contract. The validated contract is then sent back to the merchant server 51 as a digital receipt.
Once the merchant has the validated contract they are then able to request settlement of the transaction from the Transaction Authority, either immediately, or at some future date by sending a settlement request to the transaction server 52.
Once the transaction server 52 receives a settlement request, the request is checked for validity and if it is valid, the transaction server 52 responds in the manner called for in the settlement request, usually sending back a settlement response to the merchant.
It will be appreciated by those skilled in the art that the actions performed in the alternate embodiment above may be performed in other orders. For example, the consumer may request the transaction identifier and make an offer to the merchant. Alternatively, the consumer may not send an accepted purchase contract to the merchant, rather to the Transaction Authority and the Transaction Authority forwards only the validated contract to the merchant. It will also be appreciated that in yet other embodiments, multiple consumers or multiple merchants could use the present invention in a single transaction.
Although providing secure and authenticated purchase transactions is one of the more apparent uses for the present invention. It could also be used in other embodiments where similar authentication and security features are desirable. For example, the present invention could be used in a contract signing where both parties to the contract are distant to each other, yet they want to be sure that they both signed the same contract and that they are who they say they are.
According to another alternate embodiment of the present invention, a consumer, a merchant and a Transaction Authority are parties to a transaction. To initiate the transaction the merchant sends a request for a transaction identifier to the Transaction Authority. The Transaction Authority then generates a new transaction identifier. The Transaction Authority then sends the transaction identifier back to the merchant. The merchant then creates an “offer” that includes the transaction identifier and sends the offer to the consumer. Before responding to the offer, the consumer sends an account list request to the Transaction Authority. The Transaction Authority authenticates the request and then constructs an account list of all accessible accounts for the consumer and sends the account list back to the consumer. The consumer receives the account list and then chooses an accessible account to use in the current transaction. Using the chosen account, the consumer responds to the merchant with an accepted purchase contract. Once the merchant has an accepted purchase contract, they forward it to the Transaction Authority who validates the contract and returns the validated contract back to the merchant. Once the merchant has a validated contract they are then able to request settlement of the transaction from the Transaction Authority, either immediately, or at some future date by sending a settlement request to the Transaction Authority. Once the Transaction Authority receives a settlement request, the request is checked for validity and if it is valid, the Transaction Authority responds in the manner called for in the settlement request, usually sending back a settlement response to the merchant.
In an exemplary embodiment showing a general contract signing using the secure transaction, the parties are merchant, consumer and Transaction Authority; the steps are as follows:
A merchant initiates a contract by sending a request for a contract identifier to the Transaction Authority. The merchant digitally signs the request with a certificate that has been signed beforehand by the Transaction Authority. Upon receiving the request for a contract identifier, the Transaction Authority checks the validity of the digital signature and the validity of merchant's certificate.
The Transaction Authority then generates a new contract identifier. This identifier is used to identify all further steps in the contract and to differentiate the contract from any other contracts between the parties. The identifier must also be sufficiently large and random such that it will not be readily repeatable in future contracts. The Transaction Authority then activates the identifier and sets an expiration time when the identifier will become inactive. The Transaction Authority then digitally signs the identifier and expiration time with the Transaction Authority's certificate and sends the contract identifier back to the merchant.
The merchant then creates an “offer” for a consumer that includes the contract identifier, the contract expiration time, the merchant's name and the terms of the contract. The merchant then digitally signs the offer and sends it to consumer.
Before responding to the offer, the consumer digitally signs a request for their current account list (different certificates may be used to retrieve different accounts or to sign different types of contracts, depending on consumer's role at the time) with a certificate that has been signed by the Transaction Authority. The consumer then sends the certificate list request to the Transaction Authority.
The Transaction Authority checks the validity of the digital signature on the account list request and the validity of the signing certificate. If both the certificate and the signature are valid, the Transaction Authority constructs an account list of all accessible accounts for consumer and digitally signs the list. The Transaction Authority then sends the signed account list back to the consumer.
The consumer receives the account list and validates that it has not been altered since coming from the Transaction Authority by checking the digital signature. The consumer then chooses an accessible certificate to use in the current contract. Using the chosen certificate, the consumer creates an accepted contract and digitally signs it. The consumer then sends the signed contract to merchant.
Once the merchant has an accepted contract, he forwards it to the Transaction Authority. The Transaction Authority checks the authenticity of both merchant and consumer's signatures and the corresponding certificates used to sign the contract.
If all the signatures and certificates are authenticated, the Transaction Authority then checks to see if the consumer has the authority to sign this type of contract with the certificate used. If the consumer did have authority to use that certificate to sign the contract, the Transaction Authority records the contract for that certificate and proceeds. The Transaction Authority then creates and signs a validated contract. The validated contract is then sent back to the merchant.
Once the merchant has the validated contract they are then able to request settlement of the contract from the Transaction Authority, either immediately, or at some future date by sending a settlement request to the Transaction Authority.
Once the Transaction Authority receives a settlement request, the request is checked for validity and if it is valid, the Transaction Authority responds in the manner called for in the settlement request, usually sending back a settlement response to merchant.
While the preferred embodiment of the invention has been illustrated and described, it will be appreciated that various changes can be made therein without departing from the spirit and scope of the invention. In particular, it will be appreciated by those of ordinary skill in the art that this secure transaction protocol would be applicable to other authentication and security applications as well.
This application claims the benefit of Provisional Application No. 60/206,960, filed May 25, 2000, the benefit of which is hereby claimed under 35 U.S.C. § 119. The entire disclosure of the prior application is considered as being part of the disclosure of this application and is hereby incorporated by reference herein.
Number | Date | Country | |
---|---|---|---|
60206960 | May 2000 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 09866528 | May 2001 | US |
Child | 10172149 | Feb 2002 | US |