WO2002054191A2 - Pics: apparatus and methods for personal management of privacy, integrity, credentialing and security in electronic transactions - Google Patents
Pics: apparatus and methods for personal management of privacy, integrity, credentialing and security in electronic transactions Download PDFInfo
- Publication number
- WO2002054191A2 WO2002054191A2 PCT/US2002/000825 US0200825W WO02054191A2 WO 2002054191 A2 WO2002054191 A2 WO 2002054191A2 US 0200825 W US0200825 W US 0200825W WO 02054191 A2 WO02054191 A2 WO 02054191A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- integrity
- privacy
- transaction
- credentialing
- security
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/389—Keeping log of transactions for guaranteeing non-repudiation of a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/403—Solvency checks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- the invention relates to the field of authentication, fraud detection and prevention, security, cryptography and electronic and mobile commerce. More particularly a Privacy, Integrity, Credentialing and Security System enables users to manage themselves the privacy, credentialing, integrity, and security of their electronic records and transactions.
- Banks and market place are known to collect and sell all or part of the information that their clients entrusted them with for mercantile purposes, with neither the knowledge nor authorization by the clients.
- Electronic Commerce various processes have been devised for authenticating users and ensuring privacy of the data transmitted between users.
- Government may designate and accredit service providers to perform specific roles for secure data transmission, including digital or electronic signatures.
- Electronic commerce may require several distinct security elements: authentication, secure communications, trusted third parties, electronic contracts, digital payment systems, corporate information security. Solutions to the problems include symmetric and asymmetric cryptography, public key infrastructures (PKI), and X509 certificates.
- PKI public key infrastructures
- Intra company transactions and data are protected to some extent by firewalls. However most fraud occurs inside.
- Existing solutions for data integrity and access control are more oriented towards extranet situations than towards intra-net operations.
- PKI type solutions are not practical and expensive for intranet usage.
- Identrus At the business-to-business (B2B) level such solutions are provided by trusted third parties, such as Identrus.
- Identrus provides the so-called middleware that the banks use to provide management of all security issues.
- the traditional banks provide a sufficient framework for legality and trust to make this solution workable as a global B2B environment.
- B2C business-to-consumer
- the solutions are driven by the businesses, they may offer the possibilities of registering for certificates, from PKI services such as Verisign.
- PKI services such as Verisign.
- the certificates issued by the PKI are not really identifying the individual who requests them, nor the individual who uses them.
- the business tends to build profiles of the users accessing the business portal.
- Amazon.com decided to declare these profiles a corporate asset, in order to improve its balance sheet.
- Trust-e is an organization that promises its members to policy privacy issues related to electronic commerce.
- the invention is needed in the field of electronic commerce, order fulfillment, groupware and the like.
- the invention includes:
- a computer or computerized device (server, desktop, laptop, personal digital assistant, digital telephone) equipped with a biometrics measuring device, connected to it by secure communication means, whether wired or wireless and with software code permitting biometric authentication, symmetric or asymmetric encryption and decryption, middleware to manage secure communication, secrets databases, access control, key management license modules.
- secure communication means whether wired or wireless and with software code permitting biometric authentication, symmetric or asymmetric encryption and decryption, middleware to manage secure communication, secrets databases, access control, key management license modules.
- Access the portal by establishing a secure pipe on the network or world wide web, Transmit a software agent to the portal inviting the portal to conduct business with the consumer,
- the certificate contains an order form, and a price quotation, and is hashed.
- the hash, and the hash key are encrypted with the private key of the sales operator and transmitted to the consumer, who decrypts it with the public key of the operator according to the usual procedures known in the art.
- the consumer then fills out the order form, hashes it attaches an electronic signature including an identity and a proof of signature verification, and transmits that message over the secure pipe to the sales operator, who sends in a similar manner a sales acceptance notification.
- FIG. 1 illustrates the apparatus
- FIG. 2 describes functional block diagrams. DESCRIPTION OF AN ILLUSTRATIVE EMBODIMENT OF THE INVENTION
- a Biometrics Measurement Apparatus (1101,1102,1103,1104) produces a dynamic biometric signature (1110) of a buyer (1000).
- the buyer has registered a Signature Template (1001), it is encrypted and stored securely in an secrets database(1200), that contains the Signer ID, the Signature- Template (1002)and optionally other data like an authorization entitlement and private RSA key for use with a PKI.
- a Transaction Security Module (1300) creates a session key(1310).
- the session key (1310) is kept in the secrets database(1200).
- the session key combined with the identification number(l 101) of the BMA(1100) is used to encrypt the biometric signature data (BSD) (1110).
- Asymmetric encryption can be used with RSA keys, or symmetric encryption can be used with AES standard keys. Verification of the BSD (1110) with the template (1002) if positive results in a Positive Signature Verification Message (1300). It is signed with the user's RSA key, and thus secure and unchangeable, guaranteeing the integrity of the information. Alternatively strong symmetric encryption can be used. If negative, an exception handling occurs alerting the buyer of an attempt at tampering or other unusual behavior of the BMA.
- the buyer pushes, as known in the art, a software agent (1400) such as an applet, to the seller's (2000) portal (2100).
- a software agent (1400) such as an applet
- the buyer sends a hashed request for proposal (RFP) (1500) together with the PSV (1300) to the seller over said secured pipe (4000).
- RFP hashed request for proposal
- an authorized sales person sends a standard X509 certificate (2001) to the buyer (1000), upon which the buyer (1000) returns a standard (MD5, SHA1) hash key (1600), over said secure pipe (4000).
- the seller (2000) uses the hash key to reconstruct the RFP (1500).
- the seller (2000) than creates a proposal (2700), signs it digitally with a private key (2002), attaches a public key (2003), and hashes the message with said hash key (1600). Then the seller (2000) transmits the message over said secure pipe (4000) to the buyer (1000).
- a MAC guarantees the message integrity, as known in the art.
- the MAC is stored in the buyer's secrets database (1200). This is also done at the seller's (2000) secrets database (2200).
- the buyer upon acceptance of the proposal (2700), the buyer sends an electronically signed purchase order (1710) to the seller(2000), who returns an electronically signed sales agreement(2710).
- these transactions may be linked to third party information systems (3000), such as the buyer's electronic banking system (3100), or the sellers order fulfillment system (3200).
- the software agent (1400) removes all traces of the transaction from the sellers (2000) website (2100), with the exception of the information stored in the seller's secrets database (2200), and the secured pipe (4000) is closed.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2002235353A AU2002235353A1 (en) | 2001-01-08 | 2002-01-08 | Pics: apparatus and methods for personal management of privacy, integrity, credentialing and security in electronic transactions |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US26019301P | 2001-01-08 | 2001-01-08 | |
US60/260,193 | 2001-01-08 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002054191A2 true WO2002054191A2 (en) | 2002-07-11 |
WO2002054191A3 WO2002054191A3 (en) | 2003-02-13 |
Family
ID=22988152
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2002/000825 WO2002054191A2 (en) | 2001-01-08 | 2002-01-08 | Pics: apparatus and methods for personal management of privacy, integrity, credentialing and security in electronic transactions |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU2002235353A1 (en) |
WO (1) | WO2002054191A2 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5557518A (en) * | 1994-04-28 | 1996-09-17 | Citibank, N.A. | Trusted agents for open electronic commerce |
US5838812A (en) * | 1994-11-28 | 1998-11-17 | Smarttouch, Llc | Tokenless biometric transaction authorization system |
-
2002
- 2002-01-08 WO PCT/US2002/000825 patent/WO2002054191A2/en not_active Application Discontinuation
- 2002-01-08 AU AU2002235353A patent/AU2002235353A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5557518A (en) * | 1994-04-28 | 1996-09-17 | Citibank, N.A. | Trusted agents for open electronic commerce |
US5838812A (en) * | 1994-11-28 | 1998-11-17 | Smarttouch, Llc | Tokenless biometric transaction authorization system |
Non-Patent Citations (2)
Title |
---|
NORTON IBIA (INTERNATIONAL BIOMETRIC INDUSTRY ASS.) June 2000, pages 1 - 6, XP002951381 * |
STEWART FINANCIAL TIMES 30 December 1998, LONDON, pages 1 - 3, XP002951382 * |
Also Published As
Publication number | Publication date |
---|---|
WO2002054191A3 (en) | 2003-02-13 |
AU2002235353A1 (en) | 2002-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10673632B2 (en) | Method for managing a trusted identity | |
US10887098B2 (en) | System for digital identity authentication and methods of use | |
US20220271937A1 (en) | Collecting surveys with secure identities via a blockchain | |
US10706416B2 (en) | System and method of generating and validating encapsulated cryptographic tokens based on multiple digital signatures | |
US6363365B1 (en) | Mechanism for secure tendering in an open electronic network | |
US7353532B2 (en) | Secure system and method for enforcement of privacy policy and protection of confidentiality | |
US10410213B2 (en) | Encapsulated security tokens for electronic transactions | |
WO2019099486A1 (en) | System for digital identity authentication and methods of use | |
CN111418184B (en) | Credible insurance letter based on block chain | |
US7167985B2 (en) | System and method for providing trusted browser verification | |
US11128604B2 (en) | Anonymous communication system and method for subscribing to said communication system | |
JP2005328574A (en) | Cryptographic system and method with key escrow feature | |
RU2451425C2 (en) | Conformity evaluation signalling service | |
JPH11512841A (en) | Document authentication system and method | |
KR20010043332A (en) | System and method for electronic transmission, storage and retrieval of authenticated documents | |
JPH10504150A (en) | A method for securely using digital signatures in commercial cryptosystems | |
CN111373431A (en) | Credible insurance letter based on block chain | |
CN111433799B (en) | Credible insurance letter based on block chain | |
CN111433798B (en) | Credible insurance letter based on block chain | |
CN114266069B (en) | House transaction electronic data sharing system and method based on blockchain technology | |
WO2020042508A1 (en) | Method, system and electronic device for processing claim incident based on blockchain | |
CN113826134A (en) | Credible insurance letter based on block chain | |
US11250423B2 (en) | Encapsulated security tokens for electronic transactions | |
CN116305185A (en) | Data processing method, system and computer readable storage medium | |
CN114168996A (en) | Zero-knowledge-proof-based alliance-link order privacy data verification method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |