USRE38070E1 - Cryptography system and method for providing cryptographic services for a computer application - Google Patents
Cryptography system and method for providing cryptographic services for a computer application Download PDFInfo
- Publication number
- USRE38070E1 USRE38070E1 US09/386,463 US38646399A USRE38070E US RE38070 E1 USRE38070 E1 US RE38070E1 US 38646399 A US38646399 A US 38646399A US RE38070 E USRE38070 E US RE38070E
- Authority
- US
- United States
- Prior art keywords
- csp
- recited
- encryption
- key
- cryptographic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000000034 method Methods 0.000 title claims description 101
- 238000004883 computer application Methods 0.000 title 1
- 230000006870 function Effects 0.000 claims abstract description 99
- 238000012795 verification Methods 0.000 claims abstract description 19
- 230000006854 communication Effects 0.000 claims description 66
- 238000004891 communication Methods 0.000 claims description 66
- 238000012545 processing Methods 0.000 claims description 11
- 238000013479 data entry Methods 0.000 claims description 5
- 238000002507 cathodic stripping potentiometry Methods 0.000 claims 1
- 230000008569 process Effects 0.000 description 42
- 239000011230 binding agent Substances 0.000 description 39
- 230000004044 response Effects 0.000 description 19
- 238000013475 authorization Methods 0.000 description 16
- 238000010586 diagram Methods 0.000 description 11
- 230000002452 interceptive effect Effects 0.000 description 10
- 230000000694 effects Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 7
- 230000004224 protection Effects 0.000 description 5
- 230000001105 regulatory effect Effects 0.000 description 5
- 238000013459 approach Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 3
- 230000003116 impacting effect Effects 0.000 description 3
- 230000008676 import Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000007620 mathematical function Methods 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 230000008929 regeneration Effects 0.000 description 1
- 238000011069 regeneration method Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2131—Lost password, e.g. recovery of lost or forgotten passwords
Definitions
- Cryptography has evolved in the electronic setting as a means to securely transfer information over a communication system that is presumed to be insecure, like the telephone lines or a public communications network (e.g., the Internet).
- cryptography provides the necessary tools to digitally secure sensitive and valuable electronic messages in a manner that insures privacy between the authenticate sender and authenticate recipient of the communiquƩ, even though the message is subject to interception on the insecure communication system.
- the sender Before sending an electronic message, the sender encrypts it. āEncryptionā transforms the message from its plaintext into some meaningless ciphertext that is not understandable in its raw form and cannot be deciphered by an eavesdropper. To ensure the recipient that the true sender originated the message, and not some impostor, the sender ādigitally signsā the message with its own unique digital signature. The signed encrypted message is then transmitted over the insecure network to the intended recipient. The recipient receives and decrypts the encrypted message. āDecryptionā transforms the message from its ciphertext back to its plaintext. Only the recipient is presumed to have the ability to decipher the message. The recipient also āverifiesā the authenticity of the digital signature to assure itself that the contents are from the legitimate sender and have not been subsequently altered.
- API application program interface
- cryptographic functionality involves the handling of sensitive information and the maintenance of secure keys. It would be advantageous for a user or application to be able to trust the cryptographic system on the same level that an operating system is typically trusted.
- the cryptographic system is a unique tri-layer architecture. It includes a cryptographic application program interface (CAPI) which provides functionality to an application, one or more cryptographic service providers (CSPs) which implement the functionality presented by the CAPI to the application, and one or more private application program interfaces (PAPI) which allow the CSPs to communicate directly with a user.
- CAPI cryptographic application program interface
- CSPs cryptographic service providers
- PAPI private application program interfaces
- the CAPI layer provides the interface with an application that requests cryptographic functions such as encryption, decryption, signing, or verification.
- the CAPI selects the appropriate CSP for performing the requested cryptographic function.
- the CSPs perform the cryptography functions and manage the cryptographic keys used in the functions. For instance, one or more CSPs might be configured to perform the encryption function using certain types of cryptographic algorithms and keys; one or more different CSPs might be configured to decrypt the messages; another CSP might be embodied to digitally sign messages; while still another CSP might be designed to verify signatures and messages.
- the CSPs are implemented as dynamic linked libraries (DLLs) that are loaded on demand by the CAPI, and which can then be called by the application through the CAPI.
- DLLs dynamic linked libraries
- the application is restricted from direct access to the cryptographic keys maintained in the CSPs, but is permitted to manipulate the keys through the use of handles assigned by the CSPs.
- Cryptographic keys used in the encryption and decryption are not exported from the CSPs in their raw form, but only in an encrypted form.
- certain confidential private keys are not permitted to leave the CSPs under any circumstances. In this manner, the CSPs protect the keys from compromise, while simultaneously offering a full range of cryptographic functionality that the user/application requests.
- the PAPI keeps the user informed as to the functions being performed by the CSPs.
- the PAPI provides the user with direct access to the CSP, independent of the application.
- the PAPI can present information to the user that the user may not trust the application to provide. For instance, the CSP can present through the PAPI an explanation of the transaction being conducted by the CSP.
- the CAPI might also present a dialog box asking for the user's confirmation each time an application requests a digital signature to enable the user to confirm or reject digitally signing the message.
- the PAPI might also be configured to notify the user and seek permission to export certain cryptographic keys.
- This system architecture can be advantageously adapted to many different environments.
- the architecture affords maximum protection of sensitive cryptographic keys.
- the cryptographic functions themselves and the associated security levels can be easily modified or replaced without affecting the higher level application. This is useful for rapid conformation to acceptable and changing regulatory and legal practices imposed by various governments.
- the architecture protects the user from malicious applications that attempt to expose key information or gain unauthorized signatures of the user.
- FIG. 2 is a schematic of the electronic commerce system during a transaction process according to another aspect of this invention.
- FIG. 3 is a flow diagram of the registration process in a method for conducting an electronic commerce transaction according to yet another aspect of this invention.
- FIG. 4 is a flow diagram of a process for generating a registration packet that is performed during the registration process.
- FIG. 5 is a flow diagram of a process for verifying a registration packet that is performed during the registration process.
- FIGS. 6-8 present a flow diagram of the transaction process in the method for conducting an electronic commerce transaction.
- FIG. 9 is a data structure used in the interchange of data between participants in the electronic commerce system.
- FIG. 11 is a block diagram of an architecture for a cryptography system according to yet another aspect of this invention.
- FIG. 12-14 are a flow diagram of encrypting and signing functions performed by the cryptography system.
- FIG. 15-16 are a flow diagram of decrypting and verifying functions performed by the cryptography system.
- FIG. 18 is a schematic of the credit card system during the transaction phase.
- FIGS. 19-22 are block diagrams depicting the FIG. 11 cryptography system as services to operating system applications resident at purchaser, merchant, acquirer, and binder participants to the FIG. 18 credit card system.
- FIG. 23 is a schematic of the electronic commerce system embodied as an interactive entertainment system according to yet another aspect of this invention.
- This invention particularly concerns a cryptographic system architecture and method for providing cryptographic functionality in a computer network environment. Primary aspects of this invention are described in detail with reference to FIGS. 10-16.
- the cryptographic system can be implemented in any context that requires cryptographic services, including such functions as encryption, decryption, digital signing, and authentication.
- FIGS. 1 and 2 show an electronic commerce system 20 for conducting secure electronic commerce transactions.
- the electronic commerce system 20 includes multiple trading partners or participants, which are represented by three participants 22 (a), 22 (b), and 22 (c), and a certified trusted authority 26 .
- Each individual electronic commerce transaction involves at least one commerce instrument and at least one commerce instrument.
- the commerce document defines the type of commerce transaction. Examples of commerce documents include purchase orders and receipts, contracts, and payment instruction receipts.
- the commerce instrument defines a mode of payment for the transaction. Examples of commerce instruments include payment instructions (e.g., checks and credit cards) and currency.
- Computing units 24 (a), 24 (b), and 24 (c) are provided at respective ones of the participants 22 (a), 22 (b), and 22 (c).
- the computing units are depicted for illustration purposes as IBMĀ®-compatible personal computers, although other forms of computing units may be used.
- the computing units might be embodied as conventional computers (such as mainframe computers, servers, PCs, laptops, notebooks, etc.) or as other computational machines, such as banking ATMs (automated teller machines) and set-top boxes used in an interactive television system.
- a computer server 28 is provided at the certified trusted authority 26 .
- the certified trusted authority is often referred to as a ācredential binder,ā ābinding authority,ā or simply ābinder.ā
- the server 28 is thus referred to herein as the ācredential binding server.ā
- the computer server is capable of receiving simultaneous requests from the multiple participants, as will be described in more detail below.
- the first phase is an initial registration process in which each participant seeks approval of the certified trusted authority.
- the second phase is a transaction process which involves the general document and instrument interchange among the various participants.
- the computing units 24 (a)- 24 (c) at the participants 22 (a)- 22 (c) are each programmed to generate and send a registration packet over the communication system (as represented by communication paths 30 (a)- 30 (c)) to the credential binding server 28 at the trusted credential authority 26 .
- the credential binding server 28 is programmed to produce unique credentials for each participant based upon their registration packets and to send the credentials 32 (a)- 32 (c) back over the communication system (as represented by communication paths 34 (a)- 34 (c)) to the multiple computing units 24 (a)- 24 (c).
- These credentials are digitally signed by the trusted credential authority and will be used to identify and authenticate other participants during the commerce transaction. It is noted that the registration process requires interaction between each participant and the trusted credential authority.
- the first recipient computing unit 24 (b) is programmed to decrypt either the commerce document(s) 36 of the commerce instrument(s) 38 depending upon which one(s) is intended for and pertains to them.
- the first recipient computing unit 24 (b) then passes the other(s) of the commerce document(s) 36 or the commerce instrument(s) 38 in encrypted form over a communication path 42 to a second computing unit 24 (c) at the second recipient participant 22 (c).
- the second recipient computing unit is programmed to decrypt the document(s) or instrument(s) intended for and pertaining to them.
- the originating participant is a consumer
- the first recipient participant is a merchant
- the second recipient participant is a financial institution, like a bank.
- the commerce document 36 is a purchase order from the consumer to buy goods or services from the merchant.
- the commerce instrument 38 is a payment instruction to the bank regarding how the consumer desires to pay for the goods or services.
- the merchant's computing unit 24 (b) decrypts the commerce document 36 (i.e., a purchaser order) which pertains to the purchase of goods or services from the merchant.
- the bank's computing unit 24 (c) decrypts the commerce instrument (i.e., the payment instructions) which pertains to payment for those goods or services.
- key components of the payment instruction (such as account number) may be encrypted within the public key envelope (i.e., next to the symmetric key used to encrypt the rest of the payment instruction).
- the computing unit 24 (c) returns a signed authorization receipt 44 over communication path 46 to the first recipient participant 22 (b) indicating that payment is guaranteed.
- the first recipient computing unit 24 (b) then sends a signed purchase receipt 48 over communication path 49 to the originating computing unit 24 (a) and complies with the commerce document in delivering the ordered goods and services.
- Each participant 22 (a), 22 (b), and 22 (c) is required to register with the certified trusted authority 26 before being permitted to engage electronically in the commercial activity.
- the registration process involves communication over the communications system between each participant and the certified trusted authority as illustrated in FIG. 1 .
- Each participant generates a registration packet containing general information about that participant (step 50 in FIG. 3 ).
- An application tailored to the particular commerce environment can be distributed to the participants to assist them in gathering and submitting the information required by the certified trusted authority.
- the registration packet includes identification information (name, location, etc.), public cryptography keys unique to the participant, and a digital signature of the participant.
- asymmetric public and private keys ensure two results. First, only the holder of the private key can decrypt a message that is encrypted with the corresponding public key. Second, if another party decrypts a message using the public key, that party can be assured that the message was encrypted by the private key and thus originating with someone (and presumably the holder) of the private key.
- An example asymmetric cipher is the well-known RSA cryptographic algorithm named for the creators Rivest, Shamir, and Adleman.
- the participant generates a digital signature that is unique to the participant and to the message.
- the digital signature is computed by hashing the data contained in the registration packet.
- a hash function is a mathematical function that converts an input data stream into a fixed-size, often smaller, output data stream that is representative of the input data stream.
- both public keys of the signing pair and the key exchange pair are encrypted with a symmetric cipher using a randomly selected bulk data symmetric encryption key.
- the encryption key can be calculated from the decryption key, and vice versa.
- the encryption key and the decryption key are the same. Encryption and decryption using a symmetric key can be represented as follows:
- E K is an encryption function using the symmetric key āKā
- D K is the decryption function using the same encryption key āKā.
- the symmetric key must be known to both the sender and receiver, but otherwise kept secret. Once the symmetric key is divulged, any party can encrypt or decrypt messages.
- Example symmetric ciphers are a DES (Data Encryption Standard) encryption algorithm or an RC 4 algorithm.
- Step 78 is represented as follows:
- E Ksym is the encryption function using the symmetric key
- K sign ā pub ā part is the participant's public key of the signing pair
- K exc ā pub ā part is the participant's public key of the key exchange pair.
- the computing unit at the registering participant encrypts the symmetric key using an asymmetric cipher which employs a public encryption key unique to the certified trusted authority or binder (step 80 ).
- the participant is assured that only the binding authority will be able to decrypt the symmetric key, and hence the rest of the registration packet.
- the encryption of the symmetric key is represented as follows:
- the data encryption process involves a dual encryption technique: a first encryption of data using the symmetric key, and then a second encryption of the symmetric key using an asymmetric key pair.
- This dual encryption affords the desired security through the use of a strong asymmetric key pair, while facilitating encryption of bulk data using the more efficient symmetric key.
- the computing unit places the encrypted data, digital signature, and public keys in a communications packet.
- the communications packet is suitable for the appropriate communications system supporting the electronic commerce system 20 .
- the communications packet is in the form of individual digital data structures that contain the appropriate routing information to efficiently locate the intended recipient.
- the next step 52 in the registration process is for each participant computing unit 24 (a), 24 (b), and 24 (c) to send its completed registration packet to the credential binding server 28 over the communications system.
- This step is represented graphically in FIG. 1 by communication paths 30 (a)- 30 (c) from the participants 22 (a)- 22 (c) to the certified trusted authority 26 .
- the credential binding server 28 verifies the authenticity of the registration packets as being sent by the participants. The verification process itself is described in more detail with reference to FIG. 5 .
- the credential binding server 28 decrypts the symmetric bulk data encryption key K sym using its own private key as follows:
- the credential binding server 28 uses it to decrypt the participant's public keys and other data contained in the registration packet (step 92 in FIG. 5 ). This can be shown as:
- the credential binding server 28 decrypts the hash of the participant using the recovered participant's public signing key, K sign ā pub ā part . This yields the hash, dS, as computed and concealed (encrypted) by the originating participant:
- the credential binding server 28 then performs a two-step verification technique to verify that the packet actually originated from the participant, and not an impostor.
- the credential binding server 28 recalculates the participant's digital signature by hashing the data contained in the decrypted registration packet using the same hashing function employed by the participant. The recalculated hash is then compared with the decrypted hash received as a digital signature, i.e., privately encrypted hash, in the registration packet (step 98 in FIG. 5 ). If the two hashes match, the credential binding server is assured both that the registration packet was indeed signed by the participant and that the contents have not been subsequently altered.
- the next step 56 in the registration process is to generate a credential for the participant.
- the credential binding server 28 generates the credential.
- Each credential is unique to a particular participant, and will be used in future transactions as a means for identifying the participants and for authenticating the participants to each other.
- the credential contains the participant's public signing key, public key exchange key, unique identifiers, validity dates, owner information, issuer information, and information about the participant determined in advance by owners and controllers of the particular commerce environment.
- the credential binding server 28 attaches a digital signature of the trusted credential authority 26 to the credential.
- the digital signature is generated by encrypting a hash of the credential using the private key of the trusted credential authority 26 .
- the binder's digital signature will be used by the participants during transactions to verify that communications are between authorized participants who have properly registered with the trusted credential authority.
- the signed credential is transferred from the credential binding server 28 back over the communications system to the individual computing units 24 (a), 24 (b), and 24 (c) at respective participants 22 (a), 22 (b), and 22 (c).
- the participants are ready to conduct their commercial activity. Unlike the registration process, however, the transaction process involves communication only among the participants to the transaction. There is no interaction between any of the participants and the trusted credential authority.
- the commerce transaction process concerns the interchange of documents and instruments by participants, such as the representative three participants 22 (a)- 22 (c).
- participants such as the representative three participants 22 (a)- 22 (c).
- the number of participants involved in a commerce transaction, the nature and content of the documents and instruments, and the exchange protocol are all defined in advance according to the particular commerce environment.
- the participants 22 (a)- 22 (c) interchange information over the one or more communication systems between them, as illustrated by the pairs of arrows, without involving the credential authority 26 .
- All commerce transactions have an originating participant, which is represented by participant 22 (a), and one or more recipient participants, which are represented by participants 22 (b) and 22 (c).
- the originating participant 22 (a) is the one who initiates a commerce transaction.
- the computing unit 24 (a) at the originating participant 22 (a) starts the commerce transaction by transmitting a request for the credentials of the intended recipient participants 22 (b) and 22 (c) who will be involved in the transaction (step 100 in FIG. 6 ).
- the computing units 24 (b) and 24 (c) at respective recipient participants 22 (b) and 22 (c) return their unique credentials to the originating computing unit 24 (a) (step 102 in FIG. 6 ).
- the originating computing unit 24 (a) verifies the authenticity of the intended recipient participants. This verification is achieved by validating the digital signature of the trusted credential authority that is attached to the credential. Recall from the registration process described above that the credential binding server digitally signed each credential by encrypting the hash of the credential with the secret private signing key of the trusted credential authority. The originating computing unit 24 (a) decrypts the hash by decrypting the encrypted hash using the binder's public key.
- the originating computing unit If the decrypted hash matches, bit-for-bit, an independently and locally (trusted) hash of the credential, then the originating computing unit is assured both that the credential was created and signed by the trusted credential authority and has not been subsequently modified, and that the recipient participant is thereby authenticated.
- the originating participant 22 (a) constructs the appropriate commerce document and commerce instrument for the commercial transaction.
- a commercial transaction might involve more than one document or instrument, but for simplicity of discussion, our example transaction involves one document and one instrument.
- the originating computing unit 24 (a) computes the hash of the document and instrument through use of a hashing algorithm.
- the originating computing unit 24 (a) encrypts the hash using the private signing key of the originator's signing pair of asymmetric keys, as follows:
- the originating computing unit 24 (a) generates symmetric bulk data encryption keys and encrypts the document and instrument using the symmetric keys.
- the document is encrypted with one symmetric encryption key and the instrument is encrypted with a different symmetric encryption key.
- the encrypted hash, dSā² org ā part attached to the document and instrument as a digital signature is also encrypted using the symmetric encryption keys.
- the bulk encryption step is represented as follows:
- the originating computing unit 24 (a) encrypts the symmetric keys with the public key exchange keys of the recipient participants that are intended to receive the document and instrument.
- the commerce document is a purchase order that is intended for the first recipient participant 22 (b), who is a merchant.
- the commerce instrument is a payment instruction that is intended for the second recipient participant 22 (c), which is a bank.
- the originating computing unit 24 (a) encrypts the first symmetric key used to encrypt the document (i.e., purchase order) and originator's digital signature with the first recipient's (i.e., merchant's) public key from its key exchange pair of asymmetric keys. This public key exchange key was obtained from the first recipient's credential.
- the originating computing unit 24 (a) encrypts the second symmetric key used to encrypt and instrument (i.e., payment instruction) and originator's digital signature with the second recipient's (i.e., bank's) public key exchange key that was obtained from the first recipient's credential.
- sensitive or otherwise critical account information (such as a credit card account number) may be concatenated with the symmetric key, such that the account information also is encrypted with the recipient's (i.e., bank) public key exchange key. This affords some longer term protection for the account information, should the symmetric key or algorithm ever become compromised. This step is represented as follows:
- the originating computing unit 24 (a) transmits the signed encrypted document and instrument over the communication system to the computing unit 24 (b) at the first recipient participant 22 (b). This is illustrated diagrammatically in FIG. 2 by the document folder 36 and the instrument folder 38 being forwarded along communication path 40 .
- the originating computing unit 24 (a) also forwards the credential 32 (a) of the originating participant 22 (a) so that the recipients will have the necessary information to return communication.
- the computing unit 24 (b) at the first recipient participant 24 (b) decrypts the portion of the package that pertains to them.
- the first recipient participant 24 (b) is a merchant and the commerce document is a purchase order that is intended for the merchant. Accordingly, the merchant computing unit 24 (b) decrypts the document portion.
- the computing unit 24 (b) initially decrypts the first symmetric bulk data encryption key using its own private key of the key exchange pair of asymmetric keys, as follows:
- the merchant computing unit 24 (b) then decrypts the document, or purchase order, using the decrypted symmetric bulk data encryption key, as follows:
- This decryption also yields the originator's signature which itself is the hash of ādocumentā encrypted with the signing private key of the originating participant.
- the first recipient computing unit 24 (b) verifies the originator's signature using the originator's signing public key which was provided in the originator's credentials that was forwarded with the document and instrument. If the decryption yields a hash that compares, bit-for-bit, with an independently, locally computed hash of ādocumentā, the first recipient participant 22 (b) can be assured that the originating participant 22 (a) sent the document, signed the document, and that the document was intended for the first recipient participant.
- the first recipient participant can authenticate the originating participant by verifying the digital signature of the credential binding authority on the signature credential of the first recipient in the manner described above (step 122 in FIG. 7 ).
- the method of this invention calls for the originating participant to forward both the document and instrument to the first recipient participant.
- the commerce transaction is greatly simplified in that the originating recipient only forwards the items to one place.
- the first recipient participant can only decipher and read that portion of the package that is destined or intended for it.
- the originating participant is assured that only the first recipient can decrypt the document using its key exchange private key.
- the originating participant is assured that the first recipient participant cannot decrypt the instrument.
- the computing unit 24 (b) at the first recipient participant 22 (b) repackages the encrypted instrument in another communications package and passes the package onto the computing unit 24 (c) at the second recipient participant 22 (c) over the same or a different communication system.
- This is illustrated diagrammatically in FIG. 2 by the instrument folder 38 being forwarded from the first recipient computing unit 24 (b) along communication path 42 to the second recipient computing unit 24 (c).
- the first recipient computing unit 24 (a) also sends along its credential 32 (b), and the originating participant's credential 32 (a), so that the second recipient participant will have the necessary information to return communication.
- Steps 126 , 128 , and 130 are similar to steps 118 , 120 , and 122 that were described above.
- the computing unit 24 (c) at the second recipient participant 24 (c) decrypts the commerce instrument (step 126 ).
- the second recipient participant is a bank which decrypts the payment instructions concerning how the purchaser (i.e., the originating participant) intends to pay for the items ordered from the merchant (i.e., the first recipient participant).
- the instrument decryption involves a two-step process of (1) decrypting the second symmetric bulk data encryption key using its own private key exchange key, and subsequently (2) decrypting the instrument (e.g., payment instructions) using the recovered second symmetric key. This two-step procedure is represented as follows:
- the second recipient computing unit 24 decrypts the originator's signature using the originator's public signing key that was provided in the originator's credentials and verifies the digital signature (by independently computing the hash of āinstrumentā) and authenticity of the originating participant (by verifying the digital signature of the credential binding authority on the signature credential of the originating participant).
- step 132 it is determined whether there are any more participants involved in the transaction. If there were more recipient participants (i.e., the ānoā branch from step 132 ), the second recipient would simply pass the remaining portions of the package, which would still be encrypted, onto the next participant (step 124 ). The process of steps 126 - 130 would then be repeated. In our example, however, there are only two recipient participants: merchant and bank. Since there are no more participants (i.e., the āyesā branch from step 132 ), the participants can return the appropriate receipts at step 134 .
- the computing unit 24 (c) at the second recipient participant i.e., the bank
- the computing unit 24 (b) returns a signed authorization receipt to the first recipient participant (i.e., the merchant) that payment is guaranteed.
- the return receipt 44 being transmitted over communication path 46 .
- the first recipient computing unit 24 (b) receives the receipt, it will send a signed purchase receipt for the purchase to the originating computing unit 24 (a) and fill the purchase order.
- the return receipt 48 being transmitted from the first recipient computing unit 24 (b) over communication path 49 to the originating computing unit 24 (a).
- the symmetric keys used for the documents or instruments may be pre-established amongst the participants. This will reduce the overall canonical data size as well as eliminate several public key decryption operations, thereby enhancing performance.
- the keys may be exchanged or established through a variety of means.
- authentication of the participants, as well as the exchange of symmetric keys may be accomplished through a trusted third party.
- a trusted third party For example, the Kerberos system is one such architecture which facilitates this embodiment.
- the digital signature technique used may be based on a technology other than public key.
- the El Gamal digital signature technique based on symmetric key cryptography, may be used.
- the hash values from each of the document(s) and commerce instrument(s) might be concatenated and then encrypted using the originator's private signature key. This has the advantage of computing only one public key encryption for multiple documents.
- encryption is subject to stringent regulation. Limitations may be applied to the algorithms as well as the key sizes used. In order to enable and ensure compliance with applicable regulations, it may be necessary for the communicating participants to negotiate or otherwise pre-establish the applicable parameters. In transaction commerce electronically, the participants may not necessarily be in direct communication (e.g., they may be communicating via Electronic Mail).
- an originating participant When an originating participant encrypts a document or instrument for a specific recipient, that originating participant takes his or her encryption index, along with the encryption index of the intended recipient, and uses the two values to look up the appropriate algorithm in a preestablished table.
- This table typically is established by the certifying authority for the version of the commerce protocol being used.
- the table typically contains the least common denominator of encryption allowed between the two participants. This is particularly useful in international commerce, where the regulations for one participant may differ from that of another. It is assumed (and the responsibility of the credential authority) that the algorithm/key size at the intersection in the table is one which is compliant with both countries involved in the transaction.
- Table 1 illustrates an example preestablished table used in a negotiation process between a first participant with one possible encryption index and a second participant with another possible encryption index.
- the encryption indices range from a value ā0ā which represents the inability to encrypt items to a value ā2ā which represents the ability to use rather secure encryption techniques.
- FIG. 9 shows a data structure 140 used to carry each package that is exchanged between the participants, or between the participant and the credential trusted authority. It is used to encapsulate the messages and the message components.
- the data structure is a ātag-length-valueā structure that provides a convenient way to handle fields as self-defined entities. This affords the flexibility of adapting to the message content being sent.
- the tag-length-value (TLV) data structure 140 consists of three parts: an identifier field 142 (which is also known as the ātagā), a length field 144 , and a value field 146 .
- the identifier field or tag 142 is a fixed-size field (e.g., 32-bit) that defines or identifies the commerce data contained in the package. Only those tags defined for the particular commerce environment may be used.
- the length field 144 is a variable-sized field which contains a length of the commerce data contained in the package. The length field is preferably an exact byte count of the data contained in the value field 146 . For string fields that are NULL-terminated, the count includes the NULL character.
- the value field 146 is a variable-sized field which contains the actual commerce data defined by the tag.
- the data structure allows data elements to be self-describing, which affords tremendous flexibility.
- it renders the data elements conducive to C++ programming protocols.
- Another benefit is that the TLV data structure facilitates future protocol extensibility.
- Still another region is that the data structure enables backward compatibility. Further, the data structure permits customization of the contents of messages to fit the particular commerce environment without impacting the basic architecture, technology and implementation of the electronic commerce system itself.
- Each computing unit 24 (a)- 24 (c), as well as the credential server 28 is equipped to perform cryptographic functions including encryption, decryption, digital signing, and verification.
- the computing units are programmed to execute a commerce application that facilitates the computerized, electronic commerce system. To sustain the security and authentication functions of the electronic commerce system, the commerce application must be able to provide encryption, decryption, and digital signing. Accordingly, each computing unit is implemented with a cryptography system that supports the commerce application with respect to these functions.
- FIG. 10 shows a computing unit 22 that is used in the electronic commerce system of this invention.
- Computing unit 22 has a processor 150 , a network I/O port 152 , and a memory 154 which are all interconnected via an internal multi-bit bus 156 .
- the network I/O port 152 couples the computing unit 22 to the communication system employed in the electronic commerce system.
- the network I/O port 152 might be in the form of a modem, network card, or the like.
- the computing unit 22 also includes a data input apparatus 158 (e.g., a keyboard, a mouse, a trackball, a keypad, etc.) and a card reader 160 (e.g., a smart card reader, a credit card reader, etc.) which are both operatively coupled to the bus 156 .
- a data input apparatus 158 e.g., a keyboard, a mouse, a trackball, a keypad, etc.
- a card reader 160 e.g., a smart card reader, a credit card reader, etc.
- a commerce application 162 is stored in memory 154 and executable on the processor 150 .
- the commerce application is a software program that is tailored to the particular commerce activity in which the participant is involved.
- the computing system 22 also has a cryptography system which supports the commerce application 162 .
- the cryptography system is implemented in software that is stored in the memory 154 and executed on the processor 150 .
- FIG. 11 shows the general architecture of the cryptography system, which is referenced with numeral 170 .
- Cryptography system 170 has three layers: (1) a cryptographic application program interface (CAPI) 172 , which provides functionality to an application that it is supporting (in this case, the commerce application 162 ); (2) one or more cryptographic service providers (CSP) 174 (a)- 174 (d), which implement the cryptographic functionality presented by CAPI to the application; and (3) one or more private application program interfaces (PAPI) 176 (a)- 176 (d) which allow the CSPs to communicate directly with a user 178 .
- this cryptographic system could incorporated into an operating system as a service layer to provide cryptographic services, as is described below in more detail with respect to FIGS. 19-22.
- the CAPI layer 172 itself is thin. Its principal task is to select an appropriate CSP and verify its authenticity.
- the commerce application 162 needs a sequence of cryptographic functions to be performed (e.g., encryption, decryption, signing)
- the application invokes the CAPI 172 to acquire a context associated with the appropriate CSP.
- the CAPI 172 then loads the CSP and verifies its authenticity.
- Each CSP is digitally signed by a certified trusted authority (such as the credential binding authority) through the use of its private encryption key.
- This digital signature 179 is graphically illustrated in FIG. 10 as part of the CSP 174 in memory 154 .
- the binding authority's public encryption key 180 is embedded in the CAPI 172 so that the CAPI 172 can verify the authenticity of the CSP by validating the digital signature 179 of the certified trusted authority. This verification prevents introduction of a foreign or impostor CSP.
- the CAPI 172 also provides an insulating layer between the application and the CSP so that the application never has direct access to the CSP, but can only call to the CSP through the CAPI.
- the CAPI 172 is preferably implemented in software. As shown in the computing unit implementation of FIG. 10, the CAPI 172 is stored in memory 154 and executed on processor 150 . The CAPI 172 is shown as having a CSP verifier module 181 to perform the above described CSP verification.
- the CSPs 174 (a)- 174 (d) implement the cryptographic functionality requested by the application.
- the CSPs perform encryption key management, encryption/decryption services, authentication and key exchanging tasks, hashing routines, and digital signing.
- a different CSP is configured to perform each of these functions, although a single CSP can be implemented to perform them all.
- the CSPs 174 (a)- 174 (d) are dynamically accessible by the CAPI 172 using conventional loading techniques.
- the CSP 174 has a key manager 182 (FIG. 10) that stores, generates, or destroys encryption keys of any type, including symmetric cryptographic keys and asymmetric cryptographic keys.
- the CSP stores the participant's signing pair of private/public keys 184 that is used to digitally sign the registration packet, commerce document, and commerce instrument.
- the CSP also stores the participant's key exchange pair of private/public keys 186 that is used to decrypt messages sent by other participants.
- the CSP 174 has a symmetric key generator 188 which generates the random symmetric bulk data encryption keys used to encrypt the messages sent to others. These symmetric keys are preferably āsessionalā and thus generated for each transaction.
- the CSP also imports and exports encryption keys in their encrypted form. For example, the CSP can export the symmetric encryption keys in their encrypted form when the commerce document and the commerce instrument are dispatched to the recipient. Alternatively, the CSP can import such encrypted symmetric encryption keys from another participant.
- the CSP can also export or import the public encryption keys of the participants signing and key exchange pairs. These public keys are the only keys that are made readily available in their non-encrypted format. After importation, the CSP treats the encryption keys as if it generated them itself. Once the symmetric keys are used and the transaction is completed, however, the CSP destroys them.
- the CSP 174 is specifically designed to avoid exposing the participant's private keys to any application or user.
- the encryption keys are never directly accessible to the applications.
- the asymmetric private encryption keys are not permitted to leave the CSP under any circumstances.
- the symmetric keys are permitted to leave the CSP only in an encrypted state; they are not exported in a raw form. In this manner, the CSP key manager prevents the application from never inadvertently mishandling keys in a way that might cause them to be intercepted by those to whom they were not directly sent.
- the CSP key manager assigns āhandlesā to the various keys that are created or imported. These handles are made available to the application via the CAPI. The application can manipulate the keys indirectly using the handles, rather than having absolute control over them. However, the keys themselves remain hidden from the application and CAPI.
- One or more CSPs are also provided with encryption/decryption devices which encrypt and decrypt data using previously generated or imported symmetric keys, and the asymmetric key pairs. More particularly, the CSP 174 has a symmetric key encryption/decryption device 190 which is used to encrypt and decrypt messages (such as the commerce document and commerce instrument) using the generated or imported symmetric keys. An asymmetric key encryption/decryption device 192 is also provided to encrypt and decrypt the symmetric keys using the key exchange key pair 186 .
- a CSP 174 another function of a CSP 174 is to perform an authentication/key exchange protocol.
- the CSP generates a symmetric key to encrypt the data and then encrypts that encryption key using the public signing key that belongs to the intended recipient.
- This protocol provides a high degree of security by encrypting the data, and then assuring that only the intended recipient can open the encrypted packet.
- the CSP 174 also has a hashing calculator 194 which computes the cryptographic digest of the data contained in any messages sent between participants.
- the hashing calculator 194 translates the data according to a hashing function into a fixed-size, and often reduced, hash value which is representative of the original data.
- Cryptographic hash functions are beneficial in that they reduce the size of data to a hash value which is unique to that data set. Additionally, according to some cryptographic hash functions, it is computationally infeasible to find two data streams with the same hash value.
- the CSP 174 also performs the task of digitally signing messages sent by the participant.
- the CSP has a signing device 196 which provides a digital signature unique to the combination of message and participant.
- the CSP signing device 196 computes the digital signature by encrypting a previously computed hash value output by the hashing calculator 194 with the private signing key pair 184 .
- the CSP 174 is preferably implemented in software as dynamic linked libraries (DLLs). This implementation is advantageous because it can be easily invoked by the CAPI or by the application through the CAPI. Furthermore, the cryptographic functions can be changed or updated simply by replacing one or more DLLs. With the CAPI layer in between, the CSP DLLs can be replaced without affecting how the application interacts with them. Additionally, by packaging the cryptographic services in DLLs, it will be possible to change the strengths of the services as regulatory considerations change without impacting the higher level applications.
- DLLs dynamic linked libraries
- the CSPs might also be implemented in combination with hardware.
- a set-top box implementation having a smart card reader and installed software.
- the cryptographic keys are stored and used only in the card processor, so that they are not even exposed to sophisticated software attacks.
- a combination tamper-resistant hardware such as a smart card
- a personal computer PC
- the PC might not be as trusted as the set-top box, and thus extra verification of the hardware and terminal might be necessary.
- the CSPs have associated private application program interfaces (PAPI) 176 ( a )- 176 (d) which permits the CSPs to interact with the user through an implementation-dependent user interface.
- PAPI application program interfaces
- the PAPI 176 presents an explanation of the transaction to the user to assist the user in understanding the specifics of the transaction. This presentation might be in the form of a textual summary displayed on a monitor.
- the PAPI enables the user to confirm or reject the transaction by either attaching a digital signature authorizing the transaction, or avoiding signing to cancel the transaction.
- the cryptography system mitigates the danger that a malicious application will obtain sensitive information.
- the PAPI 176 also provides several other functions.
- One function provided by the PAPI 176 is context verifications in which the PAPI 176 verifies the authenticity of the user or entity that is operating at the computing unit prior to granting that user access to the application.
- the PAPI might mediate a user login sequence to validate the user.
- the PAPI 176 might be implemented in hardware, such as in combination with card reader 160 which reads a smart card or PCMCIA card, to verify the cardholder.
- the CSP 174 checks with the PAPI 176 to ascertain whether the appropriate authentication procedures have been met between the user and computing unit before letting the commerce application acquire a context.
- This context verification function is particularly useful for on-line PC services or banking ATMs that require participation from a person.
- This aspect of the PAPI is implementation dependent. If implemented in a software-based PC, the context verification might simply involve a check with the PC operating system for the identity of the user already logged in. In a smart card terminal implementation, a full login with PIN entry may be required.
- PAPI 176 Another function of the PAPI 176 is to enable data entry from the user.
- the PAPI operates in conjunction with the data input apparatus 158 to permit data entry. Examples of this function include allowing the user to input a unique PIN during context verification, or to enter information regarding the transaction, or to enter confirmation/denial commands.
- the PAPI 176 also informs the user as to the state of certain keys that the user might deem as requiring higher security.
- the PAPI 176 can be configured to consult the user each time a key is created, exported, or used. This permits the user to have some control over particular keys, while further minimizing the possibility of a malicious application from exporting the keys in raw form.
- each computing unit 24 is equipped with a cryptography system 170 , including an originating computing unit and a recipient computing unit.
- a cryptography system 170 including an originating computing unit and a recipient computing unit.
- the operation will be described in two parts. A first part explains the function of the cryptography system that takes place in the originating computing unit when preparing a message for transmissions (FIGS. 12 - 14 ). A second part describes the function of the cryptography system that occurs in the recipient computing unit after receiving a message (FIGS. 15 - 16 ).
- the application 162 supplies a plaintext message to the CAPI 172 to be encrypted and signed.
- An example plaintext message is the commerce document and the commerce instrument.
- the CAPI 172 selects the appropriate CSP or CSPs 174 to perform the encryption and signing (step 202 ). In one implementation, this step entails loading the appropriate DLL, and performing a series of calls, such as calls to begin and end the encryption and to digitally sign the result. For purposes of continuing discussion, the operation will be described as if the CSP 174 in FIG. 10 is capable of performing both the encryption and signing functions.
- step 204 communication with the CSP is established between the CAPI 172 and selected CSP 174 .
- the CAPI 172 verifies the authenticity of the CSP 174 by validating the binding authority's digital signature 179 attached to the CSP 174 using the binding authority's public signature key 180 embedded in the CAPI 172 (step 206 ).
- the CAPI 172 passes the plaintext message to the CSP 174 for encryption (step 208 in FIG. 12 ).
- the CSP hashing calculator 194 translates the plaintext message into a cryptographic digest (step 210 in FIG. 12 ).
- an explanation of the transaction (such as what the commerce document or commerce instrument include) is passed to the PAPI 176 (step 212 in FIG. 12 ).
- the PAPI 176 supports a user interface which presents the explanation to the user 178 (step 214 in FIG. 13) and allows the user to input commands which confirm, modify, or deny the transaction. This affords an opportunity for the user to make changes to the transaction at its inception, before involving other participants. For example, the user might wish to change a purchase order or alter how he/she expects to pay for the purchased items. From a security perspective, this user interface ensures that the user is aware of the transaction and that he/she is authorizing it.
- the PAPI 176 returns a confirmation to the CSP 174 (step 216 in FIG. 13 ).
- the CSP signing device 196 attaches the originator's digital signature to the message by encrypting the cryptographic digest (hash) using the originator s private key of the signing pair.
- the CSP symmetric key generator 188 generates a symmetric bulk data encryption key (step 220 in FIG. 13) and the CSP symmetric key encryption/decryption device 190 encrypts the message and the originator's digital signature using the new symmetric encryption key (step 222 ).
- the CSP asymmetric key encryption/decryption device 192 encrypts the symmetric encryption key using the key exchange public key of the intended recipient that is imported to the CSP.
- the CSP 174 returns the signed and encrypted commerce document and commerce instrument to the CAPI 172 , and then onto the application.
- the CSP 174 can inform the user via the PAPI 176 that certain keys, such as the symmetric key, are being exported from the CSP in its encrypted format (step 228 in FIG. 14 ).
- certain keys such as the symmetric key
- the asymmetric private keys of the signing and key exchange pairs are not exported from the CSP, but are permanently retained in confidence within the CSP.
- the commerce instrument and commerce instrument are then ready for transmission from the originating computing unit to the recipient computing unit as described above.
- the commerce application running at the recipient computing unit receives the signed encrypted document and instrument and passes the package to its own cryptography system 170 .
- the encrypted document and instrument are supplied to the CAPI 172 for purposes of being decrypted and verified (step 250 in FIG. 15 ).
- the CAPI 172 selects the appropriate CSP or CSPs 174 to perform the decryption and verification (step 252 in FIG. 15 ).
- the appropriate CSP DLL is loaded and the application performs a series of calls to the DLL through the CAPI.
- the operation will again be described as if the CSP 174 in FIG. 10 is capable of performing both the decryption and authentication functions at the recipient computing unit.
- Communication is then established between the CAPI 172 and selected CSP 174 (step 254 in FIG. 15 ), and the CAPI 172 verifies the authenticity of the CSP 174 (step 256 ).
- the CAPI 172 passes the encrypted document and instrument to the CSP 174 for decryption (step 258 ).
- the CSP asymmetric key encryption/decryption device 192 decrypts the symmetric encryption key using the recipient's private key exchange key 186 maintained in the CSP.
- the CSP symmetric key encryption/decryption device 190 uses the recovered symmetric key to decrypt the message and originator's digital signature to provide the signed cryptographic digest (hash) (step 262 in FIG. 15 ).
- the plaintext message is returned from the CSP to the CAPI 172 and then to the commerce application 162 (step 266 in FIG. 16 ).
- the CSP destroys the symmetric encryption key for that session (step 268 ).
- Each participant is equipped with a computing unit, including a PC 312 at the purchaser and servers 314 , 316 , and 318 at the merchant, acquirer, and binder, respectively.
- Each computing unit is loaded with a credit card application and a cryptography system to support the credit card application with respect to its cryptographic needs.
- each participant requests and receives credentials from the binder 310 .
- āBindingā in this context means that the acquirer 306 is a known interface to an existing card payment system that is in use today; the merchant 304 is known to be able to accept credit cards for payment and deposit them with the acquirer 306 , and the purchaser 302 has a payment card known by the issuing bank 308 that issued the card.
- Credentials for the acquirer 306 and the merchant 304 are created by the binder 310 as authorized by their responsible bank.
- Credentials for the purchaser are created by the binder 310 as authorized by the purchaser's bank or authorized agent in the form of the card association.
- Cardholder credentials are created when the purchaser 302 requests registration of a credit card.
- the purchaser enters card information (such as card number, expiration date, name on card) on the PC 312 to complete a registration application.
- the purchaser's computing unit also uses its cryptography system to generate the signing and key exchange pairs of public/private cryptography keys.
- the public keys are included in the registration packet.
- the purchaser's computing unit digitally signs the card registration packet and sends the packet over a communication system to the binder's server 318 .
- the binder's server 318 validates the registration packet and creates a cardholder credential based on the information supplied by the purchaser.
- the cardholder credential includes the following information:
- Cardholder Credential 1. Credential Serial Number. 2. Cardholder Name. 3. Hashed Account Number. 4. Cardholder's Signing Public Key. 5. Cardholder's Key Exchange Public Key. 6. Credential Expiration. 7. Version of Credential Format. 8. Encryption Index
- the ācredential serial numberā is a number generated by the binder to uniquely identify the credential.
- the āhashed account numberā is created using a one-way hashing algorithm, such as the well-known SHA (secure hash algorithm), which easily creates a unique hash value representative of the account number while rendering the regeneration of the account number from the hash value computationally infeasible.
- the hash guarantees that the credential is tied to a specific credit card. However, knowledge of the credential does not give any insight to the actual number of the credit card.
- the ācredential expirationā field contains the date range that the credential is valid as decided by the binder.
- the cardholder credential is signed by either the binder 310 , which might be the card association binder, or the card issuing bank binder in those cases where the card association has authorized the card issuing bank to do so.
- This credential is then sent back over the communication path from the binder's server 318 to the purchaser's computing unit 312 as indicated by the credential 320 in FIG. 17 .
- the acquirer 306 registers with the binder 310 for both itself and on behalf of the merchant 304 .
- the merchant 304 participates based upon the authority of the merchant's financial institution, which is the acquirer 306 in this case.
- the binder will create both credentials 322 and 324 for the merchant and acquirer and send both to the acquirer, which then passes the merchant's credential 322 onto the merchant.
- the acquirer can create the merchant's credential directly.
- the merchant's credential is conceptually similar to the cardholder credential. There are eleven fields contained in the merchant's credential, with the first six fields being analogous to fields in the cardholder credential.
- the merchant's fields are:
- the last four fields are used to help define the business relationships and responsibilities that are inherent in the credit card model.
- the āacquirer's key exchange public keyā is included to enable encryption of the payment instruction by the purchaser such that only the acquirer may decrypt it.
- the acquirer's public is key could be distributed directly to the purchaser via the acquirer's credential, but is preferably included in the merchant's credential in the interest of efficiency and is in recognition of the special business relationship between the acquirer and the merchant.
- the ācard brand acceptedā field indicates the particular card brand (e.g., VisaĀ® or MasterCardĀ®) that can be accepted by the merchant.
- the āacquirer BINā is the identifier of the acquirer as used by the card association.
- the āmerchant IDā is the identifier of the merchant as used by the acquirer.
- the cardholder's credential is signed by the card association binder or the acquirer if authorized by the binder.
- the acquirer credential contains items similar to the purchaser or merchant credentials, including the following:
- the acquirer credential is digitally signed by the credit card association's credential binding authority.
- the credit card system implemented with the electronic commerce system of this invention involves the communication paths shown in solid lines.
- the electronic credit card system of this invention facilitates the document and instrument interchange among the purchaser 302 , merchant 304 , and acquirer 306 .
- the dotted lines represent commerce processes implemented and operating by the existing payment card authorization and settlement systems in use today.
- the purchaser PC 312 , merchant server 314 , and acquirer server 316 all execute a credit card order and payment application, and a cryptography system, to meet the security, privacy, integrity, and authenticity needs of this particular commerce system.
- the purchaser 302 creates a commerce document in the form of a goods and services order (GSO) and a commerce instrument in the form of a purchase instruction (PI).
- GSO goods and services order
- PI purchase instruction
- the GSO and PI are configured in packets using the tag-length-value data structure described above with reference to FIG. 9 .
- An example GSO contains a name of the payee (merchant), an authorized amount, a unique transaction ID, purchaser's name and address, an order expiration, and an order form.
- An example PI includes the payee name (merchant), the authorized amount, the unique transaction ID, a GSO message digest, a card expiration, and order expiration.
- the GSO and PI are digitally signed by the purchaser using the appropriate cryptographic service provider (CSP) is the cryptography system.
- CSP cryptographic service provider
- the GSO and PI are then encrypted with a symmetric cipher using two different, randomly selected symmetric keys.
- the GSO data requires relatively less privacy (in comparison to the PI) because it contains less financial information.
- the GSO can be encrypted with a symmetric key of comparatively less strength, such as a key devised by the known RC 4 algorithm with a key length of 40 bits.
- the PI contains more financial information and warrants higher privacy.
- the PI is encrypted with a DES symmetric key having a key length of 56 bits.
- the symmetric keys for the GSO and PI are next encrypted with the key exchange public keys of the merchant and acquirer, respectively.
- the GSO symmetric key is less stringently protected by a relatively smaller 768-bit RSA public key, whereas the PI symmetric key is more strongly protected using a 1024-bit RSA key.
- the signed encrypted GSO 330 , signed encrypted PI 332 , and the cardholder credential 320 are packaged and sent to the merchant over a communication network 334 .
- An example network 334 include a telephone network.
- the merchant server 314 uses its cryptography system, decrypts the GSO 330 using its own key exchange private key.
- the merchant server 314 uses the purchaser's public signing key received in the cardholder credential 320 to verify the purchaser's digital signature on the GSO. This assures the merchant that the purchaser is authentic and the order is valid. Meanwhile, unable to decrypt the PI 332 , the merchant server 314 leaves the PI in its encrypted form.
- the merchant needs to secure funds from the purchaser to pay for the ordered items. Accordingly, the merchant server 314 sends the still encrypted PI 322 and the purchaser's credential 320 onto the acquirer server 316 using the same or another communication network 336 .
- An example network 336 might be as ISDN network which links the merchant and acquirer.
- the acquirer server 316 uses its cryptography system and own private key exchange key to decrypt the PI 332 .
- the acquire server 316 uses the purchaser's signing public key received in the purchaser's credential 320 to verify the purchaser's digital signature on the PI.
- the PI is channeled through the existing payment card authorization system to validate the availability of funds for the purchaser. More particularly, the acquirer 306 uses the existing credit card network 338 to contact the issuing bank 308 that issued the credit card and handles that credit account for the purchaser 302 . If sufficient credit or funds are available, the issuing bank 308 returns an authorization response over the network 338 to the acquirer 306 . The authorization response is then digitally signed by the acquirer 306 and encrypted using the key exchange public key of the merchant. The response 340 , along with the acquirer's credential 324 , is sent over the communication network 336 to the merchant server 314 .
- the merchant server 314 uses its cryptography system and private key exchange key to decrypt the response 340 and the acquirer's public signing key received in the acquirer's credential 324 to verify the response. Given the signed authorization, the merchant knows that payment is guaranteed. The merchant can now fill the order and ship the items to the purchaser. The merchant server 314 then generates a purchase receipt 342 , digitally signs the receipt, and encrypts it using the purchaser's public key exchange key. The purchase receipt 342 is sent from the merchant server 314 over the communication network 334 to the purchaser's PC 312 which then decrypts and verifies the receipt.
- the merchant 304 requests payment for all approved payments for which goods have been shipped.
- the merchant server 314 transmits a file of all such payment transactions processed that day to the acquirer for decryption and deposit into the normal draft clearing and settlement system used today.
- the acquirer pays the merchant and then settles its account with the issuing bank using the existing credit card system 338 , and the issuing bank bills the purchaser in due course.
- FIGS. 19-22 illustrate more particularly the use of the cryptography system as a lower-level service provider to an operating system application that is tailored for the purchaser (FIG. 19 ), the merchant (FIG. 20 ), the acquirer (FIG. 21 ), and the binder (FIG. 22 ).
- FIGS. 19-22 illustrate more particularly the use of the cryptography system as a lower-level service provider to an operating system application that is tailored for the purchaser (FIG. 19 ), the merchant (FIG. 20 ), the acquirer (FIG. 21 ), and the binder (FIG. 22 ).
- the CAPI layer of the cryptography system is illustrated in these Figures.
- a purchaser application 350 running at the purchaser PC 312 calls functions in a purchaser application program interface (API) 352 which then calls functions in the CAPI 172 of the cryptography system.
- the purchaser application 350 might request, for example, creation of a registration request, creation of a transaction, or processing of a transaction receipt.
- the purchaser application 350 submits the binder credential and the purchaser's account number and the purchaser API returns a credential registration request.
- This request is properly signed and encrypted by the underlying cryptography system in the manner described above with respect to FIGS. 10-14.
- the purchaser application 350 passes a charge slip, a summary, the merchant credential, a transaction amount, purchase terms, and transaction details to the purchaser API 352 , which then returns a transaction and an identifier for that transaction.
- Table 2 shows an example set of API function calls, listing input terms which are supplied from the purchaser application to the purchaser API and returned items sent back from the purchaser API.
- a merchant application 354 running at the merchant server 314 calls functions in a merchant API 356 which then calls functions in the CAPI 172 of the cryptography system.
- Table 3 shows an example set of function calls for the merchant API.
- an acquirer application 360 running at the acquirer server 316 calls functions in an acquirer API 362 which then calls functions in the CAPI 172 of the cryptography system.
- Table 4 shows an example set of function calls for the acquirer API.
- a binder application 364 running at the binder server 318 calls functions in a binder API 366 which then calls functions in the CAPI 172 of the cryptography system.
- Table 5 shows an example set of function calls for the binder API.
- FIG. 23 diagrammatically illustrates an interactive television (ITV) system 400 that implements the electronic commerce system according to another aspect of this invention.
- the participants include a subscriber 402 , a merchant 404 , an acquire 406 and a cable operator 408 .
- the subscriber 402 is equipped with a computing unit in the form of a set-top box (STB) 412 .
- the merchant and acquirer each have a server 414 and 416 , respectively, and the cable operator 408 is equipped with a headend server 418 .
- Each computing unit is loaded with an ITV commerce application and a cryptography system to satisfy the security, privacy, integrity, and authenticity aspects of the ITV system.
- the ITV commerce application can be downloaded from the headend server to the STBs as requested, rather than remaining resident at the STB.
- the cryptography system would reside and be executable at the STB.
- the subscriber STB 412 and merchant server 414 are interconnected with the headend server 418 via an interactive network structure, which is represented by the network cloud 420 .
- One example implementation of the network structure is a hybrid fiber-optic/cable distribution system employing digital switching technologies such as asynchronous transfer mode (ATM) for bi-directional communications between the headend and individual subscriber/merchants.
- ATM asynchronous transfer mode
- This multi-tier distribution system includes a high-speed, high-bandwidth fiber optic cable coupled between the headend and many regional distribution nodes. Each distribution node is then connected to multiple set-top boxes within the region via conventional home entry lines, such as twisted-pair telephone lines or coaxial cable.
- a single headend might service 250,000 or more subscribers, and each regional distribution node might support approximately 1200 subscribers.
- parts of the ITV network structure can be replaced with wireless forms of communication, such as RF communication or satellite communication.
- the cable operator 408 might perform several roles.
- the headend server 418 performs its traditional tasks of providing video content programs to the subscribers and facilitating communication over the network 420 .
- the cable operator 418 might also operate as the binding authority which certifies all subscribers connected to the ITV network, including the purchasing subscriber and the merchant subscriber. In this fashion, the subscribers submit registration applications over the ITV network 320 , and receive credentials from the headend server 418 .
- the cable operator 418 might also function as a financial institution analogous to an issuing bank in the credit card system, wherein the cable operator bills and collects money from the subscribers.
- the purchaser subscriber 402 creates a commerce document in the form of an electronic purchase order (PO) 422 and a commerce instrument in the form of a purchase instruction (PI) 424 .
- PO and PI are digitally signed by the purchaser subscriber STB, encrypted with selected symmetric keys that are then encrypted with the public key exchange keys of the merchant 404 and acquirer 406 , respectively.
- the signed encrypted PO 422 , signed encrypted PI 424 , and a subscriber credential 426 are packaged and sent over the interactive network 420 to the headend server 418 , which then redirects it to the merchant subscriber 404 .
- the merchant 404 decrypts and verifies the PO 422 .
- the merchant 404 then sends the encrypted PI 424 and the purchaser subscriber's credential 426 onto the acquirer 406 via a separate communication network 428 .
- the acquirer server 416 decrypts and verifies the PI 424 .
- the acquirer determines whether the funds exist to consummate the purchase and, if so returns a signed authorization receipt 430 to the merchant.
- the merchant then fills the order and sends a signed receipt 432 to the subscriber.
- the merchant 404 requests and receives payment for the goods from the acquirer.
- the acquirer then settles the account with the purchaser's issuing bank, or the cable operator 408 if authorized to perform that function.
- each document or instrument is digitally signed and encrypted by an originating participant. This insures that the document and instrument will be decrypted and the signature independently verified only by the intended recipient participant. The recipient further verifies that the digital signature is valid for the document or instrument, and that the document or instrument was part of the initial package created by the originating participant and was not subsequently altered.
- the encrypted and signed packages are independent entities that can be transported by any communications protocol and system. This allows the electronic commerce system to operate over the communication system that already exists between the participants, such as phone networks, on-line services networks, wide area networks, interactive television networks, etc.
- the encryption attributes can be varied according to document type.
- the GSO and PI are encrypted using independently specifiable cryptographic algorithms and strengths (often expressed in terms of key sizes or bit count). Regulatory and legal entities can therefore set the standards of allowable encryption for each document or instrument within a particular commerce system.
- the electronic commerce system according to an aspect of this invention can then be flexibly adapted to conform to those standards. In this manner, the electronic commerce system can be used in a wide variety of commerce activities, and support the particular regulatory and legal cryptographic standards imposed for each different activity.
- the cryptography system and namely the cryptographic service providers (CSPs) as DLLs
- the electronic commerce system can respond quickly to regulatory induced changes simply by replacing the DLLs without impacting the higher level application software.
- the electronic commerce system has another benefit is that it can be used in a complementary fashion with existing commerce systems, such as the credit card payment card authorization and settlement system, that are already in place today.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
A cryptography system architecture provides cryptographic functionality to support an application requiring encryption. decryption, signing, and verification of electronic messages. The cryptography system has a cryptographic application program interface (CAPI) which interfaces with the application to receive requests for cryptographic functions. The cryptographic system further includes at least one cryptography service provider (CSP) that is independent from, but dynamically accessible by, the CAPI. The CSP provides the cryptographic functionality and manages the secret cryptographic keys. In particular, the CSP prevents exposure of the encryption keys in a non-encrypted form to the CAPI or application. The cryptographic system also has a private application program interface (PAPI) to provide direct access between the CSP and the user. The PAPI enables the user to confirm or reject certain requested cryptographic functions, such as digitally signing the messages or exportation of keys.
Description
This invention relates to cryptography systems. More particularly, this invention relates to a computer implemented architecture for performing cryptographic primitives including encrypting, decrypting, signing and verifying/ authenticating functions.
Cryptography is the an and science of keeping messages secure from eavesdroppers and adversaries. Historically, valuable messages were kept secure by personal envoys who hand carried sensitive information from a sending party to a receiving party. While useful in its time, this protection method is not very practical in a modem world where information flows freely and changes rapidly.
In more recent history, with the advent of computers, wireless communication, and other technological advances, information can be exchanged very quickly among many different individuals who were often spread all over the world. To provide a secure interchange of information in the electronic arena, one traditional approach to mitigating the risk of having sensitive information intercepted was to institute proprietary computerized systems that were closed to the general public. Such proprietary systems promoted security simply by restricting physical access through high security protocols. A private communication network linked only those terminals that were authorized, and only participants to the system with the appropriate security clearance were permitted access to the terminals. Hence, participants and information were authenticated by definition, and the integrity and value of the information were preserved within the confines of the closed processing system. Unfortunately, proprietary systems are not useful in a grander context which envisions the interchange of information among virtually any individuals without limitation.
Cryptography has evolved in the electronic setting as a means to securely transfer information over a communication system that is presumed to be insecure, like the telephone lines or a public communications network (e.g., the Internet). In this electronic computerized context, cryptography provides the necessary tools to digitally secure sensitive and valuable electronic messages in a manner that insures privacy between the authenticate sender and authenticate recipient of the communiquƩ, even though the message is subject to interception on the insecure communication system.
Before sending an electronic message, the sender encrypts it. āEncryptionā transforms the message from its plaintext into some meaningless ciphertext that is not understandable in its raw form and cannot be deciphered by an eavesdropper. To ensure the recipient that the true sender originated the message, and not some impostor, the sender ādigitally signsā the message with its own unique digital signature. The signed encrypted message is then transmitted over the insecure network to the intended recipient. The recipient receives and decrypts the encrypted message. āDecryptionā transforms the message from its ciphertext back to its plaintext. Only the recipient is presumed to have the ability to decipher the message. The recipient also āverifiesā the authenticity of the digital signature to assure itself that the contents are from the legitimate sender and have not been subsequently altered.
Encryption, decryption, digital signing, and verification are principal cryptographic primitives that are used in an electronic network setting to facilitate the security, privacy, authenticity, and integrity of information being exchanged. These cryptographic primitives commonly involve the use of secret cryptographic keys. āKeysā are a numerical value, often expressed digitally as a number of bits, which are used in the cryptographic algorithms that encrypt and decrypt messages. The keys are uniquely associated with a particular identity, such as a person, group, physical object, business, or institution. The keys are kept secret and used selectively by the identity to perform the cryptographic primitives as required. For example, a person might use a key to encrypt and sign a purchase order message intended for a merchant. The merchant might then use a key to decrypt the message and verify the authenticity of the signature.
In a network setting, it is desirable to locate cryptographic functions in the computer operating system so that they are available to other applications executing on the computer. Furthermore, it is desirable to define an application program interface (API) which allows the applications access to the cryptographic functions in a standardized way.
A cryptographic API raises a number of important security issues. Cryptographic functions, such as encryption and signing, can be performed using a number of different algorithms and formats. Security can vary widely among the different approaches. A single module of the operating system cannot possibly implement all possible algorithms and formats that a user or application might want to use in a given situation.
On the other hand, cryptographic functionality involves the handling of sensitive information and the maintenance of secure keys. It would be advantageous for a user or application to be able to trust the cryptographic system on the same level that an operating system is typically trusted.
There are also potential hazards of using cryptographic functions in the computerized network setting. Since the functions are carried out electronically, the user might assume the cryptographic routines are operating as expected, yet not be aware of ignorant or sophisticated electronic attacks. Careless applications might use cryptographic encryption or signature keys in ways that jeopardize the keys' secrecy. Moreover, malicious applications might even deliberately compromise the user's secrecy, or worse, perform unauthorized cryptographic operations. For instance, a malicious application might attempt to decrypt the user's secret files and transmit them to some adverse party. Another situation might involve an application attempting to digitally sign notes or IOUs on behalf of the user without the user's knowledge or consent. A computer implemented cryptographic system must therefore provide the needed security to prevent attack from poorly devised or malicious applications.
Today, there are several electronic systems that provide cryptographic services in the computer forum. These include āBsafe librariesā by RSA Data Security Inc., āX/Open CAPIā, and āPKCS#ā. However, each of these systems permit direct access of the application to keying material. There is no protection of these cryptographic resources from electronic attack. Furthermore, the Bsafe system, which is the most widely used cryptography system, directly attaches the cryptographic code to the application. There is no contemplation of protecting the cryptographic functions within the computer from ignorant or malicious attacks from other software applications.
It would therefore be advantageous to provide a computer implemented architecture for performing cryptographic primitives that maintains and protects the user's keys and prevents undesired access and use of cryptographic functions without authorization from the user.
This invention provides a cryptographic system and method that protect a user's keys and prevents undesired access and use of crytographic functions without authorization from the user. The cryptographic system is a unique tri-layer architecture. It includes a cryptographic application program interface (CAPI) which provides functionality to an application, one or more cryptographic service providers (CSPs) which implement the functionality presented by the CAPI to the application, and one or more private application program interfaces (PAPI) which allow the CSPs to communicate directly with a user.
The CAPI layer provides the interface with an application that requests cryptographic functions such as encryption, decryption, signing, or verification. The CAPI selects the appropriate CSP for performing the requested cryptographic function. The CSPs perform the cryptography functions and manage the cryptographic keys used in the functions. For instance, one or more CSPs might be configured to perform the encryption function using certain types of cryptographic algorithms and keys; one or more different CSPs might be configured to decrypt the messages; another CSP might be embodied to digitally sign messages; while still another CSP might be designed to verify signatures and messages. Preferably, the CSPs are implemented as dynamic linked libraries (DLLs) that are loaded on demand by the CAPI, and which can then be called by the application through the CAPI.
The CAPI also authenticates the chosen CSP. Each CSP has a digital signature of a trusted authority which can be authenticated by the CAPI to ensure that impostor CSPs are not introduced to the system.
To promote security, the application is restricted from direct access to the cryptographic keys maintained in the CSPs, but is permitted to manipulate the keys through the use of handles assigned by the CSPs. Cryptographic keys used in the encryption and decryption are not exported from the CSPs in their raw form, but only in an encrypted form. Moreover, certain confidential private keys are not permitted to leave the CSPs under any circumstances. In this manner, the CSPs protect the keys from compromise, while simultaneously offering a full range of cryptographic functionality that the user/application requests.
The PAPI keeps the user informed as to the functions being performed by the CSPs. The PAPI provides the user with direct access to the CSP, independent of the application. The PAPI can present information to the user that the user may not trust the application to provide. For instance, the CSP can present through the PAPI an explanation of the transaction being conducted by the CSP. The CAPI might also present a dialog box asking for the user's confirmation each time an application requests a digital signature to enable the user to confirm or reject digitally signing the message. The PAPI might also be configured to notify the user and seek permission to export certain cryptographic keys.
This system architecture can be advantageously adapted to many different environments. By implementing the cryptographic services as independent and separate CSPs that are only accessible through a CAPI layer, the architecture affords maximum protection of sensitive cryptographic keys. Additionally, by implementing the CSPs as DLLs, the cryptographic functions themselves and the associated security levels can be easily modified or replaced without affecting the higher level application. This is useful for rapid conformation to acceptable and changing regulatory and legal practices imposed by various governments. Finally, by providing the PAPI layer, the architecture protects the user from malicious applications that attempt to expose key information or gain unauthorized signatures of the user.
FIG. 1 is a schematic of an electronic commerce system during a registration process according to one aspect of this invention.
FIG. 2 is a schematic of the electronic commerce system during a transaction process according to another aspect of this invention.
FIG. 3 is a flow diagram of the registration process in a method for conducting an electronic commerce transaction according to yet another aspect of this invention.
FIG. 4 is a flow diagram of a process for generating a registration packet that is performed during the registration process.
FIG. 5 is a flow diagram of a process for verifying a registration packet that is performed during the registration process.
FIGS. 6-8 present a flow diagram of the transaction process in the method for conducting an electronic commerce transaction.
FIG. 9 is a data structure used in the interchange of data between participants in the electronic commerce system.
FIG. 10 is a block diagram of a computing unit provided at each participant in the electronic commerce system.
FIG. 11 is a block diagram of an architecture for a cryptography system according to yet another aspect of this invention.
FIG. 12-14 are a flow diagram of encrypting and signing functions performed by the cryptography system.
FIG. 15-16 are a flow diagram of decrypting and verifying functions performed by the cryptography system.
FIG. 17 is a schematic of the electronic commerce system embodied as a credit card system according to another aspect of this invention. FIG. 17 shows the credit card system is during the registration phase.
FIG. 18 is a schematic of the credit card system during the transaction phase.
FIGS. 19-22 are block diagrams depicting the FIG. 11 cryptography system as services to operating system applications resident at purchaser, merchant, acquirer, and binder participants to the FIG. 18 credit card system.
FIG. 23 is a schematic of the electronic commerce system embodied as an interactive entertainment system according to yet another aspect of this invention.
The following discussion assumes that the reader is familiar with cryptography. For a basic introduction of cryptography, the reader is directed to a text written by Bruce Schneier and entitled āApplied Cryptography: Protocols, Algorithms, and Source Code in C,ā published by John Wiley & Sons with copyright 1994, which is hereby incorporated by reference.
This invention particularly concerns a cryptographic system architecture and method for providing cryptographic functionality in a computer network environment. Primary aspects of this invention are described in detail with reference to FIGS. 10-16. The cryptographic system can be implemented in any context that requires cryptographic services, including such functions as encryption, decryption, digital signing, and authentication.
To provide an example context, however, aspect of this invention are described in the context of an electronic commerce system which facilitates the secure interchange of commercial documents and instruments over an insecure communication system. By describing the invention in a particular example context, the reader will appreciate how the unique architecture and methodology can be incorporated into a practical setting. From this, the reader will better understand the invention and how it can be implemented in essentially any electronic environment which has need for cryptographic functions. The following sections describe the example context of an electronic commerce system.
Electronic Commerce System
FIGS. 1 and 2 show an electronic commerce system 20 for conducting secure electronic commerce transactions. The electronic commerce system 20 includes multiple trading partners or participants, which are represented by three participants 22(a), 22(b), and 22(c), and a certified trusted authority 26. Each individual electronic commerce transaction involves at least one commerce instrument and at least one commerce instrument. The commerce document defines the type of commerce transaction. Examples of commerce documents include purchase orders and receipts, contracts, and payment instruction receipts. The commerce instrument defines a mode of payment for the transaction. Examples of commerce instruments include payment instructions (e.g., checks and credit cards) and currency.
Computing units 24(a), 24(b), and 24(c) are provided at respective ones of the participants 22(a), 22(b), and 22(c). The computing units are depicted for illustration purposes as IBMĀ®-compatible personal computers, although other forms of computing units may be used. For instance, the computing units might be embodied as conventional computers (such as mainframe computers, servers, PCs, laptops, notebooks, etc.) or as other computational machines, such as banking ATMs (automated teller machines) and set-top boxes used in an interactive television system.
A computer server 28 is provided at the certified trusted authority 26. In the commercial context, the certified trusted authority is often referred to as a ācredential binder,ā ābinding authority,ā or simply ābinder.ā The server 28 is thus referred to herein as the ācredential binding server.ā The computer server is capable of receiving simultaneous requests from the multiple participants, as will be described in more detail below.
The computing units 24(a), 24(b), and 24(c) and computer server 28 are interconnected with each other via one or more communication systems. The communication systems can be embodied as a wire-based or wireless network. Examples of communications systems include an ATM (asynchronous transfer mode) switching network, a public network, a wide area network, an interactive television (ITV) network, a credit card network, a satellite network, and an RF network.
The electronic commerce system of this invention is extremely flexible and can be adapted to many different commerce transactions, as will become more evident from the continuing discussion. In the general model of the electronic commerce system 20 shown in FIGS. 1 and 2, a āparticipantā can be an individual person (such as a credit card holder, an ITV viewer, or a banking member at an automated teller machine), an entity or business (such as a merchant, cable operator, or service provider), or an institution (such as a bank). The certified trusted authority is a third party entity that every participant thoroughly trusts. This authority is established and recognized by all involved. Example certifying authorities in the financial environment include the federal reserve or a bank. The commerce environment in which the electronic commerce system is implemented defines the rules and information required to carry out the transactions, and additionally defines who or what entity is the certified trusted authority.
The electronic commerce system 20 can be implemented in different environments. As one example, the electronic commerce system can be implemented in an credit card network system. The electronic commerce system employs essentially the same existing banking and credit card commerce structure, while broadening access to that system to individual consumers. This example implementation is described below in more detail with reference to FIGS. 17 and 18. As another example, the electronic commerce system can be implemented in an interactive entertainment system which supports set-top boxes in each subscriber's home. This example implementation is described below in more detail with reference to FIG. 23.
The electronic commerce system 20 facilitates the secure exchange of commerce documents and commerce instruments over a communications system that is assumed to be insecure and open to eavesdroppers. Each computing unit is capable of encrypting or decrypting messages, digitally signing the messages, and verifying the authenticity of the messages from other participants. One preferred implementation of a cryptography system architecture is described below with reference to FIGS. 10 and 11.
General Operation
There are two distinct phases or processes that are performed by the electronic commerce system to provide the secure document interchange. The first phase, illustrated in FIG. 1, is an initial registration process in which each participant seeks approval of the certified trusted authority. The second phase, illustrated in FIG. 2, is a transaction process which involves the general document and instrument interchange among the various participants.
During the registration process (FIG. 1), the computing units 24(a)-24(c) at the participants 22(a)-22(c) are each programmed to generate and send a registration packet over the communication system (as represented by communication paths 30(a)-30(c)) to the credential binding server 28 at the trusted credential authority 26. The credential binding server 28 is programmed to produce unique credentials for each participant based upon their registration packets and to send the credentials 32(a)-32(c) back over the communication system (as represented by communication paths 34(a)-34(c)) to the multiple computing units 24(a)-24(c). These credentials are digitally signed by the trusted credential authority and will be used to identify and authenticate other participants during the commerce transaction. It is noted that the registration process requires interaction between each participant and the trusted credential authority.
After registration, the participants are ready to conduct their commercial activity. As shown in FIG. 2, the transaction process involves communication among the participants to the transaction without any interaction between the participants and the trusted credential authority. This is beneficial because it eliminates the need to check with a trusted credential authority during each commercial transaction and streamlines communication during the transaction.
Each commerce transaction has at least one originating participant and one or more recipient participants. A computing unit 24(a) at the originating participant 22(a) is programmed to request and receive the credentials of all intended recipient computing units 24(b) and 24(c). The originating computing unit also verifies the credentials by checking the digital signature of the trusted credential authority. The originating computing unit 24(a) then generates commerce document(s) 36 and commerce instrument(s) 38 that are appropriate for the type of commercial transaction. The document(s) and instrument(s) are both encrypted and sent together over a communication path 40 to the computing unit 24(b) at the first recipient participant 22(b). The document(s) and instrument(s) are encrypted using appropriately different keys so that only the participants to whom the document(s) or instrument(s) pertains can decrypt them.
The first recipient computing unit 24(b) is programmed to decrypt either the commerce document(s) 36 of the commerce instrument(s) 38 depending upon which one(s) is intended for and pertains to them. The first recipient computing unit 24(b) then passes the other(s) of the commerce document(s) 36 or the commerce instrument(s) 38 in encrypted form over a communication path 42 to a second computing unit 24(c) at the second recipient participant 22(c). The second recipient computing unit is programmed to decrypt the document(s) or instrument(s) intended for and pertaining to them.
As an example, the originating participant is a consumer, the first recipient participant is a merchant, and the second recipient participant is a financial institution, like a bank. The commerce document 36 is a purchase order from the consumer to buy goods or services from the merchant. The commerce instrument 38 is a payment instruction to the bank regarding how the consumer desires to pay for the goods or services. The merchant's computing unit 24(b) decrypts the commerce document 36 (i.e., a purchaser order) which pertains to the purchase of goods or services from the merchant. The bank's computing unit 24(c) decrypts the commerce instrument (i.e., the payment instructions) which pertains to payment for those goods or services. For added security, key components of the payment instruction (such as account number) may be encrypted within the public key envelope (i.e., next to the symmetric key used to encrypt the rest of the payment instruction).
Assuming the second recipient participant 22(c) can satisfy the commerce instrument, the computing unit 24(c) returns a signed authorization receipt 44 over communication path 46 to the first recipient participant 22(b) indicating that payment is guaranteed. The first recipient computing unit 24(b) then sends a signed purchase receipt 48 over communication path 49 to the originating computing unit 24(a) and complies with the commerce document in delivering the ordered goods and services.
The electronic commerce system of this invention is advantageous because it optimizes efficiency in communication between the participants. During the transaction, the originating participant sends one package containing both the document and instrument to the same recipient. The document and instrument are encrypted differently so that only the intended recipient can open them. This aspect promotes security. The first recipient decrypts that portion pertaining to them, and forwards the rest on to the next recipient. Again, the first recipient only sends a package to one party. It is further noted that each participant can verify the contents using the digital signatures of the originating participant, and the digital signature of the trusted authority. In this manner, each participant can be assured that it is dealing with an authenticated party, without having to check with the trusted authority each time. Further, the first party can confirm that the goods/services can be sent/rendered before involving the bank.
The electronic commerce system and method for operating it will now be described in more detail with reference to FIGS. 1-8. The registration process is described with reference to FIG. 1 and the flow diagram of FIGS. 3-5, and the transaction process is described with reference to FIG. 2 and the flow diagram of FIGS. 6-8.
Registration Process
Each participant 22(a), 22(b), and 22(c) is required to register with the certified trusted authority 26 before being permitted to engage electronically in the commercial activity. The registration process involves communication over the communications system between each participant and the certified trusted authority as illustrated in FIG. 1. Each participant generates a registration packet containing general information about that participant (step 50 in FIG. 3). An application tailored to the particular commerce environment can be distributed to the participants to assist them in gathering and submitting the information required by the certified trusted authority. For example, the registration packet includes identification information (name, location, etc.), public cryptography keys unique to the participant, and a digital signature of the participant.
FIG. 4 shows the method for generating the registration packet according to a preferred implementation. At steps 70 and 72, the computing unit generates two asymmetric pairs of public and private cryptography keys. An āasymmetricā key algorithm involves two separate keys, for example, one key to encrypt and one key to decrypt. The keys are based upon a mathematical relationship in which one key cannot be calculated (at least in any reasonable amount of time) from the other key. Encryption and decryption using an asymmetric key pair can be represented as follows:
where āEKpriā is an encryption function using a private key āKpri,ā āMā is a plaintext message, āMā is an encrypted version of the plaintext message, and āDKpubā is a decryption function using the public key āKpubā. The inverse is also true in that a plaintext message can be encrypted using the public key and then decrypted using the private key.
In a public key system, the public key is distributed to other parties and the private key is maintained in confidence. The asymmetric public and private keys ensure two results. First, only the holder of the private key can decrypt a message that is encrypted with the corresponding public key. Second, if another party decrypts a message using the public key, that party can be assured that the message was encrypted by the private key and thus originating with someone (and presumably the holder) of the private key. An example asymmetric cipher is the well-known RSA cryptographic algorithm named for the creators Rivest, Shamir, and Adleman.
At step 70 of FIG. 4, the computing unit generates a signing pair of public and private cryptography keys which are used during commerce transactions to generate the participant's digital signature by encrypting the output of a hash function. At step 72, the computing unit generates an asymmetric key exchange pair of public and private cryptography keys. The key exchange pair is used during the commerce transaction to encrypt keys that in turn are used to encrypt data contained in the messages.
At step 74, the participant generates a digital signature that is unique to the participant and to the message. The digital signature is computed by hashing the data contained in the registration packet. A hash function is a mathematical function that converts an input data stream into a fixed-size, often smaller, output data stream that is representative of the input data stream. Once the hash is computed, it is encrypted by the computing unit with the private encryption key of the signing pair (step 76 of FIG. 4). This is represented as follows:
where the āEā denotes an encryption function on the hash of the message ādSpartā and the subscript āKsign_pri_partā means the participant's private key of the signing pair was employed to perform the encryption. By encrypting the participant's signature with its own private signing key, the eventual recipient will be able to verify the participant's digital signature by decrypting the hash using the participant's public signing key, independently computing the hash of the original message, and comparing the locally computed hash with the decrypted hash. The comparison will succeed only if the participant's private signing key was used to encrypt the has. Since only the originating participant knows the private signing key, the recipient knows that the originating participant actually created the encrypted hash, essentially āsigningā the document.
At step 78, both public keys of the signing pair and the key exchange pair are encrypted with a symmetric cipher using a randomly selected bulk data symmetric encryption key. In a āsymmetricā cipher, the encryption key can be calculated from the decryption key, and vice versa. In many cases, the encryption key and the decryption key are the same. Encryption and decryption using a symmetric key can be represented as follows:
where āEKā is an encryption function using the symmetric key āKā and āDKā is the decryption function using the same encryption key āKā. The symmetric key must be known to both the sender and receiver, but otherwise kept secret. Once the symmetric key is divulged, any party can encrypt or decrypt messages. Example symmetric ciphers are a DES (Data Encryption Standard) encryption algorithm or an RC4 algorithm.
The data to be included in the registration packet is also encrypted with the same, or additional symmetric encryption keys. Step 78 is represented as follows:
where āEKsymā is the encryption function using the symmetric key, āKsign ā pub ā partā is the participant's public key of the signing pair, and āKexc ā pub ā partā is the participant's public key of the key exchange pair.
To prevent divulgation of the symmetric key (or keys), the computing unit at the registering participant encrypts the symmetric key using an asymmetric cipher which employs a public encryption key unique to the certified trusted authority or binder (step 80). By using the binder's public key, the participant is assured that only the binding authority will be able to decrypt the symmetric key, and hence the rest of the registration packet. The encryption of the symmetric key is represented as follows:
Notice that the data encryption process involves a dual encryption technique: a first encryption of data using the symmetric key, and then a second encryption of the symmetric key using an asymmetric key pair. This dual encryption affords the desired security through the use of a strong asymmetric key pair, while facilitating encryption of bulk data using the more efficient symmetric key.
At step 82 in FIG. 4, the computing unit places the encrypted data, digital signature, and public keys in a communications packet. The communications packet is suitable for the appropriate communications system supporting the electronic commerce system 20. Preferably, the communications packet is in the form of individual digital data structures that contain the appropriate routing information to efficiently locate the intended recipient.
With reference again to FIG. 3, the next step 52 in the registration process is for each participant computing unit 24(a), 24(b), and 24(c) to send its completed registration packet to the credential binding server 28 over the communications system. This step is represented graphically in FIG. 1 by communication paths 30(a)-30(c) from the participants 22(a)-22(c) to the certified trusted authority 26.
At step 54 in FIG. 3, the credential binding server 28 verifies the authenticity of the registration packets as being sent by the participants. The verification process itself is described in more detail with reference to FIG. 5. At step 90, the credential binding server 28 decrypts the symmetric bulk data encryption key Ksym using its own private key as follows:
Once the symmetric key is recovered, the credential binding server 28 uses it to decrypt the participant's public keys and other data contained in the registration packet (step 92 in FIG. 5). This can be shown as:
Next, at step 94, the credential binding server 28 decrypts the hash of the participant using the recovered participant's public signing key, Ksign ā pub ā part. This yields the hash, dS, as computed and concealed (encrypted) by the originating participant:
The credential binding server 28 then performs a two-step verification technique to verify that the packet actually originated from the participant, and not an impostor. At step 96, the credential binding server 28 recalculates the participant's digital signature by hashing the data contained in the decrypted registration packet using the same hashing function employed by the participant. The recalculated hash is then compared with the decrypted hash received as a digital signature, i.e., privately encrypted hash, in the registration packet (step 98 in FIG. 5). If the two hashes match, the credential binding server is assured both that the registration packet was indeed signed by the participant and that the contents have not been subsequently altered.
Returning once again to FIG. 3, after the credential binding server 28 verifies the registration packet as belonging to the participant, the next step 56 in the registration process is to generate a credential for the participant. The credential binding server 28 generates the credential. Each credential is unique to a particular participant, and will be used in future transactions as a means for identifying the participants and for authenticating the participants to each other. The credential contains the participant's public signing key, public key exchange key, unique identifiers, validity dates, owner information, issuer information, and information about the participant determined in advance by owners and controllers of the particular commerce environment.
At step 58, the credential binding server 28 attaches a digital signature of the trusted credential authority 26 to the credential. The digital signature is generated by encrypting a hash of the credential using the private key of the trusted credential authority 26. The binder's digital signature will be used by the participants during transactions to verify that communications are between authorized participants who have properly registered with the trusted credential authority. At step 60, the signed credential is transferred from the credential binding server 28 back over the communications system to the individual computing units 24(a), 24(b), and 24(c) at respective participants 22(a), 22(b), and 22(c). The is illustrated in FIG. 1 by the signed credentials 32(a)-32(c) being returned to the computing units along communication paths 34(a)-34(c).
Transaction Process
Following the registration process, the participants are ready to conduct their commercial activity. Unlike the registration process, however, the transaction process involves communication only among the participants to the transaction. There is no interaction between any of the participants and the trusted credential authority.
As shown in FIG. 2, the commerce transaction process concerns the interchange of documents and instruments by participants, such as the representative three participants 22(a)-22(c). The number of participants involved in a commerce transaction, the nature and content of the documents and instruments, and the exchange protocol are all defined in advance according to the particular commerce environment. Here, the participants 22(a)-22(c) interchange information over the one or more communication systems between them, as illustrated by the pairs of arrows, without involving the credential authority 26.
All commerce transactions have an originating participant, which is represented by participant 22(a), and one or more recipient participants, which are represented by participants 22(b) and 22(c). The originating participant 22(a) is the one who initiates a commerce transaction. The computing unit 24(a) at the originating participant 22(a) starts the commerce transaction by transmitting a request for the credentials of the intended recipient participants 22(b) and 22(c) who will be involved in the transaction (step 100 in FIG. 6). The computing units 24(b) and 24(c) at respective recipient participants 22(b) and 22(c) return their unique credentials to the originating computing unit 24(a) (step 102 in FIG. 6).
At step 104 in FIG. 6, the originating computing unit 24(a) verifies the authenticity of the intended recipient participants. This verification is achieved by validating the digital signature of the trusted credential authority that is attached to the credential. Recall from the registration process described above that the credential binding server digitally signed each credential by encrypting the hash of the credential with the secret private signing key of the trusted credential authority. The originating computing unit 24(a) decrypts the hash by decrypting the encrypted hash using the binder's public key. If the decrypted hash matches, bit-for-bit, an independently and locally (trusted) hash of the credential, then the originating computing unit is assured both that the credential was created and signed by the trusted credential authority and has not been subsequently modified, and that the recipient participant is thereby authenticated.
At step 106, the originating participant 22(a) constructs the appropriate commerce document and commerce instrument for the commercial transaction. A commercial transaction might involve more than one document or instrument, but for simplicity of discussion, our example transaction involves one document and one instrument. At step 108 in FIG. 6, the originating computing unit 24(a) computes the hash of the document and instrument through use of a hashing algorithm. At step 110, the originating computing unit 24(a) encrypts the hash using the private signing key of the originator's signing pair of asymmetric keys, as follows:
Next, at step 112 in FIG. 7, the originating computing unit 24(a) generates symmetric bulk data encryption keys and encrypts the document and instrument using the symmetric keys. Preferably, the document is encrypted with one symmetric encryption key and the instrument is encrypted with a different symmetric encryption key. The encrypted hash, dSā²org ā part attached to the document and instrument as a digital signature is also encrypted using the symmetric encryption keys. The bulk encryption step is represented as follows:
At step 114 in FIG. 7, the originating computing unit 24(a) encrypts the symmetric keys with the public key exchange keys of the recipient participants that are intended to receive the document and instrument. For example, suppose the commerce document is a purchase order that is intended for the first recipient participant 22(b), who is a merchant. Further, suppose the commerce instrument is a payment instruction that is intended for the second recipient participant 22(c), which is a bank. The originating computing unit 24(a) encrypts the first symmetric key used to encrypt the document (i.e., purchase order) and originator's digital signature with the first recipient's (i.e., merchant's) public key from its key exchange pair of asymmetric keys. This public key exchange key was obtained from the first recipient's credential. Similarly, the originating computing unit 24(a) encrypts the second symmetric key used to encrypt and instrument (i.e., payment instruction) and originator's digital signature with the second recipient's (i.e., bank's) public key exchange key that was obtained from the first recipient's credential. Furthermore, sensitive or otherwise critical account information (such as a credit card account number) may be concatenated with the symmetric key, such that the account information also is encrypted with the recipient's (i.e., bank) public key exchange key. This affords some longer term protection for the account information, should the symmetric key or algorithm ever become compromised. This step is represented as follows:
At step 116, the originating computing unit 24(a) transmits the signed encrypted document and instrument over the communication system to the computing unit 24(b) at the first recipient participant 22(b). This is illustrated diagrammatically in FIG. 2 by the document folder 36 and the instrument folder 38 being forwarded along communication path 40. The originating computing unit 24(a) also forwards the credential 32(a) of the originating participant 22(a) so that the recipients will have the necessary information to return communication.
At step 118, the computing unit 24(b) at the first recipient participant 24(b) decrypts the portion of the package that pertains to them. To continue our above example, the first recipient participant 24(b) is a merchant and the commerce document is a purchase order that is intended for the merchant. Accordingly, the merchant computing unit 24(b) decrypts the document portion. The computing unit 24(b) initially decrypts the first symmetric bulk data encryption key using its own private key of the key exchange pair of asymmetric keys, as follows:
The merchant computing unit 24(b) then decrypts the document, or purchase order, using the decrypted symmetric bulk data encryption key, as follows:
This decryption also yields the originator's signature which itself is the hash of ādocumentā encrypted with the signing private key of the originating participant. At step 120, the first recipient computing unit 24(b) verifies the originator's signature using the originator's signing public key which was provided in the originator's credentials that was forwarded with the document and instrument. If the decryption yields a hash that compares, bit-for-bit, with an independently, locally computed hash of ādocumentā, the first recipient participant 22(b) can be assured that the originating participant 22(a) sent the document, signed the document, and that the document was intended for the first recipient participant. The first recipient participant can authenticate the originating participant by verifying the digital signature of the credential binding authority on the signature credential of the first recipient in the manner described above (step 122 in FIG. 7).
Notice that the method of this invention calls for the originating participant to forward both the document and instrument to the first recipient participant. In this manner, the commerce transaction is greatly simplified in that the originating recipient only forwards the items to one place. However, the first recipient participant can only decipher and read that portion of the package that is destined or intended for it. By encrypting those portions (in this case, the document) with the first recipient's public key exchange key, the originating participant is assured that only the first recipient can decrypt the document using its key exchange private key. Furthermore, by encrypting the other portions (in this case, the instrument) with the public key of the second recipient participant, the originating participant is assured that the first recipient participant cannot decrypt the instrument.
At step 124 in FIG. 8, the computing unit 24(b) at the first recipient participant 22(b) repackages the encrypted instrument in another communications package and passes the package onto the computing unit 24(c) at the second recipient participant 22(c) over the same or a different communication system. This is illustrated diagrammatically in FIG. 2 by the instrument folder 38 being forwarded from the first recipient computing unit 24(b) along communication path 42 to the second recipient computing unit 24(c). The first recipient computing unit 24(a) also sends along its credential 32(b), and the originating participant's credential 32(a), so that the second recipient participant will have the necessary information to return communication.
Notice that this decryption also yields the originator's signature, which itself is a hash of āinstrumentā, encrypted with the private signing key of the originating participant. At steps 128 and 130, the second recipient computing unit 24(c) decrypts the originator's signature using the originator's public signing key that was provided in the originator's credentials and verifies the digital signature (by independently computing the hash of āinstrumentā) and authenticity of the originating participant (by verifying the digital signature of the credential binding authority on the signature credential of the originating participant).
At step 132, it is determined whether there are any more participants involved in the transaction. If there were more recipient participants (i.e., the ānoā branch from step 132), the second recipient would simply pass the remaining portions of the package, which would still be encrypted, onto the next participant (step 124). The process of steps 126-130 would then be repeated. In our example, however, there are only two recipient participants: merchant and bank. Since there are no more participants (i.e., the āyesā branch from step 132), the participants can return the appropriate receipts at step 134.
If the transaction is approved by the second recipient, meaning that the bank determines that it can fulfill the originator's commerce instrument, the computing unit 24(c) at the second recipient participant (i.e., the bank) returns a signed authorization receipt to the first recipient participant (i.e., the merchant) that payment is guaranteed. This is shown in FIG. 2 by the return receipt 44 being transmitted over communication path 46. Once the first recipient computing unit 24(b) receives the receipt, it will send a signed purchase receipt for the purchase to the originating computing unit 24(a) and fill the purchase order. This is shown in FIG. 2 by the return receipt 48 being transmitted from the first recipient computing unit 24(b) over communication path 49 to the originating computing unit 24(a).
Alternate Cryptography Approaches
Although the preceding section provides a description of the process using public key cryptography, those skilled in the art can see that other cryptographic approaches exist.
In one embodiment, the symmetric keys used for the documents or instruments may be pre-established amongst the participants. This will reduce the overall canonical data size as well as eliminate several public key decryption operations, thereby enhancing performance. In such an embodiment, the keys may be exchanged or established through a variety of means.
In another embodiment, authentication of the participants, as well as the exchange of symmetric keys may be accomplished through a trusted third party. For example, the Kerberos system is one such architecture which facilitates this embodiment.
In yet another embodiment, the digital signature technique used may be based on a technology other than public key. For example, the El Gamal digital signature technique, based on symmetric key cryptography, may be used.
In yet another embodiment, the hash values from each of the document(s) and commerce instrument(s) might be concatenated and then encrypted using the originator's private signature key. This has the advantage of computing only one public key encryption for multiple documents.
Negotiated Off-line Encryption Architecture
In a number of countries, encryption is subject to stringent regulation. Limitations may be applied to the algorithms as well as the key sizes used. In order to enable and ensure compliance with applicable regulations, it may be necessary for the communicating participants to negotiate or otherwise pre-establish the applicable parameters. In transaction commerce electronically, the participants may not necessarily be in direct communication (e.g., they may be communicating via Electronic Mail).
In such a situation, it is necessary for the parties to have a trusted way of mutually agreeing on the appropriate encryption algorithms and key sizes. Given that the parties have already established a mutually trusted party (the certifying authority/binder), it follows that the binder can be trusted to provide an indicator for each participant on what that participant's limitations are. An index which indicates the strongest algorithm and key size is placed on each participant's credential.
When an originating participant encrypts a document or instrument for a specific recipient, that originating participant takes his or her encryption index, along with the encryption index of the intended recipient, and uses the two values to look up the appropriate algorithm in a preestablished table. This table typically is established by the certifying authority for the version of the commerce protocol being used.
The table typically contains the least common denominator of encryption allowed between the two participants. This is particularly useful in international commerce, where the regulations for one participant may differ from that of another. It is assumed (and the responsibility of the credential authority) that the algorithm/key size at the intersection in the table is one which is compliant with both countries involved in the transaction.
Table 1 illustrates an example preestablished table used in a negotiation process between a first participant with one possible encryption index and a second participant with another possible encryption index. In this example, the encryption indices range from a value ā0ā which represents the inability to encrypt items to a value ā2ā which represents the ability to use rather secure encryption techniques.
TABLE 1 | ||||
0 | 1 | 2 | ||
0 | No Order | No Order | No Order | ||
Encryption | Encryption | Encryption | |||
1 | No |
40 |
32 | ||
Encryption | |||||
2 | No |
32 Bit RC4 | 64 Bit RC4 | ||
Encryption | |||||
Communication Data Structure
FIG. 9 shows a data structure 140 used to carry each package that is exchanged between the participants, or between the participant and the credential trusted authority. It is used to encapsulate the messages and the message components. The data structure is a ātag-length-valueā structure that provides a convenient way to handle fields as self-defined entities. This affords the flexibility of adapting to the message content being sent.
The tag-length-value (TLV) data structure 140 consists of three parts: an identifier field 142 (which is also known as the ātagā), a length field 144, and a value field 146. The identifier field or tag 142 is a fixed-size field (e.g., 32-bit) that defines or identifies the commerce data contained in the package. Only those tags defined for the particular commerce environment may be used. The length field 144 is a variable-sized field which contains a length of the commerce data contained in the package. The length field is preferably an exact byte count of the data contained in the value field 146. For string fields that are NULL-terminated, the count includes the NULL character. The value field 146 is a variable-sized field which contains the actual commerce data defined by the tag.
There are many benefits resulting from this TLV data structure 140. First, the data structure allows data elements to be self-describing, which affords tremendous flexibility. Second, it renders the data elements conducive to C++ programming protocols. Another benefit is that the TLV data structure facilitates future protocol extensibility. Still another region is that the data structure enables backward compatibility. Further, the data structure permits customization of the contents of messages to fit the particular commerce environment without impacting the basic architecture, technology and implementation of the electronic commerce system itself.
Cryptography System Architecture
Each computing unit 24(a)-24(c), as well as the credential server 28, is equipped to perform cryptographic functions including encryption, decryption, digital signing, and verification. The computing units are programmed to execute a commerce application that facilitates the computerized, electronic commerce system. To sustain the security and authentication functions of the electronic commerce system, the commerce application must be able to provide encryption, decryption, and digital signing. Accordingly, each computing unit is implemented with a cryptography system that supports the commerce application with respect to these functions.
FIG. 10 shows a computing unit 22 that is used in the electronic commerce system of this invention. Computing unit 22 has a processor 150, a network I/O port 152, and a memory 154 which are all interconnected via an internal multi-bit bus 156. The network I/O port 152 couples the computing unit 22 to the communication system employed in the electronic commerce system. For example, the network I/O port 152 might be in the form of a modem, network card, or the like. The computing unit 22 also includes a data input apparatus 158 (e.g., a keyboard, a mouse, a trackball, a keypad, etc.) and a card reader 160 (e.g., a smart card reader, a credit card reader, etc.) which are both operatively coupled to the bus 156.
A commerce application 162 is stored in memory 154 and executable on the processor 150. The commerce application is a software program that is tailored to the particular commerce activity in which the participant is involved.
The computing system 22 also has a cryptography system which supports the commerce application 162. In the illustrated embodiment, the cryptography system is implemented in software that is stored in the memory 154 and executed on the processor 150.
FIG. 11 shows the general architecture of the cryptography system, which is referenced with numeral 170. Cryptography system 170 has three layers: (1) a cryptographic application program interface (CAPI) 172, which provides functionality to an application that it is supporting (in this case, the commerce application 162); (2) one or more cryptographic service providers (CSP) 174(a)-174(d), which implement the cryptographic functionality presented by CAPI to the application; and (3) one or more private application program interfaces (PAPI) 176(a)-176(d) which allow the CSPs to communicate directly with a user 178. As one example implementation, this cryptographic system could incorporated into an operating system as a service layer to provide cryptographic services, as is described below in more detail with respect to FIGS. 19-22.
The CAPI layer 172 itself is thin. Its principal task is to select an appropriate CSP and verify its authenticity. When the commerce application 162 needs a sequence of cryptographic functions to be performed (e.g., encryption, decryption, signing), the application invokes the CAPI 172 to acquire a context associated with the appropriate CSP. The CAPI 172 then loads the CSP and verifies its authenticity. Each CSP is digitally signed by a certified trusted authority (such as the credential binding authority) through the use of its private encryption key. This digital signature 179 is graphically illustrated in FIG. 10 as part of the CSP 174 in memory 154. The binding authority's public encryption key 180 is embedded in the CAPI 172 so that the CAPI 172 can verify the authenticity of the CSP by validating the digital signature 179 of the certified trusted authority. This verification prevents introduction of a foreign or impostor CSP. The CAPI 172 also provides an insulating layer between the application and the CSP so that the application never has direct access to the CSP, but can only call to the CSP through the CAPI.
The CAPI 172 is preferably implemented in software. As shown in the computing unit implementation of FIG. 10, the CAPI 172 is stored in memory 154 and executed on processor 150. The CAPI 172 is shown as having a CSP verifier module 181 to perform the above described CSP verification.
The CSPs 174(a)-174(d) implement the cryptographic functionality requested by the application. In general, the CSPs perform encryption key management, encryption/decryption services, authentication and key exchanging tasks, hashing routines, and digital signing. Preferably, a different CSP is configured to perform each of these functions, although a single CSP can be implemented to perform them all. The CSPs 174(a)-174(d) are dynamically accessible by the CAPI 172 using conventional loading techniques.
For the key management task, the CSP 174 has a key manager 182 (FIG. 10) that stores, generates, or destroys encryption keys of any type, including symmetric cryptographic keys and asymmetric cryptographic keys. The CSP stores the participant's signing pair of private/public keys 184 that is used to digitally sign the registration packet, commerce document, and commerce instrument. The CSP also stores the participant's key exchange pair of private/public keys 186 that is used to decrypt messages sent by other participants.
The CSP 174 has a symmetric key generator 188 which generates the random symmetric bulk data encryption keys used to encrypt the messages sent to others. These symmetric keys are preferably āsessionalā and thus generated for each transaction. The CSP also imports and exports encryption keys in their encrypted form. For example, the CSP can export the symmetric encryption keys in their encrypted form when the commerce document and the commerce instrument are dispatched to the recipient. Alternatively, the CSP can import such encrypted symmetric encryption keys from another participant. The CSP can also export or import the public encryption keys of the participants signing and key exchange pairs. These public keys are the only keys that are made readily available in their non-encrypted format. After importation, the CSP treats the encryption keys as if it generated them itself. Once the symmetric keys are used and the transaction is completed, however, the CSP destroys them.
The CSP 174 is specifically designed to avoid exposing the participant's private keys to any application or user. The encryption keys are never directly accessible to the applications. The asymmetric private encryption keys are not permitted to leave the CSP under any circumstances. In addition, the symmetric keys are permitted to leave the CSP only in an encrypted state; they are not exported in a raw form. In this manner, the CSP key manager prevents the application from never inadvertently mishandling keys in a way that might cause them to be intercepted by those to whom they were not directly sent.
The CSP key manager assigns āhandlesā to the various keys that are created or imported. These handles are made available to the application via the CAPI. The application can manipulate the keys indirectly using the handles, rather than having absolute control over them. However, the keys themselves remain hidden from the application and CAPI.
One or more CSPs are also provided with encryption/decryption devices which encrypt and decrypt data using previously generated or imported symmetric keys, and the asymmetric key pairs. More particularly, the CSP 174 has a symmetric key encryption/decryption device 190 which is used to encrypt and decrypt messages (such as the commerce document and commerce instrument) using the generated or imported symmetric keys. An asymmetric key encryption/decryption device 192 is also provided to encrypt and decrypt the symmetric keys using the key exchange key pair 186.
As mentioned above, another function of a CSP 174 is to perform an authentication/key exchange protocol. In this protocol, the CSP generates a symmetric key to encrypt the data and then encrypts that encryption key using the public signing key that belongs to the intended recipient. This protocol provides a high degree of security by encrypting the data, and then assuring that only the intended recipient can open the encrypted packet.
The CSP 174 also has a hashing calculator 194 which computes the cryptographic digest of the data contained in any messages sent between participants. The hashing calculator 194 translates the data according to a hashing function into a fixed-size, and often reduced, hash value which is representative of the original data. Cryptographic hash functions are beneficial in that they reduce the size of data to a hash value which is unique to that data set. Additionally, according to some cryptographic hash functions, it is computationally infeasible to find two data streams with the same hash value.
The CSP 174 also performs the task of digitally signing messages sent by the participant. The CSP has a signing device 196 which provides a digital signature unique to the combination of message and participant. Preferably, the CSP signing device 196 computes the digital signature by encrypting a previously computed hash value output by the hashing calculator 194 with the private signing key pair 184.
The CSP 174 is preferably implemented in software as dynamic linked libraries (DLLs). This implementation is advantageous because it can be easily invoked by the CAPI or by the application through the CAPI. Furthermore, the cryptographic functions can be changed or updated simply by replacing one or more DLLs. With the CAPI layer in between, the CSP DLLs can be replaced without affecting how the application interacts with them. Additionally, by packaging the cryptographic services in DLLs, it will be possible to change the strengths of the services as regulatory considerations change without impacting the higher level applications.
The CSPs might also be implemented in combination with hardware. One example is a set-top box implementation having a smart card reader and installed software. Here, the cryptographic keys are stored and used only in the card processor, so that they are not even exposed to sophisticated software attacks. Another example is a combination tamper-resistant hardware (such as a smart card) and a personal computer (PC). Here, the PC might not be as trusted as the set-top box, and thus extra verification of the hardware and terminal might be necessary.
Even with the protections enforced by the CAPI 172 and the CSPs 174, there is a danger that a malicious application might attempt to request ostensibly legitimate operations that actually have the effect of compromising the user's security. For example, the application could have the CSP digitally sign a contract involving a large (and unwanted) financial commitment on the part of the user, unbeknownst to the user. Another example is for an application to instruct the CSP to export all symmetric session keys to the CSP of the application writer, giving the application writer the ability to read all of the user's encrypted data.
To guard against this threat, the CSPs have associated private application program interfaces (PAPI) 176(a)-176(d) which permits the CSPs to interact with the user through an implementation-dependent user interface. Prior to operating on a particular transaction, the PAPI 176 presents an explanation of the transaction to the user to assist the user in understanding the specifics of the transaction. This presentation might be in the form of a textual summary displayed on a monitor. The PAPI enables the user to confirm or reject the transaction by either attaching a digital signature authorizing the transaction, or avoiding signing to cancel the transaction. By involving the user each time his/her signature is to be attached to a set of commerce documents and instruments, the cryptography system mitigates the danger that a malicious application will obtain sensitive information.
The PAPI 176 also provides several other functions. One function provided by the PAPI 176 is context verifications in which the PAPI 176 verifies the authenticity of the user or entity that is operating at the computing unit prior to granting that user access to the application. For instance, the PAPI might mediate a user login sequence to validate the user. Alternatively, the PAPI 176 might be implemented in hardware, such as in combination with card reader 160 which reads a smart card or PCMCIA card, to verify the cardholder. The CSP 174 checks with the PAPI 176 to ascertain whether the appropriate authentication procedures have been met between the user and computing unit before letting the commerce application acquire a context. This context verification function is particularly useful for on-line PC services or banking ATMs that require participation from a person.
This aspect of the PAPI is implementation dependent. If implemented in a software-based PC, the context verification might simply involve a check with the PC operating system for the identity of the user already logged in. In a smart card terminal implementation, a full login with PIN entry may be required.
Another function of the PAPI 176 is to enable data entry from the user. The PAPI operates in conjunction with the data input apparatus 158 to permit data entry. Examples of this function include allowing the user to input a unique PIN during context verification, or to enter information regarding the transaction, or to enter confirmation/denial commands.
The PAPI 176 also informs the user as to the state of certain keys that the user might deem as requiring higher security. For example, the PAPI 176 can be configured to consult the user each time a key is created, exported, or used. This permits the user to have some control over particular keys, while further minimizing the possibility of a malicious application from exporting the keys in raw form.
The operation of the cryptography system 170 will now be described with reference to FIGS. 12-16. Recall that each computing unit 24 is equipped with a cryptography system 170, including an originating computing unit and a recipient computing unit. For purposes of discussion, the operation will be described in two parts. A first part explains the function of the cryptography system that takes place in the originating computing unit when preparing a message for transmissions (FIGS. 12-14). A second part describes the function of the cryptography system that occurs in the recipient computing unit after receiving a message (FIGS. 15-16).
Part 1: Encrypting and Signing
At step 200 in FIG. 12, the application 162 supplies a plaintext message to the CAPI 172 to be encrypted and signed. An example plaintext message is the commerce document and the commerce instrument. The CAPI 172 selects the appropriate CSP or CSPs 174 to perform the encryption and signing (step 202). In one implementation, this step entails loading the appropriate DLL, and performing a series of calls, such as calls to begin and end the encryption and to digitally sign the result. For purposes of continuing discussion, the operation will be described as if the CSP 174 in FIG. 10 is capable of performing both the encryption and signing functions.
At step 204, communication with the CSP is established between the CAPI 172 and selected CSP 174. The CAPI 172 verifies the authenticity of the CSP 174 by validating the binding authority's digital signature 179 attached to the CSP 174 using the binding authority's public signature key 180 embedded in the CAPI 172 (step 206).
Once the CSP is authenticated, the CAPI 172 passes the plaintext message to the CSP 174 for encryption (step 208 in FIG. 12). The CSP hashing calculator 194 translates the plaintext message into a cryptographic digest (step 210 in FIG. 12). During this time, an explanation of the transaction (such as what the commerce document or commerce instrument include) is passed to the PAPI 176 (step 212 in FIG. 12). The PAPI 176 supports a user interface which presents the explanation to the user 178 (step 214 in FIG. 13) and allows the user to input commands which confirm, modify, or deny the transaction. This affords an opportunity for the user to make changes to the transaction at its inception, before involving other participants. For example, the user might wish to change a purchase order or alter how he/she expects to pay for the purchased items. From a security perspective, this user interface ensures that the user is aware of the transaction and that he/she is authorizing it.
If the user authorizes the transaction, the PAPI 176 returns a confirmation to the CSP 174 (step 216 in FIG. 13). At step 218, the CSP signing device 196 attaches the originator's digital signature to the message by encrypting the cryptographic digest (hash) using the originator s private key of the signing pair. The CSP symmetric key generator 188 generates a symmetric bulk data encryption key (step 220 in FIG. 13) and the CSP symmetric key encryption/decryption device 190 encrypts the message and the originator's digital signature using the new symmetric encryption key (step 222). At step 224, the CSP asymmetric key encryption/decryption device 192 encrypts the symmetric encryption key using the key exchange public key of the intended recipient that is imported to the CSP.
At step 226 in FIG. 14, the CSP 174 returns the signed and encrypted commerce document and commerce instrument to the CAPI 172, and then onto the application. At the same time, the CSP 174 can inform the user via the PAPI 176 that certain keys, such as the symmetric key, are being exported from the CSP in its encrypted format (step 228 in FIG. 14). However, the asymmetric private keys of the signing and key exchange pairs are not exported from the CSP, but are permanently retained in confidence within the CSP. The commerce instrument and commerce instrument are then ready for transmission from the originating computing unit to the recipient computing unit as described above.
Part 2: Decryption and Verification
The commerce application running at the recipient computing unit receives the signed encrypted document and instrument and passes the package to its own cryptography system 170. Particularly, the encrypted document and instrument are supplied to the CAPI 172 for purposes of being decrypted and verified (step 250 in FIG. 15). The CAPI 172 selects the appropriate CSP or CSPs 174 to perform the decryption and verification (step 252 in FIG. 15). In this implementation, the appropriate CSP DLL is loaded and the application performs a series of calls to the DLL through the CAPI. For discussion purposes, the operation will again be described as if the CSP 174 in FIG. 10 is capable of performing both the decryption and authentication functions at the recipient computing unit.
Communication is then established between the CAPI 172 and selected CSP 174 (step 254 in FIG. 15), and the CAPI 172 verifies the authenticity of the CSP 174 (step 256). Once the CSP is authenticated, the CAPI 172 passes the encrypted document and instrument to the CSP 174 for decryption (step 258). At step 260, the CSP asymmetric key encryption/decryption device 192 decrypts the symmetric encryption key using the recipient's private key exchange key 186 maintained in the CSP. The CSP symmetric key encryption/decryption device 190 uses the recovered symmetric key to decrypt the message and originator's digital signature to provide the signed cryptographic digest (hash) (step 262 in FIG. 15).
At this point, the CSP can verify the packet by decrypting the cryptographic digest (hash) using the originator's public signing key (step 264 in FIG. 16). If the decryption yields a result that compares bit-for-bit with an independently, locally computed hash of the entire message, the participant is assured that the packet came from the originator and was not subsequently altered. For instance, in the electronic commerce system described above, the first recipient participant would be able to decrypt the commerce document, but decryption of the commerce instrument would yield meaningless information.
The plaintext message is returned from the CSP to the CAPI 172 and then to the commerce application 162 (step 266 in FIG. 16). After the process is completed, the CSP destroys the symmetric encryption key for that session (step 268).
The above discussion presents a general structure of an electronic commerce system. The following two cases provide example implementations of the electronic commerce system in specific commerce environments. The first example implementation is a credit card system and will be described with reference to FIGS. 17 and 18. The second example implementation is an interactive television system and will be described with reference to FIG. 23. In addition to these specific examples, the electronic commerce system can be implemented in a wide variety of commercial environments, including on-line services and debit or other banking card transactions.
FIGS. 17 and 18 diagrammatically illustrate an electronic credit card system 300 according to two different operation phases: a registration phase (FIG. 17) and an order and purchase processing phase (FIG. 18). The electronic credit card system 300 has several participants, including a purchaser 302, a merchant 304, an acquiring bank or acquirer 306, an issuing bank 308, and a trusted authority or binder 310. The financial roles of each participant in the commerce transaction are well-known and will not be described herein.
Each participant is equipped with a computing unit, including a PC 312 at the purchaser and servers 314, 316, and 318 at the merchant, acquirer, and binder, respectively. Each computing unit is loaded with a credit card application and a cryptography system to support the credit card application with respect to its cryptographic needs.
During the registration phase of FIG. 17, each participant requests and receives credentials from the binder 310. āBindingā in this context means that the acquirer 306 is a known interface to an existing card payment system that is in use today; the merchant 304 is known to be able to accept credit cards for payment and deposit them with the acquirer 306, and the purchaser 302 has a payment card known by the issuing bank 308 that issued the card. Credentials for the acquirer 306 and the merchant 304 are created by the binder 310 as authorized by their responsible bank. Credentials for the purchaser are created by the binder 310 as authorized by the purchaser's bank or authorized agent in the form of the card association.
Cardholder credentials are created when the purchaser 302 requests registration of a credit card. The purchaser enters card information (such as card number, expiration date, name on card) on the PC 312 to complete a registration application. The purchaser's computing unit also uses its cryptography system to generate the signing and key exchange pairs of public/private cryptography keys. The public keys are included in the registration packet.
The purchaser's computing unit digitally signs the card registration packet and sends the packet over a communication system to the binder's server 318. The binder's server 318 validates the registration packet and creates a cardholder credential based on the information supplied by the purchaser. The cardholder credential includes the following information:
Cardholder Credential |
1. | Credential Serial Number. |
2. | Cardholder Name. |
3. | Hashed Account Number. |
4. | Cardholder's Signing Public Key. |
5. | Cardholder's Key Exchange Public Key. |
6. | Credential Expiration. |
7. | Version of Credential Format. |
8. | Encryption Index |
The ācredential serial numberā is a number generated by the binder to uniquely identify the credential. The āhashed account numberā is created using a one-way hashing algorithm, such as the well-known SHA (secure hash algorithm), which easily creates a unique hash value representative of the account number while rendering the regeneration of the account number from the hash value computationally infeasible. The hash guarantees that the credential is tied to a specific credit card. However, knowledge of the credential does not give any insight to the actual number of the credit card. The ācredential expirationā field contains the date range that the credential is valid as decided by the binder.
The cardholder credential is signed by either the binder 310, which might be the card association binder, or the card issuing bank binder in those cases where the card association has authorized the card issuing bank to do so. This credential is then sent back over the communication path from the binder's server 318 to the purchaser's computing unit 312 as indicated by the credential 320 in FIG. 17.
Notice that the acquirer 306 registers with the binder 310 for both itself and on behalf of the merchant 304. In the credit card context, the merchant 304 participates based upon the authority of the merchant's financial institution, which is the acquirer 306 in this case. As a result, there is information known only to the acquirer that will be included in the merchant's credential. The binder will create both credentials 322 and 324 for the merchant and acquirer and send both to the acquirer, which then passes the merchant's credential 322 onto the merchant. Alternatively, if authorized, the acquirer can create the merchant's credential directly.
The merchant's credential is conceptually similar to the cardholder credential. There are eleven fields contained in the merchant's credential, with the first six fields being analogous to fields in the cardholder credential. The merchant's fields are:
Merchant Credential |
1. | Credential Serial Number. |
2. | Merchant Name. |
3. | Merchant's Signing Public Key |
4. | Merchant's Key |
5. | Period of Credential Validity. |
6. | Version of Credential Format. |
7. | Acquirer's Key Exchange Public Key |
(for payment instructions) | |
8. | Card Brand Accepted |
9. | Acquirer BIN |
10. | |
11. | Encryption Index |
The last four fields are used to help define the business relationships and responsibilities that are inherent in the credit card model. The āacquirer's key exchange public keyā is included to enable encryption of the payment instruction by the purchaser such that only the acquirer may decrypt it. The acquirer's public is key could be distributed directly to the purchaser via the acquirer's credential, but is preferably included in the merchant's credential in the interest of efficiency and is in recognition of the special business relationship between the acquirer and the merchant.
The ācard brand acceptedā field indicates the particular card brand (e.g., VisaĀ® or MasterCardĀ®) that can be accepted by the merchant. The āacquirer BINā is the identifier of the acquirer as used by the card association. The āmerchant IDā is the identifier of the merchant as used by the acquirer. The cardholder's credential is signed by the card association binder or the acquirer if authorized by the binder.
The acquirer credential contains items similar to the purchaser or merchant credentials, including the following:
Acquirer Credential |
1. | Credential Serial Number. |
2. | Acquirer Name. |
3. | Acquirer's Signing Public Key |
4. | Acquirer's Key |
5. | Credential Expiration. |
6. | Version of Credential Format. |
7. | Acquirer BIN |
8. | Card Brand Accepted |
The acquirer credential is digitally signed by the credit card association's credential binding authority.
Turning now to the order and purchase processing phase of FIG. 18, the credit card system implemented with the electronic commerce system of this invention involves the communication paths shown in solid lines. The electronic credit card system of this invention facilitates the document and instrument interchange among the purchaser 302, merchant 304, and acquirer 306. The dotted lines represent commerce processes implemented and operating by the existing payment card authorization and settlement systems in use today. As noted above, the purchaser PC 312, merchant server 314, and acquirer server 316 all execute a credit card order and payment application, and a cryptography system, to meet the security, privacy, integrity, and authenticity needs of this particular commerce system. During the order and processing phase, there is no active participation on the part of the binder 310.
The purchaser 302 creates a commerce document in the form of a goods and services order (GSO) and a commerce instrument in the form of a purchase instruction (PI). The GSO and PI are configured in packets using the tag-length-value data structure described above with reference to FIG. 9. An example GSO contains a name of the payee (merchant), an authorized amount, a unique transaction ID, purchaser's name and address, an order expiration, and an order form. An example PI includes the payee name (merchant), the authorized amount, the unique transaction ID, a GSO message digest, a card expiration, and order expiration.
The GSO and PI are digitally signed by the purchaser using the appropriate cryptographic service provider (CSP) is the cryptography system. The GSO and PI are then encrypted with a symmetric cipher using two different, randomly selected symmetric keys. The GSO data requires relatively less privacy (in comparison to the PI) because it contains less financial information. Thus, the GSO can be encrypted with a symmetric key of comparatively less strength, such as a key devised by the known RC4 algorithm with a key length of 40 bits. On the other hand, the PI contains more financial information and warrants higher privacy. The PI is encrypted with a DES symmetric key having a key length of 56 bits.
The symmetric keys for the GSO and PI are next encrypted with the key exchange public keys of the merchant and acquirer, respectively. The GSO symmetric key is less stringently protected by a relatively smaller 768-bit RSA public key, whereas the PI symmetric key is more strongly protected using a 1024-bit RSA key.
The signed encrypted GSO 330, signed encrypted PI 332, and the cardholder credential 320 are packaged and sent to the merchant over a communication network 334. An example network 334 include a telephone network.
The merchant server 314, using its cryptography system, decrypts the GSO 330 using its own key exchange private key. The merchant server 314 then uses the purchaser's public signing key received in the cardholder credential 320 to verify the purchaser's digital signature on the GSO. This assures the merchant that the purchaser is authentic and the order is valid. Meanwhile, unable to decrypt the PI 332, the merchant server 314 leaves the PI in its encrypted form.
To consummate the transaction, the merchant needs to secure funds from the purchaser to pay for the ordered items. Accordingly, the merchant server 314 sends the still encrypted PI 322 and the purchaser's credential 320 onto the acquirer server 316 using the same or another communication network 336. An example network 336 might be as ISDN network which links the merchant and acquirer.
Using its cryptography system and own private key exchange key, the acquirer server 316 decrypts the PI 332. The acquire server 316 then uses the purchaser's signing public key received in the purchaser's credential 320 to verify the purchaser's digital signature on the PI.
The PI is channeled through the existing payment card authorization system to validate the availability of funds for the purchaser. More particularly, the acquirer 306 uses the existing credit card network 338 to contact the issuing bank 308 that issued the credit card and handles that credit account for the purchaser 302. If sufficient credit or funds are available, the issuing bank 308 returns an authorization response over the network 338 to the acquirer 306. The authorization response is then digitally signed by the acquirer 306 and encrypted using the key exchange public key of the merchant. The response 340, along with the acquirer's credential 324, is sent over the communication network 336 to the merchant server 314.
The merchant server 314 uses its cryptography system and private key exchange key to decrypt the response 340 and the acquirer's public signing key received in the acquirer's credential 324 to verify the response. Given the signed authorization, the merchant knows that payment is guaranteed. The merchant can now fill the order and ship the items to the purchaser. The merchant server 314 then generates a purchase receipt 342, digitally signs the receipt, and encrypts it using the purchaser's public key exchange key. The purchase receipt 342 is sent from the merchant server 314 over the communication network 334 to the purchaser's PC 312 which then decrypts and verifies the receipt.
At the close of the merchant's business day, the merchant 304 requests payment for all approved payments for which goods have been shipped. The merchant server 314 transmits a file of all such payment transactions processed that day to the acquirer for decryption and deposit into the normal draft clearing and settlement system used today. The acquirer pays the merchant and then settles its account with the issuing bank using the existing credit card system 338, and the issuing bank bills the purchaser in due course.
FIGS. 19-22 illustrate more particularly the use of the cryptography system as a lower-level service provider to an operating system application that is tailored for the purchaser (FIG. 19), the merchant (FIG. 20), the acquirer (FIG. 21), and the binder (FIG. 22). For convenience purposes, only the CAPI layer of the cryptography system is illustrated in these Figures.
As shown in FIG. 19, a purchaser application 350 running at the purchaser PC 312 calls functions in a purchaser application program interface (API) 352 which then calls functions in the CAPI 172 of the cryptography system. The purchaser application 350 might request, for example, creation of a registration request, creation of a transaction, or processing of a transaction receipt. To create a registration request during the registration phase, the purchaser application 350 submits the binder credential and the purchaser's account number and the purchaser API returns a credential registration request. This request is properly signed and encrypted by the underlying cryptography system in the manner described above with respect to FIGS. 10-14. As another example, to create a transaction, the purchaser application 350 passes a charge slip, a summary, the merchant credential, a transaction amount, purchase terms, and transaction details to the purchaser API 352, which then returns a transaction and an identifier for that transaction.
Table 2 shows an example set of API function calls, listing input terms which are supplied from the purchaser application to the purchaser API and returned items sent back from the purchaser API.
TABLE 2 |
Purchaser API Function Calls |
Function | Input Terms | Returned Terms |
Create Credential | Binder Credential | Request |
Registration Request | Account Number | |
Process Credential | Registration Response | |
Registration Response | ||
Create Transaction | Charge Slip | Transaction |
Summary | Transaction Identifier | |
Merchant Credential | ||
Transaction Amount | ||
Purchase Terms | ||
Transaction Details | ||
Process Transaction | Receipt | Amount |
Receipt | Transaction Identifier | |
Merchant Name | ||
Merchant Message | ||
With respect to FIG. 20, a merchant application 354 running at the merchant server 314 calls functions in a merchant API 356 which then calls functions in the CAPI 172 of the cryptography system. Table 3 shows an example set of function calls for the merchant API.
TABLE 3 |
Merchant API Function Calls |
Function | Input Terms | Returned Terms |
Create Credential | Binder Credential | Request |
Registration Request | Account Number | |
Process Credential | Registration Response | |
Registration Response | ||
Process Transaction | Transaction | Charge Slip |
Transaction Amount | ||
Purchase Terms | ||
Transaction Identifier | ||
Transaction Details | ||
Purchaser Credential | ||
Create Transaction | Transaction Auth. | Transaction Auth. |
Authorization Request | Amount | Request |
Transaction Identifier | ||
Charge Slip | ||
Acquirer Credential | ||
Process Transaction | Transaction Auth. | Transaction Auth. |
Authorization | Response | Identifier |
Response | Authorized Amount | |
Transaction Auth. | ||
Response Code | ||
Acquirer Message to | ||
Purchaser | ||
Create Transaction | Authorized Amount | Receipt |
Receipt | Transaction Identifier | |
Merchant Name | ||
Merchant Message | ||
Purchaser Credential | ||
Acquirer Message to | ||
Purchaser | ||
With respect to FIG. 21, an acquirer application 360 running at the acquirer server 316 calls functions in an acquirer API 362 which then calls functions in the CAPI 172 of the cryptography system. Table 4 shows an example set of function calls for the acquirer API.
TABLE 4 |
Acquirer API Function Calls |
Function | Input Terms | Returned Terms |
Create Credential | Binder Credential | Request |
Registration Request | Account Number | |
Process Credential | Registration Response | |
Registration Response | ||
Process Transaction | Transaction | Transaction Auth. |
Authorization Request | Authorization Request | Identifier |
Transaction Identifier | ||
Transaction Amount | ||
Transaction Auth. | ||
Amount | ||
Purchaser Name | ||
Purchaser Account | ||
Number | ||
Merchant Account | ||
Number | ||
Summary | ||
Purchaser Credential | ||
Merchant Credential | ||
Create Transaction | Transaction Auth. | Transaction Auth. |
Authorization | Identifier | Response |
Response | Transaction Identifier | |
Authorized Amount | ||
Purchaser Credential | ||
Merchant Credential | ||
Trans. Authorized | ||
Response Code | ||
With respect to FIG. 22, a binder application 364 running at the binder server 318 calls functions in a binder API 366 which then calls functions in the CAPI 172 of the cryptography system. Table 5 shows an example set of function calls for the binder API.
TABLE 5 |
Binder API Function Calls |
Function | Input Terms | Returned Terms |
Process Credential | Request | Requester Type |
Registration Request | Requester Name | |
Requester Account | ||
Number | ||
Requester Signature | ||
Public Key | ||
Requester Key | ||
Exchange Pub. Key | ||
Create Credential | Credential Type | Credential Regis. |
Registration Response | Requester Name | Response |
Requester Account | Requester Credential | |
Number | ||
Binder Name | ||
Validity Period | ||
Requester Signature | ||
Public Key | ||
Requester Key | ||
Exchange Pub. Key | ||
Credential Identifier | ||
FIG. 23 diagrammatically illustrates an interactive television (ITV) system 400 that implements the electronic commerce system according to another aspect of this invention. The participants include a subscriber 402, a merchant 404, an acquire 406 and a cable operator 408. The subscriber 402 is equipped with a computing unit in the form of a set-top box (STB) 412. The merchant and acquirer each have a server 414 and 416, respectively, and the cable operator 408 is equipped with a headend server 418. Each computing unit is loaded with an ITV commerce application and a cryptography system to satisfy the security, privacy, integrity, and authenticity aspects of the ITV system. In this implementation, the ITV commerce application can be downloaded from the headend server to the STBs as requested, rather than remaining resident at the STB. The cryptography system, however, would reside and be executable at the STB.
The subscriber STB 412 and merchant server 414 are interconnected with the headend server 418 via an interactive network structure, which is represented by the network cloud 420. One example implementation of the network structure is a hybrid fiber-optic/cable distribution system employing digital switching technologies such as asynchronous transfer mode (ATM) for bi-directional communications between the headend and individual subscriber/merchants. This multi-tier distribution system includes a high-speed, high-bandwidth fiber optic cable coupled between the headend and many regional distribution nodes. Each distribution node is then connected to multiple set-top boxes within the region via conventional home entry lines, such as twisted-pair telephone lines or coaxial cable. As an example, a single headend might service 250,000 or more subscribers, and each regional distribution node might support approximately 1200 subscribers. As technology continues to improve, parts of the ITV network structure can be replaced with wireless forms of communication, such as RF communication or satellite communication.
In this implementation, the cable operator 408 might perform several roles. The headend server 418 performs its traditional tasks of providing video content programs to the subscribers and facilitating communication over the network 420. The cable operator 418 might also operate as the binding authority which certifies all subscribers connected to the ITV network, including the purchasing subscriber and the merchant subscriber. In this fashion, the subscribers submit registration applications over the ITV network 320, and receive credentials from the headend server 418. The cable operator 418 might also function as a financial institution analogous to an issuing bank in the credit card system, wherein the cable operator bills and collects money from the subscribers.
During a purchasing transaction, the purchaser subscriber 402 creates a commerce document in the form of an electronic purchase order (PO) 422 and a commerce instrument in the form of a purchase instruction (PI) 424. The PO and PI are digitally signed by the purchaser subscriber STB, encrypted with selected symmetric keys that are then encrypted with the public key exchange keys of the merchant 404 and acquirer 406, respectively. The signed encrypted PO 422, signed encrypted PI 424, and a subscriber credential 426 are packaged and sent over the interactive network 420 to the headend server 418, which then redirects it to the merchant subscriber 404.
The merchant 404 decrypts and verifies the PO 422. The merchant 404 then sends the encrypted PI 424 and the purchaser subscriber's credential 426 onto the acquirer 406 via a separate communication network 428. The acquirer server 416 decrypts and verifies the PI 424. The acquirer determines whether the funds exist to consummate the purchase and, if so returns a signed authorization receipt 430 to the merchant. The merchant then fills the order and sends a signed receipt 432 to the subscriber.
Once the goods are shipped, the merchant 404 requests and receives payment for the goods from the acquirer. The acquirer then settles the account with the purchaser's issuing bank, or the cable operator 408 if authorized to perform that function.
The example embodiments illustrate several benefits of the electronic commerce system. First, each document or instrument is digitally signed and encrypted by an originating participant. This insures that the document and instrument will be decrypted and the signature independently verified only by the intended recipient participant. The recipient further verifies that the digital signature is valid for the document or instrument, and that the document or instrument was part of the initial package created by the originating participant and was not subsequently altered.
Another benefit is that the encrypted and signed packages are independent entities that can be transported by any communications protocol and system. This allows the electronic commerce system to operate over the communication system that already exists between the participants, such as phone networks, on-line services networks, wide area networks, interactive television networks, etc.
Another advantage is that the encryption attributes can be varied according to document type. In the credit card example, the GSO and PI are encrypted using independently specifiable cryptographic algorithms and strengths (often expressed in terms of key sizes or bit count). Regulatory and legal entities can therefore set the standards of allowable encryption for each document or instrument within a particular commerce system. The electronic commerce system according to an aspect of this invention can then be flexibly adapted to conform to those standards. In this manner, the electronic commerce system can be used in a wide variety of commerce activities, and support the particular regulatory and legal cryptographic standards imposed for each different activity. Furthermore, by implementing the cryptography system, and namely the cryptographic service providers (CSPs) as DLLs, the electronic commerce system can respond quickly to regulatory induced changes simply by replacing the DLLs without impacting the higher level application software.
The electronic commerce system has another benefit is that it can be used in a complementary fashion with existing commerce systems, such as the credit card payment card authorization and settlement system, that are already in place today.
In compliance with the statute, the invention has been described in language more or less specific as to structure and method features. It is to be understood, however, that the invention is not limited to the specific features described, since the means herein disclosed comprise exemplary forms of putting the invention into effect. The invention is therefore, claimed in any of its forms or modifications within the proper scope of the appended claims appropriately interpreted in accordance with the doctrine of equivalents and other applicable judicial doctrines.
Claims (80)
1. A cryptography system to support an application requiring cryptographic functions, the cryptography system comprising:
a cryptographic application program interface (CAPI) to interface with the application and handle its requests for a cryptographic function;
at least one cryptography service provider (CSP) independent from, but dynamically accessible by, the CAPI;
the CSP providing the cryptographic function requested by the application, the CSP also managing and protecting at least one encryption key used in the cryptographic function to prevent exposure of the encryption key in a non-encrypted form to the CAPI and application; and
a private application program interface (PAPI) to interface the CSP with a user, the PAPI enabling the user to observe, confirm, or reject the requested cryptographic function.
2. A cryptography system as recited in claim 1 wherein the CSP is digitally signed with a digital signature of a certified trusted authority.
3. A cryptography system as recited in claim 2 wherein the CAPI verifies an authenticity of the CSP by validating the digital signature of the certified trusted authority.
4. A cryptography system as recited in claim 1 wherein the CSP computes a digital signature of the cryptography system.
5. A cryptography system as recited in claim 1 wherein the CSP generates the encryption key.
6. A cryptography system as recited in claim 1 wherein the CSP generates the encryption key.
7. A cryptography system as recited in claim 1 wherein the CSP destroys the encryption key following its use.
8. A cryptography system as recited in claim 1 wherein the CSP assigns a handle to the encryption key, the handle being made available to the application through the CAPI while the encryption key remains unavailable to the application and the CAPI.
9. A cryptography system as recited in claim 1 wherein, when the application requests encryption of a message, the CSP hashes at least some data contained in the message.
10. A cryptography system as recited in claim 1 wherein the CSP is implemented in software as dynamically linked libraries.
11. A cryptography system as recited in claim 1 wherein the CSP exports the encryption key only in an encrypted form.
12. A cryptography system as recited in claim 1 wherein, when the application requests encryption of a message, the CSP encrypts the message using a symmetric encryption key and then encrypts the symmetric encryption key using a public key from an asymmetric pair of private and public encryption keys.
13. A cryptography system as recited in claim 1 wherein the CSP manages at least one asymmetric pair of private and public encryption keys and permanently retains the asymmetric private encryption key is confidence.
14. A cryptography system as recited in claim 1 further comprising multiple CSPs to perform various ones of the cryptographic functions, said cryptographic functions including encryption, decryption, signing, and verification.
15. A cryptography system as recited in claim 1 wherein the PAPI presents, to the user, an explanation of the cryptographic function being requested by the application.
16. A cryptography system as recited in claim 1 wherein, when the application requests a digital signature on a message, the PAPI presents an opportunity for the user to confirm or deny attaching a digital signature before the CSP digitally signs the message.
17. A cryptography system as recited in claim 1 wherein the PAPI verifies the user's authenticity prior to enabling the user access to the application through the CSP.
18. A cryptography system as recited in claim 1 wherein the PAPI enables data entry from the user.
19. A cryptography system as recited in claim 1 wherein, when the application requests use or exportation of a particular encryption key, the PAPI selectively notifies the user when the particular encryption key is to be used or exported.
20. In a computer system having a processing unit and a computer-readable medium, a computer-implemented cryptography service provider stored on the computer-readable medium for execution on the processing unit as part of a cryptography system used to support a computer executable application requiring encryption or decryption of electronic messages to be sent or received by a user, the cryptography service provider comprising:
a key manager to manage encryption keys used to encrypt messages and to prevent the encryption keys from being exported in a non-encrypted form from the cryptography service provider;
an encryption/decryption device to encrypt or decrypt messages using the encryption keys; and
the cryptography service provider being configured as a dynamic linked library, software module which is dynamically accessible as needed by the application to receive a plaintext message and to return an encrypted message, or to receive an encrypted message and to return a plaintext message, without exposing the encryption keys in their non-encrypted form to the application.
21. A cryptography service provider as recited in claim 20 wherein the encryption/decryption device encrypts individual messages using a symmetric encryption key and then encrypts the symmetric encryption key using a public key from an asymmetric pair of private and public cryptographic keys.
22. A cryptography service provider as recited in claim 21 wherein the key manager exports the symmetric encryption key only in an encrypted form.
23. A cryptography service provider as recited in claim 20 wherein the key manager manages at least one asymmetric pair of private and public cryptographic keys and permanently retains the asymmetric private cryptographic key in confidence.
24. A cryptography service provider as recited in claim 20 where in the key manager stores at least one unique encryption key.
25. A cryptography service provider as recited in claim 20 further comprising a key generator to produce the encryption keys used to encrypt the message.
26. A cryptography service provider as recited in claim 20 wherein the key manager assigns handles to the encryption keys which are made available to the application, while maintaining the encryption keys themselves unavailable to the application.
27. A cryptography service provider as recited in claim 20 further comprising a hashing calculator to hash at least some data contained in the messages.
28. A method for supporting cryptographic functions requested by an application, the method comprising the following steps:
supplying a request for a cryptographic function to a cryptographic application program interface (CAPI);
selecting a cryptography service provider (CSP) to perform the desired cryptographic function;
establishing communication between the CAPI and the CSP;
verifying an authenticity of the CSP;
performing the cryptographic function at the CSP using at least one cryptographic key; and
preventing exposure of the encryption key in a non-encrypted form to the CAPI or application.
29. A method as recited in claim 28 wherein the performing step comprises performing a cryptographic function selected from a group comprising encryption, decryption, digital signing, and verification.
30. A method as recited in claim 28 further comprising presenting information concerning the requested cryptographic from the CSP through a private application program interface (PAPI) to a user to enable the user to observe, confirm, or reject the requested cryptographic function.
31. A method for encrypting a message comprising the following steps:
supplying a plaintext message to a cryptographic application program interface (CAPI);
selecting a cryptography service provider (CSP) for encrypting the message;
establishing communication between the CAPI and the CSP;
verifying an authenticity of the CSP;
passing the plaintext message from the CAPI to the CSP;
encrypting the message at the CSP using an encryption key maintained by the CSP to produce an encrypted message; and
passing the encrypted message from the CSP back to the CAPI without exposing the encryption key in its non-encrypted form.
32. A method as recited in claim 31 wherein the encrypting step comprises the following steps:
encrypting the message with a symmetric encryption key; and
encrypting the symmetric key with a public key from an asymmetric pair of private and public cryptographic keys.
33. A method as recited in claim 32 wherein the encrypting step comprises the step of passing the encrypted symmetric encryption key to the CAPI along with the message.
34. A method as recited in claim 31 wherein the verifying step comprises the following steps:
attaching a digital signature of a certified trusted authority to the CSP; and
validating the digital signature to authenticate the CSP.
35. A method as recited in claim 31 further comprising the step of attaching a digital signature of the cryptography system to the message.
36. A method as recited in claim 31 further comprising the step of storing within the CSP at least one unique encryption key.
37. A method as recited in claim 31 further comprising the step of generating within the CSP the encryption key used to encrypt the message.
38. A method as recited in claim 31 further comprising the step of destroying the encryption key following its use.
39. A method as recited in claim 31 further comprising the following steps:
assigning a handle to the encryption key; and
making the handle available to the CAPI while maintaining the encryption key in confidence within the CSP.
40. A method as recited in claim 31 further comprising the step of hashing within the CSP at least some data contained in the message.
41. A method as recited in claim 31 further comprising the following steps:
passing an explanation of the message to a private application program interface (PAPI) used to interface the CSP with a user; and
presenting the explanation to the user.
42. A method as recited in claim 41 further comprising the step of verifying at the PAPI an authenticity of the user prior to presenting the explanation of the message.
43. A method as recited in claim 41 further comprising the step of enabling data entry from the user through the PAPI.
44. A method as recited in claim 41 further comprising the step of selectively notifying the user via the PAPI when a particular encryption key is to be used.
45. A computer-readable medium having computer-executable instructions for performing the steps in the method recited in claim 28 .
46. A computer-readable medium having computer-executable instructions for performing the steps in the method recited in claim 31 .
47. A computer-readable medium having a computer-executable instructions for implementing a cryptography system, comprising:
a cryptographic application program interface (CAPI) configured as a software module to interface with a computer-implemented application and to handle requests from the application for a cryptographic function;
at least one cryptography service provider (CSP) configured as a software module independent from, but dynamically accessible by, the CAPI;
the CSP providing the cryptographic function requested by the software application, the CSP also managing and protecting at least one encryption key used in the cryptographic function to prevent exposure of the encryption key in a non-encrypted form to the CAPI and software application.
48. A computer-readable medium as recited in claim 47 , further comprising a private application program interface (PAPI) configured as a software module independent from the CAPI and CSP, the PAPI being configured to interface the CSP with a user and enable the user to observe, confirm, or reject the requested cryptographic function.
49. A computer-readable medium as recited in claim 47 , wherein:
the CSP module is digitally signed with a digital signature of a certified trusted authority; and
the CAPI module verifies an authenticity of the CSP when accessing the CSP by validating the digital signature of the certified trusted authority.
50. In a computer system having a processing unit and a computer-readable medium, a computer-implemented cryptography service provider stored on the computer-readable medium for execution on the processing unit as part of a cryptography system used to support a computer executable application requiring encryption or decryption of electronic information, the cryptography service provider comprising:
a key manager to manage encryption keys used to encrypt messages and to prevent the encryption keys from being exported in a non-encrypted form from the cryptography service provider;
an encryption/decryption device to encrypt to decrypt messages using the encryption keys; and
the cryptography service provider being configured as a loadable software module which is dynamically accessible as needed by the application to receive a plaintext message and to return an encrypted message, or to receive an encrypted message and to return a plaintext message, without exposing the encryption keys in their non-encrypted form to the application.
51. A computer-readable medium having a computer-implemented cryptography service provider stored thereon for execution on a processing unit as part of a cryptography system used to support a computer executable application requiring encryption or decryption of electronic information the cryptography service provider comprising:
a key manager to manage encryption keys used to encrypt data and to prevent the encryption keys from being exported in a non-encrypted form from the cryptography service provider;
an encryption/decryption device to encrypt to decrypt data using the encryption keys; and
the cryptography service provider being configured as a loadable software module which is dynamically accessible as needed by the application to receive a plaintext data and to return an encrypted data, or to receive an encrypted data and to return a plaintext data, without exposing the encryption keys in their non-encrypted form to the application.
52. A cryptography service provider as recited in claim 51 wherein the encryption/decryption device encrypts individual messages using a symmetric encryption key and then encrypts the symmetric encryption key using a public key from an asymmetric pair of private and public cryptographic keys.
53. A cryptography service provider as recited in claim 52 wherein the key manager exports the symmetric encryption key only in an encrypted form.
54. A cryptography service provider as recited in claim 51 wherein the key manager manages at least one asymmetric pair of private and public cryptographic keys and permanently retains the asymmetric private cryptographic key in confidence.
55. A cryptography service provider as recited in claim 51 wherein the key manager stores at least one unique encryption key.
56. A cryptography service provider as recited in claim 51 further comprising a key generator to produce the encryption keys used to encrypt the message.
57. A cryptography service provider as recited in claim 51 wherein the key manager assigns handles to the encryption keys which are made available to the application, while maintaining the encryption keys themselves unavailable to the application.
58. A cryptography service provider as recited in claim 51 further comprising a hashing calculator to hash at least some data contained in the messages.
59. A method for supporting cryptographic functions requested by an application, the method comprising:
supplying a request for a cryptographic function to a cryptographic application program interface (CAPI);
selecting an independent dynamically accessible cryptography service provider (CSP) to perform the desired cryptographic function;
establishing communication between the CAPI and the CSP;
performing the cryptographic function at the CSP using at least one cryptographic key; and
preventing exposure of the encryption key in a non-encrypted form to the CAPI or application.
60. A computer readable medium having instructions stored thereon for causing a computer to implement the method of claim 59 .
61. A method as recited in claim 59 wherein performing comprises performing a cryptographic function selected from a group comprising encryption, decryption, digital signing, and verification.
62. A method as recited in claim 59 further comprising presenting information concerning the requested cryptographic from the CSP through a private application program interface (PAPI) to a user to enable the user to observe, confirm, or reject the requested cryptographic function.
63. A method for encrypting a message comprising:
supplying a plaintext message to a cryptographic application program interface (CAPI);
selecting a cryptography service provider (CSP) for encrypting the message;
establishing communication between the CAPI and the CSP;
passing the plaintext message from the CAPI to the CSP;
encrypting the message at the CSP using an encryption key to produce an encrypted message; and
passing the encrypted message from the CSP back to the CAPI without exposing the encryption key in its non-encrypted form.
64. A method as recited in claim 63 wherein the encrypting element comprises:
encrypting the message with a symmetric encryption key; and
encrypting the symmetric encryption key with a public key from an asymmetric pair of private and public cryptographic keys.
65. A method as recited in claim 63 wherein the encrypting step comprises the step of passing the encrypted symmetric encryption key to the CAPI along with the message.
66. A method as recited in claim 63 wherein the verifying step comprises the attaching digital signature of a certified trusted authority to the CSP; and validating the digital signature to authenticate the CSP.
67. A method as recited in claim 63 further comprising the step of attaching a digital signature of the cryptography system to the message.
68. A method as recited in claim 63 further comprising the step of storing within the CSP at least one unique encryption key.
69. A method as recited in claim 63 further comprising the step of generating within the CSP the encryption key used to encrypt the message.
70. A method as recited in claim 63 further comprising the step of destroying the encryption key following its use.
71. A method as recited in claim 63 further comprising the following steps:
assigning a handle to the encryption key; and
making the handle available to the CAPI while maintaining the encryption key in confidence within the CSP.
72. A method as recited in claim 63 further comprising the step of hashing within the CSP at least some data contained in the message.
73. A method as recited in claim 63 further comprising the following steps:
passing an explanation of the message to a private application program interface (PAPI) used to interface the CSP with a user; and
presenting the explanation to the user.
74. A method as recited in claim 73 further comprising the step of verifying at the PAPI an authenticity of the user prior to presenting the explanation of the message.
75. A method as recited in claim 73 further comprising the step of enabling data entry from the user through the PAPI.
76. A method as recited in claim 73 further comprising the step of selectively notifying the user via the PAPI when a particular encryption key is to be used.
77. A computer-readable medium having computer-executable instructions for performing the steps in the method recited in claim 63 .
78. A computer-readable medium having computer-executable instructions for implementing a cryptography system, comprising:
a cryptographic application program interface (CAPI) for interfacing with a computer-implemented application and to handle requests from the application for a cryptographic function; and wherein
the cryptographic application program interface is further configured to dynamically access at least one independent cryptography service provider (CSP) software module which provides the cryptographic function requested by the software application.
79. The computer readable medium of claim 78 , wherein at least one encryption key used in the cryptographic function is protected from exposure in a non-encrypted form to the software application and to CAPI.
80. A computer-readable medium having a computer-implemented cryptography service provider architecture stored thereon for use by a processing unit as part of a cryptography system used to support a computer executable application requiring encryption or decryption of data to be sent or received by a user, the cryptography service provider architecture comprising:
a key manager to manage encryption keys used to encrypt data and to prevent the encryption keys from being exported in a non-encrypted form from the cryptography service provider;
an encryption/decryption invoker to cause encryption or decryption of data using the encryption keys; and
the cryptography service provider being configured as a loadable software module which is dynamically accessible as needed by the application to receive plaintext data and to return an encrypted data, or to receive encrypted data and to return plaintext data, without exposing the encryption keys in their non-encrypted form to the application.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/386,463 USRE38070E1 (en) | 1995-06-29 | 1999-08-30 | Cryptography system and method for providing cryptographic services for a computer application |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/496,801 US5689565A (en) | 1995-06-29 | 1995-06-29 | Cryptography system and method for providing cryptographic services for a computer application |
US09/386,463 USRE38070E1 (en) | 1995-06-29 | 1999-08-30 | Cryptography system and method for providing cryptographic services for a computer application |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US08/496,801 Reissue US5689565A (en) | 1995-06-29 | 1995-06-29 | Cryptography system and method for providing cryptographic services for a computer application |
Publications (1)
Publication Number | Publication Date |
---|---|
USRE38070E1 true USRE38070E1 (en) | 2003-04-08 |
Family
ID=23974198
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US08/496,801 Ceased US5689565A (en) | 1995-06-29 | 1995-06-29 | Cryptography system and method for providing cryptographic services for a computer application |
US09/386,463 Expired - Lifetime USRE38070E1 (en) | 1995-06-29 | 1999-08-30 | Cryptography system and method for providing cryptographic services for a computer application |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US08/496,801 Ceased US5689565A (en) | 1995-06-29 | 1995-06-29 | Cryptography system and method for providing cryptographic services for a computer application |
Country Status (1)
Country | Link |
---|---|
US (2) | US5689565A (en) |
Cited By (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020143710A1 (en) * | 2001-04-03 | 2002-10-03 | Gary Liu | Certified transmission system |
US20020162003A1 (en) * | 2001-04-30 | 2002-10-31 | Khaja Ahmed | System and method for providing trusted browser verification |
US20030115155A1 (en) * | 2001-12-18 | 2003-06-19 | Ncr Corporation | Issuing certified checks over the internet |
US20040139314A1 (en) * | 2000-06-15 | 2004-07-15 | Cook David P. | Automatic delivery selection for electronic content |
US20040189716A1 (en) * | 2003-03-24 | 2004-09-30 | Microsoft Corp. | System and method for designing electronic forms and hierarchical schemas |
US20040226002A1 (en) * | 2003-03-28 | 2004-11-11 | Larcheveque Jean-Marie H. | Validation of XML data files |
US20040267813A1 (en) * | 2003-06-30 | 2004-12-30 | Rivers-Moore Jonathan E. | Declarative solution definition |
US6874143B1 (en) | 2000-06-21 | 2005-03-29 | Microsoft Corporation | Architectures for and methods of providing network-based software extensions |
US20050097362A1 (en) * | 2003-11-05 | 2005-05-05 | Winget Nancy C. | Protected dynamic provisioning of credentials |
US20050169475A1 (en) * | 2002-05-21 | 2005-08-04 | France Telecom | Method of controlling access to cryptographic resources |
US20050183006A1 (en) * | 2004-02-17 | 2005-08-18 | Microsoft Corporation | Systems and methods for editing XML documents |
US20060004670A1 (en) * | 1999-09-24 | 2006-01-05 | Mckenney Mary K | System and method for providing payment services in electronic commerce |
US20060123227A1 (en) * | 2000-09-08 | 2006-06-08 | Miller Lawrence R | System and method for transparently providing certificate validation and other services within an electronic transaction |
EP1681648A1 (en) * | 2005-01-12 | 2006-07-19 | NTT DoCoMo, Inc. | Communication device, digital signature verification method and digital signature generation method |
US20060179008A1 (en) * | 2000-09-08 | 2006-08-10 | Tallent Guy S Jr | Provision of authorization and other services |
US7110548B1 (en) * | 1998-07-31 | 2006-09-19 | Hatachi Ltd | Cryptographic communication method, encryption algorithm shared control method, encryption algorithm conversion method and network communication system |
US20060265339A1 (en) * | 2005-05-17 | 2006-11-23 | Faramak Vakil | Secure virtual point of service for 3G wireless networks |
US7281018B1 (en) | 2004-05-26 | 2007-10-09 | Microsoft Corporation | Form template data source change |
US20090150675A1 (en) * | 2000-06-15 | 2009-06-11 | Zix Corporation | Secure message forwarding system detecting user's preferences including security preferences |
US20090210703A1 (en) * | 2008-01-18 | 2009-08-20 | Epstein William C | Binding a digital certificate to multiple trust domains |
US20090319805A1 (en) * | 2008-06-11 | 2009-12-24 | Microsoft Corporation | Techniques for performing symmetric cryptography |
US7676843B1 (en) | 2004-05-27 | 2010-03-09 | Microsoft Corporation | Executing applications at appropriate trust levels |
US7689929B2 (en) | 2000-06-21 | 2010-03-30 | Microsoft Corporation | Methods and systems of providing information to computer users |
US7692636B2 (en) | 2004-09-30 | 2010-04-06 | Microsoft Corporation | Systems and methods for handwriting to a screen |
US7702997B2 (en) | 2000-06-21 | 2010-04-20 | Microsoft Corporation | Spreadsheet fields in text |
US20100098256A1 (en) * | 2008-10-22 | 2010-04-22 | Kirshenbaum Evan R | Decryption Key Management |
US7712022B2 (en) | 2004-11-15 | 2010-05-04 | Microsoft Corporation | Mutually exclusive options in electronic forms |
US7712048B2 (en) | 2000-06-21 | 2010-05-04 | Microsoft Corporation | Task-sensitive methods and systems for displaying command sets |
US7721190B2 (en) | 2004-11-16 | 2010-05-18 | Microsoft Corporation | Methods and systems for server side form processing |
US7725834B2 (en) | 2005-03-04 | 2010-05-25 | Microsoft Corporation | Designer-created aspect for an electronic form template |
US7743063B2 (en) | 2000-06-21 | 2010-06-22 | Microsoft Corporation | Methods and systems for delivering software via a network |
US7779343B2 (en) | 2006-01-30 | 2010-08-17 | Microsoft Corporation | Opening network-enabled electronic documents |
US7818677B2 (en) | 2000-06-21 | 2010-10-19 | Microsoft Corporation | Single window navigation methods and systems |
US7900134B2 (en) | 2000-06-21 | 2011-03-01 | Microsoft Corporation | Authoring arbitrary XML documents using DHTML and XSLT |
US7904801B2 (en) | 2004-12-15 | 2011-03-08 | Microsoft Corporation | Recursive sections in electronic forms |
US7913159B2 (en) | 2003-03-28 | 2011-03-22 | Microsoft Corporation | System and method for real-time validation of structured data files |
US7925621B2 (en) | 2003-03-24 | 2011-04-12 | Microsoft Corporation | Installing a solution |
US7937651B2 (en) | 2005-01-14 | 2011-05-03 | Microsoft Corporation | Structural editing operations for network forms |
US7971139B2 (en) | 2003-08-06 | 2011-06-28 | Microsoft Corporation | Correlation, association, or correspondence of electronic forms |
US7979856B2 (en) | 2000-06-21 | 2011-07-12 | Microsoft Corporation | Network-based software extensions |
US8001459B2 (en) | 2005-12-05 | 2011-08-16 | Microsoft Corporation | Enabling electronic documents for limited-capability computing devices |
US8010515B2 (en) | 2005-04-15 | 2011-08-30 | Microsoft Corporation | Query to an electronic form |
US20110293096A1 (en) * | 2010-05-27 | 2011-12-01 | Bladelogic, Inc. | Multi-Level Key Management |
US8078960B2 (en) | 2003-06-30 | 2011-12-13 | Microsoft Corporation | Rendering an HTML electronic form by applying XSLT to XML using a solution |
US20120084845A1 (en) * | 2002-10-25 | 2012-04-05 | Daniil Utin | Fixed client identification system for positive identification of client to server |
US8200975B2 (en) | 2005-06-29 | 2012-06-12 | Microsoft Corporation | Digital signatures for network forms |
US8487879B2 (en) | 2004-10-29 | 2013-07-16 | Microsoft Corporation | Systems and methods for interacting with a computer through handwriting to a screen |
US8670564B1 (en) | 2006-08-14 | 2014-03-11 | Key Holdings, LLC | Data encryption system and method |
US8819072B1 (en) | 2004-02-02 | 2014-08-26 | Microsoft Corporation | Promoting data from structured data files |
US8818903B2 (en) | 1999-09-10 | 2014-08-26 | Charles Dulin | Transaction coordinator for digital certificate validation and other services |
US8892993B2 (en) | 2003-08-01 | 2014-11-18 | Microsoft Corporation | Translation file |
US8918729B2 (en) | 2003-03-24 | 2014-12-23 | Microsoft Corporation | Designing electronic forms |
US9684889B2 (en) | 1999-02-12 | 2017-06-20 | Identrust, Inc. | System and method for providing certification-related and other services |
US9697366B1 (en) * | 2011-12-12 | 2017-07-04 | Google Inc. | Use of generic (browser) encryption API to do key exchange (for media files and player) |
US10567975B2 (en) | 2005-10-04 | 2020-02-18 | Hoffberg Family Trust 2 | Multifactorial optimization system and method |
US11340797B2 (en) | 2019-10-04 | 2022-05-24 | Zettaset, Inc. | Dedicated encrypted container storage |
Families Citing this family (175)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
CN100365535C (en) | 1995-02-13 | 2008-01-30 | č±ē¹ē¹ęęÆē¹ęęÆå ¬åø | Systems and methods for secure transaction management and electronic rights protection |
US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US6138107A (en) * | 1996-01-04 | 2000-10-24 | Netscape Communications Corporation | Method and apparatus for providing electronic accounts over a public network |
US6038551A (en) * | 1996-03-11 | 2000-03-14 | Microsoft Corporation | System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer |
US5933503A (en) * | 1996-03-15 | 1999-08-03 | Novell, Inc | Controlled modular cryptography apparatus and method |
US6945457B1 (en) | 1996-05-10 | 2005-09-20 | Transaction Holdings Ltd. L.L.C. | Automated transaction machine |
US6901509B1 (en) | 1996-05-14 | 2005-05-31 | Tumbleweed Communications Corp. | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data |
US6745936B1 (en) * | 1996-08-23 | 2004-06-08 | Orion Systems, Inc. | Method and apparatus for generating secure endorsed transactions |
US5982506A (en) * | 1996-09-10 | 1999-11-09 | E-Stamp Corporation | Method and system for electronic document certification |
AU722463B2 (en) | 1996-10-25 | 2000-08-03 | Gemalto Sa | Using a high level programming language with a microcontroller |
US9418381B2 (en) * | 2000-04-14 | 2016-08-16 | Citigroup Credit Services, Inc. (USA) | Method and system for notifying customers of transaction opportunities |
US8255680B1 (en) * | 1997-06-26 | 2012-08-28 | Oracle America, Inc. | Layer-independent security for communication channels |
US6157966A (en) * | 1997-06-30 | 2000-12-05 | Schlumberger Malco, Inc. | System and method for an ISO7816 complaint smart card to become master over a terminal |
US6389535B1 (en) | 1997-06-30 | 2002-05-14 | Microsoft Corporation | Cryptographic protection of core data secrets |
US7024377B1 (en) * | 1997-09-30 | 2006-04-04 | Intel Corporation | Method and apparatus for managing electronic commerce |
US6052784A (en) * | 1997-10-14 | 2000-04-18 | Intel Corporation | Network discovery system and method |
WO1999026121A2 (en) * | 1997-11-13 | 1999-05-27 | Hyperspace Communications, Inc. | File transfer system |
US6925182B1 (en) * | 1997-12-19 | 2005-08-02 | Koninklijke Philips Electronics N.V. | Administration and utilization of private keys in a networked environment |
US6308270B1 (en) | 1998-02-13 | 2001-10-23 | Schlumberger Technologies, Inc. | Validating and certifying execution of a software program with a smart card |
US6751735B1 (en) | 1998-03-23 | 2004-06-15 | Novell, Inc. | Apparatus for control of cryptography implementations in third party applications |
US6532451B1 (en) * | 1998-03-23 | 2003-03-11 | Novell, Inc. | Nested strong loader apparatus and method |
US6701433B1 (en) | 1998-03-23 | 2004-03-02 | Novell, Inc. | Method and apparatus for escrowing properties used for accessing executable modules |
US6615350B1 (en) | 1998-03-23 | 2003-09-02 | Novell, Inc. | Module authentication and binding library extensions |
US6219652B1 (en) * | 1998-06-01 | 2001-04-17 | Novell, Inc. | Network license authentication |
US6256735B1 (en) * | 1998-08-17 | 2001-07-03 | At&T Wireless Services, Inc. | Method and apparatus for limiting access to network elements |
US6324646B1 (en) | 1998-09-11 | 2001-11-27 | International Business Machines Corporation | Method and system for securing confidential data in a computer network |
US6145084A (en) * | 1998-10-08 | 2000-11-07 | Net I Trust | Adaptive communication system enabling dissimilar devices to exchange information over a network |
US6591229B1 (en) | 1998-10-09 | 2003-07-08 | Schlumberger Industries, Sa | Metrology device with programmable smart card |
WO2000025473A1 (en) | 1998-10-23 | 2000-05-04 | L-3 Communications Corporation | Apparatus and methods for managing key material in heterogeneous cryptographic assets |
WO2000030319A1 (en) * | 1998-11-13 | 2000-05-25 | Iomega Corporation | System for keying protected electronic data to particular media to prevent unauthorized copying using asymmetric encryption and a unique identifier of the media |
US6754886B1 (en) * | 1998-11-30 | 2004-06-22 | International Business Machines Corporation | Method and system for storing java objects in devices having a reduced support of high-level programming concepts |
US6578143B1 (en) | 1998-12-18 | 2003-06-10 | Qualcomm Incorporated | Method for negotiating weakened keys in encryption systems |
EP1022638A3 (en) * | 1999-01-12 | 2001-05-02 | International Business Machines Corporation | Method and system for securely handling information between two information processing devices |
US7171000B1 (en) | 1999-06-10 | 2007-01-30 | Message Secure Corp. | Simplified addressing for private communications |
TW449991B (en) | 1999-01-12 | 2001-08-11 | Ibm | Method and system for securely handling information between two information processing devices |
US6490679B1 (en) * | 1999-01-18 | 2002-12-03 | Shym Technology, Inc. | Seamless integration of application programs with security key infrastructure |
US7155605B1 (en) * | 1999-03-31 | 2006-12-26 | Lenovo (Singapore) Pte. Ltd. | Data processing system and method for maintaining secure data blocks |
US6289450B1 (en) * | 1999-05-28 | 2001-09-11 | Authentica, Inc. | Information security architecture for encrypting documents for remote access while maintaining access control |
US20020101998A1 (en) * | 1999-06-10 | 2002-08-01 | Chee-Hong Wong | Fast escrow delivery |
US6988199B2 (en) | 2000-07-07 | 2006-01-17 | Message Secure | Secure and reliable document delivery |
US20020019932A1 (en) * | 1999-06-10 | 2002-02-14 | Eng-Whatt Toh | Cryptographically secure network |
US6385739B1 (en) | 1999-07-19 | 2002-05-07 | Tivo Inc. | Self-test electronic assembly and test system |
EP1505473A1 (en) * | 1999-07-23 | 2005-02-09 | Microsoft Corporation | Methods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment |
US6976168B1 (en) * | 1999-07-23 | 2005-12-13 | Mcafee, Inc. | System and method for adaptive cryptographically synchronized authentication |
US6484259B1 (en) * | 1999-07-23 | 2002-11-19 | Microsoft Corporation | Methods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment |
US6598161B1 (en) * | 1999-08-09 | 2003-07-22 | International Business Machines Corporation | Methods, systems and computer program products for multi-level encryption |
JP3858527B2 (en) * | 1999-08-10 | 2006-12-13 | åÆ士ć¼ćććÆć¹ę Ŗå¼ä¼ē¤¾ | Data generation apparatus, data verification apparatus and method |
WO2001037067A1 (en) * | 1999-11-16 | 2001-05-25 | Intel Corporation | A method of providing secure linkage of program modules |
US7603311B1 (en) | 1999-11-29 | 2009-10-13 | Yadav-Ranjan Rani K | Process and device for conducting electronic transactions |
IL133771A0 (en) * | 1999-12-28 | 2001-04-30 | Regev Eyal | Closed loop transaction |
US8725632B2 (en) | 2000-01-13 | 2014-05-13 | Citicorp Development Center, Inc. | Method and system for conducting financial and non-financial transactions using a wireless device |
US8346677B1 (en) | 2000-12-29 | 2013-01-01 | Citicorp Development Center, Inc. | Method and system for conducting commerce over a wireless communication network |
EP1272955A4 (en) * | 2000-02-03 | 2004-07-21 | Citicorp Dev Ct Inc | Integrated system for providing financial services including internet tv capabilities |
WO2001057663A2 (en) | 2000-02-04 | 2001-08-09 | America Online Incorporated | Optimized delivery of web application code |
US7366977B2 (en) * | 2000-02-04 | 2008-04-29 | Aol Llc A Delaware Limited Liability Company | Method and systems of automated client-server data validation |
US7685423B1 (en) * | 2000-02-15 | 2010-03-23 | Silverbrook Research Pty Ltd | Validation protocol and system |
US7502922B1 (en) * | 2000-03-01 | 2009-03-10 | Novell, Inc. | Computer network having a security layer interface independent of the application transport mechanism |
US7231517B1 (en) * | 2000-03-03 | 2007-06-12 | Novell, Inc. | Apparatus and method for automatically authenticating a network client |
US6785811B1 (en) * | 2000-03-23 | 2004-08-31 | International Business Machines Corporation | Methods, systems and computer program products for providing multiple cryptographic functions to applications using a common library |
US8032453B2 (en) | 2000-04-14 | 2011-10-04 | Citicorp Development Center, Inc. | Method and system for notifying customers of transaction opportunities |
US7237114B1 (en) * | 2000-04-26 | 2007-06-26 | Pronvest, Inc. | Method and system for signing and authenticating electronic documents |
AU2001255778A1 (en) * | 2000-05-05 | 2001-11-20 | Terry Knapp | System for providing information prescriptions |
US6807277B1 (en) | 2000-06-12 | 2004-10-19 | Surety, Llc | Secure messaging system with return receipts |
US20040073617A1 (en) | 2000-06-19 | 2004-04-15 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail |
US7051200B1 (en) * | 2000-06-27 | 2006-05-23 | Microsoft Corporation | System and method for interfacing a software process to secure repositories |
US7117371B1 (en) | 2000-06-28 | 2006-10-03 | Microsoft Corporation | Shared names |
US7124408B1 (en) | 2000-06-28 | 2006-10-17 | Microsoft Corporation | Binding by hash |
US7251728B2 (en) | 2000-07-07 | 2007-07-31 | Message Secure Corporation | Secure and reliable document delivery using routing lists |
US7010605B1 (en) * | 2000-08-29 | 2006-03-07 | Microsoft Corporation | Method and apparatus for encoding and storing session data |
US7076062B1 (en) * | 2000-09-14 | 2006-07-11 | Microsoft Corporation | Methods and arrangements for using a signature generating device for encryption-based authentication |
US20030159047A1 (en) * | 2000-09-26 | 2003-08-21 | Telefonaktiebolaget L M Ericsson (Publ) | Method of securing and exposing a logotype in an electronic device |
US7043636B2 (en) * | 2000-09-26 | 2006-05-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Data integrity mechanisms for static and dynamic data |
TW548535B (en) * | 2000-10-17 | 2003-08-21 | Ericsson Telefon Ab L M | Security system |
US20020048372A1 (en) * | 2000-10-19 | 2002-04-25 | Eng-Whatt Toh | Universal signature object for digital data |
RU2174708C1 (en) * | 2000-11-15 | 2001-10-10 | ŠŠ°ŠŗŃŃŃŠ¾Šµ Š°ŠŗŃŠøŠ¾Š½ŠµŃŠ½Š¾Šµ Š¾Š±ŃŠµŃŃŠ²Š¾ "ŠŠ¶ŠµŠ½ŠµŃŠ°Š» Š¢ŠµŠŗŠ½Š¾Š»Š¾Š“Š¶ŠøŃ" | Method for carrying on trade operations using clearing transactions through communication network |
US6936533B2 (en) * | 2000-12-08 | 2005-08-30 | Samsung Electronics, Co., Ltd. | Method of fabricating semiconductor devices having low dielectric interlayer insulation layer |
GB2372360B (en) * | 2001-02-15 | 2005-01-19 | Hewlett Packard Co | Improvements in and relating to credential transfer methods |
US7269736B2 (en) * | 2001-02-28 | 2007-09-11 | Microsoft Corporation | Distributed cryptographic methods and arrangements |
US6912582B2 (en) * | 2001-03-30 | 2005-06-28 | Microsoft Corporation | Service routing and web integration in a distributed multi-site user authentication system |
US7178024B2 (en) | 2001-04-05 | 2007-02-13 | Sap Ag | Security service for an electronic marketplace |
US20020150253A1 (en) * | 2001-04-12 | 2002-10-17 | Brezak John E. | Methods and arrangements for protecting information in forwarded authentication messages |
US7110986B1 (en) * | 2001-04-23 | 2006-09-19 | Diebold, Incorporated | Automated banking machine system and method |
US7079648B2 (en) * | 2001-06-07 | 2006-07-18 | Microsoft Corporation | Tester of cryptographic service providers |
US7962962B2 (en) * | 2001-06-19 | 2011-06-14 | International Business Machines Corporation | Using an object model to improve handling of personally identifiable information |
US7603317B2 (en) * | 2001-06-19 | 2009-10-13 | International Business Machines Corporation | Using a privacy agreement framework to improve handling of personally identifiable information |
US20070277037A1 (en) * | 2001-09-06 | 2007-11-29 | Randy Langer | Software component authentication via encrypted embedded self-signatures |
US7210134B1 (en) | 2001-09-06 | 2007-04-24 | Sonic Solutions | Deterring reverse-engineering of software systems by randomizing the siting of stack-based data |
US8332275B2 (en) * | 2001-10-31 | 2012-12-11 | Ebay Inc. | Method and apparatus to facilitate a transaction within a network-based facility |
US7502754B2 (en) * | 2002-01-08 | 2009-03-10 | Bottomline Technologies (De), Inc. | Secure web server system for unattended remote file and message transfer |
US7568219B2 (en) * | 2002-01-08 | 2009-07-28 | Bottomline Technologies (De), Inc. | Transfer server of a secure system for unattended remote file and message transfer |
US7146009B2 (en) * | 2002-02-05 | 2006-12-05 | Surety, Llc | Secure electronic messaging system requiring key retrieval for deriving decryption keys |
US7363033B2 (en) * | 2002-02-15 | 2008-04-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Method of and system for testing equipment during manufacturing |
US7415270B2 (en) * | 2002-02-15 | 2008-08-19 | Telefonaktiebolaget L M Ericsson (Publ) | Middleware services layer for platform system for mobile terminals |
US7536181B2 (en) * | 2002-02-15 | 2009-05-19 | Telefonaktiebolaget L M Ericsson (Publ) | Platform system for mobile terminals |
US7240830B2 (en) * | 2002-02-15 | 2007-07-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Layered SIM card and security function |
US8079015B2 (en) * | 2002-02-15 | 2011-12-13 | Telefonaktiebolaget L M Ericsson (Publ) | Layered architecture for mobile terminals |
US7543333B2 (en) * | 2002-04-08 | 2009-06-02 | Microsoft Corporation | Enhanced computer intrusion detection methods and systems |
US6782477B2 (en) * | 2002-04-16 | 2004-08-24 | Song Computer Entertainment America Inc. | Method and system for using tamperproof hardware to provide copy protection and online security |
EP1355447B1 (en) * | 2002-04-17 | 2006-09-13 | Canon Kabushiki Kaisha | Public key certification providing apparatus |
US20030204716A1 (en) * | 2002-04-24 | 2003-10-30 | Rockwood Troy Dean | System and methods for digital content distribution |
US7376235B2 (en) * | 2002-04-30 | 2008-05-20 | Microsoft Corporation | Methods and systems for frustrating statistical attacks by injecting pseudo data into a data system |
US7672452B2 (en) * | 2002-05-03 | 2010-03-02 | General Instrument Corporation | Secure scan |
US7200756B2 (en) * | 2002-06-25 | 2007-04-03 | Microsoft Corporation | Base cryptographic service provider (CSP) methods and apparatuses |
US7478395B2 (en) * | 2002-09-23 | 2009-01-13 | Telefonaktiebolaget L M Ericsson (Publ) | Middleware application message/event model |
US7149510B2 (en) * | 2002-09-23 | 2006-12-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Security access manager in middleware |
US7350211B2 (en) * | 2002-09-23 | 2008-03-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Middleware application environment |
GB2396707B (en) * | 2002-10-17 | 2004-11-24 | Vodafone Plc | Facilitating and authenticating transactions |
JP4509930B2 (en) * | 2002-10-17 | 2010-07-21 | ć“ć©ć¦ććć©ć³ć»ć°ć«ć¼ćć»ćć¼ćØć«ć·ć¼ | Facilitating and authenticating transactions |
US7770008B2 (en) | 2002-12-02 | 2010-08-03 | Silverbrook Research Pty Ltd | Embedding data and information related to function with which data is associated into a payload |
US20060149962A1 (en) * | 2003-07-11 | 2006-07-06 | Ingrian Networks, Inc. | Network attached encryption |
US20050031119A1 (en) * | 2003-08-04 | 2005-02-10 | Yuying Ding | Method and communications device for secure group communication |
FR2860363B1 (en) * | 2003-09-30 | 2006-01-21 | Everbee Networks | METHOD AND SYSTEM FOR SECURING A USER'S ACCESS TO A COMPUTER NETWORK |
US20050120206A1 (en) * | 2003-12-02 | 2005-06-02 | John Hines | Method and system for rule-based certificate validation |
US20050137940A1 (en) * | 2003-12-22 | 2005-06-23 | Lindsay Jeffrey D. | Method to provide a product to a consumer to protect consumer privacy |
US20050177518A1 (en) * | 2004-02-10 | 2005-08-11 | Brown Collie D. | Electronic funds transfer and electronic bill receipt and payment system |
US20050204139A1 (en) * | 2004-03-10 | 2005-09-15 | Helland Patrick J. | Service broker security |
US7356846B2 (en) * | 2004-04-14 | 2008-04-08 | Microsoft Corporation | Unilateral session key shifting |
US7376972B2 (en) * | 2004-04-14 | 2008-05-20 | Microsoft Corporation | Session key exchange key |
US7757086B2 (en) * | 2004-05-27 | 2010-07-13 | Silverbrook Research Pty Ltd | Key transportation |
US7484831B2 (en) * | 2004-05-27 | 2009-02-03 | Silverbrook Research Pty Ltd | Printhead module having horizontally grouped firing order |
US7427117B2 (en) | 2004-05-27 | 2008-09-23 | Silverbrook Research Pty Ltd | Method of expelling ink from nozzles in groups, alternately, starting at outside nozzles of each group |
US7549718B2 (en) | 2004-05-27 | 2009-06-23 | Silverbrook Research Pty Ltd | Printhead module having operation controllable on basis of thermal sensors |
US7328956B2 (en) * | 2004-05-27 | 2008-02-12 | Silverbrook Research Pty Ltd | Printer comprising a printhead and at least two printer controllers connected to a common input of the printhead |
US7735944B2 (en) | 2004-05-27 | 2010-06-15 | Silverbrook Research Pty Ltd | Printer comprising two printhead modules and at least two printer controllers |
US8346593B2 (en) | 2004-06-30 | 2013-01-01 | Experian Marketing Solutions, Inc. | System, method, and software for prediction of attitudinal and message responsiveness |
US8166294B1 (en) * | 2004-09-17 | 2012-04-24 | Oracle America, Inc. | Cryptographic framework |
US20080282331A1 (en) * | 2004-10-08 | 2008-11-13 | Advanced Network Technology Laboratories Pte Ltd | User Provisioning With Multi-Factor Authentication |
US8347078B2 (en) | 2004-10-18 | 2013-01-01 | Microsoft Corporation | Device certificate individualization |
US8336085B2 (en) | 2004-11-15 | 2012-12-18 | Microsoft Corporation | Tuning product policy using observed evidence of customer behavior |
US8099324B2 (en) * | 2005-03-29 | 2012-01-17 | Microsoft Corporation | Securely providing advertising subsidized computer usage |
US9633213B2 (en) * | 2005-05-16 | 2017-04-25 | Texas Instruments Incorporated | Secure emulation logic between page attribute table and test interface |
US20060259828A1 (en) | 2005-05-16 | 2006-11-16 | Texas Instruments Incorporated | Systems and methods for controlling access to secure debugging and profiling features of a computer system |
US7627125B2 (en) * | 2005-06-23 | 2009-12-01 | Efunds Corporation | Key loading systems and methods |
US8713667B2 (en) * | 2005-07-08 | 2014-04-29 | Hewlett-Packard Development Company, L.P. | Policy based cryptographic application programming interface in secure memory |
US8060747B1 (en) | 2005-09-12 | 2011-11-15 | Microsoft Corporation | Digital signatures for embedded code |
US20070074033A1 (en) * | 2005-09-29 | 2007-03-29 | Research In Motion Limited | Account management in a system and method for providing code signing services |
US20070074031A1 (en) * | 2005-09-29 | 2007-03-29 | Research In Motion Limited | System and method for providing code signing services |
US20070074032A1 (en) * | 2005-09-29 | 2007-03-29 | Research In Motion Limited | Remote hash generation in a system and method for providing code signing services |
US8340289B2 (en) | 2005-09-29 | 2012-12-25 | Research In Motion Limited | System and method for providing an indication of randomness quality of random number data generated by a random data service |
US7797545B2 (en) | 2005-09-29 | 2010-09-14 | Research In Motion Limited | System and method for registering entities for code signing services |
US8205087B2 (en) * | 2006-02-27 | 2012-06-19 | Microsoft Corporation | Tool for digitally signing multiple documents |
US8190902B2 (en) * | 2006-02-27 | 2012-05-29 | Microsoft Corporation | Techniques for digital signature formation and verification |
US9141819B2 (en) * | 2006-11-08 | 2015-09-22 | International Business Machines Corporation | Encrypted tape access control via challenge-response protocol |
US8504846B2 (en) * | 2007-05-25 | 2013-08-06 | Samsung Electronics Co., Ltd. | Method and apparatus for secure storing of private data on user devices in telecommunications networks |
JP5277576B2 (en) * | 2007-07-18 | 2013-08-28 | ę Ŗå¼ä¼ē¤¾ćŖć³ć¼ | Information processing apparatus and cryptographic processing program |
FR2922701B1 (en) * | 2007-10-23 | 2009-11-20 | Inside Contacless | SECURE CUSTOMIZATION METHOD OF AN NFC CHIPSET |
EP2129116A1 (en) | 2008-05-29 | 2009-12-02 | Nagravision S.A. | Unit and method for securely processing audio/video data with controlled access |
EP2337347A1 (en) * | 2009-12-17 | 2011-06-22 | Nagravision S.A. | Method and processing unit for secure processing of access controlled audio/video data |
US8782417B2 (en) | 2009-12-17 | 2014-07-15 | Nagravision S.A. | Method and processing unit for secure processing of access controlled audio/video data |
US8522031B2 (en) * | 2010-05-14 | 2013-08-27 | Force 10 Networks, Inc. | Method and apparatus for establishing a trusted and secure relationship between two parties connected to a network |
US20120177202A1 (en) * | 2011-01-07 | 2012-07-12 | International Business Machines Corporation | Secure transport of domain-specific cryptographic structures over general purpose application program interfaces |
JP2013141137A (en) * | 2012-01-05 | 2013-07-18 | Ricoh Co Ltd | Composite system |
US9251143B2 (en) | 2012-01-13 | 2016-02-02 | International Business Machines Corporation | Converting data into natural language form |
EP2802152B1 (en) | 2013-05-07 | 2017-07-05 | Nagravision S.A. | Method for secure processing a stream of encrypted digital audio / video data |
US11257117B1 (en) | 2014-06-25 | 2022-02-22 | Experian Information Solutions, Inc. | Mobile device sighting location analytics and profiling system |
CN113596828B (en) | 2014-10-31 | 2024-08-16 | åŗ·ē»“č¾¾ę ēŗæęéč“£ä»»å ¬åø | End-to-end service layer authentication |
JP2018518854A (en) | 2015-03-16 | 2018-07-12 | ć³ć³ć“ć£ć¼ć ćÆć¤ć¤ć¬ć¹ļ¼ ćØć«ćØć«ć·ć¼ | End-to-end authentication at the service layer using a public key mechanism |
US9965639B2 (en) * | 2015-07-17 | 2018-05-08 | International Business Machines Corporation | Source authentication of a software product |
US10237246B1 (en) | 2015-07-31 | 2019-03-19 | Symphony Communication Services Holdings Llc | Secure message search |
US9767309B1 (en) | 2015-11-23 | 2017-09-19 | Experian Information Solutions, Inc. | Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria |
WO2018039377A1 (en) | 2016-08-24 | 2018-03-01 | Experian Information Solutions, Inc. | Disambiguation and authentication of device users |
US10819709B1 (en) * | 2016-09-26 | 2020-10-27 | Symphony Communication Services Holdings Llc | Authorizing delegated capabilities to applications in a secure end-to-end communications system |
US11526859B1 (en) | 2019-11-12 | 2022-12-13 | Bottomline Technologies, Sarl | Cash flow forecasting using a bottoms-up machine learning approach |
US11532040B2 (en) | 2019-11-12 | 2022-12-20 | Bottomline Technologies Sarl | International cash management software using machine learning |
CN110891061B (en) * | 2019-11-26 | 2021-08-06 | äøå½é¶čč”份ęéå ¬åø | Data encryption and decryption method and device, storage medium and encrypted file |
US11682041B1 (en) | 2020-01-13 | 2023-06-20 | Experian Marketing Solutions, Llc | Systems and methods of a tracking analytics platform |
US11704671B2 (en) | 2020-04-02 | 2023-07-18 | Bottomline Technologies Limited | Financial messaging transformation-as-a-service |
US11943367B1 (en) * | 2020-05-19 | 2024-03-26 | Marvell Asia Pte, Ltd. | Generic cryptography wrapper |
US11682008B2 (en) * | 2020-09-28 | 2023-06-20 | Vadim Nikolaevich ALEKSANDROV | Method of authenticating a customer, method of carrying out a payment transaction and payment system implementing the specified methods |
US20220337082A1 (en) * | 2021-04-14 | 2022-10-20 | Duke Energy Corporation | Methods of securely controlling utility grid edge devices |
Citations (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4423287A (en) * | 1981-06-26 | 1983-12-27 | Visa U.S.A., Inc. | End-to-end encryption system and method of operation |
US4458109A (en) * | 1982-02-05 | 1984-07-03 | Siemens Corporation | Method and apparatus providing registered mail features in an electronic communication system |
US4484025A (en) * | 1980-02-04 | 1984-11-20 | Licentia Patent-Verwaltungs-Gmbh | System for enciphering and deciphering data |
US4488801A (en) * | 1983-01-03 | 1984-12-18 | International Business Machines Corporation | Maximum throughput duplexing system for xerographic machines |
US5005200A (en) * | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
WO1993010503A1 (en) * | 1991-11-15 | 1993-05-27 | Citibank, N.A. | Electronic-monetary system |
US5220501A (en) * | 1989-12-08 | 1993-06-15 | Online Resources, Ltd. | Method and system for remote delivery of retail banking services |
US5231666A (en) * | 1992-04-20 | 1993-07-27 | International Business Machines Corporation | Cryptographic method for updating financial records |
US5245656A (en) * | 1992-09-09 | 1993-09-14 | Bell Communications Research, Inc. | Security method for private information delivery and filtering in public networks |
US5323464A (en) * | 1992-10-16 | 1994-06-21 | International Business Machines Corporation | Commercial data masking |
US5440635A (en) * | 1993-08-23 | 1995-08-08 | At&T Corp. | Cryptographic protocol for remote authentication |
US5509071A (en) * | 1994-04-01 | 1996-04-16 | Microelectronics And Computer Technology Corporation | Electronic proof of receipt |
US5511121A (en) * | 1994-02-23 | 1996-04-23 | Bell Communications Research, Inc. | Efficient electronic money |
US5524073A (en) * | 1992-11-17 | 1996-06-04 | Stambler; Leon | Secure transaction system and method utilized therein |
US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
US5557518A (en) * | 1994-04-28 | 1996-09-17 | Citibank, N.A. | Trusted agents for open electronic commerce |
US5559887A (en) * | 1994-09-30 | 1996-09-24 | Electronic Payment Service | Collection of value from stored value systems |
-
1995
- 1995-06-29 US US08/496,801 patent/US5689565A/en not_active Ceased
-
1999
- 1999-08-30 US US09/386,463 patent/USRE38070E1/en not_active Expired - Lifetime
Patent Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4484025A (en) * | 1980-02-04 | 1984-11-20 | Licentia Patent-Verwaltungs-Gmbh | System for enciphering and deciphering data |
US4423287A (en) * | 1981-06-26 | 1983-12-27 | Visa U.S.A., Inc. | End-to-end encryption system and method of operation |
US4458109A (en) * | 1982-02-05 | 1984-07-03 | Siemens Corporation | Method and apparatus providing registered mail features in an electronic communication system |
US4488801A (en) * | 1983-01-03 | 1984-12-18 | International Business Machines Corporation | Maximum throughput duplexing system for xerographic machines |
US5005200A (en) * | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
US5220501A (en) * | 1989-12-08 | 1993-06-15 | Online Resources, Ltd. | Method and system for remote delivery of retail banking services |
US5455407A (en) * | 1991-11-15 | 1995-10-03 | Citibank, N.A. | Electronic-monetary system |
WO1993010503A1 (en) * | 1991-11-15 | 1993-05-27 | Citibank, N.A. | Electronic-monetary system |
US5231666A (en) * | 1992-04-20 | 1993-07-27 | International Business Machines Corporation | Cryptographic method for updating financial records |
US5245656A (en) * | 1992-09-09 | 1993-09-14 | Bell Communications Research, Inc. | Security method for private information delivery and filtering in public networks |
US5323464A (en) * | 1992-10-16 | 1994-06-21 | International Business Machines Corporation | Commercial data masking |
US5524073A (en) * | 1992-11-17 | 1996-06-04 | Stambler; Leon | Secure transaction system and method utilized therein |
US5440635A (en) * | 1993-08-23 | 1995-08-08 | At&T Corp. | Cryptographic protocol for remote authentication |
US5511121A (en) * | 1994-02-23 | 1996-04-23 | Bell Communications Research, Inc. | Efficient electronic money |
US5509071A (en) * | 1994-04-01 | 1996-04-16 | Microelectronics And Computer Technology Corporation | Electronic proof of receipt |
US5557518A (en) * | 1994-04-28 | 1996-09-17 | Citibank, N.A. | Trusted agents for open electronic commerce |
US5559887A (en) * | 1994-09-30 | 1996-09-24 | Electronic Payment Service | Collection of value from stored value systems |
US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
Non-Patent Citations (5)
Title |
---|
Bellare et al, "IKP-A Family of Secure Electronic Protocols", Apr. 16, 1995.* * |
Description of Internet market system from Virtual Holdings, Inc. Copyright 1994-1995.* * |
Description of Internet payemt system from CyberCash Inc. (Feb. 1995).* * |
Gifford et al, Payment Switches for Open Networks(1995). * |
Products and Services Description from Commercial Announcement Document for Open Market Inc. (May 1995).* * |
Cited By (90)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7110548B1 (en) * | 1998-07-31 | 2006-09-19 | Hatachi Ltd | Cryptographic communication method, encryption algorithm shared control method, encryption algorithm conversion method and network communication system |
US9684889B2 (en) | 1999-02-12 | 2017-06-20 | Identrust, Inc. | System and method for providing certification-related and other services |
US8818903B2 (en) | 1999-09-10 | 2014-08-26 | Charles Dulin | Transaction coordinator for digital certificate validation and other services |
US20060004670A1 (en) * | 1999-09-24 | 2006-01-05 | Mckenney Mary K | System and method for providing payment services in electronic commerce |
US7765161B2 (en) | 1999-09-24 | 2010-07-27 | Identrust, Inc. | System and method for providing payment services in electronic commerce |
US9647971B2 (en) | 2000-06-15 | 2017-05-09 | Zixcorp Systems, Inc. | Automatic delivery selection for electronic content |
US20040139314A1 (en) * | 2000-06-15 | 2004-07-15 | Cook David P. | Automatic delivery selection for electronic content |
US20090150675A1 (en) * | 2000-06-15 | 2009-06-11 | Zix Corporation | Secure message forwarding system detecting user's preferences including security preferences |
US9419950B2 (en) | 2000-06-15 | 2016-08-16 | Zix Corporation | Secure message forwarding system detecting user's preferences including security preferences |
US8972717B2 (en) | 2000-06-15 | 2015-03-03 | Zixcorp Systems, Inc. | Automatic delivery selection for electronic content |
US7779027B2 (en) | 2000-06-21 | 2010-08-17 | Microsoft Corporation | Methods, systems, architectures and data structures for delivering software via a network |
US7818677B2 (en) | 2000-06-21 | 2010-10-19 | Microsoft Corporation | Single window navigation methods and systems |
US7702997B2 (en) | 2000-06-21 | 2010-04-20 | Microsoft Corporation | Spreadsheet fields in text |
US7979856B2 (en) | 2000-06-21 | 2011-07-12 | Microsoft Corporation | Network-based software extensions |
US7900134B2 (en) | 2000-06-21 | 2011-03-01 | Microsoft Corporation | Authoring arbitrary XML documents using DHTML and XSLT |
US9507610B2 (en) | 2000-06-21 | 2016-11-29 | Microsoft Technology Licensing, Llc | Task-sensitive methods and systems for displaying command sets |
US7712048B2 (en) | 2000-06-21 | 2010-05-04 | Microsoft Corporation | Task-sensitive methods and systems for displaying command sets |
US8074217B2 (en) | 2000-06-21 | 2011-12-06 | Microsoft Corporation | Methods and systems for delivering software |
US7689929B2 (en) | 2000-06-21 | 2010-03-30 | Microsoft Corporation | Methods and systems of providing information to computer users |
US6874143B1 (en) | 2000-06-21 | 2005-03-29 | Microsoft Corporation | Architectures for and methods of providing network-based software extensions |
US7743063B2 (en) | 2000-06-21 | 2010-06-22 | Microsoft Corporation | Methods and systems for delivering software via a network |
US7734924B2 (en) | 2000-09-08 | 2010-06-08 | Identrust, Inc. | System and method for transparently providing certificate validation and other services within an electronic transaction |
US8892475B2 (en) | 2000-09-08 | 2014-11-18 | Identrust, Inc. | Provision of authorization and other services |
US20060179008A1 (en) * | 2000-09-08 | 2006-08-10 | Tallent Guy S Jr | Provision of authorization and other services |
US20060123227A1 (en) * | 2000-09-08 | 2006-06-08 | Miller Lawrence R | System and method for transparently providing certificate validation and other services within an electronic transaction |
US20080155253A1 (en) * | 2001-04-03 | 2008-06-26 | Gary Liu | Certified Transmission System |
US8027923B2 (en) | 2001-04-03 | 2011-09-27 | Zix Corporation | Certified transmission system |
US7353204B2 (en) * | 2001-04-03 | 2008-04-01 | Zix Corporation | Certified transmission system |
US20020143710A1 (en) * | 2001-04-03 | 2002-10-03 | Gary Liu | Certified transmission system |
US20020162003A1 (en) * | 2001-04-30 | 2002-10-31 | Khaja Ahmed | System and method for providing trusted browser verification |
US7167985B2 (en) * | 2001-04-30 | 2007-01-23 | Identrus, Llc | System and method for providing trusted browser verification |
US20030115155A1 (en) * | 2001-12-18 | 2003-06-19 | Ncr Corporation | Issuing certified checks over the internet |
US20050169475A1 (en) * | 2002-05-21 | 2005-08-04 | France Telecom | Method of controlling access to cryptographic resources |
US7496199B2 (en) * | 2002-05-21 | 2009-02-24 | France Telecom | Method of controlling access to cryptographic resources |
US20120084845A1 (en) * | 2002-10-25 | 2012-04-05 | Daniil Utin | Fixed client identification system for positive identification of client to server |
US8683561B2 (en) * | 2002-10-25 | 2014-03-25 | Cambridge Interactive Development Corp. | Fixed client identification system for positive identification of client to server |
US8918729B2 (en) | 2003-03-24 | 2014-12-23 | Microsoft Corporation | Designing electronic forms |
US7925621B2 (en) | 2003-03-24 | 2011-04-12 | Microsoft Corporation | Installing a solution |
US20040189716A1 (en) * | 2003-03-24 | 2004-09-30 | Microsoft Corp. | System and method for designing electronic forms and hierarchical schemas |
US9229917B2 (en) | 2003-03-28 | 2016-01-05 | Microsoft Technology Licensing, Llc | Electronic form user interfaces |
US7865477B2 (en) | 2003-03-28 | 2011-01-04 | Microsoft Corporation | System and method for real-time validation of structured data files |
US20040226002A1 (en) * | 2003-03-28 | 2004-11-11 | Larcheveque Jean-Marie H. | Validation of XML data files |
US7913159B2 (en) | 2003-03-28 | 2011-03-22 | Microsoft Corporation | System and method for real-time validation of structured data files |
US20040267813A1 (en) * | 2003-06-30 | 2004-12-30 | Rivers-Moore Jonathan E. | Declarative solution definition |
US8078960B2 (en) | 2003-06-30 | 2011-12-13 | Microsoft Corporation | Rendering an HTML electronic form by applying XSLT to XML using a solution |
US9239821B2 (en) | 2003-08-01 | 2016-01-19 | Microsoft Technology Licensing, Llc | Translation file |
US8892993B2 (en) | 2003-08-01 | 2014-11-18 | Microsoft Corporation | Translation file |
US9268760B2 (en) | 2003-08-06 | 2016-02-23 | Microsoft Technology Licensing, Llc | Correlation, association, or correspondence of electronic forms |
US7971139B2 (en) | 2003-08-06 | 2011-06-28 | Microsoft Corporation | Correlation, association, or correspondence of electronic forms |
US8429522B2 (en) | 2003-08-06 | 2013-04-23 | Microsoft Corporation | Correlation, association, or correspondence of electronic forms |
US7788480B2 (en) * | 2003-11-05 | 2010-08-31 | Cisco Technology, Inc. | Protected dynamic provisioning of credentials |
US20050097362A1 (en) * | 2003-11-05 | 2005-05-05 | Winget Nancy C. | Protected dynamic provisioning of credentials |
US8819072B1 (en) | 2004-02-02 | 2014-08-26 | Microsoft Corporation | Promoting data from structured data files |
US20050183006A1 (en) * | 2004-02-17 | 2005-08-18 | Microsoft Corporation | Systems and methods for editing XML documents |
US7281018B1 (en) | 2004-05-26 | 2007-10-09 | Microsoft Corporation | Form template data source change |
US7774620B1 (en) | 2004-05-27 | 2010-08-10 | Microsoft Corporation | Executing applications at appropriate trust levels |
US7676843B1 (en) | 2004-05-27 | 2010-03-09 | Microsoft Corporation | Executing applications at appropriate trust levels |
US7692636B2 (en) | 2004-09-30 | 2010-04-06 | Microsoft Corporation | Systems and methods for handwriting to a screen |
US8487879B2 (en) | 2004-10-29 | 2013-07-16 | Microsoft Corporation | Systems and methods for interacting with a computer through handwriting to a screen |
US7712022B2 (en) | 2004-11-15 | 2010-05-04 | Microsoft Corporation | Mutually exclusive options in electronic forms |
US7721190B2 (en) | 2004-11-16 | 2010-05-18 | Microsoft Corporation | Methods and systems for server side form processing |
US7904801B2 (en) | 2004-12-15 | 2011-03-08 | Microsoft Corporation | Recursive sections in electronic forms |
US20060177111A1 (en) * | 2005-01-12 | 2006-08-10 | Ntt Docomo, Inc. | Communication device, digital signature verification method and digital signature generation method |
US7668335B2 (en) | 2005-01-12 | 2010-02-23 | Ntt Docomo, Inc. | Communication device, digital signature verification method and digital signature generation method |
EP1681648A1 (en) * | 2005-01-12 | 2006-07-19 | NTT DoCoMo, Inc. | Communication device, digital signature verification method and digital signature generation method |
US7937651B2 (en) | 2005-01-14 | 2011-05-03 | Microsoft Corporation | Structural editing operations for network forms |
US7725834B2 (en) | 2005-03-04 | 2010-05-25 | Microsoft Corporation | Designer-created aspect for an electronic form template |
US8010515B2 (en) | 2005-04-15 | 2011-08-30 | Microsoft Corporation | Query to an electronic form |
US8645282B2 (en) * | 2005-05-17 | 2014-02-04 | Tti Inventions C Llc | Method and apparatus to conduct a commercial transaction over wireless networks |
US20060265339A1 (en) * | 2005-05-17 | 2006-11-23 | Faramak Vakil | Secure virtual point of service for 3G wireless networks |
US8200975B2 (en) | 2005-06-29 | 2012-06-12 | Microsoft Corporation | Digital signatures for network forms |
US10567975B2 (en) | 2005-10-04 | 2020-02-18 | Hoffberg Family Trust 2 | Multifactorial optimization system and method |
US8001459B2 (en) | 2005-12-05 | 2011-08-16 | Microsoft Corporation | Enabling electronic documents for limited-capability computing devices |
US9210234B2 (en) | 2005-12-05 | 2015-12-08 | Microsoft Technology Licensing, Llc | Enabling electronic documents for limited-capability computing devices |
US7779343B2 (en) | 2006-01-30 | 2010-08-17 | Microsoft Corporation | Opening network-enabled electronic documents |
US8670564B1 (en) | 2006-08-14 | 2014-03-11 | Key Holdings, LLC | Data encryption system and method |
US8793487B2 (en) | 2008-01-18 | 2014-07-29 | Identrust, Inc. | Binding a digital certificate to multiple trust domains |
US20090210703A1 (en) * | 2008-01-18 | 2009-08-20 | Epstein William C | Binding a digital certificate to multiple trust domains |
US8862893B2 (en) | 2008-06-11 | 2014-10-14 | Microsoft Corporation | Techniques for performing symmetric cryptography |
US20090319805A1 (en) * | 2008-06-11 | 2009-12-24 | Microsoft Corporation | Techniques for performing symmetric cryptography |
US20100098256A1 (en) * | 2008-10-22 | 2010-04-22 | Kirshenbaum Evan R | Decryption Key Management |
US20110293096A1 (en) * | 2010-05-27 | 2011-12-01 | Bladelogic, Inc. | Multi-Level Key Management |
US9866375B2 (en) | 2010-05-27 | 2018-01-09 | Bladelogic, Inc. | Multi-level key management |
US8971535B2 (en) * | 2010-05-27 | 2015-03-03 | Bladelogic, Inc. | Multi-level key management |
US9697366B1 (en) * | 2011-12-12 | 2017-07-04 | Google Inc. | Use of generic (browser) encryption API to do key exchange (for media files and player) |
US9697185B1 (en) | 2011-12-12 | 2017-07-04 | Google Inc. | Method, manufacture, and apparatus for protection of media objects from the web application environment |
US9875363B2 (en) | 2011-12-12 | 2018-01-23 | Google Llc | Use of generic (browser) encryption API to do key exchange (for media files and player) |
US10452759B1 (en) | 2011-12-12 | 2019-10-22 | Google Llc | Method and apparatus for protection of media objects including HTML |
US10572633B1 (en) | 2011-12-12 | 2020-02-25 | Google Llc | Method, manufacture, and apparatus for instantiating plugin from within browser |
US11340797B2 (en) | 2019-10-04 | 2022-05-24 | Zettaset, Inc. | Dedicated encrypted container storage |
Also Published As
Publication number | Publication date |
---|---|
US5689565A (en) | 1997-11-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
USRE38070E1 (en) | Cryptography system and method for providing cryptographic services for a computer application | |
US6560581B1 (en) | System and method for secure electronic commerce transaction | |
US7366918B2 (en) | Configuring and managing resources on a multi-purpose integrated circuit card using a personal computer | |
US5590197A (en) | Electronic payment system and method | |
US5781723A (en) | System and method for self-identifying a portable information device to a computing unit | |
EP0739560B1 (en) | Cryptographic system and method with key escrow feature | |
US7200230B2 (en) | System and method for controlling and enforcing access rights to encrypted media | |
KR102119895B1 (en) | Secure remote payment transaction processing | |
US20100153273A1 (en) | Systems for performing transactions at a point-of-sale terminal using mutating identifiers | |
US7539861B2 (en) | Creating and storing one or more digital certificates assigned to subscriber for efficient access using a chip card | |
US6523012B1 (en) | Delegation of permissions in an electronic commerce system | |
EP2494486B1 (en) | System for protecting an encrypted information unit | |
US20030105965A1 (en) | Business method for secure installation of a credit authorization key on a remote tcpa compliant system | |
US20010042051A1 (en) | Network transaction system for minimizing software requirements on client computers | |
JP2001134534A (en) | Authentication delegate method, authentication delegate service system, authentication delegate server device, and client device | |
Karjoth | Secure mobile agent-based merchant brokering in distributed marketplaces | |
US20030074321A1 (en) | Method and system for distribution of digital media and conduction of electronic commerce in an un-trusted environment | |
JPH10149396A (en) | Commercial transaction system | |
PĆ¼hrerfellner | An implementation of the Millicent micro-payment protocol and its application in a pay-per-view business model | |
KR100376118B1 (en) | Electronic Payment System Using Double Hash Chain | |
Ghani | Charging and paying for information on open networks | |
US20070219902A1 (en) | Electronic payment method and related system and devices | |
CN115310976A (en) | Non-contact transaction processing method, device and system | |
Waidner | Electronic Payment Systems | |
KR20060019928A (en) | Electronic payment method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
CC | Certificate of correction | ||
FPAY | Fee payment |
Year of fee payment: 8 |
|
FPAY | Fee payment |
Year of fee payment: 12 |
|
AS | Assignment |
Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034541/0001 Effective date: 20141014 |