US20070266238A1 - Internet third-party authentication using electronic tickets - Google Patents

Internet third-party authentication using electronic tickets Download PDF

Info

Publication number
US20070266238A1
US20070266238A1 US11/821,442 US82144207A US2007266238A1 US 20070266238 A1 US20070266238 A1 US 20070266238A1 US 82144207 A US82144207 A US 82144207A US 2007266238 A1 US2007266238 A1 US 2007266238A1
Authority
US
United States
Prior art keywords
customer
ticket
aggregator
electronic document
web site
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/821,442
Inventor
Jeffrey Jancula
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wells Fargo Bank NA
Original Assignee
Wachovia Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wachovia Corp filed Critical Wachovia Corp
Priority to US11/821,442 priority Critical patent/US20070266238A1/en
Assigned to WACHOVIA CORPORATION reassignment WACHOVIA CORPORATION MERGER AND CHANGE OF NAME Assignors: FIRST UNION CORPORATION
Assigned to FIRST UNION CORPORATION reassignment FIRST UNION CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: JANCULA, JEFFREY JOHN
Assigned to WACHOVIA CORPORATION reassignment WACHOVIA CORPORATION MERGER AND CHANGE OF NAME Assignors: FIRST UNION CORPORATION
Publication of US20070266238A1 publication Critical patent/US20070266238A1/en
Assigned to WELLS FARGO & COMPANY reassignment WELLS FARGO & COMPANY MERGER (SEE DOCUMENT FOR DETAILS). Assignors: WACHOVIA CORPORATION
Assigned to WELLS FARGO BANK, N.A. reassignment WELLS FARGO BANK, N.A. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WELLS FARGO & COMPANY
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services; Handling legal documents
    • G06Q50/188Electronic negotiation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Definitions

  • the invention relates generally to computer information security and the Internet, and more specifically to methods that permit one or more third-party agents to access customers' private personal and financial data or other confidential information on the world-wide-web.
  • the invention was originally designed as a method for banks and bank customers to mutually approve one or more third party agents (such as aggregators, for example) to access customer confidential data via the Internet. It is also applicable, however, in any situation involving computers where an agent's computer or computers act as an intermediary between computers of two other parties and where access to certain information is to be limited, whether or not the information is confidential.
  • An aggregator is a web service that consolidates a consumer's financial and personal information and presents it in a concise, easy-to-read fashion.
  • An aggregator accesses shopping and financial service web sites to extract customers' data and repackages that data for presentation on the aggregator's web site. After enrolling with an aggregator, customers only need to learn how to navigate the aggregator's web site. Furthermore, customers must remember only one username/password combination, instead of dozens.
  • the enrollment process typically involves setting up a username and password to access the aggregator's web site.
  • This username/password becomes a very powerful “master password” because it gets linked to the customer's other accounts and passwords.
  • master passwords In addition to creating master passwords, customers also enter details about each bank, brokerage and shopping web site they want the aggregator to access on their behalf. Details include usernames, passwords, account numbers and other secret or confidential information required to access aggregated web sites.
  • the aggregator When a customer visits the aggregator's web site, the aggregator will typically display a list of bank, credit card, brokerage, shopping and other financial accounts, along with associated balances, in a concise, consistent and consolidated fashion.
  • the aggregator's site usually also has features to “drill down” into details about any account, showing transactions, history and trends. If the aggregator offers bill payment features, customers can also view on-line versions of bills and statements, including transaction details. Many aggregators also allow customers to schedule bill payments—where the aggregator moves money from customers' bank accounts to vendors or other accounts either electronically or by mailing actual checks. Since an aggregator may track uncleared transactions, the financial information kept by an aggregator may be more up to date than customer's account data at each bank, brokerage or vendor. An aggregator makes customers' on-line financial life much easier to manage. The aggregator is, in effect, a personal financial agent on the Internet.
  • screen scraping a technique known as “screen scraping” to access customers' information at various financial and shopping web sites.
  • the aggregator simulates a human and Internet browser accessing each web site.
  • a computer program takes the place of a keyboard and mouse by supplying the expected input.
  • the computer program Much like a human reading results on a screen, the computer program “reads” and stores the information returned by each aggregated site.
  • aggregators have tightly coupled relationships with various financial institutions. This enables them to use more advanced techniques such as Interactive Financial Exchange (IFX), Open Financial Exchange (OFX) or eXtended Markup Language (XML), for example, to efficiently transfer account information.
  • IFX Interactive Financial Exchange
  • OFX Open Financial Exchange
  • XML eXtended Markup Language
  • a customer discontinues the use of an aggregator, he or she would request the aggregator to disable their username and clear their personal information. However, this does not guarantee that the customer's confidential information has been removed. For a variety of legitimate reasons, or in the event of error, the aggregator might retain records of the customer's associated accounts, usernames and passwords. This retention might be temporary, but could even be permanent. The customer has no method to detect when an aggregator accesses his accounts, so they cannot easily feel confident that all access has been terminated.
  • the RSA methods can easily generate a key pair within a few seconds, the process to reconstruct a key pair is extremely difficult. If one key in a pair is lost, it could take the world's fastest computers many years to decompose the known key and recalculate the lost key. This disparity in decryption is the strength of public key cryptography. If someone has your public key, it is very difficult (almost impossible) for him or her to determine your private or secret key. If you have someone's public encryption key, you can use RSA's encryption techniques to encode a message or file that only that person can decrypt and read. The message recipient must have the private key (which is associated with the public key) and use RSA's decryption techniques to decode the message.
  • the public and private or secret keys complement each other. If one of the keys encrypts (or locks) some data, the other complementary key decrypts (or unlocks) the data.
  • Each customer, commercial web site and aggregator must have a unique public and private key pair.
  • PKI public key infrastructure
  • This invention relies on the existing public key infrastructure (PKI). With PKI, when an entity (person or company) creates a key pair, they register the public key with a certifying authority (CA). The CA verifies the identity of the entity and issues a digital certificate, which has been digitally signed by the CA.
  • the digital certificate serves as a tamper-resistant electronic identification document for an entity.
  • the digital certificate includes the entity's public key. (Only the entity that generated the key pair should have access to the associated private or secret key.)
  • Much of the software required to manipulate and store digital certificates and associated keys already exists as commercially available software.
  • Most Internet web browsers and web servers have the capability to store digital certificates and keys, and software libraries, such a RSA's CryptoJ can perform public key cryptography. It is expected that this invention will be implemented using tools such as these, among others.
  • SSL Secure Sockets Layer
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • Public keys usually obtained from digital certificates and associated private or secret keys may be used to identify (authenticate) one or both computers in a TCP/IP conversation.
  • SSL encryption or similar encryption protocols among those readily known by those skilled in the art, will be typically used for all secure communications between customers, aggregators and commercial web sites.
  • SSL authentication may also be used to verify the identity of one or both parties involved in each communication. If both parties use public keys from digital certificates, for example, and associated private keys in conjunction with SSL to authenticate their identities with each other this is commonly referred to as SSL mutual authentication. If only one party uses a private or secret key and digital certificate for one end of an SSL session, this is commonly referred to as SSL single-end authentication.
  • this invention works best with SSL mutual authentication, it may also be used with SSL single-end authentication or even if SSL authentication is not used at all. In these cases, the parties must select some other form of verification or authentication (e.g., usernames and passwords), which should occur immediately after each SSL session is established.
  • This invention requires that the parties involved in electronic communications, for example, have somehow verified or authenticated their identities with each other, using SSL authentication, for example, or similar techniques well-known to those skilled in the art.
  • a tamper-resistant security document such as an electronic document, known as a ticket
  • a ticket is created and approved by two consenting parties to allow a third party (or even more parties) to access private and confidential personal and financial data on the Internet (world-wide-web).
  • the electronic ticket or other types of security documents can also have a limited lifetime, allowing the consenting parties to control the third party's duration of access.
  • FIGS. 1A and 1B are flow diagrams showing an exemplary relationship of the entities involved in exchange of confidential information in relation to the invention.
  • FIGS. 2A through 2F are flow diagrams showing an exemplary sequence of events performed in the context of the invention.
  • FIG. 3 is an exemplary illustration of what a customer sees on a computer screen during the approval of an electronic ticket or other such security document according to the invention.
  • FIG. 4 is a flow diagram showing an exemplary simplified flow of a ticket's request, approval and usage between three parties (in the illustrated example): an aggregator (the requester), a commerce web site (the originator and first approver), and a customer (the final approver).
  • an aggregator the requester
  • a commerce web site the originator and first approver
  • the customer the final approver
  • FIGS. 1 through 4 illustrate merely exemplary embodiments of the invention, shown in the context of a commonly-encountered customer, aggregator and bank relationship for securely communicating a customer's personal and private banking, commerce-related information or other confidential information over the Internet.
  • FIGS. 1 through 4 illustrate merely exemplary embodiments of the invention, shown in the context of a commonly-encountered customer, aggregator and bank relationship for securely communicating a customer's personal and private banking, commerce-related information or other confidential information over the Internet.
  • FIGS. 1 through 4 illustrate merely exemplary embodiments of the invention, shown in the context of a commonly-encountered customer, aggregator and bank relationship for securely communicating a customer's personal and private banking, commerce-related information or other confidential information over the Internet.
  • the present invention is equally applicable to other contexts in which confidential information is securely communicated among three or more parties, and even those using communication media other than the Internet.
  • commerce web sites 103 , 104 provide customers 101 access to customer private or confidential data 105 using the Internet 102 , standard operating software 107 , 112 and computers 103 , 110 .
  • FIG. 1A only shows one instance of customer private data 105 , it is not uncommon for a customer 101 to have data scattered at many commerce web sites 103 , 104 .
  • an aggregator's web site 116 uses the Internet 102 and standard Internet software 121 to access many commerce web sites 103 , 104 on behalf of the customer 101 .
  • An aggregator 116 will access a customer's private data 105 from various commerce web sites 103 , 104 and consolidate (with database software 121 ) the customer's private data 117 for later access by the customer 101 .
  • database software 121 database software 121
  • a customer 101 accesses the aggregator's web site 116 , his consolidated private information 117 is presented in a concise, easy-to-use fashion.
  • a customer 101 need only access the aggregator's web site 116 to view their consolidated private or confidential information 117 originally obtained from many commerce web sites 103 , 104 .
  • SSL uses public key cryptography, in conjunction with private keys 106 , 111 and public keys (contained in digital certificates 114 , 115 ) to authenticate the identity of one or both parties involved in each SSL session 108 , 109 .
  • Commerce web sites 103 , 104 create a public/private key pair suitable for use with RSA encryption and SSL software 107 , 112 , for example.
  • a commerce web site 103 also registers its public key with a certificate authority 113 , who will issue a digital certificate 114 containing the public key of the commerce web site 103 .
  • Techniques for registering, sharing and processing digital certificates are well-known and are already widely available with standard Internet operating software 107 , 112 , and are thus not described here.
  • the invention assumes that digital certificates 114 , 115 , 127 , for example, and/or the public keys necessary for SSL and RSA encryption, are easily available to all parties that need access to them.
  • Digital certificates 114 , 115 , 127 and private or secret keys 106 , 111 , 118 may be used to authenticate the identity of both parties involved in any SSL session 108 , 109 , 122 , 123 , 124 using SSL mutual authentication.
  • SSL single-end authentication may be used to create an SSL session 108 , 109 , 122 , 123 , 124 if only one party possesses the necessary private key and digital certificate.
  • this invention works best with SSL mutual authentication in most situations, it may also be used with SSL single-end authentication or even if SSL authentication is not used at all, provided that an alternate means to authenticate the non-SSL authenticated party is utilized. Alternate authentication means are beyond the scope of this exemplary illustration of the invention, however they typically involve some sort of password scheme.
  • this exemplary embodiment of the invention includes software 120 , 125 , 126 to create and process security documents or tickets 119 .
  • this invention was designed to use the Internet 102 , more specifically, the world-wide-web technology of the Internet, it is also suitable for use when all or part of the information flows over private networks or other systems or mediums.
  • Software 120 at an aggregator's web site 116 sends a ticket 119 to each commerce web site 103 , 104 for each access to a customer's private data 105 .
  • Ticketing software 125 at a commerce web site knows how to validate a ticket 119 presented by software 120 from an aggregator's web site 116 . Once a ticket 119 is validated, the aggregator 116 is permitted access to the customer's private data 105 for the duration of the session 122 .
  • an aggregator's web site 116 If, however, an aggregator's web site 116 doesn't have a valid ticket 119 for the specific customer 101 and commerce web site 103 , 104 , the aggregator's ticketing software 120 will send a ticket request to the commerce web site's ticketing software 125 .
  • Ticketing software 125 at the commerce web site 103 creates the first part of a new ticket and digitally signs it with the commerce site's private key 106 . All or part of the new ticket is then encrypted with the customer's public key 115 and sent back to the aggregator's web site 116 . If the customer 101 is not already on line with the aggregator's web site, when he or she next visits the aggregator's web site 116 , ticketing software 120 then forwards the encrypted, new ticket to ticketing software 126 contained in the customer's computer 110 .
  • Ticketing software 126 in the customer's computer 110 decrypts the new ticket, validates the commerce site's digital signature against the proper digital certificate 114 , and prompts the customer 101 to accept or reject the new ticket. The customer 101 can also be given a chance to adjust the ticket's expiration date and time. Based upon the customer's 101 response, the ticketing software 126 completes the ticket (including the customer's accept or reject status) and digitally signs the ticket with the customer's private key 111 .
  • the customer's ticketing software 126 and Internet browser 112 then forwards the completed ticket from the customer's computer 110 back to the aggregator's web site 116 .
  • the aggregator ticketing software 120 then stores the ticket 119 for later use.
  • FIG. 2A a typical procedure for granting and using an exemplary ticket is described generally, but not exclusively, as set forth below.
  • Tickets leverage existing Internet technology and public key cryptography to create tamper-resistant documents (tickets) which are used to approve account access. Tickets can be created by banks, brokerage firms, shopping sites and other commerce web sites, approved by customers, and given to aggregators. An aggregator's computer system then presents a ticket for each account it attempts to access.
  • tickets can be created by banks, brokerage firms, shopping sites and other commerce web sites, approved by customers, and given to aggregators. An aggregator's computer system then presents a ticket for each account it attempts to access.
  • step 201 of FIG. 2A relationships 202 are identified and established, if not already done so as described above, between a commerce web site, an aggregator web site and a customer. These relationships need only be established once and may be skipped (proceed to step 210 in FIG. 2B ) if already established. As needs change, any of the steps 202 through 209 (in FIG. 2B ) may be repeated in order to update the nature of the relationships.
  • a commerce web site obtains a digital certificate (if not already done) for use as an identity to create SSL encrypted sessions and digitally sign documents.
  • Most Internet web server software includes the ability to utilize digital certificates and associated private keys.
  • an aggregator's web site similarly obtains a digital certificate (if not already done) for SSL authentication.
  • the invention does not require that the aggregator have a digital certificate, provided that a suitable alternate means exists for the commerce web site to authenticate the identity of the aggregator.
  • an aggregator In step 205 , an aggregator must register an identity with each commerce web site that it intends to access. In most cases, this will require registering an aggregator's digital certificate with a commerce web site. Alternately, a commerce web site could issue some sort of password to each aggregator. In either case, the commerce web site must be able to identify the aggregator during each access to the commerce web site.
  • step 206 before an aggregator can access a customer's data, the customer must be known by the commerce web site. Typically, this will involve the customer joining an on-line shopping site, or signing up for on-line account access with a bank or brokerage house, for example.
  • step 207 the customer obtains a digital certificate from a certificate authority agreeable to both commerce and aggregator web sites, or otherwise establish an acceptable authentication among them.
  • commerce and aggregator web sites should be able to verify and trust the authenticity of the customer's digital certificate.
  • a customer registers an identity at an aggregator's web site.
  • a customer will register his, hers, or its digital certificate with the aggregator.
  • An aggregator may also issue some sort of password to each customer, however, this does not preclude the need, at least in this example, for each customer to possess a digital certificate.
  • step 209 the customer will inform the aggregator about each of his or her accounts at each commerce web site that he, she, or it wants the aggregator to access. This step may be repeated when the customer adds new accounts.
  • Steps 210 and beyond may be performed at any time, initiated by the aggregator's site autonomously of the customer, for example, or specifically requested by the customer initially as illustrated in step 209 .
  • step 210 if an aggregator has a ticket (electronic document) for a specific commerce web site, which is necessary to access a specific customer's accounts at that web site, then step 211 can be executed, otherwise, step 217 can be executed, as shown in FIG. 2C .
  • ticket electronic document
  • a ticket optionally, but preferably, has at least two expiration date/time (“expiration time”) stamps, which can be one set by the commerce web site and the other set by the customer. Using the earlier or earliest expiration date/time stamp, it can be determined if the ticket has expired. In this regard, this exemplary version of the invention assumes that all computer systems involved in ticket processing use a unified time zone, such as UCT or GMT time zone, when comparing these date/time stamps. If the ticket has expired, step 216 can be executed, as shown in FIG. 2C , otherwise step 212 can be executed.
  • expiration time expiration time
  • an aggregator sends a copy of the ticket associated with the customer's accounts to a commerce web site for approval.
  • a commerce web site verifies the expiration date/time stamps, then verifies the digital signatures on the ticket.
  • the ticket has at least two digital signatures—one for the commerce web site's portion of the ticket and another for the customer's portion of the ticket. Both digital signatures must prove or verify that both parties issued the ticket and that the ticket hasn't been tampered with.
  • the commerce web site verifies that the ticket is associated with the aggregator requesting the account access. Assuming that all checks pass and the ticket is accepted, then step 214 can be executed, as shown in FIG. 2B . Otherwise, step 216 can be executed, as shown in FIG. 2C .
  • the commerce web site permits the aggregator to access the customer's data. Assuming that steps 202 through 209 were skipped, it was not necessary for the customer to approve this particular access by the aggregator because the aggregator possessed a valid ticket. As long as the ticket remains valid, the aggregator will typically have unencumbered access to the customer's data, without additional approval from the customer. For this reason, expiration dates and times (if used) should be set to short, reasonable values.
  • the aggregator might access a customer's data at the commerce web site using screen scraping techniques, for example, where the data is extracted from data streams intended (by the commerce web site) to be displayed on a customer's browser.
  • screen scraping techniques for example, where the data is extracted from data streams intended (by the commerce web site) to be displayed on a customer's browser.
  • aggregators might be given a more formalized data feed utilizing XML, IFX, OFX or structured records, for example.
  • step 215 the aggregator closes the session with the commerce web site. Any further or future access starts over at step 201 .
  • an aggregator has a ticket for a specific customer and a specific commerce web site, but it has been proven invalid. Since the ticket is no longer good, the aggregator purges it from data storage.
  • an aggregator does not have a ticket for a specific customer and a specific commerce web site, so it sends a request for a new ticket to the commerce web site.
  • step 218 the commerce web site creates a new ticket, which is merely a document with data fields for items on the ticket.
  • a document may be formatted with XML-style tags common with Internet documents.
  • the commerce site adds the aggregator's identification to the ticket. Since the aggregator has authenticated with the commerce web site, the identity may be obtained from the established session. This identity is used to validate the aggregator's access in step 213 of FIG. 2B . A serial number (for auditing purposes) and the first expiration date/time (“expiration time”) can also be added to the ticket. The commerce web site may optionally add other fields to the ticket for its own use.
  • step 220 of FIG. 2D using the Internet standard s/MIME encoding method, for example, the commerce web site then digitally signs the new ticket.
  • the ticket is not yet complete, however, so the signature only covers those portions created by the commerce web site.
  • the digital signature is created with the commerce web site's private encryption key.
  • anyone may verify the signature by accessing the digital certificate (and public key) associated with the signature.
  • step 221 using the Internet standard s/MIME encoding method, for example, the commerce web site then encrypts all or part of the new ticket using the customer's public key obtained from the customer's digital certificate. The commerce web site then forwards the new, encrypted ticket back to the aggregator in step 222 .
  • step 223 since only the customer has the private keys necessary to decrypt the ticket, the aggregator must forward the ticket for processing to the customer's computer system. If the customer is not currently accessing the aggregator's web site, step 224 is executed to wait for the customer. Otherwise, step 225 in FIG. 2E can be executed.
  • an aggregator has a ticket that needs to be approved by the customer and wait for the customer to access the aggregator's web site.
  • the aggregator sends the new, encrypted ticket to the customer's computer system (such as by way of an Internet browser) and waits for the reply.
  • step 226 ticketing software running within the customer's browser uses the customer's private encryption key to decrypt the new ticket.
  • the software also verifies the commerce web site's digital signature and any expiration date/time stamp.
  • step 227 the customer is prompted to approve the ticket (see FIG. 3 for an exemplary screen view).
  • the prompt includes enough information to identify the aggregator, the commerce web site and the desired accounts.
  • the prompt also includes the ability for the customer to adjust (shorten) the ticket's expiration date/time (“expiration time”).
  • the ticket will often contain a second expiration date/time stamp for the customer.
  • the date/time stamp should be encoded with a single unified time zone, such as UCT or GMT, as mentioned above.
  • the software should accordingly adjust the displayed expiration time to the customer's local time zone.
  • step 228 the prompt provides the customer with the ability to accept or reject the ticket requested by the aggregator (see FIG. 3 ).
  • step 229 of FIG. 2E the ticketing software running in the customer's browser adds the second expiration date/time (if such expiration times are used in the particular application) plus the customer's accept or reject status code to the ticket.
  • step 230 of FIG. 2F using the Internet standard s/MIME encoding method, for example, the ticketing software running in the customer's browser digitally signs the ticket using the customer's private encryption key. The ticketing software running in the customer's browser sends the completed ticket to the aggregator's web site n step 231 .
  • step 232 the aggregator can examine the accept or reject status code to determine if the ticket was approved by the customer. If the customer approved the ticket, step 210 can be executed, as shown in FIG. 2B . Otherwise, step 233 is executed, indicating that the customer has rejected the aggregator's request for a new ticket, and the aggregator may not access the customer's accounts.
  • Possession and storage of tickets is typically the responsibility of the aggregator.
  • Customers and commercial web sites usually do not need to store a copy of each ticket, although they may do so for diagnostic, auditing or other purposes. If an aggregator loses a ticket, though, there is no way to replace it. The aggregator must request that a new ticket be generated.
  • a commercial web site need only verify the validity of a ticket in order to authenticate an aggregator's access to a customer's data. This verification typically includes checking the digital signatures on the ticket against digital certificates maintained within a public key infrastructure. The signatures help ensure the authenticity of the ticket and that the ticket has not been tampered with.
  • FIGS. 2A through 2F depict a single ticket for a given customer-web site-aggregator combination
  • more than one ticket might be used when varying levels of access are required.
  • one ticket might permit read-only inquiries about existing account transactions; and a second ticket might permit transactions to be initiated by an aggregator.
  • Each ticket can have space for optional information to be inserted by the commercial web site and/or the customer that may be used to determine the type of access granted to a third party.
  • ticket data, digital signatures and ticket encryption will be encoded into computer messages using standard Internet s/MIME encoding techniques.
  • Internet s/MIME encoding has been widely adopted by most Internet mail, web browser and web server software.
  • FIG. 3 illustrates an exemplary situation where a customer prompts for a new ticket request, typically, but not exclusively, as described below.
  • the customer is preferably given the ability to grant or deny the request and adjust the expiration time, if such times are used in a particular instance.
  • FIG. 3 merely illustrates one example of how the customer can be prompted. Any of a wide variety of other suitable programming dialogs known to those skilled in the art can also be used.
  • a ticket request is usually processed and displayed by software running within a customer's Internet browser.
  • This software may be incorporated by browser manufacturers or dynamically added to browsers with standard Internet applet technologies, such as Java or ActiveX, for example.
  • Data fields 302 describing the parties and accounts involved with the ticket request are extracted from the ticket and displayed as part of the prompt.
  • the customer can use a mouse (or similar pointing or other input device) to finish (close) the ticket request.
  • the customer may adjust the ticket expiration date/time (If such expiration times are use in the particular application) by using a slider-style control with a mouse, for example.
  • a slider-style control with a mouse for example.
  • input devices can be used for this and other customer responses.
  • the customer chooses to either grant or deny access to the aggregator (agent).
  • the default should typically be set to deny, so that the customer has to intentionally and affirmatively choose to grant access.
  • the customer chooses “Finished” at 303 the results from this screen prompt are coded into the ticket, digitally signed or otherwise authenticated by the software running in the customer's browser and returned to the aggregator's web site.
  • FIG. 4 illustrates an exemplary simplified flow of the ticket processing, typically but not exclusively, as described below.
  • an aggregator web site 407 requests a new ticket to access customer accounts at a commerce web site 408 .
  • commerce web site 408 creates a new ticket, digitally signs it, encrypts it with the customer's public key and sends it to the aggregator 407 .
  • step 403 aggregator's web site 407 forwards the encrypted ticket to customer's computer 406 for approval.
  • step 404 web software in the customer's computer 406 decrypts the ticket, prompts the customer to adjust the expiration date/time, and prompts the customer to accept or reject the ticket request.
  • the software then adds a second digital signature to the ticket and sends it back to the aggregator 407 .
  • the aggregator 407 can then use the ticket to securely access customer accounts at the commerce web site 408 .
  • this exemplary ticketing system provides a reliable, secure, reusable, tamper-resistant ticket that allows at least a specific third party (aggregator) to access to private or confidential customer data at various commercial web sites without knowledge of the customer's passwords.
  • each reusable ticket can be set to expire at a customer-selected expiration time or one that is mutually agreed upon by both a customer and a commercial web site.
  • the use of this ticketing system can also promote improved auditing of aggregator's activities at commercial web sites.
  • the exemplary ticketing system can also leverage existing Internet and encryption technologies to allow for easy implementation.

Abstract

A method, software and apparatus facilitates one or more third-party agents to securely access a customer's or other first party's private personal and financial data or other such confidential information from a second party, preferably on the Internet. A security document or ticket is presented to the second party for verifying the customer's consent to grant such access to the third party. The second party only communicates such confidential information to the third party if the security document is found to be valid. The security document, which can be at least partially encrypted, can also include a preselected expiration time, beyond which it is not valid.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is entitled to the benefit of, and claims priority to, U.S. Provisional Patent Application Ser. No. 60/223,825, filed Aug. 8, 2000 entitled “INTERNET THIRD-PARTY AUTHENTICATION USING ELECTRONIC TICKETS.”
  • BACKGROUND AND SUMMARY OF THE INVENTION
  • The invention relates generally to computer information security and the Internet, and more specifically to methods that permit one or more third-party agents to access customers' private personal and financial data or other confidential information on the world-wide-web. The invention was originally designed as a method for banks and bank customers to mutually approve one or more third party agents (such as aggregators, for example) to access customer confidential data via the Internet. It is also applicable, however, in any situation involving computers where an agent's computer or computers act as an intermediary between computers of two other parties and where access to certain information is to be limited, whether or not the information is confidential.
  • The Consumer Problem
  • When the World Wide Web (“the web”) was invented in 1990, security was not a major concern because it was primarily used to share scientific research. The initial concept was for unlimited, open, public access to documents. As the web became popular, however, the need for security increased. Web sites developed schemes with usernames and passwords to protect confidential web pages. And, in 1995, SSL encryption became the standard method to protect confidential data transmitted over the public Internet. By 1999, consumers started to become confident in the security of Internet transactions, and Internet commerce became commonplace. Millions of consumers regularly made purchases, paid bills and performed common banking and brokerage transactions using the Internet.
  • Today, a typical consumer might have access to dozens of secure web sites for shopping and financial services. Because each site has a unique look and feel, customers must learn how to navigate each individual site. Each site also has a unique security identification and authentication scheme, forcing each customer to keep track of dozens of usernames and passwords, PINs and code words. These factors may be confusing and frustrating for consumers. So, while the Internet revolutionized the way consumers access information, taking advantage of it is often difficult and cumbersome. Obtaining a consolidated view of a customer's Internet or on-line accounts could easily require hours of manual effort, working at a computer, visiting many web sites.
  • The Aggregator Solution
  • An aggregator is a web service that consolidates a consumer's financial and personal information and presents it in a concise, easy-to-read fashion. An aggregator accesses shopping and financial service web sites to extract customers' data and repackages that data for presentation on the aggregator's web site. After enrolling with an aggregator, customers only need to learn how to navigate the aggregator's web site. Furthermore, customers must remember only one username/password combination, instead of dozens.
  • The enrollment process typically involves setting up a username and password to access the aggregator's web site. This username/password becomes a very powerful “master password” because it gets linked to the customer's other accounts and passwords. In addition to creating master passwords, customers also enter details about each bank, brokerage and shopping web site they want the aggregator to access on their behalf. Details include usernames, passwords, account numbers and other secret or confidential information required to access aggregated web sites. (Not all aggregators know how to access all financial and shopping web sites, so the aggregator must support the bank, brokerage and shopping web sites a customer intends to use.) Once the aggregator has the information necessary to access all of a customer's accounts, however, the aggregator will work behind the scenes on the Internet to assemble the details about the customer's personal financial life or other confidential information.
  • When a customer visits the aggregator's web site, the aggregator will typically display a list of bank, credit card, brokerage, shopping and other financial accounts, along with associated balances, in a concise, consistent and consolidated fashion. The aggregator's site usually also has features to “drill down” into details about any account, showing transactions, history and trends. If the aggregator offers bill payment features, customers can also view on-line versions of bills and statements, including transaction details. Many aggregators also allow customers to schedule bill payments—where the aggregator moves money from customers' bank accounts to vendors or other accounts either electronically or by mailing actual checks. Since an aggregator may track uncleared transactions, the financial information kept by an aggregator may be more up to date than customer's account data at each bank, brokerage or vendor. An aggregator makes customers' on-line financial life much easier to manage. The aggregator is, in effect, a personal financial agent on the Internet.
  • How Do Aggregators Work?
  • Many aggregators use a technique known as “screen scraping” to access customers' information at various financial and shopping web sites. During screen scraping, the aggregator simulates a human and Internet browser accessing each web site. A computer program takes the place of a keyboard and mouse by supplying the expected input. Much like a human reading results on a screen, the computer program “reads” and stores the information returned by each aggregated site.
  • Screen scraping is not a perfect technology, however. If a web site changes its appearance or process flow, the aggregator may not be able to accurately obtain (or scrape) the information from the web site. Aggregators must constantly monitor aggregated web sites in an attempt to keep their computer programs current with each site.
  • In contrast, some aggregators have tightly coupled relationships with various financial institutions. This enables them to use more advanced techniques such as Interactive Financial Exchange (IFX), Open Financial Exchange (OFX) or eXtended Markup Language (XML), for example, to efficiently transfer account information. However, these techniques have not yet been widely adopted.
  • Risks of Aggreation
  • Many consumers recognize the benefits provided by aggregators, but feel uncomfortable providing aggregators unlimited access to passwords and other private information. If the security at an aggregator's web site is compromised, unscrupulous parties could steal customers' private and confidential information and passwords.
  • When banks and other commercial web sites created their username/password schemes, they intended that only the consumer associated with each username know the secret password. In many cases, banks don't even store actual passwords. Instead, they store only a mathematically hashed value based on the password, which is enough information necessary to detect a valid password. In other words, many banks don't actually know a password, but they can determine if the customer really knows it. Storing password information in this manner reduces the likelihood of password theft by bank employees. This method also helps prevent password theft by Internet hackers.
  • When consumers provide passwords to an aggregator, they reduce the security and safety of their passwords because they are stored at an aggregator's computing facility in a reproducible form. Even if the aggregator stores encrypted passwords, this is less secure than a mathematical hash, because, unlike a bank, the aggregator can reproduce the original passwords. An aggregator's unscrupulous employee or an Internet hacker could exploit this risk and steal passwords.
  • Banks, brokerages and retail companies, for example, created their web sites with the intent that actual customers would access their sites. They didn't intend for aggregators' automated systems to extract customer data. The web sites' auditing and record logging mechanisms were originally intended to track actual customers initiating transactions. Commercial web sites need a way to audit and record accesses by aggregators distinctly from actual customers. These audit mechanisms should have a way to determine if a customer actually approved each aggregator's access.
  • If a customer discontinues the use of an aggregator, he or she would request the aggregator to disable their username and clear their personal information. However, this does not guarantee that the customer's confidential information has been removed. For a variety of legitimate reasons, or in the event of error, the aggregator might retain records of the customer's associated accounts, usernames and passwords. This retention might be temporary, but could even be permanent. The customer has no method to detect when an aggregator accesses his accounts, so they cannot easily feel confident that all access has been terminated.
  • The risks described here, plus financial liability and other regulatory risks, are roadblocks to widespread acceptance of aggregators by consumers, commercial web sites and government regulators.
  • Public Key Cryptography and Digital Certificates
  • Much of public key cryptography relies on unique properties of extremely large prime numbers (hundreds or more digits long) and a technique patented in 1983 by R. L. Rivest, A. Shamir, and L. M. Adleman. This technique, commonly known as RSA encryption (named for its inventors), allows any general-purpose computer to generate a pair of mathematically related numbers, known as encryption keys (or just “keys”), within a few seconds. Typically, one of the keys is called the private or secret key because the key owner must protect and secretly store the only copy of the private or secret key. The other number is called the public key because it can safely be shared with anyone.
  • Although the RSA methods can easily generate a key pair within a few seconds, the process to reconstruct a key pair is extremely difficult. If one key in a pair is lost, it could take the world's fastest computers many years to decompose the known key and recalculate the lost key. This disparity in decryption is the strength of public key cryptography. If someone has your public key, it is very difficult (almost impossible) for him or her to determine your private or secret key. If you have someone's public encryption key, you can use RSA's encryption techniques to encode a message or file that only that person can decrypt and read. The message recipient must have the private key (which is associated with the public key) and use RSA's decryption techniques to decode the message.
  • Conversely, if someone uses his or her private or secret key to encrypt some data or its digest, then anyone with access to that person's public key can decrypt the data or its digest back to its original form. Assuming that the originator protects his private or secret key, nobody else could have sent the original encrypted message—in effect a mathematical signature proves who originated the message. (Within the computer security industry, this exemplary security device is commonly known as a digital signature.)
  • The public and private or secret keys complement each other. If one of the keys encrypts (or locks) some data, the other complementary key decrypts (or unlocks) the data. Each customer, commercial web site and aggregator must have a unique public and private key pair. Rather than inventing methods to manage the storage of private keys and sharing of public keys, this invention relies on the existing public key infrastructure (PKI). With PKI, when an entity (person or company) creates a key pair, they register the public key with a certifying authority (CA). The CA verifies the identity of the entity and issues a digital certificate, which has been digitally signed by the CA.
  • The digital certificate serves as a tamper-resistant electronic identification document for an entity. The digital certificate includes the entity's public key. (Only the entity that generated the key pair should have access to the associated private or secret key.) Much of the software required to manipulate and store digital certificates and associated keys already exists as commercially available software. Most Internet web browsers and web servers have the capability to store digital certificates and keys, and software libraries, such a RSA's CryptoJ can perform public key cryptography. It is expected that this invention will be implemented using tools such as these, among others.
  • Although the technology exists, and the software is readily available, the use of digital certificates has not yet been widely adopted by consumers. By the year 2000, the United States federal government and many states approved the use of digital certificates and digital signatures as acceptable authentication mechanisms for public-to-government transactions. As public and commercial acceptance of digital signatures become commonplace, it is expected that most commercial institutions will either issue or otherwise assist customers to obtain digital certificates.
  • SSL Encryption
  • The Secure Sockets Layer (SSL) protocol was developed by Netscape Communications, Inc. as a way to securely move data over a public network, notably and typically over the Internet. SSL uses public key cryptography, specifically RSA's encryption methods, for example, to establish a secure “session” between two computers connected via the TCP/IP protocol. Public keys, usually obtained from digital certificates and associated private or secret keys may be used to identify (authenticate) one or both computers in a TCP/IP conversation. Once an SSL session is established, it is very difficult (almost impossible) for a third party to eavesdrop and examine the data flowing between the end computers. This invention assumes that SSL encryption, or similar encryption protocols among those readily known by those skilled in the art, will be typically used for all secure communications between customers, aggregators and commercial web sites.
  • Optionally, SSL authentication may also be used to verify the identity of one or both parties involved in each communication. If both parties use public keys from digital certificates, for example, and associated private keys in conjunction with SSL to authenticate their identities with each other this is commonly referred to as SSL mutual authentication. If only one party uses a private or secret key and digital certificate for one end of an SSL session, this is commonly referred to as SSL single-end authentication.
  • Although this invention works best with SSL mutual authentication, it may also be used with SSL single-end authentication or even if SSL authentication is not used at all. In these cases, the parties must select some other form of verification or authentication (e.g., usernames and passwords), which should occur immediately after each SSL session is established. This invention requires that the parties involved in electronic communications, for example, have somehow verified or authenticated their identities with each other, using SSL authentication, for example, or similar techniques well-known to those skilled in the art.
  • Other known encryption/decryption methods will also occur to those skilled in the art, including those using symmetric, asymmetric, message digests (mathematical hashes), or other encryption schemes (including those using multiple-use or one-time use keys), for example.
  • Using the present invention, a tamper-resistant security document, such as an electronic document, known as a ticket, is created and approved by two consenting parties to allow a third party (or even more parties) to access private and confidential personal and financial data on the Internet (world-wide-web). The electronic ticket or other types of security documents can also have a limited lifetime, allowing the consenting parties to control the third party's duration of access.
  • Some of the exemplary features, objects or advantages of the present invention include:
      • (a) to provide an electronic document (ticket), for example, that proves that two or more parties consent to allow a third party (or more parties) secure verified access to confidential information;
      • (b) to create an electronic document (ticket), for example, that is very difficult (almost impossible) to forge;
      • (c) to create an electronic document (ticket), for example, that is very difficult (almost impossible) to modify without the creator's consent;
      • (d) to create an electronic document (ticket), for example, that is only useful to the intended parties—a stolen ticket can't be successfully used by a thief;
      • (e) to create an electronic document (ticket), for example, that eliminates, or least substantially minimizes, damaging security consequences if it is lost or stolen;
      • (f) to create an electronic document (ticket), for example, that only needs to be stored by a single party;
      • (g) to create an electronic document (ticket), for example, with a limited lifetime—the ticket can't be used after it expires;
      • (h) to create an electronic document (ticket), for example, whose expiration date and time (“expiration time”) is agreed upon by all parties;
      • (i) to create an electronic document (ticket), for example, that can be used by a third party an unlimited number of times (or alternately, if desired in particular situations, for a specified limited number of times) during the ticket's lifetime;
      • (j) to create an electronic document (ticket), for example, containing a serial number allowing the ticket's approval and usage to be monitored and recorded for auditing purposes;
      • (k) to create an electronic document (ticket), for example, that allows the consenting parties to insert optional information into the ticket for subsequent, future usage; and/or
      • (l) to create an electronic document (ticket), for example, that may be safely substituted in situations where a traditional password would normally be used.
  • Possible further objects and advantages are to provide an electronic document (ticket) that can be initiated by any of the three or more parties, that allows customers, for example, to use third party agents to access confidential financial and personal information in a safe and secure and verifiable manner without requiring customers to reveal confidential passwords, and that also utilizes existing Internet technologies. Other objects, advantages and features of the invention will readily occur to those skilled in the art from the following description and appended claims, taken in conjunction with the accompanying drawings.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIGS. 1A and 1B are flow diagrams showing an exemplary relationship of the entities involved in exchange of confidential information in relation to the invention.
  • FIGS. 2A through 2F are flow diagrams showing an exemplary sequence of events performed in the context of the invention.
  • FIG. 3 is an exemplary illustration of what a customer sees on a computer screen during the approval of an electronic ticket or other such security document according to the invention.
  • FIG. 4 is a flow diagram showing an exemplary simplified flow of a ticket's request, approval and usage between three parties (in the illustrated example): an aggregator (the requester), a commerce web site (the originator and first approver), and a customer (the final approver).
  • DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
  • For purposes of illustration, FIGS. 1 through 4 (taken in conjunction with the following description) illustrate merely exemplary embodiments of the invention, shown in the context of a commonly-encountered customer, aggregator and bank relationship for securely communicating a customer's personal and private banking, commerce-related information or other confidential information over the Internet. One skilled in the art will readily recognize that the present invention is equally applicable to other contexts in which confidential information is securely communicated among three or more parties, and even those using communication media other than the Internet.
  • As illustrated in FIG. 1A, commerce web sites 103, 104 provide customers 101 access to customer private or confidential data 105 using the Internet 102, standard operating software 107, 112 and computers 103, 110. Although FIG. 1A only shows one instance of customer private data 105, it is not uncommon for a customer 101 to have data scattered at many commerce web sites 103, 104.
  • As illustrated in FIG. 1B, an aggregator's web site 116 uses the Internet 102 and standard Internet software 121 to access many commerce web sites 103, 104 on behalf of the customer 101. An aggregator 116 will access a customer's private data 105 from various commerce web sites 103, 104 and consolidate (with database software 121) the customer's private data 117 for later access by the customer 101. When a customer 101 accesses the aggregator's web site 116, his consolidated private information 117 is presented in a concise, easy-to-use fashion. A customer 101 need only access the aggregator's web site 116 to view their consolidated private or confidential information 117 originally obtained from many commerce web sites 103, 104.
  • Most commerce web sites 103, 104 and a customer's general operating software (such as an Internet browser) 112 use SSL encrypted sessions 108, 109 to protect confidential data as it traverses the public Internet 102. SSL uses public key cryptography, in conjunction with private keys 106, 111 and public keys (contained in digital certificates 114, 115) to authenticate the identity of one or both parties involved in each SSL session 108, 109.
  • Commerce web sites 103, 104 create a public/private key pair suitable for use with RSA encryption and SSL software 107, 112, for example. A commerce web site 103 also registers its public key with a certificate authority 113, who will issue a digital certificate 114 containing the public key of the commerce web site 103. Techniques for registering, sharing and processing digital certificates are well-known and are already widely available with standard Internet operating software 107, 112, and are thus not described here. The invention assumes that digital certificates 114, 115, 127, for example, and/or the public keys necessary for SSL and RSA encryption, are easily available to all parties that need access to them.
  • Digital certificates 114, 115, 127 and private or secret keys 106, 111, 118, for example, may be used to authenticate the identity of both parties involved in any SSL session 108, 109, 122, 123, 124 using SSL mutual authentication. Alternatively, SSL single-end authentication may be used to create an SSL session 108, 109, 122, 123, 124 if only one party possesses the necessary private key and digital certificate. Although this invention works best with SSL mutual authentication in most situations, it may also be used with SSL single-end authentication or even if SSL authentication is not used at all, provided that an alternate means to authenticate the non-SSL authenticated party is utilized. Alternate authentication means are beyond the scope of this exemplary illustration of the invention, however they typically involve some sort of password scheme.
  • As illustrated in FIG. 1B, this exemplary embodiment of the invention includes software 120, 125, 126 to create and process security documents or tickets 119. Although this invention was designed to use the Internet 102, more specifically, the world-wide-web technology of the Internet, it is also suitable for use when all or part of the information flows over private networks or other systems or mediums.
  • Software 120 at an aggregator's web site 116 sends a ticket 119 to each commerce web site 103, 104 for each access to a customer's private data 105. Ticketing software 125 at a commerce web site knows how to validate a ticket 119 presented by software 120 from an aggregator's web site 116. Once a ticket 119 is validated, the aggregator 116 is permitted access to the customer's private data 105 for the duration of the session 122. If, however, an aggregator's web site 116 doesn't have a valid ticket 119 for the specific customer 101 and commerce web site 103, 104, the aggregator's ticketing software 120 will send a ticket request to the commerce web site's ticketing software 125.
  • Ticketing software 125 at the commerce web site 103 creates the first part of a new ticket and digitally signs it with the commerce site's private key 106. All or part of the new ticket is then encrypted with the customer's public key 115 and sent back to the aggregator's web site 116. If the customer 101 is not already on line with the aggregator's web site, when he or she next visits the aggregator's web site 116, ticketing software 120 then forwards the encrypted, new ticket to ticketing software 126 contained in the customer's computer 110.
  • Ticketing software 126 in the customer's computer 110 decrypts the new ticket, validates the commerce site's digital signature against the proper digital certificate 114, and prompts the customer 101 to accept or reject the new ticket. The customer 101 can also be given a chance to adjust the ticket's expiration date and time. Based upon the customer's 101 response, the ticketing software 126 completes the ticket (including the customer's accept or reject status) and digitally signs the ticket with the customer's private key 111.
  • The customer's ticketing software 126 and Internet browser 112 then forwards the completed ticket from the customer's computer 110 back to the aggregator's web site 116. The aggregator ticketing software 120 then stores the ticket 119 for later use.
  • In FIG. 2A, a typical procedure for granting and using an exemplary ticket is described generally, but not exclusively, as set forth below.
  • Consumers need a way to approve aggregators' access to their various accounts without giving away their passwords. The ideal method should allow access to be easily revoked and audited. The invention contemplates the use of temporary, electronic tickets to fulfill these needs.
  • Tickets leverage existing Internet technology and public key cryptography to create tamper-resistant documents (tickets) which are used to approve account access. Tickets can be created by banks, brokerage firms, shopping sites and other commerce web sites, approved by customers, and given to aggregators. An aggregator's computer system then presents a ticket for each account it attempts to access.
  • In the detailed description of exemplary versions of the invention that follows, it is assumed that all parties have the necessary computers, hardware and software to access the Internet, utilize digital certificates, perform appropriate encryption, and process tickets utilizing methods described in this invention.
  • In step 201 of FIG. 2A, relationships 202 are identified and established, if not already done so as described above, between a commerce web site, an aggregator web site and a customer. These relationships need only be established once and may be skipped (proceed to step 210 in FIG. 2B) if already established. As needs change, any of the steps 202 through 209 (in FIG. 2B) may be repeated in order to update the nature of the relationships.
  • In step 203, a commerce web site obtains a digital certificate (if not already done) for use as an identity to create SSL encrypted sessions and digitally sign documents. Most Internet web server software includes the ability to utilize digital certificates and associated private keys.
  • In step 204, an aggregator's web site similarly obtains a digital certificate (if not already done) for SSL authentication. Although strongly suggested, the invention does not require that the aggregator have a digital certificate, provided that a suitable alternate means exists for the commerce web site to authenticate the identity of the aggregator.
  • In step 205, an aggregator must register an identity with each commerce web site that it intends to access. In most cases, this will require registering an aggregator's digital certificate with a commerce web site. Alternately, a commerce web site could issue some sort of password to each aggregator. In either case, the commerce web site must be able to identify the aggregator during each access to the commerce web site.
  • In step 206, before an aggregator can access a customer's data, the customer must be known by the commerce web site. Typically, this will involve the customer joining an on-line shopping site, or signing up for on-line account access with a bank or brokerage house, for example.
  • In step 207, the customer obtains a digital certificate from a certificate authority agreeable to both commerce and aggregator web sites, or otherwise establish an acceptable authentication among them. Preferably, commerce and aggregator web sites should be able to verify and trust the authenticity of the customer's digital certificate.
  • In step 208, after all other relationships have been established, a customer registers an identity at an aggregator's web site. Typically, a customer will register his, hers, or its digital certificate with the aggregator. An aggregator may also issue some sort of password to each customer, however, this does not preclude the need, at least in this example, for each customer to possess a digital certificate.
  • In step 209, shown in FIG. 2B, the customer will inform the aggregator about each of his or her accounts at each commerce web site that he, she, or it wants the aggregator to access. This step may be repeated when the customer adds new accounts.
  • Steps 210 and beyond may be performed at any time, initiated by the aggregator's site autonomously of the customer, for example, or specifically requested by the customer initially as illustrated in step 209.
  • In step 210, if an aggregator has a ticket (electronic document) for a specific commerce web site, which is necessary to access a specific customer's accounts at that web site, then step 211 can be executed, otherwise, step 217 can be executed, as shown in FIG. 2C.
  • In step 211, a ticket optionally, but preferably, has at least two expiration date/time (“expiration time”) stamps, which can be one set by the commerce web site and the other set by the customer. Using the earlier or earliest expiration date/time stamp, it can be determined if the ticket has expired. In this regard, this exemplary version of the invention assumes that all computer systems involved in ticket processing use a unified time zone, such as UCT or GMT time zone, when comparing these date/time stamps. If the ticket has expired, step 216 can be executed, as shown in FIG. 2C, otherwise step 212 can be executed.
  • In step 212, an aggregator sends a copy of the ticket associated with the customer's accounts to a commerce web site for approval.
  • In step 213, a commerce web site verifies the expiration date/time stamps, then verifies the digital signatures on the ticket. The ticket has at least two digital signatures—one for the commerce web site's portion of the ticket and another for the customer's portion of the ticket. Both digital signatures must prove or verify that both parties issued the ticket and that the ticket hasn't been tampered with. Finally, the commerce web site verifies that the ticket is associated with the aggregator requesting the account access. Assuming that all checks pass and the ticket is accepted, then step 214 can be executed, as shown in FIG. 2B. Otherwise, step 216 can be executed, as shown in FIG. 2C.
  • At step 214 in FIG. 2B, the commerce web site permits the aggregator to access the customer's data. Assuming that steps 202 through 209 were skipped, it was not necessary for the customer to approve this particular access by the aggregator because the aggregator possessed a valid ticket. As long as the ticket remains valid, the aggregator will typically have unencumbered access to the customer's data, without additional approval from the customer. For this reason, expiration dates and times (if used) should be set to short, reasonable values.
  • The aggregator might access a customer's data at the commerce web site using screen scraping techniques, for example, where the data is extracted from data streams intended (by the commerce web site) to be displayed on a customer's browser. As an incentive to use this ticketing system, aggregators might be given a more formalized data feed utilizing XML, IFX, OFX or structured records, for example.
  • In step 215, the aggregator closes the session with the commerce web site. Any further or future access starts over at step 201.
  • In step 216 of FIG. 2C, an aggregator has a ticket for a specific customer and a specific commerce web site, but it has been proven invalid. Since the ticket is no longer good, the aggregator purges it from data storage.
  • In step 217, an aggregator does not have a ticket for a specific customer and a specific commerce web site, so it sends a request for a new ticket to the commerce web site.
  • In step 218, the commerce web site creates a new ticket, which is merely a document with data fields for items on the ticket. Although not required by the invention, a document may be formatted with XML-style tags common with Internet documents.
  • In step 219, the commerce site adds the aggregator's identification to the ticket. Since the aggregator has authenticated with the commerce web site, the identity may be obtained from the established session. This identity is used to validate the aggregator's access in step 213 of FIG. 2B. A serial number (for auditing purposes) and the first expiration date/time (“expiration time”) can also be added to the ticket. The commerce web site may optionally add other fields to the ticket for its own use.
  • In step 220 of FIG. 2D, using the Internet standard s/MIME encoding method, for example, the commerce web site then digitally signs the new ticket. The ticket is not yet complete, however, so the signature only covers those portions created by the commerce web site. The digital signature is created with the commerce web site's private encryption key. Anyone may verify the signature by accessing the digital certificate (and public key) associated with the signature.
  • In step 221, using the Internet standard s/MIME encoding method, for example, the commerce web site then encrypts all or part of the new ticket using the customer's public key obtained from the customer's digital certificate. The commerce web site then forwards the new, encrypted ticket back to the aggregator in step 222.
  • In step 223, since only the customer has the private keys necessary to decrypt the ticket, the aggregator must forward the ticket for processing to the customer's computer system. If the customer is not currently accessing the aggregator's web site, step 224 is executed to wait for the customer. Otherwise, step 225 in FIG. 2E can be executed.
  • In step 224 of FIG. 2D, an aggregator has a ticket that needs to be approved by the customer and wait for the customer to access the aggregator's web site. Thus, in step 225 of FIG. 2E, the aggregator sends the new, encrypted ticket to the customer's computer system (such as by way of an Internet browser) and waits for the reply.
  • In step 226, ticketing software running within the customer's browser uses the customer's private encryption key to decrypt the new ticket. The software also verifies the commerce web site's digital signature and any expiration date/time stamp. In step 227, the customer is prompted to approve the ticket (see FIG. 3 for an exemplary screen view). The prompt includes enough information to identify the aggregator, the commerce web site and the desired accounts. The prompt also includes the ability for the customer to adjust (shorten) the ticket's expiration date/time (“expiration time”). The ticket will often contain a second expiration date/time stamp for the customer. Also, the date/time stamp should be encoded with a single unified time zone, such as UCT or GMT, as mentioned above. The software should accordingly adjust the displayed expiration time to the customer's local time zone. Then, in step 228, the prompt provides the customer with the ability to accept or reject the ticket requested by the aggregator (see FIG. 3).
  • In step 229 of FIG. 2E, the ticketing software running in the customer's browser adds the second expiration date/time (if such expiration times are used in the particular application) plus the customer's accept or reject status code to the ticket. In step 230 of FIG. 2F, using the Internet standard s/MIME encoding method, for example, the ticketing software running in the customer's browser digitally signs the ticket using the customer's private encryption key. The ticketing software running in the customer's browser sends the completed ticket to the aggregator's web site n step 231.
  • In step 232, the aggregator can examine the accept or reject status code to determine if the ticket was approved by the customer. If the customer approved the ticket, step 210 can be executed, as shown in FIG. 2B. Otherwise, step 233 is executed, indicating that the customer has rejected the aggregator's request for a new ticket, and the aggregator may not access the customer's accounts.
  • Possession and storage of tickets is typically the responsibility of the aggregator. Customers and commercial web sites usually do not need to store a copy of each ticket, although they may do so for diagnostic, auditing or other purposes. If an aggregator loses a ticket, though, there is no way to replace it. The aggregator must request that a new ticket be generated.
  • A commercial web site need only verify the validity of a ticket in order to authenticate an aggregator's access to a customer's data. This verification typically includes checking the digital signatures on the ticket against digital certificates maintained within a public key infrastructure. The signatures help ensure the authenticity of the ticket and that the ticket has not been tampered with.
  • Because ticket expiration is crucial to limiting account access, commercial web sites must check both expiration times on each ticket. Typically, but not necessarily, the earliest expiration time should determine when a ticket actually expires. Dual expiration times allow a customer and commerce web site to mutually agree upon the ticket's lifetime in a secure manner.
  • Although the exemplary usage scenarios presented in FIGS. 2A through 2F depict a single ticket for a given customer-web site-aggregator combination, more than one ticket might be used when varying levels of access are required. For example, one ticket might permit read-only inquiries about existing account transactions; and a second ticket might permit transactions to be initiated by an aggregator. Each ticket can have space for optional information to be inserted by the commercial web site and/or the customer that may be used to determine the type of access granted to a third party.
  • It is expected that all confidential communications among the customer's web browser, the aggregator, and the commercial web site will typically, but not necessarily, employ industry-standard SSL encryption. However, it is not necessary to securely store or encrypt a completed ticket because the ticket is bound to, and only works with, a specific customer, aggregator and commercial web site. A stolen ticket is of little value to anyone except the aggregator. Moreover, anyone can test the validity of a ticket.
  • Typically, ticket data, digital signatures and ticket encryption will be encoded into computer messages using standard Internet s/MIME encoding techniques. Internet s/MIME encoding has been widely adopted by most Internet mail, web browser and web server software.
  • FIG. 3 illustrates an exemplary situation where a customer prompts for a new ticket request, typically, but not exclusively, as described below. The customer is preferably given the ability to grant or deny the request and adjust the expiration time, if such times are used in a particular instance. Thus, FIG. 3 merely illustrates one example of how the customer can be prompted. Any of a wide variety of other suitable programming dialogs known to those skilled in the art can also be used.
  • On customer screen 301, a ticket request is usually processed and displayed by software running within a customer's Internet browser. This software may be incorporated by browser manufacturers or dynamically added to browsers with standard Internet applet technologies, such as Java or ActiveX, for example. Data fields 302 describing the parties and accounts involved with the ticket request are extracted from the ticket and displayed as part of the prompt. The customer can use a mouse (or similar pointing or other input device) to finish (close) the ticket request.
  • At 304, the customer may adjust the ticket expiration date/time (If such expiration times are use in the particular application) by using a slider-style control with a mouse, for example. One skilled in the art will readily recognize that other input devices can be used for this and other customer responses.
  • At 305, the customer chooses to either grant or deny access to the aggregator (agent). The default should typically be set to deny, so that the customer has to intentionally and affirmatively choose to grant access. When the customer chooses “Finished” at 303, the results from this screen prompt are coded into the ticket, digitally signed or otherwise authenticated by the software running in the customer's browser and returned to the aggregator's web site.
  • FIG. 4 illustrates an exemplary simplified flow of the ticket processing, typically but not exclusively, as described below.
  • In step 401, an aggregator web site 407 requests a new ticket to access customer accounts at a commerce web site 408.
  • In step 402, commerce web site 408 creates a new ticket, digitally signs it, encrypts it with the customer's public key and sends it to the aggregator 407.
  • In step 403, aggregator's web site 407 forwards the encrypted ticket to customer's computer 406 for approval.
  • In step 404, web software in the customer's computer 406 decrypts the ticket, prompts the customer to adjust the expiration date/time, and prompts the customer to accept or reject the ticket request. The software then adds a second digital signature to the ticket and sends it back to the aggregator 407.
  • At step 405, the aggregator 407 can then use the ticket to securely access customer accounts at the commerce web site 408.
  • One skilled in the art will readily recognize that this exemplary ticketing system provides a reliable, secure, reusable, tamper-resistant ticket that allows at least a specific third party (aggregator) to access to private or confidential customer data at various commercial web sites without knowledge of the customer's passwords. Furthermore, each reusable ticket can be set to expire at a customer-selected expiration time or one that is mutually agreed upon by both a customer and a commercial web site. The use of this ticketing system can also promote improved auditing of aggregator's activities at commercial web sites. The exemplary ticketing system can also leverage existing Internet and encryption technologies to allow for easy implementation.
  • The foregoing discussion discloses, and describes merely exemplary embodiments of the present invention for purposes of illustration only. One skilled in the art will readily recognize from such discussion, and from the accompanying drawings and claims, that various changes, modifications, and variations can be made therein without departing from the spirit and scope of the invention as defined in the following claims.

Claims (11)

1-90. (canceled)
101. A method of creating an electronic document that describes a mutually agreed upon arrangement between at least three parties, the method comprising:
initiating a computer-generated electronic document by a party, wherein the electronic document resides within a computer system of at least one of the parties and the electronic document comprises verifying information from at least two of the parties to establish multiple-authorship of the electronic document,
adding expiration times to the electronic document by at least two of the parties, and
obtaining agreement of all of the parties to use the earliest expiration time of the electronic document.
102. The method according to claim 101, wherein the electronic document is stored on a computer by at least one party.
103. The method according to claim 101, wherein a third party has use of the electronic document for an unlimited number of times prior to expiration of the document.
104. The method according to claim 101, wherein the electronic document further comprises a serial number.
105. The method according to claim 104, wherein the serial number is used for auditing or tracking purposes.
106. The method according to claim 101, wherein at least a portion of the electronic document is encrypted.
107. The method according to claim 106, wherein at least a portion of the electronic document is symmetrically encrypted.
108. The method according to claim 106, wherein at least a portion of the electronic document is asymmetrically encrypted.
109. The method according to claim 101, wherein the electronic document comprises a digital signature of at least two of the parties.
110. The method according to claim 106, wherein the encrypted portion is capable of decryption using an encryption key.
US11/821,442 2000-08-08 2007-06-22 Internet third-party authentication using electronic tickets Abandoned US20070266238A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/821,442 US20070266238A1 (en) 2000-08-08 2007-06-22 Internet third-party authentication using electronic tickets

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US22382500P 2000-08-08 2000-08-08
US09/924,712 US7266684B2 (en) 2000-08-08 2001-08-08 Internet third-party authentication using electronic tickets
US11/821,442 US20070266238A1 (en) 2000-08-08 2007-06-22 Internet third-party authentication using electronic tickets

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/924,712 Continuation US7266684B2 (en) 2000-08-08 2001-08-08 Internet third-party authentication using electronic tickets

Publications (1)

Publication Number Publication Date
US20070266238A1 true US20070266238A1 (en) 2007-11-15

Family

ID=22838106

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/924,712 Expired - Lifetime US7266684B2 (en) 2000-08-08 2001-08-08 Internet third-party authentication using electronic tickets
US11/821,442 Abandoned US20070266238A1 (en) 2000-08-08 2007-06-22 Internet third-party authentication using electronic tickets

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/924,712 Expired - Lifetime US7266684B2 (en) 2000-08-08 2001-08-08 Internet third-party authentication using electronic tickets

Country Status (6)

Country Link
US (2) US7266684B2 (en)
EP (1) EP1317708A4 (en)
CN (1) CN1529856A (en)
AU (2) AU8475401A (en)
CA (1) CA2418740C (en)
WO (1) WO2002013016A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060168019A1 (en) * 2004-12-10 2006-07-27 Doron Levy Method for discouraging unsolicited bulk email

Families Citing this family (86)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030105730A1 (en) * 1999-05-19 2003-06-05 Rhoads Geoffrey B. Postal meters and systems employing watermarking
US6461364B1 (en) * 2000-01-05 2002-10-08 Integrated Vascular Systems, Inc. Vascular sheath with bioabsorbable puncture site closure apparatus and methods of use
US7383223B1 (en) * 2000-09-20 2008-06-03 Cashedge, Inc. Method and apparatus for managing multiple accounts
CA2422878C (en) * 2000-09-26 2016-04-26 The Excite Network, Inc. System and method for facilitating information requests
AU742639B3 (en) 2001-02-15 2002-01-10 Ewise Systems Pty Limited Secure network access
JP3901484B2 (en) * 2001-10-05 2007-04-04 株式会社ジェイテクト Electric power steering device
US7207060B2 (en) * 2001-10-18 2007-04-17 Nokia Corporation Method, system and computer program product for secure ticketing in a communications device
US7178041B2 (en) * 2001-10-18 2007-02-13 Nokia Corporation Method, system and computer program product for a trusted counter in an external security element for securing a personal communication device
US20030076957A1 (en) * 2001-10-18 2003-04-24 Nadarajah Asokan Method, system and computer program product for integrity-protected storage in a personal communication device
GB2382962A (en) * 2001-12-07 2003-06-11 Altio Ltd Data routing without using an address
US7921288B1 (en) 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US7565683B1 (en) 2001-12-12 2009-07-21 Weiqing Huang Method and system for implementing changes to security policies in a distributed security system
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
USRE41546E1 (en) 2001-12-12 2010-08-17 Klimenty Vainstein Method and system for managing security tiers
US7681034B1 (en) 2001-12-12 2010-03-16 Chang-Ping Lee Method and apparatus for securing electronic data
US7178033B1 (en) 2001-12-12 2007-02-13 Pss Systems, Inc. Method and apparatus for securing digital assets
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US8006280B1 (en) 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US7260555B2 (en) 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
US7783765B2 (en) 2001-12-12 2010-08-24 Hildebrand Hal S System and method for providing distributed access control to secured documents
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US7380120B1 (en) 2001-12-12 2008-05-27 Guardian Data Storage, Llc Secured data format for access control
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7950066B1 (en) 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US8176334B2 (en) 2002-09-30 2012-05-08 Guardian Data Storage, Llc Document security system that permits external users to gain access to secured files
US8613102B2 (en) 2004-03-30 2013-12-17 Intellectual Ventures I Llc Method and system for providing document retention using cryptography
US10046244B2 (en) 2002-06-14 2018-08-14 Dizpersion Corporation Method and system for operating and participating in fantasy leagues
US7512810B1 (en) 2002-09-11 2009-03-31 Guardian Data Storage Llc Method and system for protecting encrypted files transmitted over a network
US7836310B1 (en) 2002-11-01 2010-11-16 Yevgeniy Gutnik Security system that uses indirect password-based encryption
US7890990B1 (en) 2002-12-20 2011-02-15 Klimenty Vainstein Security system with staging capabilities
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
US7729992B2 (en) * 2003-06-13 2010-06-01 Brilliant Digital Entertainment, Inc. Monitoring of computer-related resources and associated methods and systems for disbursing compensation
US8095500B2 (en) 2003-06-13 2012-01-10 Brilliant Digital Entertainment, Inc. Methods and systems for searching content in distributed computing networks
JP2005018378A (en) * 2003-06-25 2005-01-20 Sony Corp Information server, information equipment, information processing system, information processing method and information processing program
JP2005064770A (en) * 2003-08-11 2005-03-10 Ricoh Co Ltd Information processing apparatus, authentication apparatus, external apparatus, method for acquiring certificate information, authentication method, method for providing function, program for acquiring certificate information, authentication program, function providing program, and recording medium
US8127366B2 (en) 2003-09-30 2012-02-28 Guardian Data Storage, Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US7703140B2 (en) 2003-09-30 2010-04-20 Guardian Data Storage, Llc Method and system for securing digital assets using process-driven security policies
CN1315268C (en) * 2003-11-07 2007-05-09 华为技术有限公司 Method for authenticating users
JP4836432B2 (en) * 2003-11-17 2011-12-14 株式会社リコー Document management system, document management apparatus, document management method, document management program, and recording medium
US20050114713A1 (en) * 2003-11-25 2005-05-26 Shawn Beckman Automated subscription and purchasing service for a data computing device
US7568098B2 (en) * 2003-12-02 2009-07-28 Microsoft Corporation Systems and methods for enhancing security of communication over a public network
US20050138371A1 (en) * 2003-12-19 2005-06-23 Pss Systems, Inc. Method and system for distribution of notifications in file security systems
CN1684426B (en) * 2004-04-14 2010-04-28 华为技术有限公司 Method for network service entity for managing session affairs mark and its correspondent information
GB2413744B (en) * 2004-04-29 2006-08-02 Toshiba Res Europ Ltd Personal information privacy
US7996673B2 (en) 2004-05-12 2011-08-09 Echoworx Corporation System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient
US20060004762A1 (en) * 2004-05-20 2006-01-05 Berning Ross A Electronic release of information method and apparatus
US7543146B1 (en) * 2004-06-18 2009-06-02 Blue Coat Systems, Inc. Using digital certificates to request client consent prior to decrypting SSL communications
US7707427B1 (en) 2004-07-19 2010-04-27 Michael Frederick Kenrich Multi-level file digests
US20070043766A1 (en) * 2005-08-18 2007-02-22 Nicholas Frank C Method and System for the Creating, Managing, and Delivery of Feed Formatted Content
JP2006155585A (en) * 2004-10-27 2006-06-15 Ricoh Co Ltd Document management service providing device, authentication service providing device, document management service providing program, authentication service providing program, recording medium, document management service providing method, and authentication service providing method
US20060168012A1 (en) * 2004-11-24 2006-07-27 Anthony Rose Method and system for electronic messaging via distributed computing networks
US7634280B2 (en) * 2005-02-17 2009-12-15 International Business Machines Corporation Method and system for authenticating messages exchanged in a communications system
US7840809B2 (en) * 2006-02-24 2010-11-23 Cisco Technology, Inc. Method and system for secure transmission of an encrypted media stream across a network
CA2649305C (en) * 2006-04-10 2014-05-06 Trust Integration Services B.V. Arrangement of and method for secure data transmission
JP2007323186A (en) * 2006-05-30 2007-12-13 Canon Inc Apparatus for creating print control data, print management device, and printer
US8572169B2 (en) * 2006-08-28 2013-10-29 Myspace, Llc System, apparatus and method for discovery of music within a social network
US20080270038A1 (en) * 2007-04-24 2008-10-30 Hadi Partovi System, apparatus and method for determining compatibility between members of a social network
US8332922B2 (en) * 2007-08-31 2012-12-11 Microsoft Corporation Transferable restricted security tokens
US8676998B2 (en) * 2007-11-29 2014-03-18 Red Hat, Inc. Reverse network authentication for nonstandard threat profiles
US7979909B2 (en) * 2007-12-03 2011-07-12 Wells Fargo Bank Application controlled encryption of web browser data
US20100274634A1 (en) * 2007-12-20 2010-10-28 Meyer Ifrah Method and system of conducting a communication
US20090165098A1 (en) * 2007-12-20 2009-06-25 Meyer Ifrah method of and system for conducting a trusted transaction and/or communication
CN101247223B (en) * 2008-03-06 2010-06-09 西安西电捷通无线网络通信有限公司 Practical entity bidirectional identification method based on reliable third-party
US8863234B2 (en) 2008-08-06 2014-10-14 The Boeing Company Collaborative security and decision making in a service-oriented environment
US8707387B2 (en) * 2008-10-22 2014-04-22 Personal Capital Technology Corporation Secure network computing
US20100268649A1 (en) * 2009-04-17 2010-10-21 Johan Roos Method and Apparatus for Electronic Ticket Processing
CN101539972B (en) * 2009-04-28 2012-08-29 北京红旗贰仟软件技术有限公司 Method for protecting electronic document information and system thereof
CN101645776B (en) 2009-08-28 2011-09-21 西安西电捷通无线网络通信股份有限公司 Method for distinguishing entities introducing on-line third party
CN101640593B (en) * 2009-08-28 2011-11-02 西安西电捷通无线网络通信股份有限公司 Entity two-way identification method of introducing the online third party
CN101674182B (en) 2009-09-30 2011-07-06 西安西电捷通无线网络通信股份有限公司 Entity public key acquisition and certificate verification and authentication method and system of introducing online trusted third party
US9406186B2 (en) * 2010-05-12 2016-08-02 Capital One Financial Corporation System and method for providing limited access to data
US9026650B2 (en) * 2012-10-04 2015-05-05 Innternational Business Machines Corporation Handling of website messages
US10489852B2 (en) 2013-07-02 2019-11-26 Yodlee, Inc. Financial account authentication
US10438185B1 (en) * 2014-12-31 2019-10-08 Square, Inc. Physical currency management
US10423920B1 (en) 2014-12-31 2019-09-24 Square, Inc. Physical currency management
GB2547025A (en) 2016-02-05 2017-08-09 Thales Holdings Uk Plc A method of data transfer, a method of controlling use of data and a cryptographic device
JP6897022B2 (en) * 2016-07-26 2021-06-30 富士フイルムビジネスイノベーション株式会社 Output devices, systems and programs
US11301847B1 (en) 2018-02-15 2022-04-12 Wells Fargo Bank, N.A. Systems and methods for an authorized identification system
US11438150B2 (en) 2019-02-07 2022-09-06 Red Hat, Inc. Constrained key derivation in linear space
US11387997B2 (en) 2019-02-07 2022-07-12 Red Hat, Inc. Constrained key derivation in geographical space
US11784809B2 (en) 2019-02-07 2023-10-10 Red Hat, Inc. Constrained key derivation in temporal space
US11329812B2 (en) 2019-02-07 2022-05-10 Red Hat, Inc. Constrained key derivation in miscellaneous dimensions
CN109902450B (en) * 2019-03-14 2023-01-24 成都安恒信息技术有限公司 Method for off-line permission issuing management
CN111311265B (en) * 2020-02-13 2023-07-25 布比(北京)网络技术有限公司 Blockchain private transaction proving method, blockchain private transaction proving device, computer equipment and storage medium

Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5191613A (en) * 1990-11-16 1993-03-02 Graziano James M Knowledge based system for document authentication
US5794207A (en) * 1996-09-04 1998-08-11 Walker Asset Management Limited Partnership Method and apparatus for a cryptographically assisted commercial network system designed to facilitate buyer-driven conditional purchase offers
US5892904A (en) * 1996-12-06 1999-04-06 Microsoft Corporation Code certification for network transmission
US5903882A (en) * 1996-12-13 1999-05-11 Certco, Llc Reliance server for electronic transaction system
US6009173A (en) * 1997-01-31 1999-12-28 Motorola, Inc. Encryption and decryption method and apparatus
US6122625A (en) * 1991-11-15 2000-09-19 Citibank, N.A. Apparatus and method for secure transacting
US6138107A (en) * 1996-01-04 2000-10-24 Netscape Communications Corporation Method and apparatus for providing electronic accounts over a public network
US6167378A (en) * 1997-01-21 2000-12-26 Webber, Jr.; Donald Gary Automated back office transaction method and system
US6219423B1 (en) * 1995-12-29 2001-04-17 Intel Corporation System and method for digitally signing a digital agreement between remotely located nodes
US6285991B1 (en) * 1996-12-13 2001-09-04 Visa International Service Association Secure interactive electronic account statement delivery system
US6324525B1 (en) * 1996-06-17 2001-11-27 Hewlett-Packard Company Settlement of aggregated electronic transactions over a network
US6341353B1 (en) * 1997-04-11 2002-01-22 The Brodia Group Smart electronic receipt system
US6341349B1 (en) * 1996-10-31 2002-01-22 Hitachi, Ltd. Digital signature generating/verifying method and system using public key encryption
US6363365B1 (en) * 1998-05-12 2002-03-26 International Business Machines Corp. Mechanism for secure tendering in an open electronic network
US6367009B1 (en) * 1998-12-17 2002-04-02 International Business Machines Corporation Extending SSL to a multi-tier environment using delegation of authentication and authority
US6397261B1 (en) * 1998-09-30 2002-05-28 Xerox Corporation Secure token-based document server
US6425011B1 (en) * 1998-10-16 2002-07-23 Fujitsu Limited Access administration method and device therefor to provide access administration services on a computer network
US6477513B1 (en) * 1997-04-03 2002-11-05 Walker Digital, Llc Method and apparatus for executing cryptographically-enabled letters of credit
US6539424B1 (en) * 1999-11-12 2003-03-25 International Business Machines Corporation Restricting deep hyperlinking on the World Wide Web
US6611812B2 (en) * 1998-08-13 2003-08-26 International Business Machines Corporation Secure electronic content distribution on CDS and DVDs
US20030177361A1 (en) * 2000-08-04 2003-09-18 Wheeler Lynn Henry Method and system for using electronic communications for an electronic contract
US6775782B1 (en) * 1999-03-31 2004-08-10 International Business Machines Corporation System and method for suspending and resuming digital certificates in a certificate-based user authentication application system
US6948063B1 (en) * 1999-12-23 2005-09-20 Checkfree Corporation Securing electronic transactions over public networks
US20060004670A1 (en) * 1999-09-24 2006-01-05 Mckenney Mary K System and method for providing payment services in electronic commerce
US7536336B1 (en) * 2000-05-19 2009-05-19 Paypal, Inc. Multi-party electronic transactions

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6609173B1 (en) * 2000-11-22 2003-08-19 Lsi Logic Corporation Compact disc emulation in a flash

Patent Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5191613A (en) * 1990-11-16 1993-03-02 Graziano James M Knowledge based system for document authentication
US6122625A (en) * 1991-11-15 2000-09-19 Citibank, N.A. Apparatus and method for secure transacting
US6219423B1 (en) * 1995-12-29 2001-04-17 Intel Corporation System and method for digitally signing a digital agreement between remotely located nodes
US6138107A (en) * 1996-01-04 2000-10-24 Netscape Communications Corporation Method and apparatus for providing electronic accounts over a public network
US6324525B1 (en) * 1996-06-17 2001-11-27 Hewlett-Packard Company Settlement of aggregated electronic transactions over a network
US5794207A (en) * 1996-09-04 1998-08-11 Walker Asset Management Limited Partnership Method and apparatus for a cryptographically assisted commercial network system designed to facilitate buyer-driven conditional purchase offers
US6341349B1 (en) * 1996-10-31 2002-01-22 Hitachi, Ltd. Digital signature generating/verifying method and system using public key encryption
US5892904A (en) * 1996-12-06 1999-04-06 Microsoft Corporation Code certification for network transmission
US5903882A (en) * 1996-12-13 1999-05-11 Certco, Llc Reliance server for electronic transaction system
US20010011255A1 (en) * 1996-12-13 2001-08-02 Alan Asay Reliance management for electronic transaction system
US6285991B1 (en) * 1996-12-13 2001-09-04 Visa International Service Association Secure interactive electronic account statement delivery system
US6167378A (en) * 1997-01-21 2000-12-26 Webber, Jr.; Donald Gary Automated back office transaction method and system
US6009173A (en) * 1997-01-31 1999-12-28 Motorola, Inc. Encryption and decryption method and apparatus
US6477513B1 (en) * 1997-04-03 2002-11-05 Walker Digital, Llc Method and apparatus for executing cryptographically-enabled letters of credit
US6341353B1 (en) * 1997-04-11 2002-01-22 The Brodia Group Smart electronic receipt system
US6363365B1 (en) * 1998-05-12 2002-03-26 International Business Machines Corp. Mechanism for secure tendering in an open electronic network
US6611812B2 (en) * 1998-08-13 2003-08-26 International Business Machines Corporation Secure electronic content distribution on CDS and DVDs
US6397261B1 (en) * 1998-09-30 2002-05-28 Xerox Corporation Secure token-based document server
US6425011B1 (en) * 1998-10-16 2002-07-23 Fujitsu Limited Access administration method and device therefor to provide access administration services on a computer network
US6367009B1 (en) * 1998-12-17 2002-04-02 International Business Machines Corporation Extending SSL to a multi-tier environment using delegation of authentication and authority
US6775782B1 (en) * 1999-03-31 2004-08-10 International Business Machines Corporation System and method for suspending and resuming digital certificates in a certificate-based user authentication application system
US20060004670A1 (en) * 1999-09-24 2006-01-05 Mckenney Mary K System and method for providing payment services in electronic commerce
US6539424B1 (en) * 1999-11-12 2003-03-25 International Business Machines Corporation Restricting deep hyperlinking on the World Wide Web
US6948063B1 (en) * 1999-12-23 2005-09-20 Checkfree Corporation Securing electronic transactions over public networks
US20050222953A1 (en) * 1999-12-23 2005-10-06 Checkfree Corporation Accessing information on a network using an extended network universal resource locator
US7536336B1 (en) * 2000-05-19 2009-05-19 Paypal, Inc. Multi-party electronic transactions
US20030177361A1 (en) * 2000-08-04 2003-09-18 Wheeler Lynn Henry Method and system for using electronic communications for an electronic contract

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060168019A1 (en) * 2004-12-10 2006-07-27 Doron Levy Method for discouraging unsolicited bulk email
US7577708B2 (en) * 2004-12-10 2009-08-18 Doron Levy Method for discouraging unsolicited bulk email
US20090254625A1 (en) * 2004-12-10 2009-10-08 Doron Levy Method for discouraging unsolicited bulk email
US7853660B2 (en) * 2004-12-10 2010-12-14 Doron Levy Method for discouraging unsolicited bulk email

Also Published As

Publication number Publication date
EP1317708A4 (en) 2008-03-19
US20020023208A1 (en) 2002-02-21
EP1317708A1 (en) 2003-06-11
CA2418740C (en) 2010-07-27
WO2002013016A9 (en) 2003-04-03
CA2418740A1 (en) 2002-02-14
AU2001284754B2 (en) 2008-01-10
US7266684B2 (en) 2007-09-04
WO2002013016A1 (en) 2002-02-14
AU8475401A (en) 2002-02-18
CN1529856A (en) 2004-09-15

Similar Documents

Publication Publication Date Title
US7266684B2 (en) Internet third-party authentication using electronic tickets
AU2001284754A1 (en) Internet third-party authentication using electronic tickets
US6367013B1 (en) System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US7162635B2 (en) System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US6105012A (en) Security system and method for financial institution server and client web browser
US6950809B2 (en) Facilitating a transaction in electronic commerce
US7003480B2 (en) GUMP: grand unified meta-protocol for simple standards-based electronic commerce transactions
US6934838B1 (en) Method and apparatus for a service provider to provide secure services to a user
US20070179903A1 (en) Identity theft mitigation
US20040059686A1 (en) On-line cryptographically based payment authorization method and apparatus
Kuechler et al. Digital signatures: A business view
Gripman Electronic document certification: A primer on the technology behind digital signatures
CN116195231A (en) Token fault protection system and method
Johner et al. Deploying a public key infrastructure
JP2024507376A (en) Identification information transmission system
Kovan SPP Secure Payment Protocol: Protocol Analysis, Implementation and Extensions
Gripman Electronic Document Certification: A Primer on the Technology Behind Digital Signatures, 17 J. Marshall J. Computer & Info. L. 769 (1999)
Von Solms et al. Information Security: Mutual Authentication in E-Commerce
Gautam Multifactor Authentication over PKI (Pubic Key Infrastructure)

Legal Events

Date Code Title Description
AS Assignment

Owner name: FIRST UNION CORPORATION, NORTH CAROLINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:JANCULA, JEFFREY JOHN;REEL/FRAME:019512/0368

Effective date: 20010808

Owner name: WACHOVIA CORPORATION, NORTH CAROLINA

Free format text: MERGER AND CHANGE OF NAME;ASSIGNOR:FIRST UNION CORPORATION;REEL/FRAME:019512/0409

Effective date: 20010831

Owner name: WACHOVIA CORPORATION, NORTH CAROLINA

Free format text: MERGER AND CHANGE OF NAME;ASSIGNOR:FIRST UNION CORPORATION;REEL/FRAME:019660/0036

Effective date: 20010831

AS Assignment

Owner name: WELLS FARGO & COMPANY, CALIFORNIA

Free format text: MERGER;ASSIGNOR:WACHOVIA CORPORATION;REEL/FRAME:022086/0787

Effective date: 20081230

Owner name: WELLS FARGO & COMPANY,CALIFORNIA

Free format text: MERGER;ASSIGNOR:WACHOVIA CORPORATION;REEL/FRAME:022086/0787

Effective date: 20081230

AS Assignment

Owner name: WELLS FARGO BANK, N.A., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WELLS FARGO & COMPANY;REEL/FRAME:022584/0267

Effective date: 20090218

Owner name: WELLS FARGO BANK, N.A.,CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WELLS FARGO & COMPANY;REEL/FRAME:022584/0267

Effective date: 20090218

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION