Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
2003-02-01
2004-09-07
Barrón, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S176000, C713S170000, C380S282000, C380S285000, C705S071000
Reexamination Certificate
active
06789189
ABSTRACT:
BACKGROUND OF INVENTION
The present invention relates to an improved communication system in which electronic communications regarding accounts are digitally signed.
As used herein, an electronic communication (“EC”) is considered to be any communication in electronic form. ECs have become an integral part of transacting business today, especially with the growth of the Internet and e-commerce. An EC can represent, for example, a request for access to information or a physical area, a financial transaction, such as an instruction to a bank to transfer funds, or a legal action, such as the delivery of an executed contract.
Over recent years, digital signatures also have become an important part of e-commerce. The origination of a digital signature generally comprises: (1) the calculation of a message digest-such as a hash value; and (2) the subsequent encryption of the message digest. The message digest is encrypted by an electronic device generally using a private key of a public-private key pair used in asymmetric cryptography. The resulting ciphertext itself usually constitutes the digital signature, which typically is appended to the message to form the EC. The second part of originating the digital signature-encrypting with a private key-is referred to herein as “generating” the digital signature, and the combined two steps (i.e., calculating a message digest and encrypting with a private key) is referred to herein as “originating” the digital signature. Furthermore, while the generation of the digital signature is conventionally understood as the encryption of the message digest, it is contemplated herein that generating the digital signature also may include simply encrypting the message rather than the message digest. Digital signatures are important because any change whatsoever to the message in an EC is detectable from an analysis of the message and the digital signature. In this regard, the digital signature is used to “authenticate” a message contained within the EC (hereinafter referred to as “Message Authentication”).
For example, a message digest may be calculated by applying a hashing algorithm—such as the SHA-1 algorithm—to the message. Such hashing algorithm may be applied either within the device or external to the device with the resulting hash value then being transmitted to the device for generation of the digital signature. In order to perform the Message Authentication in this example, the recipient of the EC must know or be able to obtain both the identity of the hashing algorithm applied to the message as well as the public key (“PuK”) corresponding to the private key (“PrK”) used to encrypt the message digest. With this knowledge, the recipient applies the appropriate hashing algorithm to the message to calculate a hash value, and the recipient decrypts the digital signature using the public key. If the hash value calculated by the recipient equals the hash value of the decrypted digital signature, then the recipient determines that the content of the message contained in the EC was not altered in transmission, which necessarily would have changed the hash value.
In performing Message Authentication, the recipient also authenticates the sender of the EC, in so much as the recipient thereby confirms that the sender of the EC possessed the private key corresponding to the public key used successfully to authenticate the message. This is one type of entity authentication and is based on what the sender “has” (hereinafter referred to as “Factor A Entity Authentication”). Factor A Entity Authentication is useful when the recipient of the EC has trusted information regarding the identity of the owner of the private key.
This trusted information conventionally is provided based on a digital certificate issued by a trusted third party that accompanies the digital signature and binds the identity (or other attributes) of the private key owner with the public key. A digital certificate (also known as a “digital ID”) is a voucher by a third party (commonly referred to as a “Certification Authority”) attesting to the identity (or other attributes) of an owner of a public key. Essentially, digital certificates are the electronic counterparts to driver licenses, passports, membership cards, and other paper-based forms of identification. The digital certificate itself comprises an electronic message including a public key and the identity of the owner of the public key. A digital certificate also typically contains an expiration date for the public key, the name of the Certification Authority, a serial number of the digital certificate, and a digital signature of the Certification Authority. One of the reasons for an expiration date is to limit the liability for the Certification Authority due to the likelihood that attributes other than the identity may change over time. The most widely accepted format for digital certificates is defined by the CCITT X.509 international standard; thus, certificates can be read or written by any application complying with X.509. Based on a digital certificate included in an EC, a recipient is able to authenticate the digital certificate using a public key of the Certification Authority and thereby, presumably, confirm the identity of the owner set forth therein.
The system wherein a digital certificate is included in an EC comprises a “public key infrastructure” (PKI) commonly referred to as the “Certification Authority Digital Signature” (CADS) system. A particular implementation
100
of the CADS system in the context of an electronic transaction between a purchaser
102
and an online merchant
110
is illustrated in FIG.
1
. Under this system, a purchaser
102
using, for example, a computer
104
creates a purchase order in the form of an electronic message. The purchaser
102
includes in the message relevant account information of a financial institution
112
from which payment is to be made to the merchant
110
. The account information includes, for example, a credit card number and expiration date as well as the name on the card. Software on the purchaser's computer
104
then originates a digital signature for the message using a private key of the purchaser
102
safeguarded in the computer
104
. The software also maintains a digital certificate on the computer
104
issued by a Certification Authority
106
a
. The message, digital signature, and digital certificate then are combined into an EC, and the EC is communicated over the Internet
108
to the merchant
110
.
Upon receipt, the merchant
110
authenticates the message using the public key in the digital certificate. If successful, the merchant
110
then authenticates the digital certificate using a public key of the Certification Authority
106
a
. Successful authentication of the digital certificate may satisfy the merchant
110
that the purchaser—the sender of the EC—is the owner identified in the digital certificate. If the merchant
110
is so satisfied, then the merchant
110
submits the account information to the relevant financial institution
112
for an approval for payment to the merchant
110
from the account. Upon receipt from the financial institution
112
of approval for payment, the merchant
110
fills the purchase order of the purchaser
102
. Furthermore, confirmation of approval (or rejection) of the purchase order preferably is sent from the merchant
110
to the purchaser
102
.
Unfortunately, while the CADS system enables two parties who otherwise may not have a preexisting relationship with one another to communicate with each other with the confidence of knowing the other's identity, the CADS system does have its drawbacks. For example, a digital certificate typically is issued with an expiration date, and an expired digital certificate generally is not recognized in the industry. Furthermore, if a private key is lost or stolen, then the owner of the private key must notify the Certification Authority to revoke the owner's digital certificate; however, a recipient of an EC with a digital certificate will only know
Wheeler Anne M.
Wheeler Lynn Henry
Barrón Gilberto
First Data Corporation
Morris Manning & Martin LLP
Zand Kambiz
LandOfFree
Managing account database in ABDS system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Managing account database in ABDS system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Managing account database in ABDS system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3256561