Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1998-03-06
2001-03-06
Trammell, James P. (Department: 2764)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C380S001000, C380S029000, C380S029000, C380S029000, C235S380000
Reexamination Certificate
active
06199052
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to secure electronic transactions and, more particularly, to electronic transactions that use a trusted intermediary to provide improved privacy, authentication, and non-repudiation.
2. Discussion of Related Art
To date, businesses have primarily used paper-based systems to deliver documents. Though there is increasing acceptance of electronic mail (e-mail) to deliver electronic messages, it is considered undesirable for certain transactions, particularly the delivery of important documents. Much of the criticism has focused on e-mail's deficiencies with regard to privacy, authentication, and non-repudiation.
Under conventional e-mail, an electronic eavesdropper can monitor the relevant communication medium and determine the contents of the message. Thus, the system lacks privacy. Moreover, there is no assurance that a received e-mail message has not been tampered with while it was in transit or that the message indeed originated from the indicated sender. Furthermore, though conventional e-mail has an ability to provide acknowledgements to a sender that a message has been received, the acknowledgments may be easily circumvented or falsified, and thus message receipt or delivery may be repudiated.
Secure e-mail systems have been proposed but are believed to be unsatisfactory in certain regards. For example, though secure e-mail encrypts the content of a message, the sender's and receiver's identity may be determined with electronic eavesdropping techniques. In many instances, this information in itself is important and needs to be protected.
Micali has disclosed techniques that may be used to form electronic message systems that provide “simultaneous electronic transactions,” or SETs. See, e.g., U.S. Pat. Nos. 5,553,145 and 5,666,420. A SET is disclosed as an “electronic transaction that is simultaneous at least in a logically equivalent way, namely, it is guaranteed that certain actions will take place if and only if certain other actions take place.” See, e.g., U.S. Pat. No. 5,553,145 at Col. 7, lines 52-55. “Simultaneity is guaranteed, rather than being just highly probable.” See, e.g., U.S. Pat. No. 5,553,145 at Col. 8, lines 55-6. Under one arrangement a third party is used to facilitate the exchange of an encrypted message and a receipt, only if needed, i.e., one of the participants does not follow the protocol. U.S. Pat. No. 5,666,420 Under another arrangement, the third party is always visible and used to facilitate the exchange of encrypted messages for receipts. U.S. Pat. No. 5,553,145.
Micali includes only method claims and in this regard it is not clear whether Micali considers the disclosures as enabling to systems or devices. The techniques are disclosed at a generalized level with many variants, but there is essentially no disclosure of the devices, software, or specific algorithms. Thus, there is little or no disclosure on how to implement such a system in a real world context that must address regulatory concerns of encryption. Likewise, there is little or no disclosure of how to integrate the disclosed techniques with existing e-mail systems. These systems represent a large sunk cost both in terms of equipment and user-training.
There is a need in the art for an electronic message system that provides privacy, authentication of participants, and non-repudiation. There is, moreover, a particular need for an electronic message system in which it is difficult to detect that a given sender is sending a message to a given recipient. Preferably, the system should be adaptable to easily address the various regulatory requirements concerning encryption, and preferably, the system should address the myriad of ways in which users receive conventional e-mail.
SUMMARY
Through the use of a trusted intermediary and a novel combination of cryptography techniques, an exemplary embodiment of the invention provides privacy, authentication, and protection against repudiation. Besides protecting the contents of an electronic message, an exemplary embodiment prevents an eavesdropper from being able to determine that a given sender is communicating with a given recipient. In addition, an exemplary embodiment authenticates that the contents of a message have not been altered in transit and authenticates the identities of all involved parties. Lastly, the use of an intermediary allows many desirable services to be incorporated into the system, such as delivery tracking, insurance, electronic notary services, and the like. (“Electronic notary services” as used in this document does not imply any attestation; instead, the term implies that a transaction time, contents, and parties are authenticated.)
According to certain embodiments a system for, and method of, securely transmitting a message from a sender to a recipient, via an intermediary, are provided. The sender, in response to a message transmit request from a user, forms an encrypted version of the message. The encrypted version includes an inner envelope, containing the message in an encrypted form decryptable by the recipient, and an outer envelope, containing the encrypted inner envelope, a unique ID all in an encrypted form decryptable by the intermediary. The sender, in response to a verification request, forms a verification request package containing information identifying the desired verification request and the desired ID and transmits the verification request package to the intermediary. The intermediary receives the encrypted version of the message and creates and transmits a new version thereof to the recipient. The intermediary receives confirmation results from the recipient, and includes it in an archive. The archive includes a collection of state records, including one record for each ID. The state records include data indicative of the status of a transmission associated with the ID. The intermediary updates the state records in response to confirmation results and can retrieve state records associated with an ID. The recipient receives the new version of the encrypted version of the message, and sends a confirmation message, including confirmation results, to the intermediary, indicative of the level of success in decrypting the message.
REFERENCES:
patent: 5544255 (1996-08-01), Smithies et al.
patent: 5553145 (1996-09-01), Micali
patent: 5629982 (1997-05-01), Micali
patent: 5642419 (1997-06-01), Rosen
patent: 5666420 (1997-09-01), Micali
patent: 5673316 (1997-09-01), Auerbach et al.
patent: 5790665 (1998-08-01), Micali et al.
patent: 5838814 (1998-11-01), Moore
patent: 5883956 (1999-03-01), Le et al.
Donal O' Mahony et al, Electronic Payment Systems, pp. 35-36, May 1997.
Chaum (1989)Security and Protection in Information Systems, Elsevier Science Publishers B.V. pp. 239-241.
Chaum (1981)Communications of the AMC23(2):84-87.
Even et al. (1985)Communications of the AMC28(6):637-647.
Muftic (1990)Computers&Security9:245-255.
Rabin (1983)Journal of Computer and Systems Sciences27:256-267.
Blum (1983)ACM Transactions on Computer Systems1:175-193.
Vazirani et al. (1983)Proceedings of the 24th IEEE Symposium on of Foundations of Computer Sciencepp. 23-30.
Document No. 98506/66 Ser. No. 09/036,278 Filing date Mar. 6, 1998 Status Pending.
Document No. 98506/06 Ser. No. 09/036,175 Filing date Mar. 6, 1998. Status Pending.
Document No. 98506/67 Ser. No. 09/036,280 Filing date Mar. 6, 1998 Status Pending.
Cantone Michael Robert
Mitty Todd Jay
Rolfe Andrew Robert
Shoupp Douglas Scott
Deloitte & Touche USA LLP
Kramer Levin Naftali & Frankel LLP
Tesfamariam Mussie K.
Trammell James P.
LandOfFree
Secure electronic transactions using a trusted intermediary... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure electronic transactions using a trusted intermediary..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure electronic transactions using a trusted intermediary... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2503381