Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1998-09-28
2001-02-20
Stamber, Eric W. (Department: 2765)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S041000, C705S067000, C705S075000
Reexamination Certificate
active
06192349
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to performing secure transactions over an open communications link, such as internet connection, and more particularly, to the dispensing of electronic tickets or vouchers in performing such transactions.
BACKGROUND OF THE INVENTION
Electronic tickets, which can be used to obtain information, goods and services, can be dispensed over an internet connection. The most obvious example of a transaction using an electronic ticket would be the purchase of a train or airplane ticket. However, electronic tickets could also be used as vouchers for obtaining other goods or services. A transaction using a communications hookup not under control of the goods or service provider subjects the provider and his customer to a number of risks. The primary risk of providing a ticket on the internet would be the diverting of the ticket by a third party observing the transaction on the open connection. However, other risks exist for both the ticket provider and his customer.
Therefore, it is an object of the present invention to provide secure commercial transactions over a public communication network.
It is another object of the present invention to provide a method and apparatus for preventing stealing or fraud in connection with commercial transactions over the internet.
BRIEF DESCRIPTION OF THE INVENTION
In accordance with the present invention, a smart card, (a type of credit card containing storage capacity and processing ability preferably in the form of a microprocessor), is used to store an electronic ticket provided from the service provider's computer system to the customer's computer over an insecure communications line. Upon the request for a ticket from the customer's computer, the service provider's system transmits a ticket loading request token T
LR
to the customer's computer to be loaded into a smart card of the customer. The smart card responds to the ticket loading request token T
LR
by producing a ticket loading token T
L
containing a hash of the ticket loading request token T
LR
; the smart card's identifier T
ID
; a secret number G
C
and the ticket loading token T
L
′ from the previous transaction of the smart card. The hash signal is attached to the ticket loading token T
L
′ from the previous transaction and shipped back through the customer's computer to the ticket provider's system. The ticket provider's system then creates the electronic ticket containing the ticket information and a new hash or signature T
S
number, formed by hashing the ticket information with the hash number received from the customer, and returns it to the customer's smart card. The smart card checks the signature T
S
of the ticket and if it matches its own calculation of T
S
, accepts and stores the ticket. Once the ticket is accepted, the smart card changes T
L
′ to T
L
in preparation for the next transaction.
The above arrangement provides significant security from diversion and fraud. Third parties on the unsecured line cannot divert the electronic ticket unless they know the card's secret number. The customer cannot modify or duplicate the hash in the ticket information without knowing the secret number G
C
and cannot be obtained by interrogating of the smart card. Further, once the ticket is entered and T
L
′ changed to T
L
, the smart card will not accept another copy of the same ticket since its calculation of T
S
, will no longer match the signature T
S
of the ticket.
REFERENCES:
patent: 4935962 (1990-06-01), Austin
patent: 5309355 (1994-05-01), Lockwood
patent: 5491749 (1996-02-01), Rogaway
patent: 5754654 (1998-05-01), Hiroya et al.
patent: 5778071 (1998-07-01), Caputo et al.
patent: 5781723 (1998-07-01), Yee et al.
patent: 5850442 (1998-12-01), Muftic
patent: 0823694A1 (1996-08-01), None
Schneier, Bruce, Applied Cryptography, John Wiley & Sons, Inc., pp. 417-425, 1994.
Rankl W. & Effin W. Smart Card Handbook. New York: John Wiley & Sons 1997 pp. 82-84, 185 and 257.
Schneier, Bruce Applied Cryptography Second Edition New York: John Wiley & Sons 1996, p. 458.
Husemann Dirk
Kaiserwerth Matthias
International Business Machines - Corporation
Meinecke-Diaz Susanna
Murray James E.
Stamber Eric W.
LandOfFree
Smart card mechanism and method for obtaining electronic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Smart card mechanism and method for obtaining electronic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Smart card mechanism and method for obtaining electronic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2584292