Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1997-12-29
2003-05-13
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S185000, C707S793000, C707S793000, C382S305000
Reexamination Certificate
active
06564319
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a technique for compressing digital certificates. More particularly, the present invention relates to a technique for compressing digital certificates used in secure electronic transactions (SET) so that their memory requirements are minimized to permit more data, such as multiple certificates, to be stored on credit instruments having memory limitations, such as smart cards.
2. Description of the Related Art
A major drawback to the acceptance of electronic commerce has been public concerns over security on the Internet. Highly publicized instances of electronic eavesdropping, hackers breaking into military computers, etc., have reduced the public's trust in the Internet as a safe way to conduct business. Unless the public is convinced that it is safe to use their credit cards, debit cards or checks (in electronic form) to make transactions over the Internet, the Internet will not become a viable commercial vehicle.
To this end, a number of companies have been developing a highly secure set of protocols to gain the public's trust for electronic commerce. One of these protocols, known as SET (secure electronic transactions), combines encryption technology and digital signatures, provides for instant verification for merchants, and minimizes the amount of personal information (in the form of credit card numbers, etc.), that is exposed to parties involved in a SET transaction, including merchants.
SET relies on the use of digital certificates to authenticate the digital signature of the holder of an electronic/digital credit instrument with regard to a payment instruction. For the purpose of electronic commerce, a bank issues to its customers electronic/digital versions of credit instruments such as credit cards, debit cards, checks, etc. Data in the electronic credit instrument (known as a certificate), such as a credit card number, expiration date, etc., is encrypted or otherwise masked. The certificate also includes the customer's/consumer's digital signature key. When a consumer makes a purchase from a merchant over the Internet using a certificate which represents a credit card, the certificate is transmitted to the merchant, which transmits the certificate to the appropriate bank based on data contained in the certificate. The merchant never sees the data contained in the digital signature, and only has access to limited information contained in the certificate. However, the merchant can be relatively secure in the belief that the buyer is very likely the actual account holder for the credit instrument (brand) utilized to make the purchase, and that the buyer did in fact “sign” the payment instruction. Public key encryption permits the information to be communicated with minimal fear that electronic eavesdroppers can decrypt the data contained in the data transfer over the Internet. The bank approves the transaction by verifying the digital signature, determining that the account is active and in good standing, that sufficient funds are in the consumer's account/the consumer has not gone over his credit limit, etc., and sending the merchant an indication of the approval. The merchant is credited by the bank in the amount of the transaction, and the bank debits the consumer's account.
In the United States in 1997, most consumers are involved in a form of electronic commerce every day through the use of their credit cards, debit cards, check cards and ATM cards. These cards utilize a magnetic strip to store consumer account data. However, this magnetic strip can contain only a minimal amount of data (on the order of 100 bytes) which can easily be copied onto a fraudulent card. While 100 bytes is enough to store basic account information such as an account number, an account name, an expiration date, etc., for one or two accounts, magnetic strip cards do not provide sufficient storage to store information for multiple accounts, much less an encrypted digital certificate. While magnetic strip cards are relatively inexpensive, costing less than a dollar each, they have no ability to perform processing or interact with the merchant or card holder in any other way, or provide storage for any other purpose.
In other parts of the world, especially Europe, smart cards have gained wide acceptance. Smart cards have several times the storage capacity of common American magnetic strip cards, and often have logic built in which makes the smart cards extremely difficult to compromise without detection by the card holder. Smart cards are protected by PINs (personal identification numbers), so account information cannot be divulged without the cooperation of the cardholder. More sophisticated smart cards contain a secret symmetric key which can be used to sign a payment instruction upon PIN entry. Only the bank knows the actual secret key on the smart card, and it can verify that the cardholder agreed to a given payment instruction. The strength of this scheme is that the account number is never divulged to a merchant, and thus, cannot be replayed for fraudulent purposes. However, smart cards are several times the cost of a common American credit card, several dollars versus less than a dollar.
The most sophisticated smart cards, called “multifunction cards,” can be programmed for many onboard applications, including public key signatures. One of the requirements of SET is that when a cardholder submits a payment instruction to a merchant, the cardholder implementation must provide its own certificate. In addition to its own certificate, the cardholder implementation must provide the certificate of the certificate authority which signed the cardholder certificate, called the certificate issuer. Furthermore, every issuer up to and including the SET Root Certificate must be included. Collectively, these certificates are referred to as the certificate chain. These smart cards are several times the cost of a common smart card, currently about $10-$25 dollars versus several dollars, and still lack enough storage to hold more than one consumer certificate and all of the certificates in the hierarchical certificate chain.
Given the growing popularity of SET, the limited storage space available on magnetic strip cards, and the proven effectiveness of smart cards, it makes sense to use SET in combination with smart cards. But given the cost of smart cards, an effective way is needed to store more than one credit instrument/SET certificate on a single smart card. Accordingly, a need has developed for a technique for storing multiple certificates on a single smart card or any credit instrument for which storage is limited.
SUMMARY OF THE INVENTION
An object of the present invention is to provide a technique for storing more than one certificate on a conventional smart card.
Another object of the present invention is to provide a technique for storing multiple certificate-based credit instruments in a single smart card.
Yet another object of the invention is to provide a technique for providing enhanced security for smart card transactions.
Still another object of the present invention is to enable the same type of secure transactions for both Internet-based transactions and card-based transactions.
Other objects and advantages of the present invention will be set forth in part in the description and the drawings which follow, and, in part, will be obvious from the description or may be learned by practice of the invention.
To achieve the foregoing objects, and in accordance with the purpose of the invention as broadly described herein, the present invention provides a software implemented process for use in a computing environment for compressing certificate data from a certificate chain, comprising first subprocesses for selecting a first certificate in the certificate chain for processing; second subprocesses for determining a certificate template which corresponds to the selected certificate; third subprocesses for determining and storing the differences between the selected certific
Peters Mark E.
Salmon Parley Avery
DiLorenzo Anthony
Doudnikoff Gregory M.
Hayes Gail
International Business Machines - Corporation
LandOfFree
Technique for compressing digital certificates for use in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Technique for compressing digital certificates for use in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Technique for compressing digital certificates for use in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3063233