WO2004066109A2 - Secure system for digital signatures and methods for use thereof - Google Patents

Secure system for digital signatures and methods for use thereof Download PDF

Info

Publication number
WO2004066109A2
WO2004066109A2 PCT/US2004/000685 US2004000685W WO2004066109A2 WO 2004066109 A2 WO2004066109 A2 WO 2004066109A2 US 2004000685 W US2004000685 W US 2004000685W WO 2004066109 A2 WO2004066109 A2 WO 2004066109A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
digital
tin
transaction
information
Prior art date
Application number
PCT/US2004/000685
Other languages
French (fr)
Other versions
WO2004066109A3 (en
Inventor
Jeffrey Edward Friend
Original Assignee
Inlet Ip Holdings Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inlet Ip Holdings Llc filed Critical Inlet Ip Holdings Llc
Publication of WO2004066109A2 publication Critical patent/WO2004066109A2/en
Publication of WO2004066109A3 publication Critical patent/WO2004066109A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • G06Q20/123Shopping for digital content
    • G06Q20/1235Shopping for digital content with control of digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • a system and method for creating and processing digital signatures More specifically, a system and method for enhancing the security of electronic commerce transactions through use of a transaction identification number capable of operating as both a proxy account number and digital signature.
  • Digital signatures are destined to play a critical role in the future of electronic commerce.
  • the integrity of electronic transactions and the Internet marketplace as a whole depends on the ability to reliably authenticate the various parties to a transaction and to conectly identify and account for the information exchanged between them.
  • DRM Digital Rights Management
  • One important area of application for digital signatures is Digital Rights Management (DRM), the business involved with mass distribution of proprietary digital content over the Internet (e.g. music, movies, games, digital telephone jingles, video, photographs, software, news & magazine articles, research data, tickets, coupons, etc.).
  • DRM Digital Rights Management
  • DRM The primary purpose of DRM is to establish a system for controlling distribution so as to guarantee the maximum return on value of digital content for content distributors, owners and creators. Naturally, a big part of this is the need for security protections to guard against unauthorized use and distribution of licensed digital content.
  • VOIP Voice-over- Internet-Protocol
  • the invention may be ideally suited for use in conjunction with a DRM system and the purchase, leasing or rental of licensed digital content as well as other described alternative embodiments, it is to be understood that one or more of the innovations disclosed herein are likely to be generally applicable to other digital data environments and applications not necessarily involving licensed digital content or the other described alternative embodiments.
  • the invention is also not to be limited by use of the description "user digital signature" and may in fact be implemented on behalf of entities other than individual users (e.g. companies, clubs, groups, governmental bodies, network systems, operating systems, software clients or agents, central processing units, etc.).
  • the present invention provides for the enhancement of security for electronic commerce transactions through use of a transaction identification number (TIN) capable of operating as a proxy or "limited use" user account number (e.g. credit or debit card, checking, telephone, social security, etc.) and also a user digital signature.
  • TIN transaction identification number
  • the invention further provides for embodiments in which the user digital signature is able to be embedded in the digital content in the course of the transaction.
  • the runtime cycle of an application operating in conjunction with a user computerized device is used as a measure for signaling the start of the digital signing process.
  • the runtime cycle of a microprocessor is used as a measure for signaling the start of the digital signing process.
  • actual time is used as a measure for signaling the start of the digital signing process.
  • Another aspect of the invention provides for a user digital signature to function as a digital "hall pass” or password for facilitating secure user access to web sites featuring subscription-based, "pay per view” or “pay per use” digital content.
  • the user digital signature is also able to operate as a key useful in facilitating the transfer of push media messages (e.g. target email, instant messaging, telemarketing phone calls) from merchants (e.g. digital content providers) to users.
  • a TIN in conjunction with postage, cunency notes and tracking labels.
  • Various embodiments provide for the TIN to be printed in the form of a barcode or matrix code or alternatively recorded electronically with an electronic product code (EPC) stored on a Radio Frequency Identification (RFID) tag.
  • EPC electronic product code
  • RFID Radio Frequency Identification
  • the package identification number useful in identifying groups of TIN-enabled postage stamps packaged for sale.
  • the package identification number comprises a unique range identifier reflecting the range of sequentially ordered random and/or variable identifier portions.
  • Another aspect of the invention provides for facilitating payment transactions involving TIN-enabled postage, cunency or tracking labels in which verifiable personal information presented by the buyer and/or other personal information either available to the seller or acquired during the transaction is recorded to database in conjunction with TIN(s) or the package identification number of a purchased package of postage stamps.
  • Another aspect of the invention provides a system and method for identifying TIN-enabled postage, cunency or tracking labels either from a physical item or by searching a database containing TIN records.
  • FIG. 1 illustrates an example of one embodiment of the TIN in the form of a 16-digit proxy account number (e.g. credit or debit card account) with an embedded message authentication code (MAC) and date and/or time stamp.
  • MAC embedded message authentication code
  • FIG. 2 illustrates an embodiment of that aspect of the invention involved with the creation of an embedded MAC from various input parameters.
  • FIG. 3 illustrates components of a system in accord with an embodiment of the present invention for creating and processing digital signatures.
  • FIG. 4 illustrates an embodiment of that aspect of the invention involved with digitally signing various data types (e.g. DOIs, URLs, metadata), services (e.g. email) and dynamic mechanisms (e.g. Java applet, as part of the process of resolving a DOI through use of the "Handle System” either through direct input from the user or through the use of an agent.
  • data types e.g. DOIs, URLs, metadata
  • services e.g. email
  • dynamic mechanisms e.g. Java applet, as part of the process of resolving a DOI through use of the "Handle System” either through direct input from the user or through the use of an agent.
  • FIG. 5 is an illustration useful in describing that aspect of the invention involved with the use of the runtime cycle of an application (e.g. movie, song, video game, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures.
  • an application e.g. movie, song, video game, etc.
  • FIG. 5 A illustrates an embodiment of the invention involved with the use of a runtime cycle of a microprocessor as a measure for signaling the start of a process involving the creation and application of digital signatures.
  • FIG. 5B illustrates an embodiment of the invention involved with the use of time as a measure for signaling the start of a process involving the creation and application of digital signatures.
  • FIG. 6 illustrates steps involved with one embodiment of a method for using the runtime cycle of an application (e.g. movie, song, video game, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures.
  • FIG. 6A illustrates steps involved with one embodiment of a method for using clock signal activation as a means for signaling the start of a process involving the creation and application of digital signatures.
  • FIG. 7 illustrates steps involved with one embodiment of a method for verifying the identity of the "user of record" for signed digital content
  • FIG. 8 illustrates one embodiment of a user principal with a date stamp and time stamp.
  • FIG. 9 illustrates an embodiment of a postage stamp with an encoded TIN in the form of a 2-Dimensional matrix code.
  • FIG. 10 illustrates an embodiment of a package identification number used to identify a package of TIN-enabled postage stamps.
  • FIG. 11 illustrates an embodiment of an electronic realizable package identification number in the form of a barcode.
  • FIG. 12 illustrates an embodiment of those components of a system useful in facilitating the electronic interpretation of information specific to dispensed cunency notes during an ATM transaction.
  • FIG. 13 illustrates an embodiment of a method useful in facilitating the e lectronic interpretation of information specific to dispensed cunency notes during an ATM transaction.
  • FIG. 14 illustrates an embodiment of a method useful in recording to a central circulation database that information specific to dispensed cunency notes in conjunction with personal information of the receiver of record.
  • FIG. 15 illustrates an embodiment of a transaction record transmitted to the central circulation database containing the buyer personal information and the TIN(s) or Range Identifier.
  • FIG. 16 illustrates a flowchart of a method for searching a central circulation database in an effort to identify the buyer of record of a TIN-enabled stamp used in mailing a deliverable item.
  • FIG. 17 illustrates an embodiment of those steps involved with the method of processing passengers during ticketing.
  • FIG. 1 illustrates an example of one embodiment of a transaction identification number (TIN) in the form of a 16-digit proxy account number (e.g. credit or debit card account) with an embedded message authentication code (MAC) and a date stamp and time stamp.
  • TIN transaction identification number
  • MAC embedded message authentication code
  • the example shown includes a single-digit lead-in identifier useful in identifying the card network (e.g. Visa or Mastercard), a seven-digit bank identification number (BIN) useful in identifying the card issuer, a four-digit user (customer) identification number, and a single-digit checksum compliant with conventional card network operations.
  • the card network e.g. Visa or Mastercard
  • BIN bank identification number
  • customer customer identification number
  • checksum compliant with conventional card network operations.
  • the TIN as illustrated represents an improvement to similar proxy account numbers contained in existing and pending U.S. patents.
  • U.S. Patent 6,000,832 entitled "Electronic online commerce card with customer generated transaction proxy number for online transactions.”
  • Alternative embodiments of the present invention provide for various combinations comprising one or more of the featured identifiers in varying order and for those identifiers to inhabit varying lengths of fields that could have a total length equal to, less than, or greater than 16 digits.
  • one alternative embodiment could involve a TIN comprising a user identifier portion, a multiple-digit MAC portion, a date stamp portion and time stamp portion. This would be applicable in the scenario in which the TIN would not be required to conform to the attributes of a proxy credit or debit card number for the purpose of facilitating electronic payment.
  • date stamp might take the form of a year expressed in terms of "99” instead of the illustrated "1999” and a time stamp expressed in hours and minutes instead of the illustrated "120000” showing hours, minutes and seconds.
  • time stamp expressed in hours and minutes instead of the illustrated "120000” showing hours, minutes and seconds.
  • milliseconds or other fractional time representations to be included. There is also the possibility of either just a date stamp portion or a time stamp portion.
  • the TIN might also include other information fields for identifiers not featured.
  • a merchant e.g. digital content provider
  • merchant agent e.g. acquirer processor
  • identifier portion in addition to other identifier portions (e.g. transaction authorization number).
  • Another alternative embodiment could involve a random and/or variable identifier portion comprising an alphanumeric or extended character set string in addition to other identifier portions.
  • a TIN could comprise a ten digit telephone number or substitute proxy account number with an MAC and a date stamp and time stamp.
  • FIG. 2 illustrates an embodiment of that aspect of the invention involved with the creation of a MAC from various input parameters.
  • the MAC is generated as a function of various inputs from a list including a user private or secret key, user-specific information (e.g. name, account number, etc.) and transaction specific data [e.g.
  • transaction amount merchant ID
  • goods or services IDs including Digital Object Identifier (DOI), Electronic Product Code (EPC), Uniform Resource Locator (URL), identifiers for services such as email and dynamic mechanisms such as Java applets and Common Gateway Interface (CGI) Scripts
  • DOI Digital Object Identifier
  • EPC Electronic Product Code
  • URL Uniform Resource Locator
  • identifiers for services such as email and dynamic mechanisms such as Java applets and Common Gateway Interface (CGI) Scripts
  • CGI Common Gateway Interface
  • biometric information either previously stored to memory or gathered as part of an ongoing electronic commerce transaction.
  • a computerized device e.g. smart card
  • an integrated biometric sensor with means of creating a real-time digital scan of a thumb or fingerprint and comparing the result to a scan securely stored within the smart card.
  • Another embodiment involves the creation of a real-time digital scan of a thumb or fingerprint and transferring the result for second or third party verification during the course of an electronic commerce transaction.
  • Another embodiment for inputting biometric information involves the creation of digital scan from a user's voice. This could be accomplished by storing a voice scan with the merchant or a trusted third party (e.g. bank). This scan could then be compared to one created in real time from a user's voice recorded while talking during the placement of an order for digital content over the telephone or a scan created prior to a transaction by having a user speak into an enabled computerized device.
  • a trusted third party e.g. bank
  • biometric information e.g. retina scan, facial scan, digital photograph and video, etc.
  • various means for incorporating such information for use with the present invention will be obvious to those skilled in the art.
  • the alternatives involving the input of biometric information makes another embodiment possible in which no private key is used to render the MAC, only one or more of other various inputs.
  • FIG. 3 illustrates components of a system in accord with an embodiment of the present invention for creating and processing digital signatures.
  • Card Issuer or Agent Host Computer(s) 300 Central to this system is Card Issuer or Agent Host Computer(s) 300 in which those processes are housed to meet the various requirements of the invention.
  • the card issuer agents might include other types of card-issuing institutions, such as credit card companies, card sponsoring companies, or third party issuers under contract with financial institutions.
  • other participants may be involved in some phases of the tiansaction such as intermediary settlement institutions collectively represented as Bank Network 312.
  • Card Issuer or Agent Host Computer(s) 300 Operating in conjunction with Card Issuer or Agent Host Computer(s) 300 is an account manager and a user database.
  • the account manager is preferably implemented in software that executes on Card Issuer or Agent Host Computer(s) 300, such as a relational database that manages the user database.
  • Also operating in conjunction with Card Issuer or Agent Host Computer(s) 300 is a Transaction Number Identifier, a MAC Coding Unit and Comparator, and a traditional Processing System.
  • IVR Interactive
  • Voice Response Unit 301 and Wired and/or Wireless Telecommunications Network
  • Computer(s) 311 connects via Bank Network 312 and Wired and/or Wireless
  • Telecommunications Network 303 to IVR 309 and Merchant or Agent Host Computer(s) 311; connects via Bank Network 312 and Wired and/or Wireless Telecommunications Network 303 and Internet 304 to Server(s) 310 and Merchant or Agent Host Computer(s) 311.
  • system illustrated in FIG. 3 may be further adapted to take the form of other types of networks such as an interactive cable or satellite television network.
  • the prefened hardware and operating environment for implementing the invention includes a general purpose computing device in the form of Merchant and/or Agent Host Computer(s) 311 and Merchant and or Agent HTTP Server(s) 310 and User Computerized Device(s) 306 each preferably comprising a processing unit, a system memory and a system bus that operatively couples various system components, including the system memory, to the processing unit. There may be only one or there may be more than one processing unit, such that the processor of the
  • Computerized Device(s) 306 comprises a single central-processing unit (CPU), or a plurality of processing units, commonly refened to as a parallel processing environment.
  • User Computerized Device(s) 306 each may be a conventional computer, a distributed computer, or any other type of computer; the invention is not so limited.
  • a computer typically includes one or more processing units as its processor, and a computer-readable medium such as a memory.
  • the computer may also include a communications device such as a network adapter or a modem, so that it is able to communicatively couple to other computers.
  • HTTP Server(s) 310 are able be performed within the system collectively refened to as Merchant or Agent Host Computer(s) 311.
  • the system bus may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
  • the system memory may also be refened to as simply the memory, and includes read only memory (ROM) and random access memory (RAM).
  • ROM read only memory
  • RAM random access memory
  • BIOS basic input/output system
  • Merchant or Agent Host Computer(s) 311 and User Computerized Device(s) 306 further includes a hard disk drive for reading from and writing to a hard disk, a magnetic disk drive for reading from or writing to a removable magnetic disk, and an optical disk drive for reading from or writing to a removable optical disk such as a CD ROM or other optical media.
  • the hard disk drive, magnetic drive, and optical disk drive are connected to the system bus by a hard disk drive interface, a magnetic disk drive interface, and an optical disk drive interface, respectively.
  • the drives and their associated computer-readable media provide nonvolatile storage of computer-readable instructions, data structures, program modules and other data for Merchant or Agent Host Computer(s) 311 and User Computerized Device(s) 306. It should be appreciated by those skilled in the art that any type of computer-readable media that can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, RAMs, ROMs, and the like, may be used in the prefened operating environment.
  • a number of program modules may be stored on the hard disk, magnetic disk, optical disk, ROM, or RAM, including the operating system, one or more application programs, other program modules and program data.
  • a user may enter commands and information into User Computerized Device(s) 306 through input devices such as a keyboard and pointing device. Other input devices may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit through a serial port interface that is coupled to the system bus, but may be comiected by other interfaces, such as a parallel port, game port, or a universal serial bus (USB).
  • a monitor or other type of display device is also connected to the system bus via an interface, such as a video adapter.
  • computers typically include other peripheral output devices such as speakers and printers.
  • User Computerized Device(s) 306 may operate in a networked environment using logical connections to one or more remote computer(s) collectively described as User Computerized Device(s) 306. These logical connections are achieved by a communication device coupled to or a part of User Computerized Device(s) 306; the invention is not limited to a particular type of communications device.
  • the remote computer(s) may be another computer, a server, a router, a network PC, a client, a peer device or other common network node, and typically includes many or all of the elements described above relative to User Computerized Device(s) 306 and Merchant or Agent Host Computer(s) 311.
  • the logical connections include a local-area network (LAN) and a wide-area network (WAN). Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
  • User Computerized Device(s) 306 when used in a LAN-networking environment, User Computerized Device(s) 306 is connected to the local network through a network interface or adapter, which is one type of communications device.
  • User Computerized Device(s) 306 When used in a WAN- networking environment, User Computerized Device(s) 306 typically includes a modem, a type of communications device, or any other type of communications device for establishing communications over the wide area network, such as the Internet.
  • the modem which may be internal or external, is connected to the system bus via the serial port interface.
  • program modules depicted relative to User Computerized Device(s) 306, or portions thereof, may be stored in the remote memory storage device, one example being Smart Card 307.
  • Merchant or Agent Host Computer(s) 311 comprise an information server and an application/control server in addition to HTTP Server(s) 310.
  • the information server is coupled to User Computerized Device(s) 306 via Wired and/or Wireless Telecommunications Network 303 and Internet 304 using a Real Time Protocol (RTP) link.
  • RTP Real Time Protocol
  • the information server is coupled to the application/control server via a server information bus.
  • the three described server functions may be implemented in separate physical entities with physical communication links forming their interconnection. Alternatively, various combinations of these functions can be implemented in a single physical server system.
  • HTTP Server(s) 310 is coupled to User Computerized Device(s) 306 via a communication information bus. It should be noted that HTTP Server(s) 310 provides navigation and selection functions in the present implementation of the invention. Furthermore, the application control server provides for VCR control functions via a VCR Control connection.
  • HTTP Server(s) 310 are those custom-written applications able to carry out the various functions of the invention.
  • Computerized Device(s) 306 contain those custom-written applications necessary for perform the various functions.
  • Preferably, among these applications is Messaging Application Programming Interface (MAPI) with supporting directories.
  • MMI Messaging Application Programming Interface
  • the information server comprises a CPU(s), ROM, RAM, an I/O adapter, storage devices including disk storage, a communications stack and a communications adapter, each coupled via an information bus.
  • the I/O adapter is coupled to the storage devices including disk storage.
  • the communications adapter is coupled to User Computerized Device(s) 306 via Wired and/or Wireless Telecommunications Network 303 and Internet 304 using an RTP link.
  • User Computerized Device(s) 306 comprises a CPU that is able to authenticate the identity of the boot block and operating system (OS) components that have been loaded into the computer, and to provide quoting and secure storage operations based on this identity.
  • OS operating system
  • the CPU in User Computerized Device(s) 306 has a processor and also can have a cryptographic accelerator.
  • the CPU is capable of performing cryptographic functions, such as signing, encrypting, decrypting, and authenticating, with or without the accelerator assisting in intensive mathematical computations commonly involved in cryptographic functions.
  • the manufacturer equips the CPU with a pair of public and private keys that is unique to the CPU.
  • the CPU's public key is refened to as "Ksub.CPU” and the conesponding private key is refened to as "K.sub.CPU.sup.-l".
  • Other physical implementations may include storing the key on an external device to which the main CPU has privileged access (where the stored secrets are inaccessible to arbitrary application or operating systems code).
  • the private key is never revealed and is used only for the specific purpose of signing stylized statements, such as when responding to challenges from a digital content provider.
  • the manufacturer also issues a signed certificate testifying that it produced the CPU according to a known specification.
  • the certificate test ifies that the manufacturer created the key pair, placed the key pair onto the CPU, and then destroyed its own knowledge of the private key K.sub.CPU.sup.-l . In this way, only the CPU knows the CPU private key K.sub.CPU.sup.-l; the same key is not issued to other CPUs and the manufacturer keeps no record of it.
  • the certificate can in principle be stored on a separate physical device associated with the processor but still logically belongs to the processor with the conesponding key.
  • the manufacturer has a pair of public and private signing keys, Ksub.MFR and K.sub.MFR.sup.-l .
  • the private key K.sub.MFR.sup.-l is known only to the manufacturer, while the public key Ksub.MFR is made available to the public.
  • the manufacturer certificate contains the manufacturer's public key
  • K.sub.MFR the CPU's public key Ksub.CPU, and the above testimony.
  • the manufacture signs the certificate using its private signing key, K.sub.MFR.sup.-l, as follows:
  • K.MFR Certifies-for-Boot, Ksub.CPU
  • K.sub.MFR.sup.-l cryptographic functions such as signing, encrypting, decrypting, and authenticating, with or without the accelerator assisting in intensive mathematical computations commonly involved in cryptographic functions.
  • the manufacturer equips the CPU with a pair of public and private keys that is unique to the CPU.
  • the CPU's public key is refened to as "K. sub. CPU” and the conesponding private key is refened to as "Ksub.CPU.sup.-l".
  • Other physical implementations may include storing the key on an external device to which the main CPU has privileged access (where the stored secrets are inaccessible to arbitrary application or operating systems code).
  • the private key is never revealed and is used only for the specific purpose of signing stylized statements, such as when responding to challenges from a digital content provider.
  • the manufacturer also issues a signed certificate testifying that it produced the CPU according to a known specification.
  • the certificate test ifies that the manufacturer created the key pair, placed the key pair onto the CPU, and then destroyed its own knowledge of the private key K.sub.CPU.sup.-l .
  • the certificate can in principle be stored on a separate physical device associated with the processor but still logically belongs to the processor with the conesponding key.
  • the manufacturer has a pair of public and private signing keys, Ksub.MFR and Ksub.MFR.sup.-l .
  • the private key K.sub.MFR.sup.-l is known only to the manufacturer, while the public key Ksub.MFR is made available to the public.
  • the manufacturer certificate contains the manufacturer's public key Ksub.MFR, the CPU's public key K.sub.CPU, and the above testimony.
  • the manufacture signs the certificate using its private signing key, K.sub.MFR.sup.-l, as follows:
  • the predicate "certifies-for-boot” is a pledge by the manufacturer that it created the CPU and the CPU key pair according to a known specification.
  • the pledge further states that the CPU can conectly perform authenticated boot procedures.
  • the manufacturer certificate is publicly accessible, yet it cannot be forged without knowledge of the manufacturer's private key Ksub.MFR.sup.-l .
  • the CPU in User Computerized Device(s) 306 has an internal software identity register (SIR), which contains the identity of an authenticated OS or a predetermined false value (e.g. zero) if the CPU determines that the OS cannot be authenticated.
  • SIR software identity register
  • the OS is stored in the nonvolatile memory and executed on the CPU.
  • the OS has a block of code that is used that is used to authenticate the OS to the CPU during the boot operation.
  • the boot block uniquely determines the OS, or class of operating systems (e.g. those signed by the same manufacturer). The boot block can also be signed by the OS manufacturer.
  • User Computerized Device(s) 306 comprises a buffer pool and push data receiver.
  • the CPU, ROM, RAM, I/O adapter, communication stack, communications adapter, push data receiver, buffer pool, display adapter, and user interface adapter are coupled to one another via an information bus.
  • the keyboard, trackball, mouse and speaker are coupled to the user interface adapter.
  • the display is coupled to the display adapter.
  • the storage devices including disk storage are coupled to the I/O adapter.
  • the push data receiver is coupled to the communication stack via a status signal and a video/status signal.
  • the communications adapter is coupled to Merchant or Agent Host Computer(s) 311 and HTTP Server(s) 310 via Wired and/or Wireless Telecommunications Network 303 and Internet 304 using an RTP link.
  • the invention describes terms such as comparing, validating, or other terms that could be associated with the human operator. However, for at least a number of operations described herein that form part of the present invention, no action by a human operator is desirable.
  • the operations described are, in large part, machine operation processing electrical signals to generate other electrical signals.
  • processes performed by the components of Card Issuer or Agent Host Computer(s) 300, Bank Network 312, User Computerized Device(s) 306, Smart Card 307, Merchant or Agent Host Computer(s) 311 and Server(s) 310 incorporate either public/private key pairs, digital signatures using private and secret (symmetric) keys, and/or encryption algorithms, or a combination of these standard cryptographic functions.
  • such functions are provided by the CPUs of these devices but can be provided by other well-known cryptographic mechanisms as will be immediately understood by one skilled in the art.
  • Computerized Device(s) 306 can take various forms (e.g. personal, laptop or notebook computer, personal digital assistant, set-top box, media player and/or recorder, digital telephone, digital photo or video camera, electronic book, etc.) any of which may be enabled with an integrated biosensor or microphone per the additional embodiments outlined above for the creation of a digital signature involving a digital image of a finger or thumbprint or voice scan.
  • Computerized Device(s) 306 runs an operating system capable of supporting multiple applications.
  • the operating system is multitasking, allowing simultaneous execution of multiple applications in a graphical user interface (GUI) environment, included among the applications a web browser preferably enabled for use of web services programming
  • GUI graphical user interface
  • the operating system includes a key store to securely hold one or more private or secret keys used for encryption, decryption, digital signing, and other cryptographic functions.
  • the key store is a password-protected storage location that grants access upon entry of an appropriate password. The user preferably selects the password as part of the registration process.
  • Computerized Device 306 Several software components are stored in memory contained within Computerized Device 306 in addition to the browser. They include a registration module and a MAC coding unit as illustrated in FIG. 2. The registration module and MAC coding unit may be supplied to the user during the registration process.
  • Smart Card 307 preferably incorporates a personal digital signature device in which those processes are housed to meet the various requirements of the invention.
  • U.S. Patent 6,408,388 describes an embodiment of a "Personal date/time device" and is hereby included by reference.
  • Smart Card 307 is able to operate in conjunction with User Computerized Device(s) 306 in carrying out the various functions of the invention.
  • One example of such as a device is a telephone Subscriber Identity Module (SIM).
  • SIM Subscriber Identity Module
  • Smart Card 307 can take the form of a computerized device with many of the same functions of Computerized Device(s) 306.
  • Smart Card 307 is able to be carried by a user for the purposes of accessing and securely downloading digital content "in store" from Point of Sale Terminal 308 and/or Host Computer(s) 311.
  • An additional embodiment provides for Smart Card 307 to be able to operate in conjunction with a bank automated teller machine (ATM) as will be described in greater detail below.
  • ATM bank automated teller machine
  • Telephone Transceiver 305 is useful as a means for a user to connect via Wired and/or Wireless Telecommunications Network 304 to IVR 309 and Merchant or Agent Host Computer(s) 311 and IVR 301 and Card Issuer or Agent Host Computer(s) 300 for the purpose of recording and storing a user voice for the creation of a bio-metric digital scan if needed.
  • Telephone Transceiver 305 is also useful as a means for a user to connect via Wired and/or Wireless Telecommunications Network 304 to IVR 309 for the pu ⁇ ose placing an order for digital content by telephone.
  • the digital content is preferably forwarded to the user out of band in the form of a CD or DVD embedded with a digital signature as provided for by the present invention.
  • the digital content could be forwarded to the user online.
  • Telephone Transceiver 305 is also useful as a means for a user to connect via Wired and/or Wireless Telecommunications Network 304 to IVR 309 or alternatively to IVR 301 for the pu ⁇ ose of registering as a participant in conjunction with the present invention.
  • the present invention is implemented using custom-written applications in the form of software modules operating as needed in conjunction with Card Issuer or Agent Host Computer(s) 300 and Server(s) 302, Computerized Device(s) 306, Smart Card 307, Host Computer(s) 311, and Server(s) 310 including the information server.
  • the custom-written application is issued to users via download or out of band via disk for use with Computerized Device(s) 306 and Smart Card 307 or alternatively it can be packaged as part of an operating system or other product. If needed an upgrade is capable of being similarly issued to users for the pu ⁇ ose of making the browser operating in conjunction with Computerized Device(s) 306 web-services language enabled.
  • U.S. Patent 6,000,832 describes three distinct phases suitable for the present invention; a registration phase, a transaction phase, and a payment-authorization phase.
  • the described embodiment of the present invention includes a transfer phase, and a signing phase.
  • Server(s) 310 requires pre-authentication as part of a network of computers supported by the Kerberos authentication system.
  • client is preferably redirected to a server within Server(s) 310 that is operating in association with the Key Distribution Center (KDC).
  • KDC Key Distribution Center
  • the KDC sends an enor message in response to the Authentication Server (AS) request received from the client.
  • the enor message tells the client that pre-authentication is required.
  • the enor message also preferably contains information signaling to the client that the KDC is also able to support the enhanced authentication protocol provided for by the present invention.
  • a request for a user digital certificate is included with the enor message.
  • a request might be for a credit card number or some other identity information (e.g. telephone number) or shared secret available to the AS.
  • the user selects the digital certificate of the credit or debit card they wish to use.
  • the digital certificate, with the credit or debit card number as one of its attributes, is preferably encrypted with the user's private key.
  • the certificate is transfened to the KDC, which then redirects the certificate to Bank Network 112 (or alternatively another authorization network such as telecommunications) with any required merchant or merchant agent information (e.g. realm, KDC, principal, service type, etc.).
  • the Bank Network 112 uses the available information to locate the user private key associated with the account and decrypt the certificate wherein the card number (or other identifier) is submitted for pre-authorization as a matter of securing the various protections and privileges offered by the credit card industry (or other industry).
  • pre-authorization if pre-authorization is unsuccessful, then the transaction is terminated and the appropriate messages returned to the content provider or agent and the user. If pre-authorization is successful, the card issuer or agent preferably generates a trusted date stamp and time stamp, updates attribute information as required (e.g. credit limit) in order to have the certificate fulfill the requirements of a Ticket Granting Ticket (TGT) for the KDC, signs the certificate
  • TGT Ticket Granting Ticket
  • the TGT returned by the AS can then be used to request individual service tickets from the Ticket Granting Server (TGS).
  • TGS Ticket Granting Server
  • the TGS authenticates the TGT with the bank public key.
  • some or all of the user credit card number is used as the user password, which is combined with the realm name to form a TIN useful as a user principal.
  • the TIN is then preferably hashed to form the user's associated encryption key.
  • the user principal and associated encryption key are then stored to database in conjunction with date and/or time.
  • One alternative embodiment provides for a date and/or time to be combined as a "salt" and hashed along with the username and realm in forming the encryption key.
  • the date and/or time associated with the record of the user principal or encryption key can be derived in numerous ways; including time of authorization, time of ticket request, time of transaction, etc.
  • the present invention is not to be limited by how date and/or time is derived or defined.
  • the date and time stored to database can be reflective of the starting time for "pay per view” or “pay for use” charges in conjunction with a user's consumption of a particular product or service.
  • the charges would cease and the total cost calculated and charged to the credit card that had been pre-authorized.
  • digital signatures are formed in response to a particular time or elapsed period of time (e.g. one every second beginning with the time marked by successful pre-authorization).
  • the rate charged for access to the web site e.g. per minute rate
  • the rate charged for access to the web site can be constant or fluctuate during a user visit depending on the pricing structure established by the digital content or service provider which can be dependent on such variables as the type of digital content or service accessed, the governmental region having jurisdiction based on the location of either the web site or the computer system(s) in which the digital signature process is performed, the relative financial status of the user in relation to other users (e.g.
  • the invention is not to be limited by the number of factors that can be considered in establishing a pricing structure for accessing digital content or services.
  • the date and time stored to database can be reflective of a user's most recent initiated business transaction with a particular business or affiliated network where this information could prove useful in facilitating the enforcement of "do not call” or "do not spam” lists.
  • the TIN is able to operate as a key for permitting the transfer of push media messages (e.g. target email, instant messaging, telemarketing phone calls) from merchants (e.g. digital content providers) to users.
  • the TIN By comparing the date and time of record to the cunent date and time, it is possible to calculate the length of time that has elapsed since the last user initiated business transaction. If the length of time that has elapsed exceeds the length of time allowed, the TIN could be flagged or deleted thus prohibiting future marketing messages from being delivered by removing the ability to use the TIN as an access code or bridge to a user's home address, phone number, email address, or any other personal information. Preferably, once the TIN is stored to database any future user initiated transactions in conjunction with a business or affiliated network would establish a new date and time baseline.
  • the user obtains information about a title of a desired video from Host Computers) 311 and Server(s) 310 for display at Computerized Device(s) 306 via the web browser.
  • the wizard software automatically collects the transaction-specific data behind the scenes.
  • the custom-written application retrieves a secret key from a secure key store that is inaccessible to the user. This is a second key in addition to the session key shared with the Merchant or Agent Host Computer(s) 311 and Server(s) 310.
  • the custom application calls the MAC coding unit operating in conjunction with Computerized Device(s) 306 and inputs the secret key, the transaction-specific data that preferably includes the trusted date and time, and any user-specific data.
  • the input parameters are entered to the MAC coding unit, which then computes a MAC or code number as a function of the secret key, the transaction-specific data, and the user-specific data.
  • the coding unit derives a code number according to a cryptographic hashing function of the symmetric key and various input parameters.
  • Computerized Device(s) 306 embeds the code number in the available places in the TIN reserved for the code number.
  • the process creates a TIN with an embedded code number or MAC that is specific to the electronic commerce transaction.
  • the media player operating on Computerized Device(s) 306 embeds the TIN in the audio/video stream as it plays effectively binding the identity of the user to the digital content.
  • U.S. Patent Application 20020138736 by Morin describes a tamper-proof means in which the inco ⁇ oration of the digital signature could be accomplished during the transfer process without negatively impacting the quality of the digital content and is hereby included by reference.
  • FIG. 4 illustrates an embodiment of that aspect of the invention involved with digitally signing various data types such as a DOI 401, other DOI(s) 401, URL(s) 402 and other data (e.g. metadata) and services (e.g. email) and dynamic mechanisms (e.g. java applet) 403, as part of the process of resolving a DOI through use of the "Handle System" either through direct input from the user or through the use of agent software.
  • data e.g. metadata
  • services e.g. email
  • dynamic mechanisms e.g. java applet
  • FIG. 5 is useful in illustrating an embodiment describing the use of the runtime cycle of an application 500 (e.g. movie, song, video game, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures.
  • Runtime Cycle 501 reaches a point of completion represented as a single clockwise rotation.
  • Digital Signature 502 is applied to the DOIs and other pertinent metadata including any available statistics regarding application operation.
  • FIG. 5 A is useful in illustrating an embodiment of the invention involving the use of a runtime cycle of a microprocessor as a measure for signaling the start of a process involving the creation and application of digital signatures.
  • System Clock 503 is preferably a derived system clock.
  • Runtime Cycle 504 reaches a point of completion represented as a single clockwise rotation.
  • Digital Signature 502 is applied.
  • System Clock 503 operates at a cycle time less than the main clock system. It is envisioned that alternative embodiments could provide for System Clock 503 to be a Main System Clock.
  • FIG. 5B is useful in illustrating an embodiment of the invention involving the use of a runtime cycle of a clock 505 as a measure for signaling the start of a process involving the creation and application of digital signatures.
  • Runtime Cycle 506 reaches a point of completion represented as a single clockwise rotation. At the point the cycle is complete (a particular time or elapsed period of time), Digital Signature 500 is applied.
  • FIG. 6 illustrates steps involved with one embodiment of a method for using the runtime cycle of an application (e.g. movie, song, video game, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures.
  • the steps comprise: initialization of the application; runtime activation (e.g. movie playback); data (e.g. metadata) update; runtime deactivation (e.g. stop, pause, game completion, etc.); software module invocation; generation and
  • FIG. 6A illustrates steps involved with one embodiment of a method for using clock signal activation for signaling the start of a process involving the creation and application of digital signatures.
  • the steps comprise: a derived system clock cycle is completed; a clock signal is used to signal the software module; a clock signal is used to trigger the transfer of data; a digital signature is generated; a digital signature is applied.
  • FIG. 7 illustrates steps involved with one embodiment of a method for verifying the identity of the "user of record" for signed digital content suspected of being used, copied or shared in violation of the license agreement.
  • the steps comprise: a piece of suspicious digital content is confiscated; the transaction number identifier operating in conjunction with Digital Content Provider or Agent Host Computer(s) 311 identifies an embedded digital signature and transfers the identified digital signature to the account manager operating in conjunction with Host Computer(s) 311 ; the account manager preferably utilizes the Digital Content Provider/Agent ID and User ID portions to identify a user account; if a record is located, the secret key, the user specific and transaction specific information is retrieved; the account manager submits the key and the information to the MAC coding and comparator unit and computes a MAC which is compared to the MAC extracted from the digital signature. If the two MACs match, the Digital Content Provider and/or Agent has a degree of certainty the suspicious digital content originated with the "user of record.”
  • FIG. 8 illustrates one embodiment of a user principal with date and/or time stamp.
  • the principal shown includes an identifier portion comprising a user TIN and a date stamp and time stamp portion.
  • the principal is able to used as an access code
  • U.S. Patent 5,315,057 provides for a method and apparatus for dynamically composing music and sound effects using a computer entertainment system and the teachings of which are inco ⁇ orated included herein by reference in their entirety. The inventors describe how custom messages are able to be embedded within standard MIDI data.
  • the TIN is preferably able to function as a digital "hall pass" for granting secure access to a web site and also as a means for facilitating billing and securing downloaded digital content.
  • a user invokes automatic connection to a web site or affiliated network of web sites by engaging a CD-ROM enabled with the custom-written application for facilitating the functions of the invention in association with User Computerized Device(s) 306.
  • Another alternative embodiment is for the user to invoke automatic connection to a web site or affiliated network of web sites by clicking on a response hyperlinks contained in an email.
  • Another alternative embodiment is for the user to initiate a search by inputting the name, URL, or other information associated with the web site or affiliated network of web sites into a search engine.
  • invoking automatic connection to a web site or an affiliated network using the enabled CD-ROM for example preferably begins with the transfer of written instructions to User Computerized Device 306 and a wizard being invoked to guide the user through the steps of using the services provided
  • a dialog box opens up on screen and requests entry of the user's password preferably established during the registration phase.
  • the user types in the password.
  • the operating system checks the password prior to allowing access to the key store. If the password is approved, a process is initiated in which the web browser stored on Computerized Device(s) 306 is invoked. Alternatively, this step is bypassed if the browser is detected to already be in operation.
  • a browser plug-in residing on the CD-ROM is invoked for operation in association with the web browser.
  • the browser plug-in preferably limits the IP addresses able to be accessed by web browser to those of the prefened web site or affiliated network of web sites similar to a list of "favorites" commonly featured in Internet Explorer and other consumer web browsers.
  • the web browser is preferably connected to the IP address of a selected password-protected site.
  • Host Computer(s) 311 Upon connection to the site, Host Computer(s) 311 responds with a request for a user digital certificate.
  • the user is able to select the digital certificate of the credit or debit card they wish to use just as with the steps detailed above for the transaction phase involving downloaded digital content.
  • the transaction-specific data used in forming the MAC preferably includes the DOI(s) of the selected ring tones. The process creates a TIN that effectively binds the identity of the user to the digital content being downloaded.
  • the embedding of digital signatures within MIDI files is a valuable service in light of the popularity with which consumers use infrared beaming as a means of executing a simple exchange of data between phones such as phone numbers.
  • An alternative embodiment provides that transfer of signed digital content is limited to a single transaction whereby playback of the digital content by secondary users is restricted to a specific period of time or limited number of playbacks based upon the agreed to licensing rights updated and signed as part of the transfer process.
  • the transaction phase involving such a secondary transaction would involve the initiation of a transaction resulting in a credit being applied to the first user's account held at
  • 29 ring tone provider web site e.g. money payment, points, frequent flyer miles, credit to future digital content purchase, etc.
  • future transactions may also involve similar steps as those outlined above in which Users 2, 3, 4, etc. are able to fulfill the role of User 1 (i.e. first party) and initiate the process of super distribution with one or more additional users (second parties).
  • User 1 i.e. first party
  • second parties additional users
  • future transactions may be that during future transactions requiring electronic payment more than one of the previous first parties as evidenced by the presence of multiple user digital signatures are able to initiate transactions in which each of the previous first parties are awarded a credit based upon the established rules and regulations of the super distribution network.
  • a further enabling of the authorization phase is made possible by an additional embodiment of the invention involving the BIN illustrated in FIG. 1.
  • the BINs can also be made to function as a signal for the application of different interchange rates.
  • special BIN(s) can be assigned as part of the transaction phase to signal the application of a special fee (e.g. interchange rate) in response to a transaction initiated for the pu ⁇ ose of using a digital signature process for enhancing the security of a transaction involving the transfer of digital content.
  • a specific BIN can be employed to signal that no fee is to be applied to the transaction.
  • One embodiment for a TIN useful as a postage, cunency, or coupon identifier comprises a random and/or variable identifier portion and a date and/or time stamp portion. Additional embodiments comprise those described in conjunction with FIG.
  • the invention is not limited by the illustration shown in FIG. 1. Other useful embodiments are possible depending on the governing policies of a postal service for example.
  • the invention is also not limited by the number of fields shown for any one component or by the order in which the components are shown.
  • the values for each of the components are also not necessarily limited to the use of numbers but might also comprise alphanumeric characters and/or characters from an extended character set.
  • the random and/or variable identifier provides an efficient means for meeting the vast demand for TINs created by the implementation of a TIN-enabled stamp program.
  • the characters used in forming a random and/or variable identifier can be assigned by various means including random selection from a pool of available numbers or preferably sequential assignment using increasing incremental numbers (e.g. 1,2,3, etc.).
  • the date and/or time stamp preferably provides a means of identifying the date and/or time that a stamp is issued or printed. This limitation would prove useful by allowing investigators to limit the parameters of their search to only those stamp purchases taking place on or after that date.
  • Identifying time would also prove useful in pinpointing the time of sale of a TIN issued through a postage label machine in which the machine may be under surveillance using a security camera for the pu ⁇ oses of identifying various buyers of record.
  • inco ⁇ oration of time stamp in accordance would prove especially useful if seconds or even milliseconds were used in addition to minutes and hours.
  • FIG. 9 shows an embodiment of a postage stamp with an encoded TIN.
  • the illustration is of a TIN encoded with 2-Dimensional matrix code, a readily available technology.
  • Other forms of encoding e.g. encrypted bar codes
  • 2-D matrix code is prefened due to its ability to communicate vast amounts
  • 2-D Matrix Code also provides the means to present data in a redundant format allowing a high probability of a Stamp TIN being accurately scanned and identified in the event that a portion of a particular TIN enabled stamp is damaged or lost.
  • FIG. 10 shows one embodiment of a Package Identification Number with a Range Identifier useful for identifying individual TIN-enabled stamps contained within a specific package (e.g. book of stamps).
  • the Range Identifier provides an efficient means for the Package Identification Number to function as an item or merchandise number capable of identifying the individual TINs from the individual stamps sold as part of the package during purchase transactions.
  • the example is of a package of 20 stamps with random and/or variable identifiers ranging in sequence from "999980" to "999999.”
  • Also shown as part of the prefened embodiment is a date stamp showing December 20, 2001 as being the issuance or printing date of the stamps identified by the Range Identifier. The inco ⁇ oration of the date is useful in specifically identifying stored records of TINs as explained below.
  • FIG. 11 shows a prefened embodiment of a package of TIN-enabled stamps with an encoded Package Identification Number capable of being electronically scanned and the discernable encoded number stored as an item or merchandise number.
  • the example is of a regular bar code however other forms such as 2-D matrix Code present suitable or superior alternatives although likely requiring reprogramming of equipment at the point of sale.
  • FIG. 12 illustrates an embodiment of those components of a system useful in facilitating the electronic inte ⁇ retation of information specific to dispensed cunency notes during an ATM transaction.
  • Shown is Financial Institution (FI) or Agent Host Computer(s) 1200 connected to ATM 1203 via Telecommunications Network 1201 and possibly also Internet 1202 in the event that ATM 1203 is a web-enabled ATM.
  • FI or Agent Host Computer(s) 1200 connects to Card Issuer Host Computer(s) 1204 preferably through a private line connection.
  • ATM 1203 contains those input and output devices necessary for both conventional ATM operation and operation of the invention.
  • the input Preferably, the input
  • 32 devices include a keypad or touch screen, card reader, an electronic eye that counts each cunency note as it is dispensed, a sensor that evaluates the thickness of each cunency note, a reject bin to which cunency to which two notes stuck together are diverted instead of being dispensed, an electronic scanner (e.g. infrared scanner) capable of inte ⁇ reting 2-dimensional dot matrix code or alternatively bar code, and a digital security camera.
  • an electronic scanner e.g. infrared scanner
  • the output devices preferably include a speaker, a display screen, a receipt printer, a means by which digital images recorded by the digital security camera are able to be transmitted from the location of ATM 1203 to a location preferably housing FI or Agent Host Computer(s) 1200, an electronic journal and associated software application necessary for uploading the electronic journal, and a cash dispenser. Also contained within ATM 1203 is that memory necessary for the storing of information either gathered through the input devices or dispensed through the output devices.
  • One embodiment provides for an additional output device to include a digital video recorder preferably stationed at the location housing FI or Agent Host Com ⁇ uter(s) 1200.
  • one embodiment provides for the cash dispenser to be supplied with cunency notes enabled with an encoded TIN in the form of a 2-Dimensional dot matrix code or alternatively in the form of a bar code.
  • the encoded TIN is preferably printed within the design of the note but alternatively may be embedded within the note similar to security threads or holograms cunently in use.
  • a further embodiment provides a means for the TIN is able to be more readily detected through the reception of a delay signal from a signal delay device embedded within the note.
  • the TIN contains an identifier specific to the note but alternatively may contain additional information such as denomination or date and/or time of printing or issuance.
  • FIG. 13 illustrates an embodiment of a method useful in facilitating the electronic inte ⁇ retation of information specific to dispensed cunency notes during an
  • the invention is not limited by the illustration shown in FIG. 1. Other useful embodiments are possible depending on the governing policies of a postal service for example.
  • the invention is also not limited by the number of fields shown for any one component or by the order in which the components are shown.
  • the values for each of the components are also not necessarily limited to the use of numbers but might also comprise alphanumeric characters and/or characters from an extended character set.
  • the random and/or variable identifier provides an efficient means for meeting the vast demand for TINs created by the implementation of a TIN-enabled stamp program.
  • the characters used in forming a random and/or variable identifier can be assigned by various means including random selection from a pool of available numbers or preferably sequential assignment using increasing incremental numbers (e.g. 1,2,3, etc.).
  • the date and/or time stamp preferably provides a means of identifying the date and/or time that a stamp is issued or printed. This limitation would prove useful by allowing investigators to limit the parameters of their search to only those stamp purchases taking place on or after that date.
  • Identifying time would also prove useful in pinpointing the time of sale of a TIN issued through a postage label machine in which the machine may be under surveillance using a security camera for the pu ⁇ oses of identifying various buyers of record.
  • inco ⁇ oration of time stamp in accordance would prove especially useful if seconds or even milliseconds were used in addition to minutes and hours.
  • FIG. 9 shows an embodiment of a postage stamp with an encoded TIN.
  • the illustration is of a TIN encoded with 2-Dimensional matrix code, a readily available technology.
  • Other forms of encoding e.g. encrypted bar codes
  • 2-D matrix code is prefened due to its ability to communicate vast amounts
  • the illustrated embodiment uses as an example steps by which a receiver of record submits a credit, debit, or ATM card to a card reader contained as part of ATM 1203 so as to allow the account information specific to the issued card to be captured and temporarily stored, the capture of account information signals the security camera which begins transmitting visual images of the receiver of record to the digital video recorder stationed preferably at the same location of FI or Agent Host Computer(s) 1200, the digital images are received by the digital video recorder and stored in conjunction with transaction specific information (e.g.
  • a receiver of record signals a request to withdraw cash using the keypad, a receiver of record enters an established Personal Identification Number (PIN) for transmission along with other transaction information via Telecommunications Network 1201 and possibly Internet 1202 to FI or Agent Host Computer(s) 1200 and ultimately to Card Issuer Host Computer(s) 1204, the Card Issuer Host Computer(s) verifies the PIN and initiates an electronic funds transfer from the receiver of record's account (e.g.
  • PIN Personal Identification Number
  • the Card Issuer Host Computer(s) sends an approval code back through FI or Agent Host Computer(s) 1200 and via Telecommunications Network 1201 and possibly Internet 1202 to ATM 1203 authorizing the dispensing of cash from the cash dispenser, an electionic scanner preferably located in the cash dispenser scans the TIN of each cunency note as it exits the cash dispenser, the scanned TINs are recorded to the journal (e.g. printed using the journal printer) along with other transaction information including the personal identification of a receiver of record gathered during the transaction (e.g. card account number).
  • the journal e.g. printed using the journal printer
  • the digital video recorder enters the received digital images into a record identified by information specific to the transaction (e.g. machine identification number, date and time, etc.). Note that as a matter of process some other identifier might be substituted for a receiver of record's actual account number as a means of enhancing the privacy protection of the invention.
  • FIG. 12 also illustrates an embodiment of those components of a system useful in facilitating the recording of information specific to dispensed postage stamps or cunency notes in conjunction with personal information of the receiver of record to a Central Circulation Database 1205.
  • Central Circulation Database 1205 is connected to FI and/or Agent Host Computer(s) 1200 preferably via telecommunications network 1201 or possibly also through Internet 1202. Alternatively, a private line connection is possible.
  • FIG. 14 illustrates an embodiment of a method useful in recording to a central circulation database that information specific to dispensed postage or cunency notes in conjunction with personal information of the receiver of record. Shown as an example are those steps in which individual ATM journals are uploaded to FI or Agent Host Computer(s) 1200 via Telecommunications Network 1201 and possibly also Internet 1202, the journals are recorded to a local database accessible through FI or Agent Host Computer(s) 1200, specific journal information is transmitted to Central Circulation Database(s) 1205 via Telecommunications Network 1201 and possibly also Internet 1202 (note a private line connection is possible), a search is initiated for record of a matching TIN contained Central Database(s) 1205, and in the event a matching TIN is located the Central Circulation Database(s) record is updated with new specific journal information (e.g. Receiver's card account number).
  • new specific journal information e.g. Receiver's card account number
  • One embodiment provides that in the event a matching TIN is not located, a new record is created in Central Database(s) 1205 and specific journal information (e.g. Receiver's card account number) is stored to Central Database(s) 1205 and flagged.
  • specific journal information e.g. Receiver's card account number
  • FIG. 15 illustrates an embodiment of a record in the Central Circulation Database in which the buyer personal information is stored in conjunction with additional records generated during the processing of deliverable items.
  • FIG. 16 illustrates an embodiment of a method useful in searching a database of records containing records of information specific to dispensed cunency notes stored in conjunction with personal information of the receiver of record. Shown as an example are those steps including the identification of a TIN for a specific cunency note, the initiation of a search of the Central Database(s) 1205 using the TIN as search criteria, in the event a TIN is located the identification of the personal information of a Receiver of record stored in conjunction with the TIN, the initiation of a search for the identify of the receiver of record using the personal information as search criteria, and the identification of the receiver of record.
  • the invention is also useful for over-the-counter purchases of stamps or other transactions where a financial account number such as credit or debit card is used in conjunction with date and time as a means of making record of the transaction including any visual record in combination with a security camera.
  • a financial account number such as credit or debit card
  • the invention also provides the means for use of the invention in conjunction with dispensing of TIN-enabled enabled coupons.
  • Another additional embodiment involves use of the invention in conjunction with encoded tracking labels.
  • An example being the labels cunently employed as part of stepped up security checks at ai ⁇ ort ticket counters.
  • FIG. 17 illustrates an embodiment of those steps involved with the method of processing passengers during ticketing.
  • the embodiment illustrated in FIG. 17 shows
  • verified information from the transaction e.g. credit or debit card account number, date and time, etc.
  • An alternative embodiment provides for the use of a non-digital camera in conjunction with ATM 103.
  • each photo taken of a receiver of record would be identified in a way that would connect it to information specific to the transaction (e.g. machine identification number, date and time, etc.)
  • information specific to the transaction e.g. machine identification number, date and time, etc.
  • this is seen as less desirable than a digital camera for reasons including the enhanced ability of a digital camera to efficiently provide for the inco ⁇ oration of facial recognition technology and to produce a digital image of a receiver or record's face that is able to be recorded as part of a an ATM's journal records in conjunction with the other personal information of a receiver and other transaction information.
  • journal printer Another alternative embodiment provides for the use of a journal printer. However, this is seen as less desirable than an electronic journal for reasons including the enhanced ability of an electronic journal to efficiently provide for the creation of a digital record able to be uploaded to FI or Agent Host Computer(s) 100 thus avoiding the need to physically retrieve printed journal records from individual ATM locations and possibly require having those entered manually into digital record for transmission to Central Circulation Database(s) 1205.
  • Another alternative embodiment provides for the inco ⁇ oration of a device within ATM 1203 that is capable of capturing biometric information submitted by the receiver (e.g. finge ⁇ rint, iris scan, voiceprint, etc.) and using such identifying
  • Another alternative embodiment provides for the digital security camera to generate a digital video signal which it then compresses (e.g. using Wavelet technology) and transmits on the ATM network via Telecommunications Network 1201 and also possibly Internet 1202. Additional embodiments provide for the simultaneous transmission of a full-motion picture for display on a monitor and a reduced frame rate picture for recording by a digital video recorder. Parameters such as white balance and exposure can be adjusted remotely, by commands issued across the ATM network via Telecommunications Network 1201 and also possibly Internet 1202.
  • Another alternative embodiment provides for audio from an internal microphone or an external source to be digitized and transmitted on the ATM network via Telecommunications Network 1201 and also possibly Internet 1202.
  • Another embodiment provides for control of the digital security camera to be provided through a telemetry receiver (e.g. Destiny telemetry receiver) plugged directly into a connector on the back panel of the camera allowing devices such as a keyboard (e.g. Destiny keyboard) to control pan, tilt, zoom and focus over the ATM network.
  • a telemetry receiver e.g. Destiny telemetry receiver
  • a keyboard e.g. Destiny keyboard
  • alternative embodiments provide the means by which the invention is able to function in conjunction with cunency, stamps and coupons and other transactions involving the use of computerized devices that are not an ATM (e.g. kiosk, personal computer, personal digital assistant).
  • ATM e.g. kiosk, personal computer, personal digital assistant
  • the TIN can be distributed for application in a web services environment from which the TIN may be extracted, inte ⁇ reted and processed as part of an enhanced digital signature process comprising detached, enveloped, or enveloping signatures.
  • an enhanced digital signature process comprising detached, enveloped, or enveloping signatures.

Abstract

Featured are systems and methods for creating digital signatures. More particularly, there is featured a method for facilitating online commerce including issuing an electronic commerce card to a customer during a registration phase, the commerce card having a customer account number and a customer-related secret associated therewith and generating at the customer, during an online commerce transaction phase, a proxy number suitable for the online commerce transaction. The proxy number being generated resembles the customer account number; and embedded therein is a code number derived at least in part on the customer-related secret and an associated date and time stamp.

Description

SECURE SYSTEM FOR DIGITAL SIGNATURES AND METHODS FOR USE THEREOF
This application claims as priority U.S. Provisional Patent Applications 60/415991 filed 10/5/02 entitled "System and Method for Creating and Processing Digital Signatures Using Intelligent Authorization," 60/439577 filed 1/11/03 entitled "Secure System for Processing Smart Stamps and Method for Use Thereof," 60/478985 filed 6/14/03 entitled "Secure System for Processing Digital Signatures and Method for Use Thereof," 60/492774 filed 8/04/03 entitled "Secure System for Processing Digital Signatures Using Clock Signal Activation and Private Key Transfer," 60/499761 filed 9/02/03 entitled "Secure System for Processing Digital Signatures Using Clock Signal Activation and Secret Key Transfer," and 60/ filed 9/04/03 entitled "Secure System for Processing Digital Signatures Using Clock Signal Activation and Secret Key Transfer," and 60/ filed 9/25/03 entitled "Secure System for Processing Digital Signatures and Method for Use Thereof."
FIELD OF INVENTION
A system and method for creating and processing digital signatures. More specifically, a system and method for enhancing the security of electronic commerce transactions through use of a transaction identification number capable of operating as both a proxy account number and digital signature.
BACKGROUND OF THE INVENTION
Digital signatures are destined to play a critical role in the future of electronic commerce. The integrity of electronic transactions and the Internet marketplace as a whole depends on the ability to reliably authenticate the various parties to a transaction and to conectly identify and account for the information exchanged between them. One important area of application for digital signatures is Digital Rights Management (DRM), the business involved with mass distribution of proprietary digital content over the Internet (e.g. music, movies, games, digital telephone jingles, video, photographs, software, news & magazine articles, research data, tickets, coupons, etc.).
The primary purpose of DRM is to establish a system for controlling distribution so as to guarantee the maximum return on value of digital content for content distributors, owners and creators. Naturally, a big part of this is the need for security protections to guard against unauthorized use and distribution of licensed digital content.
One of the more interesting conclusions being reached by experts in the field is that for a security solution to be effective, it does not necessarily have to provide a foolproof means of preventing unauthorized use or distribution of digital content. Rather, an effective approach to security would be to provide a tamperproof means of binding a user's identity to the digital content they purchase and use, for instance through the embedding of a user digital signature. Research shows that simply knowing their identity is permanently bound to a copy of digital content would be enough to deter the vast majority of users from risking its unauthorized use or distribution. And should such a copy end up being illegally copied and distributed, the presence of the digital signature would also provide a means for any suspicious copies to be traced back to the original point of purchase and ultimately the buyer of record.
In light of the above, there is another aspect of security that needs to be addressed for any DRM system to be truly effective. It is critical that both providers (i.e. content distributors, owners, and creators) and users to have a high degree of confidence in the metadata accompanying digital content. Ensuring the integrity of metadata makes it possible for providers and users to know with certainty the creator or source of the content, that the content has not been tampered with or altered, and that the content was legally distributed and obtained, etc. The list of information able to be conveyed through metadata is long and varied and can include, for example, updated statistics regarding the runtime of applications involving the use of digital content (e.g. movie, song, game, etc). This is an area in which again the application of a user digital signature can be valuable to the overall security of a DRM system.
Serving as a backdrop to the introduction of the invention is also the pressure being applied today by merchants on card issuers (e.g. banks) and their agents (e.g. acquirer processors, merchant banks, etc.) to lower the fees (e.g. interchange fees, discount fees, per transaction fees, etc.) charged in conjunction with credit and debit card transactions. As a result, it would seem there is a clear need in the marketplace from the perspective of banks and other players in the credit card industry for the introduction of value added services capable of providing an incentive for either maintaining or increasing the cunent fees charged for transactions or increasing the overall total volume of card-based transactions.
The same goes too for members of the telecommunications industry (e.g. wireless phone companies) where the advent of technologies such as Voice-over- Internet-Protocol (VOIP) promises to place downward pressure on the prices charged for communications connections and services.
In accordance with the above, it is desirable to provide a means for creating and processing user digital signatures for protection against the illegal distribution of digital content by binding user identity to distributed digital content. When necessary, such means should also support the practice of super distribution whereby users are able to transfer digital content to additional storage devices provided they are permitted to do so under the terms of a license agreement.
Further, it is desirable to provide a means of creating and processing user digital signatures that helps to ensure a high degree of confidence in the metadata accompanying licensed digital content to the benefit of both digital content providers and users.
Further, it is desirable to provide a means of creating and processing user digital signatures whereby credit and debit card numbers are incorporated in a way that poses no risk to customer accounts while at the same time makes possible value added services capable of providing incentives for supporting or even increasing the fees charged for card-based transactions.
Note that while the invention may be ideally suited for use in conjunction with a DRM system and the purchase, leasing or rental of licensed digital content as well as other described alternative embodiments, it is to be understood that one or more of the innovations disclosed herein are likely to be generally applicable to other digital data environments and applications not necessarily involving licensed digital content or the other described alternative embodiments. The invention is also not to be limited by use of the description "user digital signature" and may in fact be implemented on behalf of entities other than individual users (e.g. companies, clubs, groups, governmental bodies, network systems, operating systems, software clients or agents, central processing units, etc.).
SUMMARY OF THE INVENTION
The present invention provides for the enhancement of security for electronic commerce transactions through use of a transaction identification number (TIN) capable of operating as a proxy or "limited use" user account number (e.g. credit or debit card, checking, telephone, social security, etc.) and also a user digital signature. For transactions involving the transfer of digital content (e.g. streaming audio and video) the invention further provides for embodiments in which the user digital signature is able to be embedded in the digital content in the course of the transaction.
According to one embodiment of the invention, the runtime cycle of an application operating in conjunction with a user computerized device is used as a measure for signaling the start of the digital signing process. Another embodiment is provided in which the runtime cycle of a microprocessor is used as a measure for signaling the start of the digital signing process. Yet another embodiment is provided in which actual time is used as a measure for signaling the start of the digital signing process.
Another aspect of the invention provides for a user digital signature to function as a digital "hall pass" or password for facilitating secure user access to web sites featuring subscription-based, "pay per view" or "pay per use" digital content. In addition, the user digital signature is also able to operate as a key useful in facilitating the transfer of push media messages (e.g. target email, instant messaging, telemarketing phone calls) from merchants (e.g. digital content providers) to users.
Another aspect of the invention provides for use of a TIN in conjunction with postage, cunency notes and tracking labels. Various embodiments provide for the TIN to be printed in the form of a barcode or matrix code or alternatively recorded electronically with an electronic product code (EPC) stored on a Radio Frequency Identification (RFID) tag.
Another aspect of the invention provides for a package identification number useful in identifying groups of TIN-enabled postage stamps packaged for sale. The package identification number comprises a unique range identifier reflecting the range of sequentially ordered random and/or variable identifier portions.
Another aspect of the invention provides for facilitating payment transactions involving TIN-enabled postage, cunency or tracking labels in which verifiable personal information presented by the buyer and/or other personal information either available to the seller or acquired during the transaction is recorded to database in conjunction with TIN(s) or the package identification number of a purchased package of postage stamps.
Another aspect of the invention provides a system and method for identifying TIN-enabled postage, cunency or tracking labels either from a physical item or by searching a database containing TIN records.
BRIEF DESCRIPTION OF THE DRAWINGS
For a fuller understanding of the nature and desired objects of the present invention, reference is made to the following detailed description taken in conjunction with the accompanying drawing figures and wherein: FIG. 1 illustrates an example of one embodiment of the TIN in the form of a 16-digit proxy account number (e.g. credit or debit card account) with an embedded message authentication code (MAC) and date and/or time stamp.
FIG. 2 illustrates an embodiment of that aspect of the invention involved with the creation of an embedded MAC from various input parameters.
FIG. 3 illustrates components of a system in accord with an embodiment of the present invention for creating and processing digital signatures.
FIG. 4 illustrates an embodiment of that aspect of the invention involved with digitally signing various data types (e.g. DOIs, URLs, metadata), services (e.g. email) and dynamic mechanisms (e.g. Java applet, as part of the process of resolving a DOI through use of the "Handle System" either through direct input from the user or through the use of an agent.
FIG. 5 is an illustration useful in describing that aspect of the invention involved with the use of the runtime cycle of an application (e.g. movie, song, video game, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures.
FIG. 5 A illustrates an embodiment of the invention involved with the use of a runtime cycle of a microprocessor as a measure for signaling the start of a process involving the creation and application of digital signatures.
FIG. 5B illustrates an embodiment of the invention involved with the use of time as a measure for signaling the start of a process involving the creation and application of digital signatures.
FIG. 6 illustrates steps involved with one embodiment of a method for using the runtime cycle of an application (e.g. movie, song, video game, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures. FIG. 6A illustrates steps involved with one embodiment of a method for using clock signal activation as a means for signaling the start of a process involving the creation and application of digital signatures.
FIG. 7 illustrates steps involved with one embodiment of a method for verifying the identity of the "user of record" for signed digital content
FIG. 8 illustrates one embodiment of a user principal with a date stamp and time stamp.
FIG. 9 illustrates an embodiment of a postage stamp with an encoded TIN in the form of a 2-Dimensional matrix code.
FIG. 10 illustrates an embodiment of a package identification number used to identify a package of TIN-enabled postage stamps.
FIG. 11 illustrates an embodiment of an electronic realizable package identification number in the form of a barcode.
FIG. 12 illustrates an embodiment of those components of a system useful in facilitating the electronic interpretation of information specific to dispensed cunency notes during an ATM transaction.
FIG. 13 illustrates an embodiment of a method useful in facilitating the e lectronic interpretation of information specific to dispensed cunency notes during an ATM transaction.
FIG. 14 illustrates an embodiment of a method useful in recording to a central circulation database that information specific to dispensed cunency notes in conjunction with personal information of the receiver of record.
FIG. 15 illustrates an embodiment of a transaction record transmitted to the central circulation database containing the buyer personal information and the TIN(s) or Range Identifier. FIG. 16 illustrates a flowchart of a method for searching a central circulation database in an effort to identify the buyer of record of a TIN-enabled stamp used in mailing a deliverable item.
FIG. 17 illustrates an embodiment of those steps involved with the method of processing passengers during ticketing.
DETAILED DESCRIPTION OF THE INVENTION
FIG. 1 illustrates an example of one embodiment of a transaction identification number (TIN) in the form of a 16-digit proxy account number (e.g. credit or debit card account) with an embedded message authentication code (MAC) and a date stamp and time stamp.
The example shown includes a single-digit lead-in identifier useful in identifying the card network (e.g. Visa or Mastercard), a seven-digit bank identification number (BIN) useful in identifying the card issuer, a four-digit user (customer) identification number, and a single-digit checksum compliant with conventional card network operations.
The TIN as illustrated represents an improvement to similar proxy account numbers contained in existing and pending U.S. patents. For the purpose of this application, there is incorporated by reference in its entirety U.S. Patent 6,000,832 entitled "Electronic online commerce card with customer generated transaction proxy number for online transactions."
Alternative embodiments of the present invention provide for various combinations comprising one or more of the featured identifiers in varying order and for those identifiers to inhabit varying lengths of fields that could have a total length equal to, less than, or greater than 16 digits. For example, one alternative embodiment could involve a TIN comprising a user identifier portion, a multiple-digit MAC portion, a date stamp portion and time stamp portion. This would be applicable in the scenario in which the TIN would not be required to conform to the attributes of a proxy credit or debit card number for the purpose of facilitating electronic payment.
Another example is an alternative embodiment in which the date stamp might take the form of a year expressed in terms of "99" instead of the illustrated "1999" and a time stamp expressed in hours and minutes instead of the illustrated "120000" showing hours, minutes and seconds. Another alternative embodiment provides for milliseconds or other fractional time representations to be included. There is also the possibility of either just a date stamp portion or a time stamp portion.
The TIN might also include other information fields for identifiers not featured. For example, one alternative embodiment could involve a merchant (e.g. digital content provider) and/or merchant agent (e.g. acquirer processor) identifier portion in addition to other identifier portions (e.g. transaction authorization number).
Another alternative embodiment could involve a random and/or variable identifier portion comprising an alphanumeric or extended character set string in addition to other identifier portions.
Yet another alternative embodiment of a TIN could comprise a ten digit telephone number or substitute proxy account number with an MAC and a date stamp and time stamp.
The various ways to limit the form and use of the TIN is subject only to practical considerations and the writing of application software to operate the system with such limitations.
FIG. 2 illustrates an embodiment of that aspect of the invention involved with the creation of a MAC from various input parameters. The MAC is generated as a function of various inputs from a list including a user private or secret key, user- specific information (e.g. name, account number, etc.) and transaction specific data [e.g. transaction amount, merchant ID, goods or services IDs including Digital Object Identifier (DOI), Electronic Product Code (EPC), Uniform Resource Locator (URL), identifiers for services such as email and dynamic mechanisms such as Java applets and Common Gateway Interface (CGI) Scripts, various types of data including the message digest or hash of a document, various types of metadata including content licensing rights and updated statistics regarding application operation, date and/or time of transaction, digital signature generation or application, authorization, etc.].
In addition to the above examples of user-specific information being used in the formation of a MAC, there is also an embodiment involving the input of biometric information either previously stored to memory or gathered as part of an ongoing electronic commerce transaction. One embodiment involves the use of a computerized device (e.g. smart card) enabled with an integrated biometric sensor with means of creating a real-time digital scan of a thumb or fingerprint and comparing the result to a scan securely stored within the smart card. Another embodiment involves the creation of a real-time digital scan of a thumb or fingerprint and transferring the result for second or third party verification during the course of an electronic commerce transaction. An example of prior art describing a device capable of performing such a function is U.S. Patent Application 20020095587 filed January 17, 2001 and entitled "Smart card with integrated biometric sensor," the teachings of which are incorporated herein by reference in their entirety.
Another embodiment for inputting biometric information involves the creation of digital scan from a user's voice. This could be accomplished by storing a voice scan with the merchant or a trusted third party (e.g. bank). This scan could then be compared to one created in real time from a user's voice recorded while talking during the placement of an order for digital content over the telephone or a scan created prior to a transaction by having a user speak into an enabled computerized device.
Various types of biometric information (e.g. retina scan, facial scan, digital photograph and video, etc.) and various means for incorporating such information for use with the present invention will be obvious to those skilled in the art. The alternatives involving the input of biometric information makes another embodiment possible in which no private key is used to render the MAC, only one or more of other various inputs.
Each of the above described embodiments represent improvements over those embodiments described in U.S. Patent 6,000,832.
FIG. 3 illustrates components of a system in accord with an embodiment of the present invention for creating and processing digital signatures. Central to this system is Card Issuer or Agent Host Computer(s) 300 in which those processes are housed to meet the various requirements of the invention. The card issuer agents might include other types of card-issuing institutions, such as credit card companies, card sponsoring companies, or third party issuers under contract with financial institutions. In addition, other participants may be involved in some phases of the tiansaction such as intermediary settlement institutions collectively represented as Bank Network 312.
Operating in conjunction with Card Issuer or Agent Host Computer(s) 300 is an account manager and a user database. The account manager is preferably implemented in software that executes on Card Issuer or Agent Host Computer(s) 300, such as a relational database that manages the user database. Also operating in conjunction with Card Issuer or Agent Host Computer(s) 300 is a Transaction Number Identifier, a MAC Coding Unit and Comparator, and a traditional Processing System.
Card Issuer or Agent Host Computer(s) 300 connects via IVR (Interactive
Voice Response Unit) 301 and Wired and/or Wireless Telecommunications Network
303 to Telephone Transceiver 305; connects via Server 302 and Telecommunications
Network 303 and Internet 304 to Computerized Device(s) 306 and Smart Card 307 in the case of web-based communications; connects via Server 302 and
Telecommunications Network 303 to Computerized Device(s) 306 and Smart Card
307 in the case of direct dial-up connections; connects via Bank Network 312 and
Wired and/or Wireless Telecommunications Network 303 to Merchant or Agent Host
Computer(s) 311; connects via Bank Network 312 and Wired and/or Wireless
Telecommunications Network 303 to IVR 309 and Merchant or Agent Host Computer(s) 311; connects via Bank Network 312 and Wired and/or Wireless Telecommunications Network 303 and Internet 304 to Server(s) 310 and Merchant or Agent Host Computer(s) 311.
Note that the system illustrated in FIG. 3 may be further adapted to take the form of other types of networks such as an interactive cable or satellite television network.
Following is described one embodiment of that aspect of the invention involved with the transfer of streaming audio and video. Further detailed descriptions of systems and methods useful in supporting this and other embodiments are to be found in U.S. Patent 6,330,670 entitled "Digital rights management operating system," and U.S. Patent 5,918,020 entitled "Data processing system and method for pacing information transfers in a communications network," which are both incorporated herein by reference in their entirety.
The prefened hardware and operating environment for implementing the invention includes a general purpose computing device in the form of Merchant and/or Agent Host Computer(s) 311 and Merchant and or Agent HTTP Server(s) 310 and User Computerized Device(s) 306 each preferably comprising a processing unit, a system memory and a system bus that operatively couples various system components, including the system memory, to the processing unit. There may be only one or there may be more than one processing unit, such that the processor of the
Merchant or Agent Host Computer(s) 311, HTTP Server(s) 310 and User
Computerized Device(s) 306 comprises a single central-processing unit (CPU), or a plurality of processing units, commonly refened to as a parallel processing environment. Merchant or Agent Host Computer(s) 311, HTTP Server(s) 310 and
User Computerized Device(s) 306 each may be a conventional computer, a distributed computer, or any other type of computer; the invention is not so limited. Such a computer typically includes one or more processing units as its processor, and a computer-readable medium such as a memory. The computer may also include a communications device such as a network adapter or a modem, so that it is able to communicatively couple to other computers. Note also that according to some embodiments some or all of the functions represented by HTTP Server(s) 310 are able be performed within the system collectively refened to as Merchant or Agent Host Computer(s) 311.
Preferably, the system bus may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory may also be refened to as simply the memory, and includes read only memory (ROM) and random access memory (RAM). A basic input/output system (BIOS) containing the basic routines that helps to transfer information between elements within Merchant or Agent Host Computer(s) 311 and User Computerized Device(s) 306, such as during start-up, is stored in ROM. Merchant or Agent Host Computer(s) 311 and User Computerized Device(s) 306 further includes a hard disk drive for reading from and writing to a hard disk, a magnetic disk drive for reading from or writing to a removable magnetic disk, and an optical disk drive for reading from or writing to a removable optical disk such as a CD ROM or other optical media.
Preferably, the hard disk drive, magnetic drive, and optical disk drive are connected to the system bus by a hard disk drive interface, a magnetic disk drive interface, and an optical disk drive interface, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer-readable instructions, data structures, program modules and other data for Merchant or Agent Host Computer(s) 311 and User Computerized Device(s) 306. It should be appreciated by those skilled in the art that any type of computer-readable media that can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, RAMs, ROMs, and the like, may be used in the prefened operating environment.
Preferably, a number of program modules may be stored on the hard disk, magnetic disk, optical disk, ROM, or RAM, including the operating system, one or more application programs, other program modules and program data. A user may enter commands and information into User Computerized Device(s) 306 through input devices such as a keyboard and pointing device. Other input devices may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit through a serial port interface that is coupled to the system bus, but may be comiected by other interfaces, such as a parallel port, game port, or a universal serial bus (USB). A monitor or other type of display device is also connected to the system bus via an interface, such as a video adapter. In addition to the monitor, computers typically include other peripheral output devices such as speakers and printers.
Preferably, User Computerized Device(s) 306 may operate in a networked environment using logical connections to one or more remote computer(s) collectively described as User Computerized Device(s) 306. These logical connections are achieved by a communication device coupled to or a part of User Computerized Device(s) 306; the invention is not limited to a particular type of communications device. The remote computer(s) may be another computer, a server, a router, a network PC, a client, a peer device or other common network node, and typically includes many or all of the elements described above relative to User Computerized Device(s) 306 and Merchant or Agent Host Computer(s) 311. The logical connections include a local-area network (LAN) and a wide-area network (WAN). Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
Preferably, when used in a LAN-networking environment, User Computerized Device(s) 306 is connected to the local network through a network interface or adapter, which is one type of communications device. When used in a WAN- networking environment, User Computerized Device(s) 306 typically includes a modem, a type of communications device, or any other type of communications device for establishing communications over the wide area network, such as the Internet. The modem, which may be internal or external, is connected to the system bus via the serial port interface. In a networked environment, program modules depicted relative to User Computerized Device(s) 306, or portions thereof, may be stored in the remote memory storage device, one example being Smart Card 307. It is appreciated that the network connections described are one embodiment and other means of and communications devices for establishing a communications link between the computers may be used. Preferably, Merchant or Agent Host Computer(s) 311 comprise an information server and an application/control server in addition to HTTP Server(s) 310. The information server is coupled to User Computerized Device(s) 306 via Wired and/or Wireless Telecommunications Network 303 and Internet 304 using a Real Time Protocol (RTP) link. The information server is coupled to the application/control server via a server information bus. The three described server functions may be implemented in separate physical entities with physical communication links forming their interconnection. Alternatively, various combinations of these functions can be implemented in a single physical server system. HTTP Server(s) 310 is coupled to User Computerized Device(s) 306 via a communication information bus. It should be noted that HTTP Server(s) 310 provides navigation and selection functions in the present implementation of the invention. Furthermore, the application control server provides for VCR control functions via a VCR Control connection.
In addition, within HTTP Server(s) 310 are those custom-written applications able to carry out the various functions of the invention. Also Computerized Device(s) 306 contain those custom-written applications necessary for perform the various functions. Preferably, among these applications is Messaging Application Programming Interface (MAPI) with supporting directories.
Preferably, the information server comprises a CPU(s), ROM, RAM, an I/O adapter, storage devices including disk storage, a communications stack and a communications adapter, each coupled via an information bus. The I/O adapter is coupled to the storage devices including disk storage. The communications adapter is coupled to User Computerized Device(s) 306 via Wired and/or Wireless Telecommunications Network 303 and Internet 304 using an RTP link.
Preferably, User Computerized Device(s) 306 comprises a CPU that is able to authenticate the identity of the boot block and operating system (OS) components that have been loaded into the computer, and to provide quoting and secure storage operations based on this identity.
Preferably, the CPU in User Computerized Device(s) 306 has a processor and also can have a cryptographic accelerator. The CPU is capable of performing cryptographic functions, such as signing, encrypting, decrypting, and authenticating, with or without the accelerator assisting in intensive mathematical computations commonly involved in cryptographic functions.
Preferably, the manufacturer equips the CPU with a pair of public and private keys that is unique to the CPU. For discussion purpose, the CPU's public key is refened to as "Ksub.CPU" and the conesponding private key is refened to as "K.sub.CPU.sup.-l". Other physical implementations may include storing the key on an external device to which the main CPU has privileged access (where the stored secrets are inaccessible to arbitrary application or operating systems code). The private key is never revealed and is used only for the specific purpose of signing stylized statements, such as when responding to challenges from a digital content provider.
Preferably, the manufacturer also issues a signed certificate testifying that it produced the CPU according to a known specification. Generally, the certificate testifies that the manufacturer created the key pair, placed the key pair onto the CPU, and then destroyed its own knowledge of the private key K.sub.CPU.sup.-l . In this way, only the CPU knows the CPU private key K.sub.CPU.sup.-l; the same key is not issued to other CPUs and the manufacturer keeps no record of it. The certificate can in principle be stored on a separate physical device associated with the processor but still logically belongs to the processor with the conesponding key.
Preferably, the manufacturer has a pair of public and private signing keys, Ksub.MFR and K.sub.MFR.sup.-l . The private key K.sub.MFR.sup.-l is known only to the manufacturer, while the public key Ksub.MFR is made available to the public. The manufacturer certificate contains the manufacturer's public key
Ksub.MFR, the CPU's public key Ksub.CPU, and the above testimony. The manufacture signs the certificate using its private signing key, K.sub.MFR.sup.-l, as follows:
Mfr. Certificate = (Ksub.MFR, Certifies-for-Boot, Ksub.CPU), signed by K.sub.MFR.sup.-l cryptographic functions, such as signing, encrypting, decrypting, and authenticating, with or without the accelerator assisting in intensive mathematical computations commonly involved in cryptographic functions.
Preferably, the manufacturer equips the CPU with a pair of public and private keys that is unique to the CPU. For discussion purpose, the CPU's public key is refened to as "K. sub. CPU" and the conesponding private key is refened to as "Ksub.CPU.sup.-l". Other physical implementations may include storing the key on an external device to which the main CPU has privileged access (where the stored secrets are inaccessible to arbitrary application or operating systems code). The private key is never revealed and is used only for the specific purpose of signing stylized statements, such as when responding to challenges from a digital content provider.
Preferably, the manufacturer also issues a signed certificate testifying that it produced the CPU according to a known specification. Generally, the certificate testifies that the manufacturer created the key pair, placed the key pair onto the CPU, and then destroyed its own knowledge of the private key K.sub.CPU.sup.-l . In this way, only the CPU knows the CPU private key Ksub.CPU.sup.-l; the same key is not issued to other CPUs and the manufacturer keeps no record of it. The certificate can in principle be stored on a separate physical device associated with the processor but still logically belongs to the processor with the conesponding key.
Preferably, the manufacturer has a pair of public and private signing keys, Ksub.MFR and Ksub.MFR.sup.-l . The private key K.sub.MFR.sup.-l is known only to the manufacturer, while the public key Ksub.MFR is made available to the public. The manufacturer certificate contains the manufacturer's public key Ksub.MFR, the CPU's public key K.sub.CPU, and the above testimony. The manufacture signs the certificate using its private signing key, K.sub.MFR.sup.-l, as follows:
Mfr. Certificate = (Ksub.MFR, Certifies-for-Boot, Ksub.CPU), signed by K.sub.MFR.sup.-l
16 Preferably, the predicate "certifies-for-boot" is a pledge by the manufacturer that it created the CPU and the CPU key pair according to a known specification. The pledge further states that the CPU can conectly perform authenticated boot procedures. The manufacturer certificate is publicly accessible, yet it cannot be forged without knowledge of the manufacturer's private key Ksub.MFR.sup.-l .
Preferably, the CPU in User Computerized Device(s) 306 has an internal software identity register (SIR), which contains the identity of an authenticated OS or a predetermined false value (e.g. zero) if the CPU determines that the OS cannot be authenticated. The OS is stored in the nonvolatile memory and executed on the CPU. The OS has a block of code that is used that is used to authenticate the OS to the CPU during the boot operation. The boot block uniquely determines the OS, or class of operating systems (e.g. those signed by the same manufacturer). The boot block can also be signed by the OS manufacturer.
Preferably, User Computerized Device(s) 306 comprises a buffer pool and push data receiver. The CPU, ROM, RAM, I/O adapter, communication stack, communications adapter, push data receiver, buffer pool, display adapter, and user interface adapter are coupled to one another via an information bus. The keyboard, trackball, mouse and speaker are coupled to the user interface adapter. Similarly, the display is coupled to the display adapter. The storage devices including disk storage are coupled to the I/O adapter. The push data receiver is coupled to the communication stack via a status signal and a video/status signal. The communications adapter is coupled to Merchant or Agent Host Computer(s) 311 and HTTP Server(s) 310 via Wired and/or Wireless Telecommunications Network 303 and Internet 304 using an RTP link.
It should be noted that the described data processing systems are provided by way of example, and it should be well known to those with skill in the art that additional configurations of these systems may be provided and other data processing systems may be used to implement User Computerized Device(s) 306 of the present invention.
17 One skilled in the art would appreciate that the physical storage of the sets of instructions physically changes the medium upon which it is stored so that the medium carries computer readable information. The change may be electrical, magnetic, chemical or some other physical change. While it is convenient to describe the invention in terms of instructions, symbols, characters, or the like, the reader should remember that all of these in similar terms should be associated with the appropriate physical elements.
Note that the invention describes terms such as comparing, validating, or other terms that could be associated with the human operator. However, for at least a number of operations described herein that form part of the present invention, no action by a human operator is desirable. The operations described are, in large part, machine operation processing electrical signals to generate other electrical signals.
Preferably, for the purpose of the present invention processes performed by the components of Card Issuer or Agent Host Computer(s) 300, Bank Network 312, User Computerized Device(s) 306, Smart Card 307, Merchant or Agent Host Computer(s) 311 and Server(s) 310 incorporate either public/private key pairs, digital signatures using private and secret (symmetric) keys, and/or encryption algorithms, or a combination of these standard cryptographic functions. Preferably, such functions are provided by the CPUs of these devices but can be provided by other well-known cryptographic mechanisms as will be immediately understood by one skilled in the art.
Computerized Device(s) 306 can take various forms (e.g. personal, laptop or notebook computer, personal digital assistant, set-top box, media player and/or recorder, digital telephone, digital photo or video camera, electronic book, etc.) any of which may be enabled with an integrated biosensor or microphone per the additional embodiments outlined above for the creation of a digital signature involving a digital image of a finger or thumbprint or voice scan. Computerized Device(s) 306 runs an operating system capable of supporting multiple applications. Preferably, the operating system is multitasking, allowing simultaneous execution of multiple applications in a graphical user interface (GUI) environment, included among the applications a web browser preferably enabled for use of web services programming
18 languages (e.g. Extensible Markup Language (XML). The operating system includes a key store to securely hold one or more private or secret keys used for encryption, decryption, digital signing, and other cryptographic functions. The key store is a password-protected storage location that grants access upon entry of an appropriate password. The user preferably selects the password as part of the registration process.
Several software components are stored in memory contained within Computerized Device 306 in addition to the browser. They include a registration module and a MAC coding unit as illustrated in FIG. 2. The registration module and MAC coding unit may be supplied to the user during the registration process.
Smart Card 307 preferably incorporates a personal digital signature device in which those processes are housed to meet the various requirements of the invention. U.S. Patent 6,408,388 describes an embodiment of a "Personal date/time device" and is hereby included by reference. Smart Card 307 is able to operate in conjunction with User Computerized Device(s) 306 in carrying out the various functions of the invention. One example of such as a device is a telephone Subscriber Identity Module (SIM). Alternatively, Smart Card 307 can take the form of a computerized device with many of the same functions of Computerized Device(s) 306.
According to some embodiments, Smart Card 307 is able to be carried by a user for the purposes of accessing and securely downloading digital content "in store" from Point of Sale Terminal 308 and/or Host Computer(s) 311.
An additional embodiment provides for Smart Card 307 to be able to operate in conjunction with a bank automated teller machine (ATM) as will be described in greater detail below.
Telephone Transceiver 305 is useful as a means for a user to connect via Wired and/or Wireless Telecommunications Network 304 to IVR 309 and Merchant or Agent Host Computer(s) 311 and IVR 301 and Card Issuer or Agent Host Computer(s) 300 for the purpose of recording and storing a user voice for the creation of a bio-metric digital scan if needed.
19 Telephone Transceiver 305 is also useful as a means for a user to connect via Wired and/or Wireless Telecommunications Network 304 to IVR 309 for the puφose placing an order for digital content by telephone. In this instance, the digital content is preferably forwarded to the user out of band in the form of a CD or DVD embedded with a digital signature as provided for by the present invention. Alternatively, the digital content could be forwarded to the user online.
Telephone Transceiver 305 is also useful as a means for a user to connect via Wired and/or Wireless Telecommunications Network 304 to IVR 309 or alternatively to IVR 301 for the puφose of registering as a participant in conjunction with the present invention.
In accord with one embodiment for transferring streaming audio and video, the present invention is implemented using custom-written applications in the form of software modules operating as needed in conjunction with Card Issuer or Agent Host Computer(s) 300 and Server(s) 302, Computerized Device(s) 306, Smart Card 307, Host Computer(s) 311, and Server(s) 310 including the information server. The custom-written application is issued to users via download or out of band via disk for use with Computerized Device(s) 306 and Smart Card 307 or alternatively it can be packaged as part of an operating system or other product. If needed an upgrade is capable of being similarly issued to users for the puφose of making the browser operating in conjunction with Computerized Device(s) 306 web-services language enabled.
U.S. Patent 6,000,832 describes three distinct phases suitable for the present invention; a registration phase, a transaction phase, and a payment-authorization phase. In addition, the described embodiment of the present invention includes a transfer phase, and a signing phase.
The registration phase and payment-authorization phase of the present invention follow closely with the methodology and steps outlined in U.S. Patent 6,000,832, the teachings of which are incoφorated herein by reference in their entirety.
20 According to one embodiment involving a web-based transaction, during the transaction phase the user invokes the browser to surf the Web for a product (e.g. movie, song, etc.) where preferably Server(s) 310 requires pre-authentication as part of a network of computers supported by the Kerberos authentication system. Upon connecting to Server(s) 310 the user (client) is preferably redirected to a server within Server(s) 310 that is operating in association with the Key Distribution Center (KDC).
Continuing with one embodiment, the KDC sends an enor message in response to the Authentication Server (AS) request received from the client. The enor message tells the client that pre-authentication is required. The enor message also preferably contains information signaling to the client that the KDC is also able to support the enhanced authentication protocol provided for by the present invention.
Preferably, included with the enor message is a request for a user digital certificate. Alternatively, a request might be for a credit card number or some other identity information (e.g. telephone number) or shared secret available to the AS. Preferably, the user selects the digital certificate of the credit or debit card they wish to use. The digital certificate, with the credit or debit card number as one of its attributes, is preferably encrypted with the user's private key. The certificate is transfened to the KDC, which then redirects the certificate to Bank Network 112 (or alternatively another authorization network such as telecommunications) with any required merchant or merchant agent information (e.g. realm, KDC, principal, service type, etc.). Preferably, the Bank Network 112 uses the available information to locate the user private key associated with the account and decrypt the certificate wherein the card number (or other identifier) is submitted for pre-authorization as a matter of securing the various protections and privileges offered by the credit card industry (or other industry).
According to one embodiment, if pre-authorization is unsuccessful, then the transaction is terminated and the appropriate messages returned to the content provider or agent and the user. If pre-authorization is successful, the card issuer or agent preferably generates a trusted date stamp and time stamp, updates attribute information as required (e.g. credit limit) in order to have the certificate fulfill the requirements of a Ticket Granting Ticket (TGT) for the KDC, signs the certificate
21 with its own private key from a private/public key pair, encrypts the certificate with the user's private key, returns the certificate to the KDC which redirects the certificate back to the user where the certificate is decrypted. Preferably, receipt of the signed certificate by Computerized Device(s) 306 results in retrieval of the bank's public key from storage in order to authenticate the date stamp and time stamp.
Continuing with one embodiment, consistent with standard Kerberos practices the TGT returned by the AS can then be used to request individual service tickets from the Ticket Granting Server (TGS). In transacting the ticket request, preferably the TGS authenticates the TGT with the bank public key. Upon successful authentication, some or all of the user credit card number is used as the user password, which is combined with the realm name to form a TIN useful as a user principal. The TIN is then preferably hashed to form the user's associated encryption key. The user principal and associated encryption key are then stored to database in conjunction with date and/or time. One alternative embodiment provides for a date and/or time to be combined as a "salt" and hashed along with the username and realm in forming the encryption key.
The date and/or time associated with the record of the user principal or encryption key can be derived in numerous ways; including time of authorization, time of ticket request, time of transaction, etc. The present invention is not to be limited by how date and/or time is derived or defined.
According to one embodiment, the date and time stored to database can be reflective of the starting time for "pay per view" or "pay for use" charges in conjunction with a user's consumption of a particular product or service. Preferably, once a user has curtailed consumption the charges would cease and the total cost calculated and charged to the credit card that had been pre-authorized.
Alternative embodiments for similar application of "pay per view" or "pay for use" consumption of products and services include:
a Digital Television where viewers would have the option of selecting options such as a special news ticker tailored to their interests, premium-priced camera angles
22 during a sporting event or other program, or perhaps choosing to either receive information about or even purchase "on the spot" products such as clothing worn by stars during programs.
■ Voice-over-Internet-Protocol communications where callers would have the option of selecting a premium call service such as video link through Instant Messaging.
■ Online publishing where consumers would have the option of selecting premium story coverage, photographs, and video/audio reports at added costs above the regular subscription price.
a Online gaming where players would have the option of selecting premium game options and other frills above the regular price or rate. An example would be the game "Enter the Matrix" where players could choose additional special effects or music at the start of the game or new sequences or enhanced instant messaging tips during actual game play.
According to an additional embodiment, digital signatures are formed in response to a particular time or elapsed period of time (e.g. one every second beginning with the time marked by successful pre-authorization). The rate charged for access to the web site (e.g. per minute rate) can be constant or fluctuate during a user visit depending on the pricing structure established by the digital content or service provider which can be dependent on such variables as the type of digital content or service accessed, the governmental region having jurisdiction based on the location of either the web site or the computer system(s) in which the digital signature process is performed, the relative financial status of the user in relation to other users (e.g. net worth comparison), the relative "cost of living" factors impacting the user based on their geographical location in comparison to the geographic location of the web site or the computer system(s) in which the digital signature process is performed, etc. The invention is not to be limited by the number of factors that can be considered in establishing a pricing structure for accessing digital content or services.
23 According to another embodiment, the date and time stored to database can be reflective of a user's most recent initiated business transaction with a particular business or affiliated network where this information could prove useful in facilitating the enforcement of "do not call" or "do not spam" lists. By associating the TIN with personal information of the user (e.g. name, address, telephone number, email address, financial net worth, medical record, etc.) and having the TIN function as a key within a relational database, the TIN is able to operate as a key for permitting the transfer of push media messages (e.g. target email, instant messaging, telemarketing phone calls) from merchants (e.g. digital content providers) to users. By comparing the date and time of record to the cunent date and time, it is possible to calculate the length of time that has elapsed since the last user initiated business transaction. If the length of time that has elapsed exceeds the length of time allowed, the TIN could be flagged or deleted thus prohibiting future marketing messages from being delivered by removing the ability to use the TIN as an access code or bridge to a user's home address, phone number, email address, or any other personal information. Preferably, once the TIN is stored to database any future user initiated transactions in conjunction with a business or affiliated network would establish a new date and time baseline.
Continuing with one embodiment, the user obtains information about a title of a desired video from Host Computers) 311 and Server(s) 310 for display at Computerized Device(s) 306 via the web browser. Preferably, the wizard software automatically collects the transaction-specific data behind the scenes. Preferably, the custom-written application retrieves a secret key from a secure key store that is inaccessible to the user. This is a second key in addition to the session key shared with the Merchant or Agent Host Computer(s) 311 and Server(s) 310. The custom application calls the MAC coding unit operating in conjunction with Computerized Device(s) 306 and inputs the secret key, the transaction-specific data that preferably includes the trusted date and time, and any user-specific data. The input parameters are entered to the MAC coding unit, which then computes a MAC or code number as a function of the secret key, the transaction-specific data, and the user-specific data. Preferably, the coding unit derives a code number according to a cryptographic hashing function of the symmetric key and various input parameters.
24 Computerized Device(s) 306 embeds the code number in the available places in the TIN reserved for the code number. The process creates a TIN with an embedded code number or MAC that is specific to the electronic commerce transaction. Preferably, the media player operating on Computerized Device(s) 306 embeds the TIN in the audio/video stream as it plays effectively binding the identity of the user to the digital content. U.S. Patent Application 20020138736 by Morin describes a tamper-proof means in which the incoφoration of the digital signature could be accomplished during the transfer process without negatively impacting the quality of the digital content and is hereby included by reference.
An alternative embodiment to the above described with respect to Kerberos is that involving a group viewing or multicast such as for a "live" event broadcast over the Internet. U.S. Patent 6,038,322 entitled "Group key distribution" provides for a method for distributing a secret key from a key holder to intended group members and is hereby included by reference.
FIG. 4 illustrates an embodiment of that aspect of the invention involved with digitally signing various data types such as a DOI 401, other DOI(s) 401, URL(s) 402 and other data (e.g. metadata) and services (e.g. email) and dynamic mechanisms (e.g. java applet) 403, as part of the process of resolving a DOI through use of the "Handle System" either through direct input from the user or through the use of agent software.
Note that the invention is not limited by use of the Handle System as other embodiments for selecting digital content and services are likely to be obvious to those skilled in the art.
FIG. 5 is useful in illustrating an embodiment describing the use of the runtime cycle of an application 500 (e.g. movie, song, video game, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures. Runtime Cycle 501 reaches a point of completion represented as a single clockwise rotation. Digital Signature 502 is applied to the DOIs and other pertinent metadata including any available statistics regarding application operation.
25 Alternative embodiments provide for the Digital Signature 502 to also be applied at other points such as the start of an application runtime cycle.
FIG. 5 A is useful in illustrating an embodiment of the invention involving the use of a runtime cycle of a microprocessor as a measure for signaling the start of a process involving the creation and application of digital signatures. System Clock 503 is preferably a derived system clock. Runtime Cycle 504 reaches a point of completion represented as a single clockwise rotation. Digital Signature 502 is applied.
Alternative embodiments provide for the Digital Signature 502 to also be applied at other points such as the start of a cycle.
Preferably, System Clock 503 operates at a cycle time less than the main clock system. It is envisioned that alternative embodiments could provide for System Clock 503 to be a Main System Clock.
FIG. 5B is useful in illustrating an embodiment of the invention involving the use of a runtime cycle of a clock 505 as a measure for signaling the start of a process involving the creation and application of digital signatures. Runtime Cycle 506 reaches a point of completion represented as a single clockwise rotation. At the point the cycle is complete (a particular time or elapsed period of time), Digital Signature 500 is applied.
Alternative embodiments provide for the Digital Signature 500 to also be applied at other points such as the start of a cycle.
FIG. 6 illustrates steps involved with one embodiment of a method for using the runtime cycle of an application (e.g. movie, song, video game, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures. The steps comprise: initialization of the application; runtime activation (e.g. movie playback); data (e.g. metadata) update; runtime deactivation (e.g. stop, pause, game completion, etc.); software module invocation; generation and
26 66109
application of the user digital signature (preferably to the metadata operating in conjunction with the digital content).
FIG. 6A illustrates steps involved with one embodiment of a method for using clock signal activation for signaling the start of a process involving the creation and application of digital signatures. The steps comprise: a derived system clock cycle is completed; a clock signal is used to signal the software module; a clock signal is used to trigger the transfer of data; a digital signature is generated; a digital signature is applied.
FIG. 7 illustrates steps involved with one embodiment of a method for verifying the identity of the "user of record" for signed digital content suspected of being used, copied or shared in violation of the license agreement.
The steps comprise: a piece of suspicious digital content is confiscated; the transaction number identifier operating in conjunction with Digital Content Provider or Agent Host Computer(s) 311 identifies an embedded digital signature and transfers the identified digital signature to the account manager operating in conjunction with Host Computer(s) 311 ; the account manager preferably utilizes the Digital Content Provider/Agent ID and User ID portions to identify a user account; if a record is located, the secret key, the user specific and transaction specific information is retrieved; the account manager submits the key and the information to the MAC coding and comparator unit and computes a MAC which is compared to the MAC extracted from the digital signature. If the two MACs match, the Digital Content Provider and/or Agent has a degree of certainty the suspicious digital content originated with the "user of record."
If no record of a user account is located in the above process, the digital signature is deemed invalid.
FIG. 8 illustrates one embodiment of a user principal with date and/or time stamp. The principal shown includes an identifier portion comprising a user TIN and a date stamp and time stamp portion. The principal is able to used as an access code
27 or bridge by merchants for delivering push media messages to users following electronic commerce transactions.
Following is described an alternative embodiment of the invention providing for the creation and processing of user digital signatures to function as a digital "hall pass" for facilitating secure user access to web sites and the secure download of digital content such as Musical Instrument Digital Interface (MIDI) files.
U.S. Patent 5,315,057 provides for a method and apparatus for dynamically composing music and sound effects using a computer entertainment system and the teachings of which are incoφorated included herein by reference in their entirety. The inventors describe how custom messages are able to be embedded within standard MIDI data.
An example involving the transfer of MIDI files is the popular practice downloading ring tones to digital telephones. In this aspect of the invention, the TIN is preferably able to function as a digital "hall pass" for granting secure access to a web site and also as a means for facilitating billing and securing downloaded digital content.
According to one embodiment involving a web-based transaction, a user invokes automatic connection to a web site or affiliated network of web sites by engaging a CD-ROM enabled with the custom-written application for facilitating the functions of the invention in association with User Computerized Device(s) 306. Another alternative embodiment is for the user to invoke automatic connection to a web site or affiliated network of web sites by clicking on a response hyperlinks contained in an email. Another alternative embodiment is for the user to initiate a search by inputting the name, URL, or other information associated with the web site or affiliated network of web sites into a search engine.
According to one embodiment, invoking automatic connection to a web site or an affiliated network using the enabled CD-ROM for example preferably begins with the transfer of written instructions to User Computerized Device 306 and a wizard being invoked to guide the user through the steps of using the services provided
28 through the CD-ROM. A dialog box opens up on screen and requests entry of the user's password preferably established during the registration phase. The user types in the password. The operating system checks the password prior to allowing access to the key store. If the password is approved, a process is initiated in which the web browser stored on Computerized Device(s) 306 is invoked. Alternatively, this step is bypassed if the browser is detected to already be in operation. In addition, a browser plug-in residing on the CD-ROM is invoked for operation in association with the web browser. The browser plug-in preferably limits the IP addresses able to be accessed by web browser to those of the prefened web site or affiliated network of web sites similar to a list of "favorites" commonly featured in Internet Explorer and other consumer web browsers.
Continuing with one embodiment, the web browser is preferably connected to the IP address of a selected password-protected site. Upon connection to the site, Host Computer(s) 311 responds with a request for a user digital certificate. Preferably, the user is able to select the digital certificate of the credit or debit card they wish to use just as with the steps detailed above for the transaction phase involving downloaded digital content. The transaction-specific data used in forming the MAC preferably includes the DOI(s) of the selected ring tones. The process creates a TIN that effectively binds the identity of the user to the digital content being downloaded. The embedding of digital signatures within MIDI files is a valuable service in light of the popularity with which consumers use infrared beaming as a means of executing a simple exchange of data between phones such as phone numbers.
An alternative embodiment provides that transfer of signed digital content is limited to a single transaction whereby playback of the digital content by secondary users is restricted to a specific period of time or limited number of playbacks based upon the agreed to licensing rights updated and signed as part of the transfer process.
Should a secondary user elect to pay for a ring tone for example, the transaction phase involving such a secondary transaction would involve the initiation of a transaction resulting in a credit being applied to the first user's account held at
29 ring tone provider web site (e.g. money payment, points, frequent flyer miles, credit to future digital content purchase, etc.).
Note that subsequent to the initial secondary transactions, future transactions may also involve similar steps as those outlined above in which Users 2, 3, 4, etc. are able to fulfill the role of User 1 (i.e. first party) and initiate the process of super distribution with one or more additional users (second parties). In instances where a single copy of downloaded digital content is transfened two or more times, it may be that during future transactions requiring electronic payment more than one of the previous first parties as evidenced by the presence of multiple user digital signatures are able to initiate transactions in which each of the previous first parties are awarded a credit based upon the established rules and regulations of the super distribution network.
A further enabling of the authorization phase is made possible by an additional embodiment of the invention involving the BIN illustrated in FIG. 1. It is a practice by many card issuers to assign specific BINs to specific types of card products. In doing so, the BINs can also be made to function as a signal for the application of different interchange rates. Here is described an embodiment whereby special BIN(s) can be assigned as part of the transaction phase to signal the application of a special fee (e.g. interchange rate) in response to a transaction initiated for the puφose of using a digital signature process for enhancing the security of a transaction involving the transfer of digital content. Note, that in the case of the user digital signature being applied during a transaction not requiring electronic payment, a specific BIN can be employed to signal that no fee is to be applied to the transaction.
Following are additional embodiments involving the use of a TIN capable of operating as both a proxy account number and digital signature.
Postage, Cunency & Coupons
One embodiment for a TIN useful as a postage, cunency, or coupon identifier comprises a random and/or variable identifier portion and a date and/or time stamp portion. Additional embodiments comprise those described in conjunction with FIG.
30 1 above including the use of a MAC in combination with a date stamp and time stamp. The invention is not limited by the illustration shown in FIG. 1. Other useful embodiments are possible depending on the governing policies of a postal service for example. The invention is also not limited by the number of fields shown for any one component or by the order in which the components are shown. In addition, the values for each of the components are also not necessarily limited to the use of numbers but might also comprise alphanumeric characters and/or characters from an extended character set.
The random and/or variable identifier provides an efficient means for meeting the vast demand for TINs created by the implementation of a TIN-enabled stamp program. The characters used in forming a random and/or variable identifier can be assigned by various means including random selection from a pool of available numbers or preferably sequential assignment using increasing incremental numbers (e.g. 1,2,3, etc.). The date and/or time stamp preferably provides a means of identifying the date and/or time that a stamp is issued or printed. This limitation would prove useful by allowing investigators to limit the parameters of their search to only those stamp purchases taking place on or after that date. Identifying time would also prove useful in pinpointing the time of sale of a TIN issued through a postage label machine in which the machine may be under surveillance using a security camera for the puφoses of identifying various buyers of record. In this instance, incoφoration of time stamp in accordance would prove especially useful if seconds or even milliseconds were used in addition to minutes and hours.
U.S. Patents 6,398,106 and 6,415,983 entitled "Unique identifier bar code on stamps and apparatus and method for monitoring stamp usage with identifier bars" and "Unique identifier bar code on stamps and apparatus and method for monitoring stamp usage with identifier bar codes" are incoφorated herein by reference in their entirety.
FIG. 9 shows an embodiment of a postage stamp with an encoded TIN. The illustration is of a TIN encoded with 2-Dimensional matrix code, a readily available technology. Other forms of encoding (e.g. encrypted bar codes) could be used however 2-D matrix code is prefened due to its ability to communicate vast amounts
31 of data in very small areas. 2-D Matrix Code also provides the means to present data in a redundant format allowing a high probability of a Stamp TIN being accurately scanned and identified in the event that a portion of a particular TIN enabled stamp is damaged or lost.
FIG. 10 shows one embodiment of a Package Identification Number with a Range Identifier useful for identifying individual TIN-enabled stamps contained within a specific package (e.g. book of stamps). The Range Identifier provides an efficient means for the Package Identification Number to function as an item or merchandise number capable of identifying the individual TINs from the individual stamps sold as part of the package during purchase transactions. Here, the example is of a package of 20 stamps with random and/or variable identifiers ranging in sequence from "999980" to "999999." Also shown as part of the prefened embodiment is a date stamp showing December 20, 2001 as being the issuance or printing date of the stamps identified by the Range Identifier. The incoφoration of the date is useful in specifically identifying stored records of TINs as explained below.
FIG. 11 shows a prefened embodiment of a package of TIN-enabled stamps with an encoded Package Identification Number capable of being electronically scanned and the discernable encoded number stored as an item or merchandise number. Here, the example is of a regular bar code however other forms such as 2-D matrix Code present suitable or superior alternatives although likely requiring reprogramming of equipment at the point of sale.
FIG. 12 illustrates an embodiment of those components of a system useful in facilitating the electronic inteφretation of information specific to dispensed cunency notes during an ATM transaction. Shown is Financial Institution (FI) or Agent Host Computer(s) 1200 connected to ATM 1203 via Telecommunications Network 1201 and possibly also Internet 1202 in the event that ATM 1203 is a web-enabled ATM. In addition, FI or Agent Host Computer(s) 1200 connects to Card Issuer Host Computer(s) 1204 preferably through a private line connection.
ATM 1203 contains those input and output devices necessary for both conventional ATM operation and operation of the invention. Preferably, the input
32 devices include a keypad or touch screen, card reader, an electronic eye that counts each cunency note as it is dispensed, a sensor that evaluates the thickness of each cunency note, a reject bin to which cunency to which two notes stuck together are diverted instead of being dispensed, an electronic scanner (e.g. infrared scanner) capable of inteφreting 2-dimensional dot matrix code or alternatively bar code, and a digital security camera.
The output devices preferably include a speaker, a display screen, a receipt printer, a means by which digital images recorded by the digital security camera are able to be transmitted from the location of ATM 1203 to a location preferably housing FI or Agent Host Computer(s) 1200, an electronic journal and associated software application necessary for uploading the electronic journal, and a cash dispenser. Also contained within ATM 1203 is that memory necessary for the storing of information either gathered through the input devices or dispensed through the output devices.
One embodiment provides for an additional output device to include a digital video recorder preferably stationed at the location housing FI or Agent Host Comρuter(s) 1200.
In addition to those components specified above, one embodiment provides for the cash dispenser to be supplied with cunency notes enabled with an encoded TIN in the form of a 2-Dimensional dot matrix code or alternatively in the form of a bar code. The encoded TIN is preferably printed within the design of the note but alternatively may be embedded within the note similar to security threads or holograms cunently in use. A further embodiment provides a means for the TIN is able to be more readily detected through the reception of a delay signal from a signal delay device embedded within the note.
According to one embodiment, the TIN contains an identifier specific to the note but alternatively may contain additional information such as denomination or date and/or time of printing or issuance.
FIG. 13 illustrates an embodiment of a method useful in facilitating the electronic inteφretation of information specific to dispensed cunency notes during an
33 1 above including the use of a MAC in combination with a date stamp and time stamp. The invention is not limited by the illustration shown in FIG. 1. Other useful embodiments are possible depending on the governing policies of a postal service for example. The invention is also not limited by the number of fields shown for any one component or by the order in which the components are shown. In addition, the values for each of the components are also not necessarily limited to the use of numbers but might also comprise alphanumeric characters and/or characters from an extended character set.
The random and/or variable identifier provides an efficient means for meeting the vast demand for TINs created by the implementation of a TIN-enabled stamp program. The characters used in forming a random and/or variable identifier can be assigned by various means including random selection from a pool of available numbers or preferably sequential assignment using increasing incremental numbers (e.g. 1,2,3, etc.). The date and/or time stamp preferably provides a means of identifying the date and/or time that a stamp is issued or printed. This limitation would prove useful by allowing investigators to limit the parameters of their search to only those stamp purchases taking place on or after that date. Identifying time would also prove useful in pinpointing the time of sale of a TIN issued through a postage label machine in which the machine may be under surveillance using a security camera for the puφoses of identifying various buyers of record. In this instance, incoφoration of time stamp in accordance would prove especially useful if seconds or even milliseconds were used in addition to minutes and hours.
U.S. Patents 6,398,106 and 6,415,983 entitled "Unique identifier bar code on stamps and apparatus and method for monitoring stamp usage with identifier bars" and "Unique identifier bar code on stamps and apparatus and method for monitoring stamp usage with identifier bar codes" are incoφorated herein by reference in their entirety.
FIG. 9 shows an embodiment of a postage stamp with an encoded TIN. The illustration is of a TIN encoded with 2-Dimensional matrix code, a readily available technology. Other forms of encoding (e.g. encrypted bar codes) could be used however 2-D matrix code is prefened due to its ability to communicate vast amounts
31 ATM transaction. The illustrated embodiment uses as an example steps by which a receiver of record submits a credit, debit, or ATM card to a card reader contained as part of ATM 1203 so as to allow the account information specific to the issued card to be captured and temporarily stored, the capture of account information signals the security camera which begins transmitting visual images of the receiver of record to the digital video recorder stationed preferably at the same location of FI or Agent Host Computer(s) 1200, the digital images are received by the digital video recorder and stored in conjunction with transaction specific information (e.g. ATM identification number, date and time, etc.) so as to allow a connection to be made in the future between the personal information contained in the specific journal information and the stored visual image of the receiver of record identified by that information, a receiver of record signals a request to withdraw cash using the keypad, a receiver of record enters an established Personal Identification Number (PIN) for transmission along with other transaction information via Telecommunications Network 1201 and possibly Internet 1202 to FI or Agent Host Computer(s) 1200 and ultimately to Card Issuer Host Computer(s) 1204, the Card Issuer Host Computer(s) verifies the PIN and initiates an electronic funds transfer from the receiver of record's account (e.g. checking or savings account), the Card Issuer Host Computer(s) sends an approval code back through FI or Agent Host Computer(s) 1200 and via Telecommunications Network 1201 and possibly Internet 1202 to ATM 1203 authorizing the dispensing of cash from the cash dispenser, an electionic scanner preferably located in the cash dispenser scans the TIN of each cunency note as it exits the cash dispenser, the scanned TINs are recorded to the journal (e.g. printed using the journal printer) along with other transaction information including the personal identification of a receiver of record gathered during the transaction (e.g. card account number).
Important to note is the process in which the digital video recorder enters the received digital images into a record identified by information specific to the transaction (e.g. machine identification number, date and time, etc.). Note that as a matter of process some other identifier might be substituted for a receiver of record's actual account number as a means of enhancing the privacy protection of the invention.
34 FIG. 12 also illustrates an embodiment of those components of a system useful in facilitating the recording of information specific to dispensed postage stamps or cunency notes in conjunction with personal information of the receiver of record to a Central Circulation Database 1205. In addition to those components previously highlighted, Central Circulation Database 1205 is connected to FI and/or Agent Host Computer(s) 1200 preferably via telecommunications network 1201 or possibly also through Internet 1202. Alternatively, a private line connection is possible.
In addition, there are preferably present those software applications enabling the creation of an electronic journal in ATM 1203 and the uploading of the electronic journal to FI or Agent Host Computer(s) 1200. Also present are those applications necessary for enabling the transfer of specific journal information from a local database accessible through FI or Agent Host Computer(s) 1200 to Central Circulation Database(s) 1205.
FIG. 14 illustrates an embodiment of a method useful in recording to a central circulation database that information specific to dispensed postage or cunency notes in conjunction with personal information of the receiver of record. Shown as an example are those steps in which individual ATM journals are uploaded to FI or Agent Host Computer(s) 1200 via Telecommunications Network 1201 and possibly also Internet 1202, the journals are recorded to a local database accessible through FI or Agent Host Computer(s) 1200, specific journal information is transmitted to Central Circulation Database(s) 1205 via Telecommunications Network 1201 and possibly also Internet 1202 (note a private line connection is possible), a search is initiated for record of a matching TIN contained Central Database(s) 1205, and in the event a matching TIN is located the Central Circulation Database(s) record is updated with new specific journal information (e.g. Receiver's card account number).
One embodiment provides that in the event a matching TIN is not located, a new record is created in Central Database(s) 1205 and specific journal information (e.g. Receiver's card account number) is stored to Central Database(s) 1205 and flagged.
35 FIG. 15 illustrates an embodiment of a record in the Central Circulation Database in which the buyer personal information is stored in conjunction with additional records generated during the processing of deliverable items.
FIG. 16 illustrates an embodiment of a method useful in searching a database of records containing records of information specific to dispensed cunency notes stored in conjunction with personal information of the receiver of record. Shown as an example are those steps including the identification of a TIN for a specific cunency note, the initiation of a search of the Central Database(s) 1205 using the TIN as search criteria, in the event a TIN is located the identification of the personal information of a Receiver of record stored in conjunction with the TIN, the initiation of a search for the identify of the receiver of record using the personal information as search criteria, and the identification of the receiver of record.
In the event a matching TIN is not located in Central Database(s) 1205 the search is terminated, and additional searches initiated involving alternative databases [e.g. databases accessible through FI or Agent Host Computer(s).]
In addition to the described embodiments focusing on ATM transactions, the invention is also useful for over-the-counter purchases of stamps or other transactions where a financial account number such as credit or debit card is used in conjunction with date and time as a means of making record of the transaction including any visual record in combination with a security camera.
In addition to the described embodiments involving TIN-enabled stamps or cunency, the invention also provides the means for use of the invention in conjunction with dispensing of TIN-enabled enabled coupons.
Another additional embodiment involves use of the invention in conjunction with encoded tracking labels. An example being the labels cunently employed as part of stepped up security checks at aiφort ticket counters.
FIG. 17 illustrates an embodiment of those steps involved with the method of processing passengers during ticketing. The embodiment illustrated in FIG. 17 shows
36 the steps of an airline ticket counter worker locating a passenger account file; gathering additional personal information from the passenger including such items as photo ID check and number (e.g. drivers license number); additional passenger information such baggage information; submitting of credit, debit card or other financial account information along with personal information for electronic verification by the bank; if verification unsuccessful, the transaction is terminated; if verification successful, the passenger information and other transaction specific information is used to update passenger airline account file.
Important to note is the information stored in association with the passenger account file including verified information from the transaction (e.g. credit or debit card account number, date and time, etc.)
An alternative embodiment provides for the use of a non-digital camera in conjunction with ATM 103. In this case, each photo taken of a receiver of record would be identified in a way that would connect it to information specific to the transaction (e.g. machine identification number, date and time, etc.) However, this is seen as less desirable than a digital camera for reasons including the enhanced ability of a digital camera to efficiently provide for the incoφoration of facial recognition technology and to produce a digital image of a receiver or record's face that is able to be recorded as part of a an ATM's journal records in conjunction with the other personal information of a receiver and other transaction information.
Another alternative embodiment provides for the use of a journal printer. However, this is seen as less desirable than an electronic journal for reasons including the enhanced ability of an electronic journal to efficiently provide for the creation of a digital record able to be uploaded to FI or Agent Host Computer(s) 100 thus avoiding the need to physically retrieve printed journal records from individual ATM locations and possibly require having those entered manually into digital record for transmission to Central Circulation Database(s) 1205.
Another alternative embodiment provides for the incoφoration of a device within ATM 1203 that is capable of capturing biometric information submitted by the receiver (e.g. fingeφrint, iris scan, voiceprint, etc.) and using such identifying
37 information in conjunction with a card account number and PIN or possibly as a substitute for one or both.
Another alternative embodiment provides for the digital security camera to generate a digital video signal which it then compresses (e.g. using Wavelet technology) and transmits on the ATM network via Telecommunications Network 1201 and also possibly Internet 1202. Additional embodiments provide for the simultaneous transmission of a full-motion picture for display on a monitor and a reduced frame rate picture for recording by a digital video recorder. Parameters such as white balance and exposure can be adjusted remotely, by commands issued across the ATM network via Telecommunications Network 1201 and also possibly Internet 1202.
Another alternative embodiment provides for audio from an internal microphone or an external source to be digitized and transmitted on the ATM network via Telecommunications Network 1201 and also possibly Internet 1202.
Another embodiment provides for control of the digital security camera to be provided through a telemetry receiver (e.g. Destiny telemetry receiver) plugged directly into a connector on the back panel of the camera allowing devices such as a keyboard (e.g. Destiny keyboard) to control pan, tilt, zoom and focus over the ATM network.
In addition, alternative embodiments provide the means by which the invention is able to function in conjunction with cunency, stamps and coupons and other transactions involving the use of computerized devices that are not an ATM (e.g. kiosk, personal computer, personal digital assistant).
In another alternative embodiment of the present invention for digital signatures, the TIN can be distributed for application in a web services environment from which the TIN may be extracted, inteφreted and processed as part of an enhanced digital signature process comprising detached, enveloped, or enveloping signatures. An example of one application where this could prove valuable is the downloading of digital sheet music from web sites.
38 Although the invention has been described in detail, it is to be understood that variations therein and modifications thereto may be made by those skilled in the art without departing from the spirit and scope of the invention. The invention is not limited by the terminology used to describe the invention or various embodiments herein.
Incorporation by Reference
All patents, published patent applications and other references disclosed herein are hereby expressly incoφorated by reference in their entireties by reference.
39

Claims

CLAIMSWhat I Claim Is:
1. A method for facilitating online commerce, comprising the steps of: issuing an electronic commerce card to a customer during a registration phase, the commerce card having a customer account number and a customer-related secret associated therewith; generating at the customer, during an online commerce transaction phase, a proxy number suitable for the online commerce tiansaction; and wherein the proxy number being generated resembles the customer account number; and in which embedded therein is a code number derived at least in part on the customer-related secret and an associated date and time stamp.
40
PCT/US2004/000685 2003-01-16 2004-01-12 Secure system for digital signatures and methods for use thereof WO2004066109A2 (en)

Applications Claiming Priority (12)

Application Number Priority Date Filing Date Title
US44244503P 2003-01-16 2003-01-16
US60/442,445 2003-01-16
US44098903P 2003-01-19 2003-01-19
US60/440,989 2003-01-19
US44152903P 2003-01-21 2003-01-21
US60/441,529 2003-01-21
US44244403P 2003-01-25 2003-01-25
US60/442,444 2003-01-25
US47898503P 2003-06-14 2003-06-14
US60/478,985 2003-06-14
US50491303P 2003-09-22 2003-09-22
US60/504,913 2003-09-22

Publications (2)

Publication Number Publication Date
WO2004066109A2 true WO2004066109A2 (en) 2004-08-05
WO2004066109A3 WO2004066109A3 (en) 2004-10-21

Family

ID=32777368

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/000685 WO2004066109A2 (en) 2003-01-16 2004-01-12 Secure system for digital signatures and methods for use thereof

Country Status (1)

Country Link
WO (1) WO2004066109A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220309503A1 (en) * 2021-03-26 2022-09-29 Hypernet Labs, Inc. Secure and seamless integration of trustless blockchain merchant connector

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991411A (en) * 1996-10-08 1999-11-23 International Business Machines Corporation Method and means for limiting adverse use of counterfeit credit cards, access badges, electronic accounts or the like
US6000832A (en) * 1997-09-24 1999-12-14 Microsoft Corporation Electronic online commerce card with customer generated transaction proxy number for online transactions
US6047268A (en) * 1997-11-04 2000-04-04 A.T.&T. Corporation Method and apparatus for billing for transactions conducted over the internet
US6070154A (en) * 1998-11-27 2000-05-30 Activepoint Ltd. Internet credit card security
US6299062B1 (en) * 1998-08-18 2001-10-09 Electronics And Telecommunications Research Institute Electronic cash system based on a blind certificate

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991411A (en) * 1996-10-08 1999-11-23 International Business Machines Corporation Method and means for limiting adverse use of counterfeit credit cards, access badges, electronic accounts or the like
US6000832A (en) * 1997-09-24 1999-12-14 Microsoft Corporation Electronic online commerce card with customer generated transaction proxy number for online transactions
US6047268A (en) * 1997-11-04 2000-04-04 A.T.&T. Corporation Method and apparatus for billing for transactions conducted over the internet
US6299062B1 (en) * 1998-08-18 2001-10-09 Electronics And Telecommunications Research Institute Electronic cash system based on a blind certificate
US6070154A (en) * 1998-11-27 2000-05-30 Activepoint Ltd. Internet credit card security

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220309503A1 (en) * 2021-03-26 2022-09-29 Hypernet Labs, Inc. Secure and seamless integration of trustless blockchain merchant connector

Also Published As

Publication number Publication date
WO2004066109A3 (en) 2004-10-21

Similar Documents

Publication Publication Date Title
US10565567B2 (en) System for handling network transactions
US7366702B2 (en) System and method for secure network purchasing
US5850442A (en) Secure world wide electronic commerce over an open network
TW548564B (en) Methods and apparatus for conducting electronic commerce
JP5638046B2 (en) Method and system for authorizing purchases made on a computer network
US7003501B2 (en) Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
US5956699A (en) System for secured credit card transactions on the internet
US7188110B1 (en) Secure and convenient method and apparatus for storing and transmitting telephony-based data
US20030046237A1 (en) Method and system for enabling the issuance of biometrically secured online credit or other online payment transactions without tokens
US20060190412A1 (en) Method and system for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
US20020184500A1 (en) System and method for secure entry and authentication of consumer-centric information
AU776493B2 (en) A system and method for secure network purchasing
JP2010086552A (en) Tokenless identification system for authorization of electronic transaction and electronic transmission
JP2004511028A (en) Method and system for securely collecting, storing and transmitting information
WO2002019282A9 (en) System and method for online atm transaction with digital certificate
WO2001095268A2 (en) System and method for secure authentication of a subscriber of network services
CA3154449C (en) A digital, personal and secure electronic access permission
JP2003186846A (en) Customer registration system
WO2004066109A2 (en) Secure system for digital signatures and methods for use thereof
US20080162158A1 (en) Authentication Services Compensation System
WO2004053720A1 (en) Secure system for creating and processing digital signatures and method for use thereof
CA2381074A1 (en) Secure system for conducting electronic transactions and method for use thereof
JP2001306525A (en) Method and system for authenticating user, user authentication system operating method, authentication sever and enterpriser server
WO2005062215A1 (en) Apparatus for financial account information management and method therefor
KR20050081985A (en) Method of providing internet service and service authentication method suitable for the same

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase