WO2002073476A1 - Procede et appareil pour applications de verification electronique de contrats et d'identites - Google Patents

Procede et appareil pour applications de verification electronique de contrats et d'identites Download PDF

Info

Publication number
WO2002073476A1
WO2002073476A1 PCT/AU2001/000611 AU0100611W WO02073476A1 WO 2002073476 A1 WO2002073476 A1 WO 2002073476A1 AU 0100611 W AU0100611 W AU 0100611W WO 02073476 A1 WO02073476 A1 WO 02073476A1
Authority
WO
WIPO (PCT)
Prior art keywords
end user
vendor
financial institution
identity
public key
Prior art date
Application number
PCT/AU2001/000611
Other languages
English (en)
Inventor
Peter Dodds
Craig Phillips
Original Assignee
Dna Enabled Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dna Enabled Pty Ltd filed Critical Dna Enabled Pty Ltd
Publication of WO2002073476A1 publication Critical patent/WO2002073476A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising

Definitions

  • the present invention relates to a method and apparatus for electronic contract and identity verification applications using electronic networks and, in particular, to a method and apparatus for establishing and verifying cryptographically assisted secure point to point communications over a public data network and/or a private data network between an end user and their computer and a vendor or financial institution computer system or network that is designed to facilitate the secure transfer of information and/or an identity and/or funds between the end user, vendor and/or financial institution.
  • the invention has applications on the internet, over private data networks, within cable television distribution infrastructure, delivery of video on demand, audio on demand, for transmitted data such as digital audio and video files, for use in association with magnetic striped card systems and smart cards and within runtime or executable software applications or programs a smart card which includes the provision of a CD ROM or DVD formatted memory which can contain information which can be read and displayed by the appropriate device.
  • the World Wide Web (“WWW”) is conducive to conducting electronic commerce and transacting the exchange of information between two parties using public and private data networks.
  • a server computer system can provide an electronic version of a catalogue that lists the items that are available.
  • An end user who is a potential purchaser, may browse through a catalogue using a browser and select various items that are to be purchased.
  • the server computer system then prompts the end user for information to complete the ordering of the items.
  • This end user specific order information may include the end user's name, the end user's credit card number, and a delivery address for the order.
  • the server computer system then typically confirms the order by sending a confirming Web page to the client computer system and schedules shipment of the items.
  • the end user specific order information contains sensitive information eg, a credit card number
  • both vendors and purchasers want to ensure the security of such information.
  • Security is a concern because information transmitted over the Internet may pass through various intermediate computer systems on its way to its final destination. The information could be intercepted by an unscrupulous person at an intermediate system.
  • various encryption techniques are used when transmitting such information between a client computer system and a server computer system. Even though such encrypted information can be intercepted, because the information is encrypted, it is generally useless to the interceptor. Nevertheless, there is always a possibility that such sensitive information may be successfully decrypted by the interceptor. Therefore, it would be desirable to remove the opportunity for a third party to view this information and for both the end user and the vendor and/or financial institution to verify each other bona fides.
  • An electronic commerce system ideally seeks to consummate a relationship where an end user selects a product offering and pays for the offering using a data network, with the end user confident of the identity and veracity of the vendor and/or financial institution and the vendor and/or financial institution confident of the bona fides of the end user.
  • Verifying the end user's bona fides is not a practice commonly in use as most methods require imperfect processes such as the user answering questions online and these answers compared with responses residing in a database.
  • a third party fraudulently using and end user's credit card or identity can not be easily or readily identified by and vendor and/or financial institution. If an end user has failed to notify the vendor and/or financial institution of the loss or theft of credit cards, PIN's and/or smart cards, the third party can continue to transact with these items, exposing both the vendor and/or financial institution and the end user to large bills or losses. In the event of an end user not being aware of the loss or theft, the third party has a window of opportunity to use the stolen or lost items for fraudulent purposes.
  • a vendor and/or financial institution verifying identity of an end user making an electronic transaction over a data network
  • the end user verifying identity of the vendor and/or financial institution; providing a public key encrypted data string containing the end user's identity check details and an end user specific private key containing predetermined details to enable the public key encrypted data string to be decrypted;
  • the vendor and/or financial institution accepting an order or information request from the end user and knowing that the order or information is bona fide;
  • the vendor and/or financial institution issuing a transaction specific encrypted digital receipt and sending same to the end user over the data network, the digital receipt being created by the server node means to authenticate the identity of the end user.
  • the vendor and/or financial institution is therefore able to establish beyond any doubt, in the event of a dispute with the end user, that the transaction was initiated by the end user and that the end user is liable for any monies payable or responsibilities arising out the transaction or associated terms and conditions attached to physical transacting medium such as a credit card or other binding contract.
  • the end user also has at their disposal a unique, verifiable digital receipt for the transaction.
  • the end user's public encrypted data string includes a verification checksum, credit card details and/or other identification data, shopping cart items, delivery information and comments to be sent to the vendor and/or financial institution's node server means.
  • the method uses a public and/or private data network and the end user preferably uses an identity container which includes computer application, encrypted digital data file, smart card or standard credit card with magnetic stripe that performs and/or facilitates dynamic user identification.
  • vendor and/or financial institution uses an installer required to initialise the container and enable the container to be used for enabled transactions.
  • the server node means is a proprietary computer server or server node nominated vendor and/or financial institution server running enabling verification software.
  • the end user uses a wallet application which is an application, plug-in, extension or digital file that enables DNA transactions to be executed by the end user.
  • the identity, PIN and transaction capability or "container” are to be rendered unusable if the item(s) are lost by the end user or stolen from the end user.
  • An embodiment of the present invention provides a method, apparatus and system to concurrently allow the vendor and/or financial institution to identify the end user and transact securely with the identified end user and allow an end user to identify the vendor and/or financial institution and transact securely with the vendor and/or financial institution.
  • the preferred embodiment provides three levels of verification of the end user's identity, ie the end user identity container, end user PIN and end user dynamically generated identifier, and three levels of verification of vendor and/or financial institution identity, ie Third Party Digital Certificate, SSL protection and end user private key.
  • the container such as a computer application, encrypted digital data file, smart card or standard credit card
  • the container can transact using public key/private key protocols with complete security.
  • the end user and/or the issuing vendor and/or financial institution can nominate the number of machines available to the end user that can enabled and utilised by the container.
  • the software components of the embodiment of the present invention builds a unique end user identifier by combining any number of unique properties available at the time and within the computer of the end user.
  • the unique identifier is generated at the time of the transaction and is not stored locally on the end user's computer.
  • the checksum of the unique elements is stored within the container.
  • the wallet application performs a checksum when the end user wishes to complete a secure transaction, encrypts the checksum and the components using the end user public key, sends this encrypted data the vendor and/or financial institution's server node where the checksum is again performed. If the result of the checksum is true and the unique properties supplied match those associated with the end user, the transaction is authorised and an authorisation message is returned to the end user's wallet.
  • Fig. 1 is a flow chart of an authorised end user's initialisation according to a preferred embodiment of the present invention
  • Fig. 2 is a flow chart of a authorised end user purchase according to the preferred embodiment of the present invention.
  • Fig. 3 is a flow chart of the authentication process according to the preferred embodiment of the present invention.
  • Fig. 4 is a block diagram of the verify request data block structure and path overview according to the preferred embodiment of the present invention
  • Fig. 5 is a block diagram of the method of authentication and eCommerce according to the preferred embodiment of the present invention
  • the preferred embodiment of the present invention provides a method apparatus and system to allow checking of an end user's identity while also verifying the identity and bona fides of a the vendor and/or financial institution. Enabled transactions are designed to remain transparent to the end user and to work alongside existing eCommerce systems.
  • the system as described below uses the following terminology or nomenclature:
  • DNA Container computer application encrypted digital data file, smart card or standard credit card with magnetic stripe that performs and/or facilitates dynamic EU
  • DNA Wallet Application an application, plug-in, extension or digital file that enables DNA transactions to be executed by an End
  • the first step of the system is installation and initialisation whereby to use Dynamic Name Authentication, an EU must supply a range of information to a VFI as seen in Fig. 1 referenced by step 101. This information can be submitted electronically or in person at a VFI's office or branch or designated agent. The information is processed and approved by the VFI at step 102. When the application is approved in step 103, and the VFI assigns a card number to the EU, the VFI sends an activation message for the card number to the DNA Verification Server Node as seen in step 104.
  • the preferred embodiment preferably uses so-called smart card or CD-ROM smart card applications, for example, as seen in step 105 the EU would be required to provide proof of identity to be issued with a smart card and a PIN. In other situations where no physical container such as a smart card or CD-ROM smart card is provided by the VFI, the EU is required to provide some form of acceptable identification before being issued with a serial number and PIN as seen in step 106.
  • the EU in step 107 Prior to being able to execute DNA enabled transactions, the EU in step 107 must install or download the software components required to initialise the container. When the install procedure is complete, the installer launches the DNA Wallet Application in step 108. In a smart card situation, the DNA Wallet Application will ask the EU to connect the smart card reader if the reader is not already connected to the EU's computer in step 109. When the smart card is inserted into the reader, the DNA Wallet Appliction reads the card and begins the initialisation process as seen in step 110.
  • DNA Container is an executable application only and there is no smart card or magnetic stripe card or other storage and/or security device required, the initialisation process will begin as soon as the installer has copied the necessary files to the user's hard disc.
  • the initialisation file(s) will require an EU to establish a secure connection with the issuing VFI using a data communications network and to verify their identity by entering details for some or all of the nominated information fields displayed on the EU's computer by the installer in step 111.
  • the EU will be instructed to submit this information by clicking on the "submit" button.
  • the application encrypts the data blob as seen in step 112 and transmits this encrypted information to the VFI's Registration Server in step 113.
  • the VFI's Registration Server passes the data blob and card number to the DNA Verification Server Node in step 114.
  • the Node receives the confirmation for the nominated card from the VFI's Registration Server plus the data blob from the DNA Wallet in step 115.
  • the DNA Verification Server Node decodes the data blob using the nominated card or application's private key in step 116.
  • the DNA Verification Server Node issues a new public key specific to this instance of the application in step 117.
  • the DNA Verification Serve Node stores the unique user properties referenced to the private and public keys and the card or application container serial number or other unique EU details.
  • the newly issued public key is passed from the DNA Verification Server Node to the VFI Registration Server in step 118.
  • the Registration Server returns this key to the DNA Wallet by the secure connection.
  • the DNA Wallet Application accepts the public key(s) and writes the keys to the smart card (or internally to the Wallet Application if the container is an executable file) as seen in step 119.
  • the DNA Wallet Application configures itself for the new encryption key's slot on the smart card or the new internal data written to the container application in step 120.
  • the connection with the DNA Verification Server Node ends as seen in step 121.
  • the next part of the process is when an EU contacts the VFI for a proposed purchase or the like.
  • an EU to utilise the DNA process, they must navigate to a DNA Enabled Vendor's website as seen in the following step 201, browse through the product offerings in step 202 and select a product as in step 203.
  • the EU clicks on the check out icon or button causing the VFI's eCommerce system to generate a Checkout page with a DNA Enabled shopping cart component as in step 205.
  • the EU browser downloads the DNA Enabled shopping cart component and launches the DNA Wallet Application in step 206.
  • the DNA Wallet asks the EU to confirm the goods selected and the billing details in step 207.
  • the DNA Wallet application asks the EU to, as seen in step 208 and in detail in step 302, insert the smartcard detail step 303 and enter their PIN (for container application instances, the EU will be asked to enter a serial number and PIN or some other identification details) as seen in detail step 304.
  • the DNA Wallet application in step 209 and in detail in step 305, dynamically reads the unique EU machine properties and creates a data blob in detail step 306 containing the collected information.
  • the created data blob as seen in Fig.4 is encrypted in step 210 by the DNA Wallet Application.
  • the encrypted data blob and verify request are sent in step 211 by the DNA Wallet Application to the DNA Verification Server Node as seen in detail in Fig. 3 step 307.
  • the DNA Verification Server Node in step 213 creates and in step 214 and detail 314 encrypts a unique DNA Digital Receipt as seen in Fig. 4 and then in step 215 as seen in detail step 315 sends the encrypted receipt to the EU DNA Wallet Application.
  • the DNA Verification Server Node sends a "terminate session" message in detail step 311 to the DNA Wallet Application.
  • the EU is advised in detail step 312 that the DNA Wallet is not authorised for the session on the current machine.
  • the session is terminated in detail step 313 by the DNA Wallet Application.
  • the DNA Digital Wallet After accepting as seen in step 216 and in detail in step 316 the encrypted DNA Digital receipt, the DNA Digital Wallet prompts the EU in step 217 and in detail step 317 to enter credit card details, delivery instructions and any other requested information as seen in detail step 318.
  • the EU When the necessary information has been entered by the EU, the EU is in step 218 prompted to click on the "Payment" button.
  • the DNA Wallet Application in step 219 and detail step 319 sends the EU order details and the encrypted DNA Digital Receipt to the VFI's eCommerce Server as seen in Fig. 5.
  • the VFI's eCommerce Server in step 220 decrypts and verifies the DNA Digital Receipt.
  • the VFI in step 221 sends the credit card information and the DNA Digital Receipt to the issuing Financial Institution's Credit Card Server. If the credit card information is correct and the issuing Financial Institution confirms the DNA Digital Receipt as authentic, the issuing Financial Institution's Credit Card Server in step 222 accepts the details and authorises payment.
  • the DNA data block has certain structures and paths. The following is an example:
  • the data block created by the EU DNA Wallet Application to authenticate the EU contains three elements:
  • step 404 the data block is created it is sent via the public data network or public/private network using SSL in step 404 or other secure connection method to the DNA Verification Server Node in step 405.
  • the data block created by the DNA Verification Server Node to authenticate the EU contains three elements:
  • the DNA Wallet Application verification response in step 408 Once the data block is created it is sent via the public data network or public/private network using SSL in step 409 or other secure connection method to the EU DNA Wallet Application in step 410.
  • the data block sent by the DNA Wallet Application that is created when the EU clicks on the 'Tayment" Button contains three elements:
  • step 504 Once the data block is created it is] sent via the public data network or public/private network using SSL in step 504 or other secure connection method to the VFI eCommerce System in step 505 where the received data block is split into two separate data blocks in steps 506 and 507.
  • the EU order details, name and address, delivery information, credit card details and DNA Digital Receipt are passed to the VFI eCommerce Order Processing System in step 508.
  • the EU credit Card details and the DNA Digital Receipt are passed to the issuing Financial Institution's Credit Card Server for authorisation in step 509.
  • the issuing Financial Institution's Credit Card Server can, if required, request confirmation from the associated DNA Verification Server Node of the authenticity of the DNA Digital receipt.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Game Theory and Decision Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé d'exécution d'applications de vérification électronique de contrats et d'identités à l'aide de réseaux électroniques. Le procédé comprend les étapes consistant en ce qu'un vendeur et/ou une institution financière vérifient l'identité d'un utilisateur final effectuant une transaction électronique sur un réseau de données; l'utilisateur final vérifie l'identité du vendeur et/ou de l'institution financière; à produire une chaîne de données chiffrées de clé publique contenant les détails de contrôle d'identité de l'utilisateur final ainsi qu'une clé privée spécifique à l'utilisateur final contenant des détails prédéterminés destinés à valider la chaîne de données chiffrées de la clé publique à déchiffrer; à envoyer la chaîne de données chiffrées de la clé publique à un serveur nodal lequel vérifie la chaîne de données chiffrées de la clé publique à l'aide de la clé privée spécifique à l'utilisateur final également envoyée au moyen de serveur nodal, afin de déchiffrer la chaîne de données chiffrées de la clé publique; le vendeur et/ou l'institution financière acceptent une commande ou une demande d'informations de l'utilisateur final et sachant que la commande ou les informations sont authentiques; et le vendeur et/ou l'institution financière émettent un reçu numérique chiffré spécifique à la transaction puis l'envoient à l'utilisateur final sur le réseau de données, le reçu numérique étant créé par le moyen nodal du serveur pour authentifier l'identité de l'utilisateur final.
PCT/AU2001/000611 2001-03-14 2001-05-25 Procede et appareil pour applications de verification electronique de contrats et d'identites WO2002073476A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPR3695A AUPR369501A0 (en) 2001-03-14 2001-03-14 A method and apparatus for electronic contract and identity verification applications using electronic networks
AUPR3695 2001-03-14

Publications (1)

Publication Number Publication Date
WO2002073476A1 true WO2002073476A1 (fr) 2002-09-19

Family

ID=3827703

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2001/000611 WO2002073476A1 (fr) 2001-03-14 2001-05-25 Procede et appareil pour applications de verification electronique de contrats et d'identites

Country Status (3)

Country Link
CN (1) CN1436339A (fr)
AU (1) AUPR369501A0 (fr)
WO (1) WO2002073476A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160300223A1 (en) * 2015-04-08 2016-10-13 Portable Data Corporation Protected data transfer across disparate networks

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112766896A (zh) * 2021-01-13 2021-05-07 浙江米仓信息技术有限公司 一种基于互联网的电子合同签署系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5793028A (en) * 1996-06-24 1998-08-11 Fred N. Gratzon Electronic transaction security system
US5903721A (en) * 1997-03-13 1999-05-11 cha|Technologies Services, Inc. Method and system for secure online transaction processing
US5915022A (en) * 1996-05-30 1999-06-22 Robinson; Rodney Aaron Method and apparatus for creating and using an encrypted digital receipt for electronic transactions
WO2001001361A1 (fr) * 1999-06-28 2001-01-04 Barclays Bank Plc Systeme de transactions securise

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5915022A (en) * 1996-05-30 1999-06-22 Robinson; Rodney Aaron Method and apparatus for creating and using an encrypted digital receipt for electronic transactions
US5793028A (en) * 1996-06-24 1998-08-11 Fred N. Gratzon Electronic transaction security system
US5903721A (en) * 1997-03-13 1999-05-11 cha|Technologies Services, Inc. Method and system for secure online transaction processing
WO2001001361A1 (fr) * 1999-06-28 2001-01-04 Barclays Bank Plc Systeme de transactions securise

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160300223A1 (en) * 2015-04-08 2016-10-13 Portable Data Corporation Protected data transfer across disparate networks

Also Published As

Publication number Publication date
AUPR369501A0 (en) 2001-04-12
CN1436339A (zh) 2003-08-13

Similar Documents

Publication Publication Date Title
US5883810A (en) Electronic online commerce card with transactionproxy number for online transactions
US6205437B1 (en) Open network payment system for providing for real-time authorization of payment and purchase transactions
US7203315B1 (en) Methods and apparatus for providing user anonymity in online transactions
JP5437460B2 (ja) コンピュータ・ネットワーク上における購買方法およびシステム
US6000832A (en) Electronic online commerce card with customer generated transaction proxy number for online transactions
US7849020B2 (en) Method and apparatus for network transactions
AU2006236243B2 (en) Network commercial transactions
JP4955894B2 (ja) 認可要求データのループバックによる安全な電子商取引の実行方法及びシステム
US20140351146A1 (en) Authentication for a commercial transaction using a mobile module
US20060235795A1 (en) Secure network commercial transactions
US20010047343A1 (en) Facilitating a transaction in electronic commerce
JP2002298055A (ja) 電子商取引システム
US20020032662A1 (en) System and method for servicing secure credit/debit card transactions
AU775065B2 (en) Payment method and system for online commerce
JP5093957B2 (ja) コンピュータネットワーク上で安全な支払いを行うための向上した方法及びシステム
JP2001306872A (ja) 電子決済支払方法
WO2002073476A1 (fr) Procede et appareil pour applications de verification electronique de contrats et d'identites
AU2001259948A1 (en) A Method and apparatus for electronic contract and identity verification applications using electronic networks
JP2004535619A (ja) 安全な決済取引を行うシステムと方法
KR20020003084A (ko) 클라이언트 결제 애플리케이션을 이용한 인터넷 기반 전자 상거래의 결제 서비스 제공 방법
JP2001236435A (ja) 電子商取引システム、電子商取引方法及び情報処理装置
JP3525104B2 (ja) 認証方法、その装置及びそのプログラム記録媒体
JP2003526840A (ja) ケーブルテレビシステムおよび関連したエンターテインメントターミナルを介して電子コマースおよびショッピングを提供する方法およびシステム
AU2011202945B2 (en) Network commercial transactions
JP2002183433A (ja) 電子商取引システムおよび電子商取引方法

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2001259948

Country of ref document: AU

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 01811265X

Country of ref document: CN

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase