WO2019150275A1 - System and method for conducting a trusted intermediated transaction - Google Patents

System and method for conducting a trusted intermediated transaction Download PDF

Info

Publication number
WO2019150275A1
WO2019150275A1 PCT/IB2019/050744 IB2019050744W WO2019150275A1 WO 2019150275 A1 WO2019150275 A1 WO 2019150275A1 IB 2019050744 W IB2019050744 W IB 2019050744W WO 2019150275 A1 WO2019150275 A1 WO 2019150275A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
service provider
entity
communication device
data elements
Prior art date
Application number
PCT/IB2019/050744
Other languages
French (fr)
Inventor
Dewald De Ridder Nolte
Gerhard Gysbert OOSTHUIZEN
Daniël Deetlefs BESTER
Original Assignee
Entersekt International Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Entersekt International Limited filed Critical Entersekt International Limited
Publication of WO2019150275A1 publication Critical patent/WO2019150275A1/en
Priority to ZA2020/04592A priority Critical patent/ZA202004592B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Buyer or seller confidence or verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Definitions

  • This invention relates to a system and method for conducting a trusted intermediated transaction.
  • Exemplary digital transactions may of course include electronic commerce transactions but may extend further to any scenario in which one entity offers, via a digital channel, a performance in exchange for the performance of another entity. Such digital transactions may enable entities who may be physically separated to participate in transactions with one other.
  • a computer-implemented method conducted at a first service provider comprising: receiving, via a first secure communication link, a first transaction message from a first communication device associated with a first entity, wherein the first communication device is uniquely identifiable to the first service provider over the first communication link and wherein the first transaction message includes a first set of data elements relating to participation by the first entity in a transaction; verifying that the first communication device and associated first entity are trusted by the first service provider; receiving, from a second service provider, a second transaction message, the second transaction message being associated with a second entity, wherein the second transaction message includes a second set of data elements relating to participation of the second entity in the transaction; verifying that the second service provider is trusted by the first service provider; obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted; and, transmitting a transaction confirmation message to one or both of the first communication device and the second service provider, the transaction confirmation message including the transaction schema for completing the transaction
  • a further feature provides for the method to include establishing the first secure communication link with the first communication device; and for establishing the first secure communication link to include a certificate exchange process in which the first service provider transmits a digital certificate to the first communication device for validation thereat and receives a digital certificate from the first communication device for validation.
  • Yet further features provides for verifying that the first communication device and associated first entity are trusted by the first service provider to include validating enrolment of the first communication device with the first service provider; for verifying that the first communication device and associated first entity are trusted by the first service provider to include validating the digital certificate received from the first communication device; and, for verifying that the first communication device and associated first entity are trusted by the first service provider to include querying a first entity record for a verified trust indication.
  • a further feature provides for transmitting a transaction update message to the first communication device via the first secure communication link, the transaction update message including the second set of data elements relating to the transaction. The update message may be configured to prompt the first entity for the first entity’s approval or denial of the second set of data elements.
  • a still further feature provides for the method to include receiving a transaction approval or denial message from the first communication device via the first secure transaction link, the transaction approval message indicating the approval by the first entity of the second set of data elements and the transaction denial message indicating the denial by the first entity of the second set of data elements.
  • a yet further feature provides for the method to include forwarding the transaction approval or denial message to the second service provider.
  • One or both of the first set of data elements and second set of data elements may include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; an identifier associated with the first entity; and, an identifier associated with the second entity.
  • the method may include posting the first set of data elements to a transaction directory, the transaction directory being accessible by one or both of the second service provider or the second entity.
  • the first set of data elements may include a globally unique transaction identifier and posting the first set of data elements to the transaction directory may include posting the first set of data elements to a record stored in the directory in association with the transaction identifier.
  • a further feature provides for the method to include transmitting the first transaction message to the second service provider.
  • the method to include including a first entity trust indication in the first set of data elements and/or transaction message, wherein the first entity trust indication is configured for verification of the source of the data elements and/or message as a trusted source; and for the method to include signing or encrypting the first entity trust indication with a digital certificate or private key associated with the first service provider for verification of the authenticity of the trust indication by the second service provider and/or second entity. Still further features provide for verifying that the second service provider is trusted by the first service provider to include validating a digital certificate associated with the second service provider.
  • a further feature provides for the second transaction message to have been received at the second service provider from a second communication device via a second secure communication link, wherein the second communication device is associated with the second entity and is uniquely identifiable by the second entity over the second secure communication link, and wherein the second communication device is trusted by the second service provider.
  • a still further feature provides for the transaction schema to be configured for automatic completion of at least part of the transaction.
  • the invention extends to a computer-implemented method conducted at a second service provider comprising: receiving, via a second secure communication link, a second transaction message from a second communication device associated with a second entity, wherein the second communication device is uniquely identifiable to the second service provider over the secure communication link and wherein the second transaction message includes a second set of data elements relating to participation by the second in a transaction, wherein the second transaction message corresponds to a first transaction message having been received at a first service provider relating to participation by a first entity in the transaction; and, transmitting the second transaction message to the first service provider, wherein the first service provider is trusted by the second service provider and wherein the second set of data elements are configured to be included with a first set of data elements and a trust indication in a transaction schema, wherein the trust indication confirms the transaction participants as being trusted and wherein the transaction schema is configured for completing the transaction.
  • a further feature provides for the method to include establishing the second secure communication link, for establishing the second secure communication link to include a certificate exchange process in which the second service provider transmits a digital certificate to the second communication device for validation thereat and receives a digital certificate from the second communication device for validation.
  • a still further feature provides for the method to include validating the digital certificate received from the second communication device.
  • a yet further feature provides for the method to include verifying that the second communication device and associated second entity are trusted by the second service provider, including querying a second entity record for a verified trust indication.
  • a further feature provides for the method to include receiving a transaction approval or denial message from the first service provider, the transaction approval message indicating the approval by the first entity of the second set of data elements and the transaction denial message indicating the denial by the first entity of the second set of data elements.
  • a still further feature provides for the method to include forwarding the transaction approval or denial message to the second communication device.
  • the second set of data elements may include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; a an identifier associated with the first entity; and, an identifier associated with the second entity.
  • the method may include receiving the first transaction message from the first service provider.
  • the first transaction message may include a first entity trust indication confirming the first entity as being trusted by the first service provider.
  • the second transaction message may include a second entity trust indication confirming the second entity as being trusted by the second service provider.
  • a further feature provides for the method to include obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted and including the transaction schema in the second transaction message transmitted to the first service provider.
  • the transaction schema may be pre-approved as between the first and second service providers.
  • the invention extends to a system including a first server computer having memory for storing computer-readable program code and a processor for executing the computer-readable program code, the first server computer being associated with a first service provider and comprising: a first transaction message receiving component for receiving, via a first secure communication link, a first transaction message from a first communication device associated with a first entity, wherein the first communication device is uniquely identifiable to the first service provider over the first communication link and wherein the first transaction message includes a first set of data elements relating to participation by the first entity in a transaction; a verifying component for verifying that the first communication device and associated first entity are trusted by the first service provider; a second transaction message receiving component for receiving, from a second service provider, a second transaction message, the second transaction message being associated with a second entity, wherein the second transaction message includes a second set of data elements relating to participation of the second entity in the transaction, wherein the verifying component is further for verifying that the second service provider is trusted by the first service provider; a transaction schema obtaining component
  • a further feature provides for system to include a secure communication link component configured to establish the first secure communication link with the first communication device and to perform a certificate exchange process in which the first service provider transmits a digital certificate to the first communication device for validation thereat and receives a digital certificate from the first communication device for validation.
  • verifying component configured to verify that the first communication device and associated first entity are trusted by the first service provider by validating enrolment of the first communication device with the first service provider; for the verifying component to be configured to verify that the first communication device and associated first entity are trusted by the first service provider by validating the digital certificate received from the first communication device; and, for the verifying component to be configured to verify that the first communication device and associated first entity are trusted by the first service provider, including querying a first entity record for a verified trust indication.
  • a further feature provides for the first server computer to include an update message transmitting component for transmitting a transaction update message to the first communication device via the first secure communication link, the transaction update message including the second set of data elements relating to the transaction.
  • the update message may be configured to prompt the first entity for the first entity’s approval or denial of the second set of data elements.
  • a still further feature provides for the first server computer to include an approval or denial messaging component for receiving a transaction approval or denial message from the first communication device via the first secure transaction link, the transaction approval message indicating the approval by the first entity of the second set of data elements and the transaction denial message indicating the denial by the first entity of the second set of data elements.
  • a yet further feature provides for the approval or denial messaging component to forward the transaction approval or denial message to the second service provider.
  • One or both of the first set of data elements and second set of data elements may include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; an identifier associated with the first entity; and, an identifier associated with the second entity.
  • a further feature provides for the first server computer to include a transaction directory posting component for posting the first set of data elements to a transaction directory, the transaction directory being accessible by one or both of the second service provider or the second entity.
  • the first set of data elements may include a globally unique transaction identifier and the transaction directory posting component may be configured to post the first set of data elements to a record stored in the directory in association with the transaction identifier.
  • first server computer to include a first transaction message transmitting component for transmitting the first transaction message to the second service provider; for the first transaction message transmitting component to include a first entity trust indication in the first set of data elements and/or transaction message, for the first entity trust indication to be configured for verification of the source of the data elements and/or message as a trusted source; for the first transaction message transmitting component to be configured to sign or encrypt the first entity trust indication with a digital certificate or private key associated with the first service provider for verification of the authenticity of the trust indication by the second service provider and/or second entity.
  • verifying component to be configured to verify that the second service provider is trusted by the first service provider by validating a digital certificate associated with the second service provider.
  • a further feature provides for the second transaction message to have been received at the second service provider from a second communication device via a second secure communication link, wherein the second communication device is associated with the second entity and is uniquely identifiable by the second entity over the second secure communication link, and wherein the second communication device is trusted by the second service provider.
  • the transaction schema may be configured for automatic completion of at least part of the transaction.
  • the invention extends to a system including a second server computer having memory for storing computer-readable program code and a processor for executing the computer-readable program code, the second server computer being associated with a second service provider and comprising: a second transaction message receiving component for receiving, via a second secure communication link, a second transaction message from a second communication device associated with a second entity, wherein the second communication device is uniquely identifiable to the second service provider over the secure communication link and wherein the second transaction message includes a second set of data elements relating to participation by the second in a transaction, wherein the second transaction message corresponds to a first transaction message having been received at a first service provider relating to participation by a first entity in the transaction; and, a second transaction message transmitting component for transmitting the second transaction message to the first service provider, wherein the first service provider is trusted by the second service provider and wherein the second set of data elements are configured to be included with a first set of data elements and a trust indication in a transaction schema, wherein the trust indication confirms the transaction participants as being trusted
  • a further feature provides for the second server computer to include a secure communication link component to establish the second secure communication link with the second communication device and to perform a certificate exchange process in which the second service provider transmits a digital certificate to the second communication device for validation thereat and receives a digital certificate from the second communication device for validation.
  • a still further feature provides for the secure communication link component to be configured to validate the digital certificate received from the second communication device.
  • a yet further feature provides for the secure communication link component to be configured to verify that the second communication device and associated second entity are trusted by the second service provider, including querying a second entity record for a verified trust indication.
  • a further feature provides for the second server computer to include an approval or denial messaging component for receiving a transaction approval or denial message from the first service provider, the transaction approval message indicating the approval by the first entity of the second set of data elements and the transaction denial message indicating the denial by the first entity of the second set of data elements.
  • a further feature provides for the approval or denial messaging component to be configured to forward the transaction approval or denial message to the second communication device.
  • the second set of data elements may include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; an identifier associated with the first entity; and, an identifier associated with the second entity.
  • a still further feature provides for the second server computer to include a first transaction message receiving component for receiving the first transaction message from the first service provider.
  • the first transaction message may include a first entity trust indication confirming the first entity as being trusted by the first service provider.
  • the second transaction message may include a second entity trust indication confirming the second entity as being trusted by the second service provider.
  • a yet further feature provides for the second server computer to include a transaction schema obtaining component for obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted and including the transaction schema in the second transaction message transmitted to the first service provider.
  • the invention extends to a computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of: receiving, via a first secure communication link, a first transaction message from a first communication device associated with a first entity, wherein the first communication device is uniquely identifiable to the first service provider over the first communication link and wherein the first transaction message includes a first set of data elements relating to participation by the first entity in a transaction; verifying that the first communication device and associated first entity are trusted by the first service provider; receiving, from a second service provider, a second transaction message, the second transaction message being associated with a second entity, wherein the second transaction message includes a second set of data elements relating to participation of the second entity in the transaction; verifying that the second service provider is trusted by the first service provider; obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted; and, transmitting a transaction confirmation message to one or both of the first communication device and the second service provider, the transaction confirmation message including the transaction schema
  • the invention extends to a computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of: receiving, via a second secure communication link, a second transaction message from a second communication device associated with a second entity, wherein the second communication device is uniquely identifiable to the second service provider over the secure communication link and wherein the second transaction message includes a second set of data elements relating to participation by the second in a transaction, wherein the second transaction message corresponds to a first transaction message having been received at a first service provider relating to participation by a first entity in the transaction; and, transmitting the second transaction message to the first service provider, wherein the first service provider is trusted by the second service provider and wherein the second set of data elements are configured to be included with a first set of data elements and a trust indication in a transaction schema, wherein the trust indication confirms the transaction participants as being trusted and wherein the transaction schema is configured for completing the transaction.
  • computer-readable medium to be a non-transitory computer- readable medium and for the computer-readable program code to be executable by a processing circuit.
  • Figure 1 is a schematic diagram which illustrates an exemplary system conducting a trusted intermediated transaction
  • Figure 2 is a swim-lane flow diagram which illustrates an exemplary method for conducting a trusted intermediated transaction
  • Figure 3 is a swim-lane flow diagram which illustrates exemplary steps, operations or procedures which may be performed in establishing a first secure communication link
  • Figure 4 is a swim-lane flow diagram which illustrates one exemplary manner in which a first service provider makes a first transaction message available to the second entity;
  • Figure 5 is a swim-lane flow diagram which illustrates another exemplary manner in which a first service provider makes a first transaction message available to the second entity;
  • Figure 6 is a block diagram which illustrates components of an exemplary system for conducting a trusted intermediated transaction.
  • Figure 7 illustrates an example of a computing device in which various aspects of the disclosure may be implemented.
  • Figure 1 is a schematic diagram which illustrates an exemplary system (100) for conducting a trusted intermediated transaction.
  • the system (100) may include a first service provider (102), a second service provider (104), a first entity (106) and a second entity (108).
  • the first entity (106) may be associated with a first communication device (128) and the second entity may be associated with a second communication device (130).
  • the system (100) may further include a transaction directory (1 10) and an intermediary (1 12).
  • first and second entities and service providers are illustrated, it should be appreciated that in a practical implementation there may be a plurality of service providers and a plurality of entities. In some cases there may be more than two participants in a transaction.
  • the service providers (102, 104) may need to be registered with the system (100). Each service provider (102, 104) may maintain, operate or have access to a server computer (120, 122). Each server computer (120, 122) may be in the form of a server computer cluster, a distributed server computer, a cloud-based server computer or the like. The physical location of the server computers (120, 122) may be unknown to the various participants described herein and may be irrelevant to the operation of the described system and method.
  • the server computers (120, 122) may be able to communicate with each other securely via a communication network (1 14).
  • the communication network (1 14) may include the Internet and optionally one or more proprietary communication networks (e.g. payment card networks).
  • Each server computer (120, 122) may have access to a database (124, 126) in which data and records may be stored and from which data and records may be accessed and retrieved.
  • the first service provider database (124) may be a secure database and may store a first entity record in association with which one or more of: a public key generated by a software application executing on the first communication device; a device identifier uniquely associated with the first communication device (128); personal information relating to the first entity (106) (e.g. full names, residential address, national identity number, know your customer (“KYC”) information, one or more communication addresses, such a phone number, email address, social media handle, etc.); a verified trust indication and the like.
  • a public key generated by a software application executing on the first communication device may be a device identifier uniquely associated with the first communication device (128); personal information relating to the first entity (106) (e.g. full names, residential address, national identity number, know your customer (“KYC”) information, one or more communication addresses, such a phone number, email address, social media handle, etc.); a verified trust indication and the like.
  • KYC know your customer
  • the verified trust indication may indicate that the first communication device (128) and first entity (106) have enrolled with the first service provider (102). Enrolment may for example have included linking one or more of the first communication device (128), a software application executing on the first communication device (132) and the first entity such that messages and requests received from the first communication device at the first service provider (102) are uniquely identifiable by the first service provider and can be associated with the first entity (106).
  • the verified trust indication may further indicate the standing of the first entity, including for example, credit worthiness, credit rating, criminal record or the like.
  • the second service provider database (126) may be a secure database and may store a second entity record in association with which one or more of: a public key generated by a software application executing on the second communication device (130); a device identifier uniquely associated with the second communication device; personal information relating to the second entity (108) (e.g. full names, residential address, national identity number, know your customer (“KYC”) information, one or more communication addresses, such a phone number, email address, social media handle, etc.); a verified trust indication and the like.
  • KYC know your customer
  • the verified trust indication may indicate that the second communication device (130) and second entity (108) have enrolled with the second service provider (104). Enrolment may have included linking one or more of the second communication device (130), a software application (134) executing on the second communication device and the second entity (108) such that messages and requests received from the second communication device at the second service provider (104) are uniquely identifiable by the second service provider and can be associated with the second entity (108).
  • the verified trust indication may further indicate the standing of the second entity, including for example, credit worthiness, credit rating, criminal record or the like.
  • each service provider may be a financial service provider (e.g. a bank). Trust in this case may refer to one service provider being confident that the other service provider is a reputable service provider that will make good on debts or other performances due.
  • the trust that exists between the service providers may be established or confirmed by an intermediary, such as a payment card network, an industry regulator, ombudsman or the like. As will be explained in greater detail below, trust may be established and/or verified by means of public key infrastructure and a mutually known and/or trusted certificate authority (CA) (136).
  • CA trusted certificate authority
  • the communication devices (128, 130) of the entities (106, 108) may be any appropriate computing devices capable of communicating on the communication network (1 14). Exemplary communication devices include mobile phones (e.g. smart phones, features phones, etc.) tablet computers, desktop computers, laptop computers, wearable computing devices, smart appliances and even entity server computers (e.g. an e-commerce server computer).
  • the first communication device (128) may have a software application (132) installed and executable thereon.
  • the software application (132) may be provided by the first service provider (102) to enable the first entity (106) to interact with the first service provider (102) using the first communication device (128). In some implementations the software application (132) may be configured to securely store a digital certificate.
  • This digital certificate may be unique to the first communication device (128) and may be issued by (and hence susceptible to revocation by) the certificate authority (CA) (136).
  • the digital certificate may be unique to the software application (132) (e.g. the particular instance of the software application) installed on the first communication device (128).
  • the software application (132) may also securely store encryption keys, including a private key and public key pair which may be generated by the software application upon installation.
  • the second communication device (130) may have a software application (134) installed and executable thereon.
  • the software application (134) may be provided by the second service provider (104) to enable the second entity (108) to interact with the second service provider (104) using the second communication device (130).
  • the software application (134) may be configured to securely store a digital certificate. This digital certificate may be unique to the second communication device (130) and may be issued by (and hence susceptible to revocation by) the CA (136).
  • the digital certificate may be unique to the software application (134) (e.g. the particular instance of the software application) installed on the second communication device (130).
  • the software application (134) may also securely store encryption keys, including a private key and public key pair which may be generated by the software application upon installation.
  • the digital certificates described herein may be any appropriate digital certificate (such as a signed X.509 digital certificate) and may be usable to uniquely identify the communication devices (128, 130), and in some implementations the software applications (132, 134) executing thereon, to the service providers (102, 104) and vice versa.
  • the digital certificates may further be configured for sharing symmetric encryption keys.
  • the symmetric encryption keys may be used for data encryption between the communication devices (128, 130) and the service providers (102, 104).
  • the digital certificates may be signed with a private key associated with the CA (136).
  • a corresponding public key of the CA (136) may be known to both the respective communication devices (128, 130) and the service providers (102, 104), enabling validation of the authenticity of the digital certificate by decrypting the signature using the CA public key to verify that it was signed by the CA private key.
  • a trusted relationship may have already been established between the first communication device (128), the first entity (106) and the first service provider (102) such that the first service provider (102) can vouch for the trustworthiness of the first entity (106). Vouching for the trustworthiness may include confirming that the first entity (106) can be trusted to render a particular promised performance.
  • the established trust may include registration of the first communication device (128) with the first service provider (102).
  • registration of the first communication device (128) with the first service provider (102) may include enrolling the digital certificate of the software application (132) with the first service provider (102). Registration of the first communication device (128) with the first service provider (102) may enable the first communication device (128) to communicate with the first service provider (102) over a secure communication link. Registration of the first communication device (128) with the first service provider (102) may enable the first communication device (128) to be uniquely identifiable to the first service provider (102) over the secure communication link.
  • the established trust may be reciprocal, meaning that the first entity (106) may trust the first service provider (102).
  • the established trust may also include an established one-to-one relationship between the first communication device (128), and its software application (132) in some implementations, and the first entity (106) such that interactions (e.g. transmitting and receiving data and messages) between the first communication device (128) and the first service provider (102) can be considered to be interactions between the first entity (106) and the first service provider (102).
  • the trust may therefore be established during an enrolment process in which the first entity (106) satisfactorily links itself to the first communication device (128), for example by physically visiting the first service provider (102) with the first communication device (128) and an accepted form of positive identification of the first entity (106), by using another remotely accessible platform (e.g. a website) with which an established trust already exists, and the like.
  • Enrolment may include verifying an association between the digital certificate of the first communication device (128) and the first entity (106). Thus, when the first service provider (102) interacts with the first communication device (128), it can be assumed that the first service provider is interacting with the first entity (106).
  • a trusted relationship may have already been established between the second communication device (130), the second entity (108) and the second service provider (104) such that the second service provider (104) can vouch for the trustworthiness of the second entity (108).
  • the established trust may include registration of the second communication device (130) with the second service provider (104) and an established one-to-one relationship between the second communication device (130) and the second entity (108) such that interactions between the second communication device (130) and the second service provider (104) can be considered to be interactions between the second entity (108) and the second service provider (104).
  • registration of the second communication device (130) with the second service provider (104) may include enrolling the digital certificate of the software application (134) with the second service provider (104) and verifying an association between the digital certificate of the second communication device (130) and the second entity (108).
  • the established trust may be reciprocal, meaning that the second entity (108) may trust the second service provider (104).
  • FIG. 1 is a swim-lane flow diagram which illustrates an exemplary method for conducting a trusted intermediated transaction. Respective swim-lanes may serve to delineate operations, steps, functions or procedures performed by respective participants or devices. The operations, steps, functions or procedures described as being performed by the respective service providers (102, 104) may be performed by that service provider’s server computer (120, 122). The method of Figure 2 is described generally with reference to a scenario in which the first entity (106) offers a performance in exchange for the performance of the second entity (108).
  • a first secure communication link may be established (202) between the first communication device (128) associated with the first entity (106) and the first service provider (102).
  • the secure communication link may be established by the first communication device (128) (e.g. upon the first entity launching the software application (132)).
  • Establishing (202) the first secure communication link may include performing a handshake procedure. Steps, operations or procedures performed in one example method of establishing (202) the first secure communication link are elaborated on below with reference to Figure 3.
  • the secure communication links described herein may be established using other mechanisms (e.g. encryption without a certificate exchange procedure).
  • the secure communication link may be any communication channel over which data may be shared without being intercepted by third parties.
  • the first communication device (128) may be uniquely identifiable to the first service provider (102) over the first secure communication link. As a trusted relationship may have already been established between the first communication device (128), the first entity (106) and the first service provider (102), once the first communication device (128) has been uniquely identified it, and by implication the first entity (106), may be trusted by the first service provider (102). In some cases, the fact that the first service provider (102) trusts the first communication device (128) and first entity (106) may imply that the first service provider can vouch for the first entity’s trustworthiness.
  • the first service provider may verify (203) that the first communication device and associated first entity are trusted by the first service provider. Verifying that the first communication device and associated first entity are trusted by the first service provider may include validating enrolment of the first communication device with the first service provider. In some cases, verifying that the first communication device and associated first entity are trusted by the first service provider may include validating the digital certificate received from the first communication device. In some cases, verifying that the first communication device and associated first entity are trusted by the first service provider may include querying a first entity record for a verified trust indication.
  • a second secure communication link may be established (204) between the second communication device (130) associated with the second entity (108) and the second service provider (104).
  • the second secure communication link may be established by the second communication device (130) (e.g. responsive to the second entity (108) launching the software application (134)) or by the second service provider (104).
  • Establishing (204) the second secure communication link may include performing a handshake procedure. This handshake procedure may include mutatis mutandis the same certificate exchange process described below with reference to Figure 3.
  • the second communication device (130) may be uniquely identifiable over the second secure communication link (e.g. as a result of the certificate exchange process).
  • the second service provider may similarly verify (205) that the second communication device and associated second entity are trusted by the second service provider.
  • the second service provider (104) trusts the second communication device (136) and second entity (108) may imply that the second service provider can vouch for the second entity’s trustworthiness.
  • the first communication device (128) may transmit (206) a first transaction message to the first service provider (102) via the first secure communication link.
  • the first transaction message may include a first set of data elements which may indicate a desire on the part of the first entity (106) to participate in a transaction. At least a subset of the first set of data elements may have been input into the first communication device (128) by the first entity (106), obtained by the first communication device or retrieved from a memory of the first communication device.
  • the first set of data elements may include partial or full details of the transaction in which the first entity (106) wishes to participate as well as any other information necessary for establishing and/or completing the transaction.
  • the first set of data elements may for example include one or more of a transaction identifier, a first entity identifier, selected personal information relating to the first entity, terms of the transaction, proposed terms of the transaction (e.g. constituting an offer) and the like.
  • the first service provider (102) may receive (208) the first transaction message from the first communication device (128) via the first secure communication link.
  • the first service provider (102) may then make (210) the first transaction message available to the second entity (108) via the second service provider (104) or the transaction directory (1 10).
  • Making (210) the first transaction message available to the second entity (108) may include posting the first transaction message and/or the first set of data elements to the transaction directory (1 10) or transmitting the first transaction message and/or first set of data elements to the second service provider (104).
  • the first service provider (102) may modify the first transaction message and/or first set of data elements to include a trust indication.
  • the trust indication may be configured to confirm the first entity as being trusted by the first service provider.
  • the trust indication may be configured for verification of the source of the message and/or data elements as being a trusted source and hence usable without further evaluation.
  • the first service provider may sign or encrypt the trust indication with the first service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the second service provider (104).
  • the second communication device (130) obtains (212) the first transaction message and/or the first set of data elements.
  • Obtaining (212) the first transaction message and/or the first set of data elements may include accessing the first transaction message and/or the first set of data elements from the transaction directory (1 10) or receiving the first transaction message and/or the first set of data elements from the second service provider (104).
  • the first transaction message and/or the first set of data elements may be displayed to the second entity (108) such that the second entity (108) may ascertain whether or not it would like to participate in the transaction.
  • a trust indication indicating that the first entity (106) is trusted by the first service provider (102), and the first service provider (102) is in turn trusted by the second service provider (104) may be included in the first transaction message and/or the first set of data elements and may be displayed to the user.
  • the trust indication may be signed or encrypted by the second service provider (104) using the second service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the second communication device (130).
  • the second entity may use the second communication device (130) to transmit (214) a second transaction message to the second service provider (104) via the second secure communication link.
  • the second transaction message may include a second set of data elements indicating a desire on the part of the second entity (108) to participate in the transaction.
  • the second transaction message may correspond or be otherwise logically related to the first transaction message in that they may include data fields relating to a chosen transaction schema.
  • the second set of data elements may complete the first set of data elements such that the data elements together indicate each of the entities’ performance in respect of the transaction.
  • the second set of data elements may constitute an acceptance or counter offer of the proposed transaction set out in the first set of data elements.
  • the first and second set of data elements may be configured for inclusion in a transaction schema configured for completing the transaction.
  • the transaction schema may be pre-approved as between the first and second service providers.
  • the second set of data elements may include partial or full details of the transaction in which the second entity wishes to participate as well as any other information necessary for establishing and/or completing the transaction.
  • the second set of data elements may for example include one or more of a transaction identifier, a second entity identifier, selected personal information relating to the second entity, terms of the transaction, proposed terms of the transaction (e.g. constituting a counter-offer) and the like.
  • Receipt by the second entity of the first transaction message and responding thereto by way of the second transaction message may imply approval and/or consent to the intended transaction by the second entity, in which case the second service provider may finalise the transaction, optionally pending receipt of approval of the second transaction message from the first entity via the first service provider.
  • approval by the first entity to the second transaction message may imply consent to the intended transaction by the first entity, after which the transaction may be finalised as between the first and second service providers.
  • Finalisation of the transaction as between the first and second service providers may be conducted based on rules defined beforehand between them.
  • the first and second entities may be notified of the successful completion of the transaction, or otherwise, by the first and second service providers respectively.
  • one or both of the first set of data elements and second set of data elements may include an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity (106); a communication address associated with the second entity (108); an identifier associated with the first entity (106); an identifier associated with the second entity (108) and, a timestamp.
  • the second service provider (104) may receive (216) the second transaction message from the second communication device (130) via the second secure communication link.
  • the second service provider (104) may transmit (218) the second transaction message and/or second set of data elements to the first service provider (102).
  • the second service provider (104) may modify the second transaction message and/or second set of data elements to include a trust indication to confirm the second entity as being trusted by the second service provider.
  • the trust indication may be configured for verification of the source of the message and/or data elements as being a trusted source and hence usable without further evaluation.
  • the second service provider (104) may sign or encrypt the trust indication with the second service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the first service provider (102).
  • the second service provider (104) may generate the transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted.
  • the second service provider (104) may include the transaction schema in the second transaction message transmitted to the first service provider.
  • the first service provider (102) may receive (220) the second transaction message and/or the second set of data elements from the second service provider (104).
  • the second transaction message may include the second set of data elements indicating a desire on the part of a second entity to participate in the transaction.
  • the second transaction message and/or the second set of data elements may include a trust indication to confirm the second entity (108) as being trusted by the second service provider (104).
  • the first service provider (102) may verify the authenticity of the trust indication.
  • the first service provider (102) may verify (221 ) that the second service provider is trusted by the first service provider.
  • the second entity trust indication may have been signed using a digital certificate associated with the second service provider, and the first service provider may validate the digital certificate with the CA or via another mechanism.
  • Verification (221 ) that the second service provider is trusted by the first service provider may include querying one or more of the CA (136), transaction directory (1 10) and the intermediary (1 12) for verification of the second service provider as being trusted.
  • the first service provider (102) may obtain (222) the transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted.
  • the transaction schema may include a container with fields which are configured to be populated by the first and second sets of data elements.
  • the transaction schema may define one or more of the structure, content, and semantics of the transaction and, once populated with the first and second set of data elements may be configured for automatic completion of at least part of the transaction (e.g. for initiating a payment as part of one of the entity’s performance).
  • the transaction schema may in one implementation include the first service provider (102) generating the transaction schema.
  • the first service provider (102) may obtain the transaction schema from the second transaction message received from the second service provider (104).
  • the transaction schema may include verifying a signed or encrypted trust indication included in the second set of data elements received from the second service provider (104). It should be appreciated that the transaction schema, which may serve as a template for the transaction, may be pre-agreed as between the first and second service providers.
  • the first service provider (102) may transmit (224) a transaction update message to the first communication device (128) via the first secure communication link.
  • the transaction update message may include the second set of data elements relating to the transaction for review and approval by the first entity (106).
  • the transaction update message may be configured to prompt the first entity (106) for the first entity’s approval or denial of the second set of data elements and/or the transaction schema.
  • the first communication device (128) may receive (226) the transaction update message from the first service provider (102) via the first communication link.
  • the transaction update message may be configured to display the second set of data elements and/or the transaction schema to the first entity (106) (e.g. via a display) and to prompt the first entity (106) for its approval or denial thereof.
  • the first communication device (128) may receive and transmit (228) the first entity’s approval or denial, as the case may be, in a transaction approval message or a transaction denial message to the first service provider (102) via the first secure communication link.
  • the transaction approval message may indicate the approval by the first entity (106) of the transaction schema and/or second set of data elements and the transaction denial message may indicate the denial by the first entity (106) of the transaction schema and/or second set of data elements.
  • the first service provider (102) may receive (230) the transaction approval or denial message from the first communication device (128) and forward (232) the transaction approval or denial message to the second service provider (104).
  • the second service provider (104) may receive (234) the transaction approval or denial message from the first service provider (102) and forward (236) the transaction approval or denial message to the second communication device (130) of the second entity (108).
  • the second communication device (130) may receive (238) the transaction approval or denial message.
  • the second entity (108) may be afforded the opportunity of revising the second set of data elements and transmitting an updated second transaction message including the updated second set of data elements to the second service provider (104) for on- forwarding to the first service provider (102) and first entity (106) for its approval or denial.
  • the first service provider (102) may transmit (240) a transaction confirmation message to one or both of the first communication device (128) and the second service provider (130).
  • the transaction confirmation message may include the transaction schema for completing the transaction.
  • One or both of the first service provider (102) and second service provider (104) may then process (242) the transaction.
  • Processing the transaction may include parsing the transaction schema and executing one or more operations in accordance with the data elements included therein.
  • processing the transaction may include the service providers (102, 104) sharing information relating to each entity (106, 108).
  • the second entity (104) may require personal information relating to the second entity (108) in order to participate in the transaction (e.g. in order to meet“Know Your Customer” requirements imposed by relevant national laws).
  • the first service provider may rather transmit a confirmation that the identity of the first entity (106) has been verified and is up-to-date.
  • the method described above may be implemented in any scenario in which the first entity (106) offers a performance in exchange for the performance of the second entity (108). It should also, for example, be appreciated that after transmission of approval (228) from the first communication device (128), the transaction may be processed (242) by the first (102) and second (104) service providers without further intermediary steps, as the second transaction message from the second communication device (130) may include implicit approval of the intended transaction. It is even foreseeable that mere initiation of the first transaction message (206) by the first entity via the first communication device (128) may already imply acceptance/approval of the intended transaction by the first entity, provided no terms of the transaction are changed by the second entity. This could, for example, be the case where terms of a transaction are predefined and approved by the second entity, and all the first entity has to do to complete the transaction is indicate a desire to comply with the predefined terms and present a required set of data elements.
  • Figure 3 is a swim-lane flow diagram which illustrates exemplary steps, operations or procedures which may be performed in establishing (202) the first secure communication link. It should be appreciated that mutatis mutandis the same steps, operations or procedures may be performed in establishing (204) the second secure communication link.
  • the first secure communication link may include a handshake procedure.
  • the handshake procedure may include a certificate exchange process. This may include the first communication device (128) transmitting (252) a digital certificate stored securely by the software application (130) executing thereon to the first service provider (102).
  • the first service provider (102) may receive (254) the digital certificate from the first communication device (128).
  • the digital certificate may have been issued to the first communication device (128) by the CA (136) or created by the software application (132) itself and may include a first communication device public key and a device identifier uniquely associated with the first communication device (128).
  • the device identifier may establish a one-to-one relationship between the digital certificate and the first communication device (128) to which it is issued.
  • the digital certificate may uniquely identify the software application (132) installed on the first communication device (128).
  • the first service provider (102) may validate (256) the digital certificate using an encryption module distributed by the CA (136) and may use the digital certificate to uniquely identify the first communication device (128).
  • the first service provider (102) may transmit (258) a first service provider digital certificate to the first communication device (128) for validation of the first service provider (102).
  • the first service provider digital certificate may have been issued to the first service provider by the CA (136) and may include a first service provider public key corresponding to the first service provider private key.
  • the first communication device (128) may receive (260) the first service provider digital certificate from the first service provider (102).
  • the first communication device (128) may validate (262) the first service provider digital certificate. Validation (262) of the first service provider digital certificate may be conducted using the software application (132) installed on the first communication device (128) utilizing functionality provided by an encryption module provided by CA (136).
  • Validation (256, 262) of the digital certificates may use a CA public key which may be known to each of the first communication device (128) and first service provider (102) respectively to decrypt the signature using the CA public key to verify that it was signed by the CA (136) private key.
  • the first service provider (102) may verify (264) that the first communication device (128) and associated first entity (106) are trusted by the first service provider (102). This may include querying (266) the first entity record stored in the first service provider database (124) for a verified trust indication. If a verified trust indication is stored in the first service provider database (124) in association with the first entity data record, the first communication device (128) and associated first entity (106) may be verified as trusted. In some cases, the verified trust indication may be associated with a time to live or timestamp and may be required to be updated periodically.
  • Figure 4 is a swim-lane flow diagram which illustrates one exemplary manner in which the first service provider (102) may make (210) the first transaction message available to the second entity (108).
  • the method illustrated in Figure 4 is described with reference to an exemplary scenario in which the first entity (106) is a natural person and the first service provider (102) is a financial institution (e.g. a bank) providing financial and/or banking services to the first entity (106).
  • the first entity (106) may have financial account registered with the first service provider (102) against which the first entity may be able to conduct financial transactions.
  • the second entity (108) may be a juristic entity.
  • the second service provider (102) may be an insurance provider (e.g. a life insurance provider).
  • the second service provider (104) may be an entity which is separate from the second entity (108) while in other scenarios the second service provider (104) may be an extension of the second entity (108).
  • the first entity may wish to take out insurance (e.g. life insurance). Rather than having to seek an appropriate insurance provider, the first entity (106) may use the described system and method. In accordance with the method described above with reference to Figure 2, the first entity (106) may use the first communication device (128) to establish a secure communication link with the first service provider (102) and may transmit a first transaction message to the first service provider.
  • the first transaction message may include a first set of data elements.
  • the first set of data elements may include particulars relating to insurance required by the first entity (106).
  • the first set of data elements may include the insured amount required and other particulars which may be required for the determination.
  • the first service provider (102) may receive the first transaction message including the first set of data elements.
  • the first service provider (102) may make the first transaction message available to the second entity by posting (302) the first transaction message and/or the first set of data elements to the transaction directory (1 10).
  • the transaction directory (1 10) may be maintained by one of the first service provider (102), the second service provider (104) or a third party.
  • the first set of data elements may include a globally unique transaction identifier and posting (302) the first set of data elements to the transaction directory (1 10) may include posting the first set of data elements to a record stored in the transaction directory (1 10) in association with the identifier.
  • the transaction directory (1 10) may be accessible to the second entity (108) using the second communication device (130).
  • the second entity (108) may obtain the first transaction message and/or first set of data elements by accessing (304) the transaction directory (1 10) and identifying (306) the first transaction message and/or the first set of data elements.
  • the first transaction message and/or first set of data elements may include a trust indication to indicate to the second entity (108) that the first transaction message originates from a trusted entity.
  • the transaction directory (1 10) may be accessible to the second service provider (104).
  • the second service provider (104) may access the transaction directory (1 10) and identify the first transaction message and/or the first set of data elements.
  • the second service provider (104) may then provide the first transaction message and/or the first set of data elements to the second entity (108).
  • the second entity (108) may retrieve (308) the first transaction message and/or the first set of data elements.
  • the second entity (108) may review the first set of data elements and, in this exemplary scenario, calculate (310) a second set of data elements based on the first set of data elements.
  • the second set of data elements may for example include a premium which will be payable by the first entity (106) in exchange for the requested life insurance.
  • the second entity (108) may then, using the second communication device (130), transmit (312) the second transaction message to the second service provider (104) via the second secure communication link, as described above with reference to Figure 2.
  • the second transaction message may include the second set of data elements.
  • the second service provider (104) may receive the second set of data elements and the method may continue as described above with reference to Figure 2.
  • the transaction directory (1 10) may be accessible by a plurality of entities and/or their respective service providers.
  • the transaction directory (1 10) may thus serve as an online market place where one or more entities may come together and participate in a transaction. Entities requiring a specific performance can, through their respective service provider, post that requirement to the transaction directory and entities in a position to provide that performance may, through their respective service provider, offer to do so.
  • the transaction directory (1 10) may function as an online classifieds directory.
  • the second entity may transmit the second transaction message to the second service provider independently of (e.g. without reference to) the first transaction message, where first service provider and/or second service provider match the two transaction messages to each other based on the first set of data elements and second set of data elements.
  • the chain of trust i.e. the first service provider trusting the first entity, the second service provider trusting the first service provider and the second service provider trusting the second entity (and vice versa), may increase the confidence of the participants in the transaction (who potentially have never met).
  • Figure 5 is a swim-lane flow diagram which illustrates another exemplary manner in which the first service provider (102) may make (210) the first transaction message available to the second entity (108).
  • the method of Figure 5 is described with reference to an exemplary scenario in which the first entity (106) is a natural person wishing to make an online purchase from the second entity (108).
  • the first entity (106) is a natural person wishing to make an online purchase from the second entity (108).
  • an exemplary scenario of ordering a food item e.g. pizza
  • the first service provider (102) and second service provider (104) may be financial service providers offering financial services to the first entity (106) and second entity (108) respectively.
  • the second entity (108) may advertise its willingness to participate in a transaction.
  • the second entity may for example maintain a website via which entities may access a menu listing dishes (e.g. pizzas) available from the second entity.
  • dishes e.g. pizzas
  • Each dish or food item may be associated with an identifier and a price.
  • the identifier may be capable of identifying the second entity (108) as well as the food item.
  • the identifier may be a globally unique transaction identifier corresponding to a transaction record stored in the transaction directory (1 10).
  • the first entity (106) may access the website and select a food item which the first entity wishes to order. Flaving established a first secure communication link with the first service provider (102), the first entity (106) may use the first communication device (128) to transmit the first transaction message to the first service provider (102) including the first set of data elements, as described above with reference to Figure 2.
  • the first set of data elements may include the identifier associated with the food item that the first entity (106) wishes to order.
  • the first set of data elements may further include the price (which in some cases may be lower than the price advertised by the second entity should the first entity wish to negotiate).
  • the first service provider (102) may receive the first transaction message including the first set of data elements via the first secure communication link.
  • the first service provider (102) may make the first transaction message available to the second entity (108) by transmitting (320) the first transaction message and/or first set of data elements to the second service provider (104).
  • the first service provider (102) may include a trust indication in the first transaction message and/or first set of data elements and may sign or encrypt the trust indication with the first service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the second service provider (104).
  • the first service provider (102) may transmit (320) the first transaction message and/or the first set of date elements to the second service provider (104) via or using the transaction directory (1 10).
  • the first service provider (102) may identify the second service provider (104) by querying the transaction directory (1 10) using the identifier included in the first set of data elements.
  • the second service provider (104) may receive (322) the first transaction message and/or the first set of data elements from the first service provider (102) (optionally via the transaction directory) and may transmit (324) the first transaction message to the second communication device (130) of the second entity (108).
  • the second service provider may verify the authenticity of the trust indication (e.g. by decrypting the signed trust indication using the first service provider public key). In some cases, verifying the authenticity of the trust indication may include signing or encrypting the trust indication with the first service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the second communication device (130).
  • the second communication device (130) may receive (326) the first transaction message.
  • the first transaction message and/or first set of data elements may constitute an offer to purchase the food item being advertised by the second entity (108).
  • the second communication device may verify the authenticity of a trust indication included in the first transaction message and/or first set of data elements.
  • the second entity (108) can rest assured that the first transaction message has been transmitted from a trustworthy entity and may therefore proceed to render the performance (in this case by preparing and delivering the food item) in confidence that the first entity (106) will render its performance (in this case being paying for the food item).
  • the second entity (108) may accordingly use the second communication device (130) to transmit the second transaction message including a second set of data elements to the second service provider (104) via the second secure communication link, as described above with reference to Figure 2.
  • the second set of data elements may simply constitute an acceptance of the first entity’s offer.
  • the second service provider (104) may receive the second set of data elements and the method may continue as described above with reference to Figure 2.
  • the first entity (106) may be able to transact with the second entity (108) anonymously.
  • the second entity (108) may thus never become aware of the identity of the first entity (106) and may never receive any of the first entity’s personal information.
  • the second entity is nevertheless still in a position to act on the anonymous transaction message because of the trust indication and/or the fact that the first transaction message is received by the second entity from the second service provider. In this manner the first entity’s privacy may be protected without compromising the second entity’s ability to participate in the transaction confidently.
  • each of the server computers (120, 122) described herein may be configured with the same functionality such that the first server computer (120) can perform the functionality of the second server computer (122) described above with reference to Figures 1 to 5 and vice versa.
  • each of the communication devices (128, 130) described herein may be configured with the same functionality such that the first communication device (128) can perform the functionality of the second communication device (130) described above with reference to Figures 1 to 5 and vice versa.
  • FIG. 6 is a block diagram which illustrates components of an exemplary system (500) for conducting a trusted intermediated transaction.
  • the system may include a server computer (121 ) and a communication device (129).
  • Some or all of the functionality and components of the server computer (121 ) described with reference to Figure 6 may be present in the first server computer (120) and second server computer (122) described above.
  • some or all of the functionality and components of the communication device (129) described with reference to Figure 6 may be present in the first communication device (128) and second communication device (130) described above.
  • the server computer (121 ) may include a processor (502) for executing the functions of components described below, which may be provided by hardware or by software units executing on the server computer (121 ).
  • the software units may be stored in a memory component (504) and instructions may be provided to the processor (502) to carry out the functionality of the described components.
  • the server computer (121 ) may include a secure communication link component (506) arranged to establish a secure communication link with the communication device (129).
  • the communication device (129) may be uniquely identifiable by the server computer (121 ) over the secure communication link.
  • the secure communication link component (506) may include a handshake component (508) configured to perform a handshake procedure with the communication device (129).
  • the handshake component (508) may be configured to perform a certificate exchange with the communication device (129) in which the server computer (121 ) receives and verifies a digital certificate from the communication device (129) and transmits its own digital certificate to the communication device for verification by the communication device (129).
  • the secure communication link component (506) may include a verification component
  • Verification of certificates may be performed in collaboration with the CA (136).
  • the server computer (121 ) may include a first transaction message receiving component (510) arranged to receive a first transaction message.
  • the first transaction message may include a first set of data elements indicating a desire on the part of the relevant entity to participate the transaction. If the server computer (121 ) is performing the functionality of the first server computer described herein, the first transaction message receiving component (510) may receive the first transaction message from the communication device (e.g. the first communication device) via the secure communication link. If the server computer (121 ) is performing the functionality of the second server computer described herein, the first transaction message receiving component
  • the (510) may receive the first transaction message from the server computer of another service provider (e.g. the first server computer).
  • another service provider e.g. the first server computer
  • the server computer (121 ) may include a providing component (512) arranged to provide access to the first transaction message and/or first set of data elements.
  • Providing access to the first transaction message and/or first set of data elements may include making the first transaction message and/or first set of data elements available to another entity (e.g. the second entity) by posting the first transaction message and/or the first set of data elements to the transaction directory (1 10) or transmitting the first transaction message and/or first set of data elements to the relevant service provider (e.g. the second service provider).
  • the providing component (512) may accordingly include a transaction directory posting component (514) arranged to post the first set of data elements to the transaction directory (1 10).
  • the transaction directory posting component (514) may be arranged to post the first set of data elements to a record stored in the directory in association with the transaction identifier.
  • the providing component (512) may include a first transaction message transmitting component (516) arranged to transmit the first transaction message to the relevant service provider (e.g. the second service provider).
  • the server computer (121 ) may include a second transaction message receiving component (518) arranged to receive a second transaction message.
  • the second transaction message may include a second set of data elements indicating a desire on the part of an entity to participate in the transaction. If the server computer (121 ) is performing the functionality of the first server computer described herein, the second transaction message receiving component (518) may receive the second transaction message from another service provider (e.g. the second service provider). If The server computer (121 ) is performing the functionality of the second server computer described herein, the second transaction message receiving component (518) may receive the second transaction message from a communication device (e.g. the second communication device) of an entity related to the service provider.
  • a communication device e.g. the second communication device
  • the server computer (121 ) may include a second transaction message transmitting component (520) arranged to transmit a second transaction message to the server computer of another service provider (e.g. the first server computer).
  • a second transaction message transmitting component (520) arranged to transmit a second transaction message to the server computer of another service provider (e.g. the first server computer).
  • the server computer (121 ) may include a transaction schema obtaining component (522) arranged to obtain a transaction schema.
  • the transaction schema may be pre-agreed as between the first and second service providers.
  • the transaction schema may include the first and second sets of data elements and a trust indication confirming the transaction participants (e.g. first and second entities) as being trusted.
  • the transaction schema obtaining component (522) may be arranged to obtain the transaction schema from a message received from a server computer of another service provider or to generate the schema using the first and second sets of data elements.
  • the transaction schema may be configured for automatic completion of at least part of the transaction.
  • the transaction schema may be machine parsable for automatic processing of information contained therein.
  • the server computer (121 ) may include an update message transmitting component (524) arranged to transmit a transaction update message to the communication device via the secure communication link.
  • the transaction update message may include the second set of data elements relating to the transaction for review by an entity associated with the communication device to which the message is sent.
  • the update message may be configured to prompt the relevant entity for its approval or denial of the second set of data elements.
  • the server computer (121 ) may include an approval or denial messaging component (526) arranged to receive a transaction approval or denial message.
  • the transaction approval or denial message may be received from the relevant communication device via the secure transaction link or from the server computer of another service provider (e.g. the first service provider).
  • a transaction approval message may indicate approval by the relevant entity of the second set of data elements and a transaction denial message may indicate a denial by the relevant entity of the second set of data elements.
  • the approval or denial messaging component (526) may be configured to forward the transaction approval or denial message to an appropriate service provider (e.g. the second service provider) or to a communication device (e.g. the second communication device) as the case may be.
  • the server computer (121 ) may include a confirmation message transmitting component (528) arranged to transmit a transaction confirmation message to one or both of the communication device (e.g. the first communication device) via the secure communication link and the appropriate service provider (e.g. the second service provider).
  • the transaction confirmation message may include the transaction schema for completing or processing the transaction.
  • the server computer (121 ) may also include a processing component (530) arranged to process the transaction automatically using the transaction schema. Processing the transaction may include parsing the transaction schema and executing one or more operations in accordance with the data elements included therein. In some implementations, processing the transaction may include the service providers sharing information relating to each entity and other data.
  • the communication device (129) may include a processor (552) for executing the functions of components described below, which may be provided by hardware or by software units executing on the communication device (129).
  • the software units may be stored in a memory component (554) and instructions may be provided to the processor (552) to carry out the functionality of the described components.
  • Some or all of the components may be provided by a software application (131 ) downloadable onto and executable on the communication device (129).
  • the software applications (130, 132) described above with reference to Figure 1 may include some or all of the functionality and components of the software application (131 ) described below with reference to Figure 6.
  • the software application (131 ) may include a secure communication link component (556) arranged to establish a secure communication link with the server computer (121 ).
  • the communication device (129) may be uniquely identifiable by the server computer (121 ) over the secure communication link.
  • the secure communication link component (556) may include a handshake component (558) configured to perform a handshake procedure with the server computer (121 ).
  • the handshake component (558) may be configured to perform a certificate exchange with The server computer (121 ) in which the communication device (129) receives and verifies a digital certificate from The server computer (121 ) and transmits its own digital certificate to The server computer (121 ) for verification by The server computer (121 ). Verification of certificates may be performed in collaboration with the CA (136).
  • the software application (131 ) may include a secure memory component (560) configured to securely store the digital certificate (562) therein. Securely storing the digital certificate (562) may include restricting access to the digital certificate. In some implementations, only the software application (131 ) is permitted to access the digital certificate (562).
  • the digital certificate (562) may be unique to the software application (131 ) and hence capable of uniquely identifying the software application (131 ) and, by consequence, the communication device (129).
  • the digital certificate (562) may be stored together with a public and private key pair which may be generated by the software application (131 ) upon initialisation (e.g. upon installation) as well as one or more symmetric keys.
  • One or more of the digital certificate (562), public key, private key and symmetric keys may be used in establishing the secure communication link.
  • the software application (131 ) may include a transaction message transmitting component (564) configured to transmit transaction messages to the server computer (121 ).
  • the transaction messaging component (564) may be configured to transmit a first transaction message including a first set of data elements or a second transaction message including a second set of data elements.
  • the software application (131 ) may further include an obtaining component (566) arranged to obtain a first transaction message.
  • the obtaining component (566) may obtain the first transaction message from the transaction directory (1 10) or may receive the first transaction message from the server computer (121 ).
  • the software application (131 ) may further include an update messaging component (568) arranged to receive a transaction update message from the server computer (121 ).
  • the transaction update message may include the second set of data elements relating to the transaction for review by an entity associated with the communication device (129).
  • the update message may be configured to prompt the entity for its approval or denial of the second set of data elements.
  • the software application (131 ) may include an approval or denial messaging component (570) which may be configured either to transmit a transaction approval or denial message to the server computer (121 ) in response to receiving a transaction update message or to receive a transaction approval or denial message from the server computer (121 ) in response to having transmitted a second transaction message with a second set of data elements.
  • the transaction approval or denial message may be communicated via the secure transaction link.
  • a transaction approval message may indicate approval by the relevant entity of the second set of data elements and a transaction denial message may indicate a denial by the relevant entity of the second set of data elements.
  • FIG. 7 illustrates an example of a computing device (700) in which various aspects of the disclosure may be implemented.
  • the computing device (700) may be embodied as any form of data processing device including a personal computing device (e.g. laptop or desktop computer), a server computer (which may be self-contained, physically distributed over a number of locations), a client computer, or a communication device, such as a mobile phone (e.g. cellular telephone), satellite phone, tablet computer, personal digital assistant or the like.
  • a mobile phone e.g. cellular telephone
  • satellite phone e.g. cellular telephone
  • tablet computer e.g. cellular telephone
  • personal digital assistant e.g. cellular telephone
  • the computing device (700) may be suitable for storing and executing computer program code.
  • the various participants and elements in the previously described system diagrams may use any suitable number of subsystems or components of the computing device (700) to facilitate the functions described herein.
  • the computing device (700) may include subsystems or components interconnected via a communication infrastructure (705) (for example, a communications bus, a network, etc.).
  • the computing device (700) may include one or more processors (710) and at least one memory component in the form of computer-readable media.
  • the one or more processors (710) may include one or more of: CPUs, graphical processing units (GPUs), microprocessors, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs) and the like.
  • a number of processors may be provided and may be arranged to carry out calculations simultaneously.
  • various subsystems or components of the computing device (700) may be distributed over a number of physical locations (e.g. in a distributed, cluster or cloud-based computing configuration) and appropriate software units may be arranged to manage and/or process data on behalf of remote devices.
  • the memory components may include system memory (715), which may include read only memory (ROM) and random access memory (RAM).
  • ROM read only memory
  • RAM random access memory
  • BIOS basic input/output system
  • System software may be stored in the system memory (715) including operating system software.
  • the memory components may also include secondary memory (720).
  • the secondary memory (720) may include a fixed disk (721 ), such as a hard disk drive, and, optionally, one or more storage interfaces (722) for interfacing with storage components (723), such as removable storage components (e.g. magnetic tape, optical disk, flash memory drive, external hard drive, removable memory chip, etc.), network attached storage components (e.g. NAS drives), remote storage components (e.g. cloud-based storage) or the like.
  • removable storage components e.g. magnetic tape, optical disk, flash memory drive, external hard drive, removable memory chip, etc.
  • network attached storage components e.g. NAS drives
  • remote storage components e.g. cloud-based storage
  • the computing device (700) may include an external communications interface (730) for operation of the computing device (700) in a networked environment enabling transfer of data between multiple computing devices (700) and/or the Internet.
  • Data transferred via the external communications interface (730) may be in the form of signals, which may be electronic, electromagnetic, optical, radio, or other types of signal.
  • the external communications interface (730) may enable communication of data between the computing device (700) and other computing devices including servers and external storage facilities. Web services may be accessible by and/or from the computing device (700) via the communications interface (730).
  • the external communications interface (730) may be configured for connection to wireless communication channels (e.g., a cellular telephone network, wireless local area network (e.g. using Wi-FiTM), satellite-phone network, Satellite Internet Network, etc.) and may include an associated wireless transfer element, such as an antenna and associated circuitry. [Only include this if you are describing mobile phone functionality]
  • the external communications interface (730) may include a subscriber identity module (SIM) in the form of an integrated circuit that stores an international mobile subscriber identity and the related key used to identify and authenticate a subscriber using the computing device (700).
  • SIM subscriber identity module
  • One or more subscriber identity modules may be removable from or embedded in the computing device (700).
  • the external communications interface (730) may further include a contactless element (750), which is typically implemented in the form of a semiconductor chip (or other data storage element) with an associated wireless transfer element, such as an antenna.
  • the contactless element (750) may be associated with (e.g., embedded within) the computing device (700) and data or control instructions transmitted via a cellular network may be applied to the contactless element (750) by means of a contactless element interface (not shown).
  • the contactless element interface may function to permit the exchange of data and/or control instructions between computing device circuitry (and hence the cellular network) and the contactless element (750).
  • the contactless element (750) may be capable of transferring and receiving data using a near field communications capability (or near field communications medium) typically in accordance with a standardized protocol or data transfer mechanism (e.g., ISO 14443/NFC).
  • Near field communications capability may include a short-range communications capability, such as radio frequency identification (RFID), BluetoothTM, infra-red, or other data transfer capability that can be used to exchange data between the computing device (700) and an interrogation device.
  • RFID radio frequency identification
  • BluetoothTM BluetoothTM
  • infra-red infra-red
  • the computer-readable media in the form of the various memory components may provide storage of computer-executable instructions, data structures, program modules, software units and other data.
  • a computer program product may be provided by a computer-readable medium having stored computer-readable program code executable by the central processor (710).
  • a computer program product may be provided by a non-transient computer-readable medium, or may be provided via a signal or other transient means via the communications interface (730).
  • Interconnection via the communication infrastructure (705) allows the one or more processors (710) to communicate with each subsystem or component and to control the execution of instructions from the memory components, as well as the exchange of information between subsystems or components.
  • Peripherals such as printers, scanners, cameras, or the like
  • input/output (I/O) devices such as a mouse, touchpad, keyboard, microphone, touch-sensitive display, input buttons, speakers and the like
  • I/O input/output
  • One or more displays (745) (which may be touch-sensitive displays) may be coupled to or integrally formed with the computing device (700) via a display (745) or video adapter (740).
  • the computing device (700) may include a geographical location element (755) which is arranged to determine the geographical location of the computing device (700).
  • the geographical location element (755) may for example be implemented by way of a global positioning system (GPS), or similar, receiver module.
  • GPS global positioning system
  • the geographical location element (755) may implement an indoor positioning system, using for example communication channels such as cellular telephone or Wi-FiTM networks and/or beacons (e.g. BluetoothTM Low Energy (BLE) beacons, iBeaconsTM, etc.) to determine or approximate the geographical location of the computing device (700).
  • the geographical location element (755) may implement inertial navigation to track and determine the geographical location of the communication device using an initial set point and inertial measurement data.
  • a software unit is implemented with a computer program product comprising a non-transient computer-readable medium containing computer program code, which can be executed by a processor for performing any or all of the steps, operations, or processes described.
  • Software units or functions described in this application may be implemented as computer program code using any suitable computer language such as, for example, JavaTM, C++, or PerlTM using, for example, conventional or object-oriented techniques.
  • the computer program code may be stored as a series of instructions, or commands on a non-transitory computer-readable medium, such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive, or an optical medium such as a CD-ROM. Any such computer-readable medium may also reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.
  • a non-transitory computer-readable medium such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive, or an optical medium such as a CD-ROM.
  • RAM random access memory
  • ROM read-only memory
  • magnetic medium such as a hard-drive
  • optical medium such as a CD-ROM.

Abstract

A system and method for conducting a trusted intermediated transaction are provided. In a method conducted at a first service provider, a first transaction message is received via a first secure communication link from a first communication device associated with a first entity. The first transaction message includes a first set of data elements relating to participation by the first entity in a transaction. The first communication device and associated first entity are verified as being trusted by the first service provider. A second transaction message is received from a second service provider and is associated with a second entity and includes a second set of data elements relating to participation of the second entity in the transaction. The second service provider is verified as being trusted. A transaction schema including the data elements and a trust indication is obtained and used for completing the transaction.

Description

SYSTEM AND METHOD FOR CONDUCTING A TRUSTED INTERMEDIATED
TRANSACTION
CROSS-REFERENCE TO RELATED APPLICATION
This application claims priority from South African provisional patent application number 2018/00614 filed on 30 January 2018, which is incorporated by reference herein.
FIELD OF THE INVENTION
This invention relates to a system and method for conducting a trusted intermediated transaction.
BACKGROUND TO THE INVENTION
Transactions involving dealings or interactions between entities occur on a daily basis and increasingly are being conducted or at least entered into using digital channels, such as the Internet. Exemplary digital transactions may of course include electronic commerce transactions but may extend further to any scenario in which one entity offers, via a digital channel, a performance in exchange for the performance of another entity. Such digital transactions may enable entities who may be physically separated to participate in transactions with one other.
However in such digital transactions, it can be difficult to ascertain with acceptable certainty the identity of an entity wishing to participate in the transaction. It can also be difficult for one entity to know whether another entity wishing to participate in the transaction can be trusted to render the promised performance. These difficulties may on the one hand lead to fraud or other dishonest behaviour as nefarious entities may be able to misrepresent themselves to entice others into fraudulent transactions. On the other hand entities may be reluctant to transact digitally without knowing that the other entity can be trusted to render its performance. In any event it may also be desirable for an entity to limit exposure to another entity in the course of a transaction. In some cases, for example, a certain degree of anonymity or pseudo-anonymity may be desired by one or more of the entities who participate in the transaction.
There is accordingly a need to address these and other issues.
The preceding discussion of the background to the invention is intended only to facilitate an understanding of the present invention. It should be appreciated that the discussion is not an acknowledgment or admission that any of the material referred to was part of the common general knowledge in the art as at the priority date of the application.
SUMMARY OF THE INVENTION
In accordance with the invention there is provided a computer-implemented method conducted at a first service provider comprising: receiving, via a first secure communication link, a first transaction message from a first communication device associated with a first entity, wherein the first communication device is uniquely identifiable to the first service provider over the first communication link and wherein the first transaction message includes a first set of data elements relating to participation by the first entity in a transaction; verifying that the first communication device and associated first entity are trusted by the first service provider; receiving, from a second service provider, a second transaction message, the second transaction message being associated with a second entity, wherein the second transaction message includes a second set of data elements relating to participation of the second entity in the transaction; verifying that the second service provider is trusted by the first service provider; obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted; and, transmitting a transaction confirmation message to one or both of the first communication device and the second service provider, the transaction confirmation message including the transaction schema for completing the transaction.
A further feature provides for the method to include establishing the first secure communication link with the first communication device; and for establishing the first secure communication link to include a certificate exchange process in which the first service provider transmits a digital certificate to the first communication device for validation thereat and receives a digital certificate from the first communication device for validation.
Yet further features provides for verifying that the first communication device and associated first entity are trusted by the first service provider to include validating enrolment of the first communication device with the first service provider; for verifying that the first communication device and associated first entity are trusted by the first service provider to include validating the digital certificate received from the first communication device; and, for verifying that the first communication device and associated first entity are trusted by the first service provider to include querying a first entity record for a verified trust indication. A further feature provides for transmitting a transaction update message to the first communication device via the first secure communication link, the transaction update message including the second set of data elements relating to the transaction. The update message may be configured to prompt the first entity for the first entity’s approval or denial of the second set of data elements.
A still further feature provides for the method to include receiving a transaction approval or denial message from the first communication device via the first secure transaction link, the transaction approval message indicating the approval by the first entity of the second set of data elements and the transaction denial message indicating the denial by the first entity of the second set of data elements.
A yet further feature provides for the method to include forwarding the transaction approval or denial message to the second service provider.
One or both of the first set of data elements and second set of data elements may include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; an identifier associated with the first entity; and, an identifier associated with the second entity.
The method may include posting the first set of data elements to a transaction directory, the transaction directory being accessible by one or both of the second service provider or the second entity. The first set of data elements may include a globally unique transaction identifier and posting the first set of data elements to the transaction directory may include posting the first set of data elements to a record stored in the directory in association with the transaction identifier.
A further feature provides for the method to include transmitting the first transaction message to the second service provider.
Further features provide for the method to include including a first entity trust indication in the first set of data elements and/or transaction message, wherein the first entity trust indication is configured for verification of the source of the data elements and/or message as a trusted source; and for the method to include signing or encrypting the first entity trust indication with a digital certificate or private key associated with the first service provider for verification of the authenticity of the trust indication by the second service provider and/or second entity. Still further features provide for verifying that the second service provider is trusted by the first service provider to include validating a digital certificate associated with the second service provider.
A further feature provides for the second transaction message to have been received at the second service provider from a second communication device via a second secure communication link, wherein the second communication device is associated with the second entity and is uniquely identifiable by the second entity over the second secure communication link, and wherein the second communication device is trusted by the second service provider.
A still further feature provides for the transaction schema to be configured for automatic completion of at least part of the transaction.
The invention extends to a computer-implemented method conducted at a second service provider comprising: receiving, via a second secure communication link, a second transaction message from a second communication device associated with a second entity, wherein the second communication device is uniquely identifiable to the second service provider over the secure communication link and wherein the second transaction message includes a second set of data elements relating to participation by the second in a transaction, wherein the second transaction message corresponds to a first transaction message having been received at a first service provider relating to participation by a first entity in the transaction; and, transmitting the second transaction message to the first service provider, wherein the first service provider is trusted by the second service provider and wherein the second set of data elements are configured to be included with a first set of data elements and a trust indication in a transaction schema, wherein the trust indication confirms the transaction participants as being trusted and wherein the transaction schema is configured for completing the transaction.
A further feature provides for the method to include establishing the second secure communication link, for establishing the second secure communication link to include a certificate exchange process in which the second service provider transmits a digital certificate to the second communication device for validation thereat and receives a digital certificate from the second communication device for validation.
A still further feature provides for the method to include validating the digital certificate received from the second communication device. A yet further feature provides for the method to include verifying that the second communication device and associated second entity are trusted by the second service provider, including querying a second entity record for a verified trust indication.
A further feature provides for the method to include receiving a transaction approval or denial message from the first service provider, the transaction approval message indicating the approval by the first entity of the second set of data elements and the transaction denial message indicating the denial by the first entity of the second set of data elements.
A still further feature provides for the method to include forwarding the transaction approval or denial message to the second communication device.
The second set of data elements may include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; a an identifier associated with the first entity; and, an identifier associated with the second entity.
The method may include receiving the first transaction message from the first service provider.
The first transaction message may include a first entity trust indication confirming the first entity as being trusted by the first service provider. The second transaction message may include a second entity trust indication confirming the second entity as being trusted by the second service provider.
A further feature provides for the method to include obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted and including the transaction schema in the second transaction message transmitted to the first service provider. The transaction schema may be pre-approved as between the first and second service providers.
The invention extends to a system including a first server computer having memory for storing computer-readable program code and a processor for executing the computer-readable program code, the first server computer being associated with a first service provider and comprising: a first transaction message receiving component for receiving, via a first secure communication link, a first transaction message from a first communication device associated with a first entity, wherein the first communication device is uniquely identifiable to the first service provider over the first communication link and wherein the first transaction message includes a first set of data elements relating to participation by the first entity in a transaction; a verifying component for verifying that the first communication device and associated first entity are trusted by the first service provider; a second transaction message receiving component for receiving, from a second service provider, a second transaction message, the second transaction message being associated with a second entity, wherein the second transaction message includes a second set of data elements relating to participation of the second entity in the transaction, wherein the verifying component is further for verifying that the second service provider is trusted by the first service provider; a transaction schema obtaining component for obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted; and, a confirmation message transmitting component for transmitting a transaction confirmation message to one or both of the first communication device and the second service provider, the transaction confirmation message including the transaction schema for completing the transaction.
A further feature provides for system to include a secure communication link component configured to establish the first secure communication link with the first communication device and to perform a certificate exchange process in which the first service provider transmits a digital certificate to the first communication device for validation thereat and receives a digital certificate from the first communication device for validation.
Further features provide for the verifying component to be configured to verify that the first communication device and associated first entity are trusted by the first service provider by validating enrolment of the first communication device with the first service provider; for the verifying component to be configured to verify that the first communication device and associated first entity are trusted by the first service provider by validating the digital certificate received from the first communication device; and, for the verifying component to be configured to verify that the first communication device and associated first entity are trusted by the first service provider, including querying a first entity record for a verified trust indication.
A further feature provides for the first server computer to include an update message transmitting component for transmitting a transaction update message to the first communication device via the first secure communication link, the transaction update message including the second set of data elements relating to the transaction. The update message may be configured to prompt the first entity for the first entity’s approval or denial of the second set of data elements.
A still further feature provides for the first server computer to include an approval or denial messaging component for receiving a transaction approval or denial message from the first communication device via the first secure transaction link, the transaction approval message indicating the approval by the first entity of the second set of data elements and the transaction denial message indicating the denial by the first entity of the second set of data elements.
A yet further feature provides for the approval or denial messaging component to forward the transaction approval or denial message to the second service provider.
One or both of the first set of data elements and second set of data elements may include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; an identifier associated with the first entity; and, an identifier associated with the second entity.
A further feature provides for the first server computer to include a transaction directory posting component for posting the first set of data elements to a transaction directory, the transaction directory being accessible by one or both of the second service provider or the second entity. The first set of data elements may include a globally unique transaction identifier and the transaction directory posting component may be configured to post the first set of data elements to a record stored in the directory in association with the transaction identifier.
Still further features provide for the first server computer to include a first transaction message transmitting component for transmitting the first transaction message to the second service provider; for the first transaction message transmitting component to include a first entity trust indication in the first set of data elements and/or transaction message, for the first entity trust indication to be configured for verification of the source of the data elements and/or message as a trusted source; for the first transaction message transmitting component to be configured to sign or encrypt the first entity trust indication with a digital certificate or private key associated with the first service provider for verification of the authenticity of the trust indication by the second service provider and/or second entity.
Yet further features provide for the verifying component to be configured to verify that the second service provider is trusted by the first service provider by validating a digital certificate associated with the second service provider.
A further feature provides for the second transaction message to have been received at the second service provider from a second communication device via a second secure communication link, wherein the second communication device is associated with the second entity and is uniquely identifiable by the second entity over the second secure communication link, and wherein the second communication device is trusted by the second service provider.
The transaction schema may be configured for automatic completion of at least part of the transaction.
The invention extends to a system including a second server computer having memory for storing computer-readable program code and a processor for executing the computer-readable program code, the second server computer being associated with a second service provider and comprising: a second transaction message receiving component for receiving, via a second secure communication link, a second transaction message from a second communication device associated with a second entity, wherein the second communication device is uniquely identifiable to the second service provider over the secure communication link and wherein the second transaction message includes a second set of data elements relating to participation by the second in a transaction, wherein the second transaction message corresponds to a first transaction message having been received at a first service provider relating to participation by a first entity in the transaction; and, a second transaction message transmitting component for transmitting the second transaction message to the first service provider, wherein the first service provider is trusted by the second service provider and wherein the second set of data elements are configured to be included with a first set of data elements and a trust indication in a transaction schema, wherein the trust indication confirms the transaction participants as being trusted and wherein the transaction schema is configured for completing the transaction.
A further feature provides for the second server computer to include a secure communication link component to establish the second secure communication link with the second communication device and to perform a certificate exchange process in which the second service provider transmits a digital certificate to the second communication device for validation thereat and receives a digital certificate from the second communication device for validation.
A still further feature provides for the secure communication link component to be configured to validate the digital certificate received from the second communication device. A yet further feature provides for the secure communication link component to be configured to verify that the second communication device and associated second entity are trusted by the second service provider, including querying a second entity record for a verified trust indication.
A further feature provides for the second server computer to include an approval or denial messaging component for receiving a transaction approval or denial message from the first service provider, the transaction approval message indicating the approval by the first entity of the second set of data elements and the transaction denial message indicating the denial by the first entity of the second set of data elements.
A further feature provides for the approval or denial messaging component to be configured to forward the transaction approval or denial message to the second communication device.
The second set of data elements may include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; an identifier associated with the first entity; and, an identifier associated with the second entity.
A still further feature provides for the second server computer to include a first transaction message receiving component for receiving the first transaction message from the first service provider.
The first transaction message may include a first entity trust indication confirming the first entity as being trusted by the first service provider. The second transaction message may include a second entity trust indication confirming the second entity as being trusted by the second service provider.
A yet further feature provides for the second server computer to include a transaction schema obtaining component for obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted and including the transaction schema in the second transaction message transmitted to the first service provider.
The invention extends to a computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of: receiving, via a first secure communication link, a first transaction message from a first communication device associated with a first entity, wherein the first communication device is uniquely identifiable to the first service provider over the first communication link and wherein the first transaction message includes a first set of data elements relating to participation by the first entity in a transaction; verifying that the first communication device and associated first entity are trusted by the first service provider; receiving, from a second service provider, a second transaction message, the second transaction message being associated with a second entity, wherein the second transaction message includes a second set of data elements relating to participation of the second entity in the transaction; verifying that the second service provider is trusted by the first service provider; obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted; and, transmitting a transaction confirmation message to one or both of the first communication device and the second service provider, the transaction confirmation message including the transaction schema for completing the transaction.
The invention extends to a computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of: receiving, via a second secure communication link, a second transaction message from a second communication device associated with a second entity, wherein the second communication device is uniquely identifiable to the second service provider over the secure communication link and wherein the second transaction message includes a second set of data elements relating to participation by the second in a transaction, wherein the second transaction message corresponds to a first transaction message having been received at a first service provider relating to participation by a first entity in the transaction; and, transmitting the second transaction message to the first service provider, wherein the first service provider is trusted by the second service provider and wherein the second set of data elements are configured to be included with a first set of data elements and a trust indication in a transaction schema, wherein the trust indication confirms the transaction participants as being trusted and wherein the transaction schema is configured for completing the transaction.
Further features provide for the computer-readable medium to be a non-transitory computer- readable medium and for the computer-readable program code to be executable by a processing circuit.
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
In the drawings:
Figure 1 is a schematic diagram which illustrates an exemplary system conducting a trusted intermediated transaction;
Figure 2 is a swim-lane flow diagram which illustrates an exemplary method for conducting a trusted intermediated transaction;
Figure 3 is a swim-lane flow diagram which illustrates exemplary steps, operations or procedures which may be performed in establishing a first secure communication link;
Figure 4 is a swim-lane flow diagram which illustrates one exemplary manner in which a first service provider makes a first transaction message available to the second entity;
Figure 5 is a swim-lane flow diagram which illustrates another exemplary manner in which a first service provider makes a first transaction message available to the second entity;
Figure 6 is a block diagram which illustrates components of an exemplary system for conducting a trusted intermediated transaction; and,
Figure 7 illustrates an example of a computing device in which various aspects of the disclosure may be implemented.
DETAILED DESCRIPTION WITH REFERENCE TO THE DRAWINGS
Figure 1 is a schematic diagram which illustrates an exemplary system (100) for conducting a trusted intermediated transaction. The system (100) may include a first service provider (102), a second service provider (104), a first entity (106) and a second entity (108). The first entity (106) may be associated with a first communication device (128) and the second entity may be associated with a second communication device (130). In some implementations the system (100) may further include a transaction directory (1 10) and an intermediary (1 12). Although only first and second entities and service providers are illustrated, it should be appreciated that in a practical implementation there may be a plurality of service providers and a plurality of entities. In some cases there may be more than two participants in a transaction.
The service providers (102, 104) may need to be registered with the system (100). Each service provider (102, 104) may maintain, operate or have access to a server computer (120, 122). Each server computer (120, 122) may be in the form of a server computer cluster, a distributed server computer, a cloud-based server computer or the like. The physical location of the server computers (120, 122) may be unknown to the various participants described herein and may be irrelevant to the operation of the described system and method. The server computers (120, 122) may be able to communicate with each other securely via a communication network (1 14). The communication network (1 14) may include the Internet and optionally one or more proprietary communication networks (e.g. payment card networks). Each server computer (120, 122) may have access to a database (124, 126) in which data and records may be stored and from which data and records may be accessed and retrieved.
The first service provider database (124) may be a secure database and may store a first entity record in association with which one or more of: a public key generated by a software application executing on the first communication device; a device identifier uniquely associated with the first communication device (128); personal information relating to the first entity (106) (e.g. full names, residential address, national identity number, know your customer (“KYC”) information, one or more communication addresses, such a phone number, email address, social media handle, etc.); a verified trust indication and the like.
The verified trust indication may indicate that the first communication device (128) and first entity (106) have enrolled with the first service provider (102). Enrolment may for example have included linking one or more of the first communication device (128), a software application executing on the first communication device (132) and the first entity such that messages and requests received from the first communication device at the first service provider (102) are uniquely identifiable by the first service provider and can be associated with the first entity (106).
In some cases, the verified trust indication may further indicate the standing of the first entity, including for example, credit worthiness, credit rating, criminal record or the like. The second service provider database (126) may be a secure database and may store a second entity record in association with which one or more of: a public key generated by a software application executing on the second communication device (130); a device identifier uniquely associated with the second communication device; personal information relating to the second entity (108) (e.g. full names, residential address, national identity number, know your customer (“KYC”) information, one or more communication addresses, such a phone number, email address, social media handle, etc.); a verified trust indication and the like.
The verified trust indication may indicate that the second communication device (130) and second entity (108) have enrolled with the second service provider (104). Enrolment may have included linking one or more of the second communication device (130), a software application (134) executing on the second communication device and the second entity (108) such that messages and requests received from the second communication device at the second service provider (104) are uniquely identifiable by the second service provider and can be associated with the second entity (108).
In some cases, the verified trust indication may further indicate the standing of the second entity, including for example, credit worthiness, credit rating, criminal record or the like.
An established and verifiable trust may exist between the service providers (102, 104) such that the first service provider (102) trusts the second service provider (104), and vice versa. In one exemplary scenario, each service provider may be a financial service provider (e.g. a bank). Trust in this case may refer to one service provider being confident that the other service provider is a reputable service provider that will make good on debts or other performances due. In some implementations, the trust that exists between the service providers may be established or confirmed by an intermediary, such as a payment card network, an industry regulator, ombudsman or the like. As will be explained in greater detail below, trust may be established and/or verified by means of public key infrastructure and a mutually known and/or trusted certificate authority (CA) (136).
The communication devices (128, 130) of the entities (106, 108) may be any appropriate computing devices capable of communicating on the communication network (1 14). Exemplary communication devices include mobile phones (e.g. smart phones, features phones, etc.) tablet computers, desktop computers, laptop computers, wearable computing devices, smart appliances and even entity server computers (e.g. an e-commerce server computer). The first communication device (128) may have a software application (132) installed and executable thereon. The software application (132) may be provided by the first service provider (102) to enable the first entity (106) to interact with the first service provider (102) using the first communication device (128). In some implementations the software application (132) may be configured to securely store a digital certificate. This digital certificate may be unique to the first communication device (128) and may be issued by (and hence susceptible to revocation by) the certificate authority (CA) (136). In some implementations, the digital certificate may be unique to the software application (132) (e.g. the particular instance of the software application) installed on the first communication device (128). The software application (132) may also securely store encryption keys, including a private key and public key pair which may be generated by the software application upon installation.
The second communication device (130) may have a software application (134) installed and executable thereon. The software application (134) may be provided by the second service provider (104) to enable the second entity (108) to interact with the second service provider (104) using the second communication device (130). In some implementations the software application (134) may be configured to securely store a digital certificate. This digital certificate may be unique to the second communication device (130) and may be issued by (and hence susceptible to revocation by) the CA (136). In some implementations, the digital certificate may be unique to the software application (134) (e.g. the particular instance of the software application) installed on the second communication device (130). The software application (134) may also securely store encryption keys, including a private key and public key pair which may be generated by the software application upon installation.
The digital certificates described herein may be any appropriate digital certificate (such as a signed X.509 digital certificate) and may be usable to uniquely identify the communication devices (128, 130), and in some implementations the software applications (132, 134) executing thereon, to the service providers (102, 104) and vice versa. The digital certificates may further be configured for sharing symmetric encryption keys. The symmetric encryption keys may be used for data encryption between the communication devices (128, 130) and the service providers (102, 104). The digital certificates may be signed with a private key associated with the CA (136). A corresponding public key of the CA (136) may be known to both the respective communication devices (128, 130) and the service providers (102, 104), enabling validation of the authenticity of the digital certificate by decrypting the signature using the CA public key to verify that it was signed by the CA private key. In this exemplary scenario, a trusted relationship may have already been established between the first communication device (128), the first entity (106) and the first service provider (102) such that the first service provider (102) can vouch for the trustworthiness of the first entity (106). Vouching for the trustworthiness may include confirming that the first entity (106) can be trusted to render a particular promised performance. The established trust may include registration of the first communication device (128) with the first service provider (102). In some implementations, registration of the first communication device (128) with the first service provider (102) may include enrolling the digital certificate of the software application (132) with the first service provider (102). Registration of the first communication device (128) with the first service provider (102) may enable the first communication device (128) to communicate with the first service provider (102) over a secure communication link. Registration of the first communication device (128) with the first service provider (102) may enable the first communication device (128) to be uniquely identifiable to the first service provider (102) over the secure communication link. The established trust may be reciprocal, meaning that the first entity (106) may trust the first service provider (102).
The established trust may also include an established one-to-one relationship between the first communication device (128), and its software application (132) in some implementations, and the first entity (106) such that interactions (e.g. transmitting and receiving data and messages) between the first communication device (128) and the first service provider (102) can be considered to be interactions between the first entity (106) and the first service provider (102). The trust may therefore be established during an enrolment process in which the first entity (106) satisfactorily links itself to the first communication device (128), for example by physically visiting the first service provider (102) with the first communication device (128) and an accepted form of positive identification of the first entity (106), by using another remotely accessible platform (e.g. a website) with which an established trust already exists, and the like. Enrolment may include verifying an association between the digital certificate of the first communication device (128) and the first entity (106). Thus, when the first service provider (102) interacts with the first communication device (128), it can be assumed that the first service provider is interacting with the first entity (106).
Similarly, a trusted relationship may have already been established between the second communication device (130), the second entity (108) and the second service provider (104) such that the second service provider (104) can vouch for the trustworthiness of the second entity (108). As with the case of the first entity (106), the established trust may include registration of the second communication device (130) with the second service provider (104) and an established one-to-one relationship between the second communication device (130) and the second entity (108) such that interactions between the second communication device (130) and the second service provider (104) can be considered to be interactions between the second entity (108) and the second service provider (104). In some implementations, registration of the second communication device (130) with the second service provider (104) may include enrolling the digital certificate of the software application (134) with the second service provider (104) and verifying an association between the digital certificate of the second communication device (130) and the second entity (108). The established trust may be reciprocal, meaning that the second entity (108) may trust the second service provider (104).
A method for conducting a trusted intermediated transaction may be performed using the system (100). Figure 2 is a swim-lane flow diagram which illustrates an exemplary method for conducting a trusted intermediated transaction. Respective swim-lanes may serve to delineate operations, steps, functions or procedures performed by respective participants or devices. The operations, steps, functions or procedures described as being performed by the respective service providers (102, 104) may be performed by that service provider’s server computer (120, 122). The method of Figure 2 is described generally with reference to a scenario in which the first entity (106) offers a performance in exchange for the performance of the second entity (108).
A first secure communication link may be established (202) between the first communication device (128) associated with the first entity (106) and the first service provider (102). The secure communication link may be established by the first communication device (128) (e.g. upon the first entity launching the software application (132)). Establishing (202) the first secure communication link may include performing a handshake procedure. Steps, operations or procedures performed in one example method of establishing (202) the first secure communication link are elaborated on below with reference to Figure 3. In other implementations, the secure communication links described herein may be established using other mechanisms (e.g. encryption without a certificate exchange procedure). The secure communication link may be any communication channel over which data may be shared without being intercepted by third parties.
The first communication device (128) may be uniquely identifiable to the first service provider (102) over the first secure communication link. As a trusted relationship may have already been established between the first communication device (128), the first entity (106) and the first service provider (102), once the first communication device (128) has been uniquely identified it, and by implication the first entity (106), may be trusted by the first service provider (102). In some cases, the fact that the first service provider (102) trusts the first communication device (128) and first entity (106) may imply that the first service provider can vouch for the first entity’s trustworthiness.
The first service provider may verify (203) that the first communication device and associated first entity are trusted by the first service provider. Verifying that the first communication device and associated first entity are trusted by the first service provider may include validating enrolment of the first communication device with the first service provider. In some cases, verifying that the first communication device and associated first entity are trusted by the first service provider may include validating the digital certificate received from the first communication device. In some cases, verifying that the first communication device and associated first entity are trusted by the first service provider may include querying a first entity record for a verified trust indication.
A second secure communication link may be established (204) between the second communication device (130) associated with the second entity (108) and the second service provider (104). The second secure communication link may be established by the second communication device (130) (e.g. responsive to the second entity (108) launching the software application (134)) or by the second service provider (104). Establishing (204) the second secure communication link may include performing a handshake procedure. This handshake procedure may include mutatis mutandis the same certificate exchange process described below with reference to Figure 3. The second communication device (130) may be uniquely identifiable over the second secure communication link (e.g. as a result of the certificate exchange process).
The second service provider may similarly verify (205) that the second communication device and associated second entity are trusted by the second service provider.
As a trusted relationship may have already been established between the second communication device (130), the second entity (108) and the second service provider (104), once the second communication device (130) has been uniquely identified it, and by implication the second entity (108), may be trusted by the second service provider (104). In some cases, the fact that the second service provider (104) trusts the second communication device (136) and second entity (108) may imply that the second service provider can vouch for the second entity’s trustworthiness.
In some implementations, one or both of the first and second secure communication links may be persistent. The first communication device (128) may transmit (206) a first transaction message to the first service provider (102) via the first secure communication link. The first transaction message may include a first set of data elements which may indicate a desire on the part of the first entity (106) to participate in a transaction. At least a subset of the first set of data elements may have been input into the first communication device (128) by the first entity (106), obtained by the first communication device or retrieved from a memory of the first communication device. The first set of data elements may include partial or full details of the transaction in which the first entity (106) wishes to participate as well as any other information necessary for establishing and/or completing the transaction. The first set of data elements may for example include one or more of a transaction identifier, a first entity identifier, selected personal information relating to the first entity, terms of the transaction, proposed terms of the transaction (e.g. constituting an offer) and the like.
The first service provider (102) may receive (208) the first transaction message from the first communication device (128) via the first secure communication link. The first service provider (102) may then make (210) the first transaction message available to the second entity (108) via the second service provider (104) or the transaction directory (1 10). Making (210) the first transaction message available to the second entity (108) may include posting the first transaction message and/or the first set of data elements to the transaction directory (1 10) or transmitting the first transaction message and/or first set of data elements to the second service provider (104).
The first service provider (102) may modify the first transaction message and/or first set of data elements to include a trust indication. The trust indication may be configured to confirm the first entity as being trusted by the first service provider. The trust indication may be configured for verification of the source of the message and/or data elements as being a trusted source and hence usable without further evaluation. In some implementations, the first service provider may sign or encrypt the trust indication with the first service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the second service provider (104).
The second communication device (130) obtains (212) the first transaction message and/or the first set of data elements. Obtaining (212) the first transaction message and/or the first set of data elements may include accessing the first transaction message and/or the first set of data elements from the transaction directory (1 10) or receiving the first transaction message and/or the first set of data elements from the second service provider (104). The first transaction message and/or the first set of data elements may be displayed to the second entity (108) such that the second entity (108) may ascertain whether or not it would like to participate in the transaction. In some implementations, a trust indication indicating that the first entity (106) is trusted by the first service provider (102), and the first service provider (102) is in turn trusted by the second service provider (104) may be included in the first transaction message and/or the first set of data elements and may be displayed to the user. The trust indication may be signed or encrypted by the second service provider (104) using the second service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the second communication device (130).
Should the second entity (108) wish to participate in the transaction, the second entity may use the second communication device (130) to transmit (214) a second transaction message to the second service provider (104) via the second secure communication link. The second transaction message may include a second set of data elements indicating a desire on the part of the second entity (108) to participate in the transaction. The second transaction message may correspond or be otherwise logically related to the first transaction message in that they may include data fields relating to a chosen transaction schema. In some implementations, the second set of data elements may complete the first set of data elements such that the data elements together indicate each of the entities’ performance in respect of the transaction. In other situations, the second set of data elements may constitute an acceptance or counter offer of the proposed transaction set out in the first set of data elements. In some implementations, the first and second set of data elements, together with the associated trust indications, may be configured for inclusion in a transaction schema configured for completing the transaction. The transaction schema may be pre-approved as between the first and second service providers. The second set of data elements may include partial or full details of the transaction in which the second entity wishes to participate as well as any other information necessary for establishing and/or completing the transaction. The second set of data elements may for example include one or more of a transaction identifier, a second entity identifier, selected personal information relating to the second entity, terms of the transaction, proposed terms of the transaction (e.g. constituting a counter-offer) and the like. Receipt by the second entity of the first transaction message and responding thereto by way of the second transaction message may imply approval and/or consent to the intended transaction by the second entity, in which case the second service provider may finalise the transaction, optionally pending receipt of approval of the second transaction message from the first entity via the first service provider. Likewise, approval by the first entity to the second transaction message may imply consent to the intended transaction by the first entity, after which the transaction may be finalised as between the first and second service providers. Finalisation of the transaction as between the first and second service providers may be conducted based on rules defined beforehand between them. Upon completion of the intended transaction by one or both of the first and second service providers, the first and second entities may be notified of the successful completion of the transaction, or otherwise, by the first and second service providers respectively.
In the described embodiments, one or both of the first set of data elements and second set of data elements may include an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity (106); a communication address associated with the second entity (108); an identifier associated with the first entity (106); an identifier associated with the second entity (108) and, a timestamp.
The second service provider (104) may receive (216) the second transaction message from the second communication device (130) via the second secure communication link. The second service provider (104) may transmit (218) the second transaction message and/or second set of data elements to the first service provider (102).
In one implementation the second service provider (104) may modify the second transaction message and/or second set of data elements to include a trust indication to confirm the second entity as being trusted by the second service provider. The trust indication may be configured for verification of the source of the message and/or data elements as being a trusted source and hence usable without further evaluation. The second service provider (104) may sign or encrypt the trust indication with the second service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the first service provider (102).
In another implementation the second service provider (104) may generate the transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted. The second service provider (104) may include the transaction schema in the second transaction message transmitted to the first service provider.
The first service provider (102) may receive (220) the second transaction message and/or the second set of data elements from the second service provider (104). The second transaction message may include the second set of data elements indicating a desire on the part of a second entity to participate in the transaction. The second transaction message and/or the second set of data elements may include a trust indication to confirm the second entity (108) as being trusted by the second service provider (104). The first service provider (102) may verify the authenticity of the trust indication.
The first service provider (102) may verify (221 ) that the second service provider is trusted by the first service provider. In some implementations, for example, the second entity trust indication may have been signed using a digital certificate associated with the second service provider, and the first service provider may validate the digital certificate with the CA or via another mechanism. Verification (221 ) that the second service provider is trusted by the first service provider may include querying one or more of the CA (136), transaction directory (1 10) and the intermediary (1 12) for verification of the second service provider as being trusted.
The first service provider (102) may obtain (222) the transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted. The transaction schema may include a container with fields which are configured to be populated by the first and second sets of data elements. The transaction schema may define one or more of the structure, content, and semantics of the transaction and, once populated with the first and second set of data elements may be configured for automatic completion of at least part of the transaction (e.g. for initiating a payment as part of one of the entity’s performance).
Obtaining (222) the transaction schema may in one implementation include the first service provider (102) generating the transaction schema. In another implementation the first service provider (102) may obtain the transaction schema from the second transaction message received from the second service provider (104). Obtaining (222) the transaction schema may include verifying a signed or encrypted trust indication included in the second set of data elements received from the second service provider (104). It should be appreciated that the transaction schema, which may serve as a template for the transaction, may be pre-agreed as between the first and second service providers.
The first service provider (102) may transmit (224) a transaction update message to the first communication device (128) via the first secure communication link. The transaction update message may include the second set of data elements relating to the transaction for review and approval by the first entity (106). In some implementations the transaction update message may be configured to prompt the first entity (106) for the first entity’s approval or denial of the second set of data elements and/or the transaction schema. The first communication device (128) may receive (226) the transaction update message from the first service provider (102) via the first communication link. The transaction update message may be configured to display the second set of data elements and/or the transaction schema to the first entity (106) (e.g. via a display) and to prompt the first entity (106) for its approval or denial thereof.
The first communication device (128) may receive and transmit (228) the first entity’s approval or denial, as the case may be, in a transaction approval message or a transaction denial message to the first service provider (102) via the first secure communication link. The transaction approval message may indicate the approval by the first entity (106) of the transaction schema and/or second set of data elements and the transaction denial message may indicate the denial by the first entity (106) of the transaction schema and/or second set of data elements.
The first service provider (102) may receive (230) the transaction approval or denial message from the first communication device (128) and forward (232) the transaction approval or denial message to the second service provider (104).
The second service provider (104) may receive (234) the transaction approval or denial message from the first service provider (102) and forward (236) the transaction approval or denial message to the second communication device (130) of the second entity (108). The second communication device (130) may receive (238) the transaction approval or denial message. In the case of a transaction denial message, the second entity (108) may be afforded the opportunity of revising the second set of data elements and transmitting an updated second transaction message including the updated second set of data elements to the second service provider (104) for on- forwarding to the first service provider (102) and first entity (106) for its approval or denial.
Once the transaction is confirmed, which may occur on receipt of a transaction approval message from the first communication device (102) or according to pre-configured rules (e.g. in some cases the second set of data elements may include an acceptance which confirms the transaction), the first service provider (102) may transmit (240) a transaction confirmation message to one or both of the first communication device (128) and the second service provider (130). The transaction confirmation message may include the transaction schema for completing the transaction.
One or both of the first service provider (102) and second service provider (104) may then process (242) the transaction. Processing the transaction may include parsing the transaction schema and executing one or more operations in accordance with the data elements included therein. In some implementations, processing the transaction may include the service providers (102, 104) sharing information relating to each entity (106, 108). For example, in some cases, the second entity (104) may require personal information relating to the second entity (108) in order to participate in the transaction (e.g. in order to meet“Know Your Customer” requirements imposed by relevant national laws). In some cases, rather than sharing the personal information, the first service provider may rather transmit a confirmation that the identity of the first entity (106) has been verified and is up-to-date.
It should be appreciated that the method described above may be implemented in any scenario in which the first entity (106) offers a performance in exchange for the performance of the second entity (108). It should also, for example, be appreciated that after transmission of approval (228) from the first communication device (128), the transaction may be processed (242) by the first (102) and second (104) service providers without further intermediary steps, as the second transaction message from the second communication device (130) may include implicit approval of the intended transaction. It is even foreseeable that mere initiation of the first transaction message (206) by the first entity via the first communication device (128) may already imply acceptance/approval of the intended transaction by the first entity, provided no terms of the transaction are changed by the second entity. This could, for example, be the case where terms of a transaction are predefined and approved by the second entity, and all the first entity has to do to complete the transaction is indicate a desire to comply with the predefined terms and present a required set of data elements.
Figure 3 is a swim-lane flow diagram which illustrates exemplary steps, operations or procedures which may be performed in establishing (202) the first secure communication link. It should be appreciated that mutatis mutandis the same steps, operations or procedures may be performed in establishing (204) the second secure communication link.
Establishing (202) the first secure communication link may include a handshake procedure. The handshake procedure may include a certificate exchange process. This may include the first communication device (128) transmitting (252) a digital certificate stored securely by the software application (130) executing thereon to the first service provider (102). The first service provider (102) may receive (254) the digital certificate from the first communication device (128). The digital certificate may have been issued to the first communication device (128) by the CA (136) or created by the software application (132) itself and may include a first communication device public key and a device identifier uniquely associated with the first communication device (128). The device identifier may establish a one-to-one relationship between the digital certificate and the first communication device (128) to which it is issued. In some implementations, the digital certificate may uniquely identify the software application (132) installed on the first communication device (128). The first service provider (102) may validate (256) the digital certificate using an encryption module distributed by the CA (136) and may use the digital certificate to uniquely identify the first communication device (128).
The first service provider (102) may transmit (258) a first service provider digital certificate to the first communication device (128) for validation of the first service provider (102). The first service provider digital certificate may have been issued to the first service provider by the CA (136) and may include a first service provider public key corresponding to the first service provider private key. The first communication device (128) may receive (260) the first service provider digital certificate from the first service provider (102). The first communication device (128) may validate (262) the first service provider digital certificate. Validation (262) of the first service provider digital certificate may be conducted using the software application (132) installed on the first communication device (128) utilizing functionality provided by an encryption module provided by CA (136).
Validation (256, 262) of the digital certificates may use a CA public key which may be known to each of the first communication device (128) and first service provider (102) respectively to decrypt the signature using the CA public key to verify that it was signed by the CA (136) private key.
The first service provider (102) may verify (264) that the first communication device (128) and associated first entity (106) are trusted by the first service provider (102). This may include querying (266) the first entity record stored in the first service provider database (124) for a verified trust indication. If a verified trust indication is stored in the first service provider database (124) in association with the first entity data record, the first communication device (128) and associated first entity (106) may be verified as trusted. In some cases, the verified trust indication may be associated with a time to live or timestamp and may be required to be updated periodically.
Figure 4 is a swim-lane flow diagram which illustrates one exemplary manner in which the first service provider (102) may make (210) the first transaction message available to the second entity (108).
For the purpose of illustration, the method illustrated in Figure 4 is described with reference to an exemplary scenario in which the first entity (106) is a natural person and the first service provider (102) is a financial institution (e.g. a bank) providing financial and/or banking services to the first entity (106). The first entity (106) may have financial account registered with the first service provider (102) against which the first entity may be able to conduct financial transactions.
The second entity (108) may be a juristic entity. In this exemplary scenario the second service provider (102) may be an insurance provider (e.g. a life insurance provider). In some scenarios, the second service provider (104) may be an entity which is separate from the second entity (108) while in other scenarios the second service provider (104) may be an extension of the second entity (108).
At some stage, the first entity may wish to take out insurance (e.g. life insurance). Rather than having to seek an appropriate insurance provider, the first entity (106) may use the described system and method. In accordance with the method described above with reference to Figure 2, the first entity (106) may use the first communication device (128) to establish a secure communication link with the first service provider (102) and may transmit a first transaction message to the first service provider. The first transaction message may include a first set of data elements. In this exemplary scenario, the first set of data elements may include particulars relating to insurance required by the first entity (106). For example in the case of life insurance, the first set of data elements may include the insured amount required and other particulars which may be required for the determination. The first service provider (102) may receive the first transaction message including the first set of data elements.
In this exemplary scenario, the first service provider (102) may make the first transaction message available to the second entity by posting (302) the first transaction message and/or the first set of data elements to the transaction directory (1 10). The transaction directory (1 10) may be maintained by one of the first service provider (102), the second service provider (104) or a third party. In some implementations the first set of data elements may include a globally unique transaction identifier and posting (302) the first set of data elements to the transaction directory (1 10) may include posting the first set of data elements to a record stored in the transaction directory (1 10) in association with the identifier.
The transaction directory (1 10) may be accessible to the second entity (108) using the second communication device (130). The second entity (108) may obtain the first transaction message and/or first set of data elements by accessing (304) the transaction directory (1 10) and identifying (306) the first transaction message and/or the first set of data elements. The first transaction message and/or first set of data elements may include a trust indication to indicate to the second entity (108) that the first transaction message originates from a trusted entity.
In another implementation the transaction directory (1 10) may be accessible to the second service provider (104). The second service provider (104) may access the transaction directory (1 10) and identify the first transaction message and/or the first set of data elements. The second service provider (104) may then provide the first transaction message and/or the first set of data elements to the second entity (108).
The second entity (108) may retrieve (308) the first transaction message and/or the first set of data elements. The second entity (108) may review the first set of data elements and, in this exemplary scenario, calculate (310) a second set of data elements based on the first set of data elements. The second set of data elements may for example include a premium which will be payable by the first entity (106) in exchange for the requested life insurance. The second entity (108) may then, using the second communication device (130), transmit (312) the second transaction message to the second service provider (104) via the second secure communication link, as described above with reference to Figure 2. The second transaction message may include the second set of data elements. The second service provider (104) may receive the second set of data elements and the method may continue as described above with reference to Figure 2.
It should be appreciated that in a practical implementation the transaction directory (1 10) may be accessible by a plurality of entities and/or their respective service providers. The transaction directory (1 10) may thus serve as an online market place where one or more entities may come together and participate in a transaction. Entities requiring a specific performance can, through their respective service provider, post that requirement to the transaction directory and entities in a position to provide that performance may, through their respective service provider, offer to do so.
In some implementations the transaction directory (1 10) may function as an online classifieds directory. Furthermore, in some implementations, the second entity may transmit the second transaction message to the second service provider independently of (e.g. without reference to) the first transaction message, where first service provider and/or second service provider match the two transaction messages to each other based on the first set of data elements and second set of data elements. In such a case, the chain of trust, i.e. the first service provider trusting the first entity, the second service provider trusting the first service provider and the second service provider trusting the second entity (and vice versa), may increase the confidence of the participants in the transaction (who potentially have never met). Figure 5 is a swim-lane flow diagram which illustrates another exemplary manner in which the first service provider (102) may make (210) the first transaction message available to the second entity (108).
The method of Figure 5 is described with reference to an exemplary scenario in which the first entity (106) is a natural person wishing to make an online purchase from the second entity (108). For the purpose of illustration, an exemplary scenario of ordering a food item (e.g. pizza) is described although it should be appreciated that the method may be extended to any transaction. The first service provider (102) and second service provider (104) may be financial service providers offering financial services to the first entity (106) and second entity (108) respectively.
In this exemplary scenario the second entity (108) may advertise its willingness to participate in a transaction. The second entity may for example maintain a website via which entities may access a menu listing dishes (e.g. pizzas) available from the second entity. Each dish or food item may be associated with an identifier and a price. The identifier may be capable of identifying the second entity (108) as well as the food item. In some cases, the identifier may be a globally unique transaction identifier corresponding to a transaction record stored in the transaction directory (1 10).
The first entity (106) may access the website and select a food item which the first entity wishes to order. Flaving established a first secure communication link with the first service provider (102), the first entity (106) may use the first communication device (128) to transmit the first transaction message to the first service provider (102) including the first set of data elements, as described above with reference to Figure 2. In this exemplary scenario, the first set of data elements may include the identifier associated with the food item that the first entity (106) wishes to order. The first set of data elements may further include the price (which in some cases may be lower than the price advertised by the second entity should the first entity wish to negotiate).
The first service provider (102) may receive the first transaction message including the first set of data elements via the first secure communication link. The first service provider (102) may make the first transaction message available to the second entity (108) by transmitting (320) the first transaction message and/or first set of data elements to the second service provider (104). In some implementations, the first service provider (102) may include a trust indication in the first transaction message and/or first set of data elements and may sign or encrypt the trust indication with the first service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the second service provider (104). In some cases, the first service provider (102) may transmit (320) the first transaction message and/or the first set of date elements to the second service provider (104) via or using the transaction directory (1 10). For example, the first service provider (102) may identify the second service provider (104) by querying the transaction directory (1 10) using the identifier included in the first set of data elements.
The second service provider (104) may receive (322) the first transaction message and/or the first set of data elements from the first service provider (102) (optionally via the transaction directory) and may transmit (324) the first transaction message to the second communication device (130) of the second entity (108). The second service provider may verify the authenticity of the trust indication (e.g. by decrypting the signed trust indication using the first service provider public key). In some cases, verifying the authenticity of the trust indication may include signing or encrypting the trust indication with the first service provider digital certificate or private key such that the authenticity of the trust indication may be verified by the second communication device (130).
The second communication device (130) may receive (326) the first transaction message. In this exemplary scenario the first transaction message and/or first set of data elements may constitute an offer to purchase the food item being advertised by the second entity (108). The second communication device may verify the authenticity of a trust indication included in the first transaction message and/or first set of data elements.
Having received the first transaction message from the second service provider (104), and as the first transaction message and/or first set of data elements may include a trust indication indicating the first entity (106) as being trusted by the first service provider (102), the second entity (108) can rest assured that the first transaction message has been transmitted from a trustworthy entity and may therefore proceed to render the performance (in this case by preparing and delivering the food item) in confidence that the first entity (106) will render its performance (in this case being paying for the food item).
The second entity (108) may accordingly use the second communication device (130) to transmit the second transaction message including a second set of data elements to the second service provider (104) via the second secure communication link, as described above with reference to Figure 2. In this exemplary scenario the second set of data elements may simply constitute an acceptance of the first entity’s offer. The second service provider (104) may receive the second set of data elements and the method may continue as described above with reference to Figure 2.
In the method described above with reference to Figure 5, the first entity (106) may be able to transact with the second entity (108) anonymously. The second entity (108) may thus never become aware of the identity of the first entity (106) and may never receive any of the first entity’s personal information. The second entity is nevertheless still in a position to act on the anonymous transaction message because of the trust indication and/or the fact that the first transaction message is received by the second entity from the second service provider. In this manner the first entity’s privacy may be protected without compromising the second entity’s ability to participate in the transaction confidently.
It should be appreciated that in some implementations each of the server computers (120, 122) described herein may be configured with the same functionality such that the first server computer (120) can perform the functionality of the second server computer (122) described above with reference to Figures 1 to 5 and vice versa. Similarly, in some implementations each of the communication devices (128, 130) described herein may be configured with the same functionality such that the first communication device (128) can perform the functionality of the second communication device (130) described above with reference to Figures 1 to 5 and vice versa.
Figure 6 is a block diagram which illustrates components of an exemplary system (500) for conducting a trusted intermediated transaction. The system may include a server computer (121 ) and a communication device (129). Some or all of the functionality and components of the server computer (121 ) described with reference to Figure 6 may be present in the first server computer (120) and second server computer (122) described above. Similarly, some or all of the functionality and components of the communication device (129) described with reference to Figure 6 may be present in the first communication device (128) and second communication device (130) described above.
The server computer (121 ) may include a processor (502) for executing the functions of components described below, which may be provided by hardware or by software units executing on the server computer (121 ). The software units may be stored in a memory component (504) and instructions may be provided to the processor (502) to carry out the functionality of the described components. The server computer (121 ) may include a secure communication link component (506) arranged to establish a secure communication link with the communication device (129). The communication device (129) may be uniquely identifiable by the server computer (121 ) over the secure communication link. The secure communication link component (506) may include a handshake component (508) configured to perform a handshake procedure with the communication device (129). The handshake component (508) may be configured to perform a certificate exchange with the communication device (129) in which the server computer (121 ) receives and verifies a digital certificate from the communication device (129) and transmits its own digital certificate to the communication device for verification by the communication device (129). The secure communication link component (506) may include a verification component
(509) which may be configured to perform verification operations, such as verification of trust indications, certificates and the like. Verification of certificates may be performed in collaboration with the CA (136).
The server computer (121 ) may include a first transaction message receiving component (510) arranged to receive a first transaction message. The first transaction message may include a first set of data elements indicating a desire on the part of the relevant entity to participate the transaction. If the server computer (121 ) is performing the functionality of the first server computer described herein, the first transaction message receiving component (510) may receive the first transaction message from the communication device (e.g. the first communication device) via the secure communication link. If the server computer (121 ) is performing the functionality of the second server computer described herein, the first transaction message receiving component
(510) may receive the first transaction message from the server computer of another service provider (e.g. the first server computer).
The server computer (121 ) may include a providing component (512) arranged to provide access to the first transaction message and/or first set of data elements. Providing access to the first transaction message and/or first set of data elements may include making the first transaction message and/or first set of data elements available to another entity (e.g. the second entity) by posting the first transaction message and/or the first set of data elements to the transaction directory (1 10) or transmitting the first transaction message and/or first set of data elements to the relevant service provider (e.g. the second service provider).
The providing component (512) may accordingly include a transaction directory posting component (514) arranged to post the first set of data elements to the transaction directory (1 10). The transaction directory posting component (514) may be arranged to post the first set of data elements to a record stored in the directory in association with the transaction identifier. The providing component (512) may include a first transaction message transmitting component (516) arranged to transmit the first transaction message to the relevant service provider (e.g. the second service provider).
The server computer (121 ) may include a second transaction message receiving component (518) arranged to receive a second transaction message. The second transaction message may include a second set of data elements indicating a desire on the part of an entity to participate in the transaction. If the server computer (121 ) is performing the functionality of the first server computer described herein, the second transaction message receiving component (518) may receive the second transaction message from another service provider (e.g. the second service provider). If The server computer (121 ) is performing the functionality of the second server computer described herein, the second transaction message receiving component (518) may receive the second transaction message from a communication device (e.g. the second communication device) of an entity related to the service provider.
The server computer (121 ) may include a second transaction message transmitting component (520) arranged to transmit a second transaction message to the server computer of another service provider (e.g. the first server computer).
The server computer (121 ) may include a transaction schema obtaining component (522) arranged to obtain a transaction schema. The transaction schema may be pre-agreed as between the first and second service providers. The transaction schema may include the first and second sets of data elements and a trust indication confirming the transaction participants (e.g. first and second entities) as being trusted. The transaction schema obtaining component (522) may be arranged to obtain the transaction schema from a message received from a server computer of another service provider or to generate the schema using the first and second sets of data elements. The transaction schema may be configured for automatic completion of at least part of the transaction. For example, the transaction schema may be machine parsable for automatic processing of information contained therein.
The server computer (121 ) may include an update message transmitting component (524) arranged to transmit a transaction update message to the communication device via the secure communication link. The transaction update message may include the second set of data elements relating to the transaction for review by an entity associated with the communication device to which the message is sent. In some implementations, the update message may be configured to prompt the relevant entity for its approval or denial of the second set of data elements.
The server computer (121 ) may include an approval or denial messaging component (526) arranged to receive a transaction approval or denial message. The transaction approval or denial message may be received from the relevant communication device via the secure transaction link or from the server computer of another service provider (e.g. the first service provider). A transaction approval message may indicate approval by the relevant entity of the second set of data elements and a transaction denial message may indicate a denial by the relevant entity of the second set of data elements. The approval or denial messaging component (526) may be configured to forward the transaction approval or denial message to an appropriate service provider (e.g. the second service provider) or to a communication device (e.g. the second communication device) as the case may be.
The server computer (121 ) may include a confirmation message transmitting component (528) arranged to transmit a transaction confirmation message to one or both of the communication device (e.g. the first communication device) via the secure communication link and the appropriate service provider (e.g. the second service provider). The transaction confirmation message may include the transaction schema for completing or processing the transaction.
The server computer (121 ) may also include a processing component (530) arranged to process the transaction automatically using the transaction schema. Processing the transaction may include parsing the transaction schema and executing one or more operations in accordance with the data elements included therein. In some implementations, processing the transaction may include the service providers sharing information relating to each entity and other data.
The communication device (129) may include a processor (552) for executing the functions of components described below, which may be provided by hardware or by software units executing on the communication device (129). The software units may be stored in a memory component (554) and instructions may be provided to the processor (552) to carry out the functionality of the described components. Some or all of the components may be provided by a software application (131 ) downloadable onto and executable on the communication device (129).
The software applications (130, 132) described above with reference to Figure 1 may include some or all of the functionality and components of the software application (131 ) described below with reference to Figure 6. The software application (131 ) may include a secure communication link component (556) arranged to establish a secure communication link with the server computer (121 ). The communication device (129) may be uniquely identifiable by the server computer (121 ) over the secure communication link. The secure communication link component (556) may include a handshake component (558) configured to perform a handshake procedure with the server computer (121 ). The handshake component (558) may be configured to perform a certificate exchange with The server computer (121 ) in which the communication device (129) receives and verifies a digital certificate from The server computer (121 ) and transmits its own digital certificate to The server computer (121 ) for verification by The server computer (121 ). Verification of certificates may be performed in collaboration with the CA (136).
The software application (131 ) may include a secure memory component (560) configured to securely store the digital certificate (562) therein. Securely storing the digital certificate (562) may include restricting access to the digital certificate. In some implementations, only the software application (131 ) is permitted to access the digital certificate (562). The digital certificate (562) may be unique to the software application (131 ) and hence capable of uniquely identifying the software application (131 ) and, by consequence, the communication device (129). The digital certificate (562) may be stored together with a public and private key pair which may be generated by the software application (131 ) upon initialisation (e.g. upon installation) as well as one or more symmetric keys. One or more of the digital certificate (562), public key, private key and symmetric keys may be used in establishing the secure communication link.
The software application (131 ) may include a transaction message transmitting component (564) configured to transmit transaction messages to the server computer (121 ). Depending on the role being performed by the communication device (129), the transaction messaging component (564) may be configured to transmit a first transaction message including a first set of data elements or a second transaction message including a second set of data elements.
The software application (131 ) may further include an obtaining component (566) arranged to obtain a first transaction message. The obtaining component (566) may obtain the first transaction message from the transaction directory (1 10) or may receive the first transaction message from the server computer (121 ).
The software application (131 ) may further include an update messaging component (568) arranged to receive a transaction update message from the server computer (121 ). The transaction update message may include the second set of data elements relating to the transaction for review by an entity associated with the communication device (129). In some implementations, the update message may be configured to prompt the entity for its approval or denial of the second set of data elements.
The software application (131 ) may include an approval or denial messaging component (570) which may be configured either to transmit a transaction approval or denial message to the server computer (121 ) in response to receiving a transaction update message or to receive a transaction approval or denial message from the server computer (121 ) in response to having transmitted a second transaction message with a second set of data elements. The transaction approval or denial message may be communicated via the secure transaction link. A transaction approval message may indicate approval by the relevant entity of the second set of data elements and a transaction denial message may indicate a denial by the relevant entity of the second set of data elements.
Figure 7 illustrates an example of a computing device (700) in which various aspects of the disclosure may be implemented. The computing device (700) may be embodied as any form of data processing device including a personal computing device (e.g. laptop or desktop computer), a server computer (which may be self-contained, physically distributed over a number of locations), a client computer, or a communication device, such as a mobile phone (e.g. cellular telephone), satellite phone, tablet computer, personal digital assistant or the like. Different embodiments of the computing device may dictate the inclusion or exclusion of various components or subsystems described below.
The computing device (700) may be suitable for storing and executing computer program code. The various participants and elements in the previously described system diagrams may use any suitable number of subsystems or components of the computing device (700) to facilitate the functions described herein. The computing device (700) may include subsystems or components interconnected via a communication infrastructure (705) (for example, a communications bus, a network, etc.). The computing device (700) may include one or more processors (710) and at least one memory component in the form of computer-readable media. The one or more processors (710) may include one or more of: CPUs, graphical processing units (GPUs), microprocessors, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs) and the like. In some configurations, a number of processors may be provided and may be arranged to carry out calculations simultaneously. In some implementations various subsystems or components of the computing device (700) may be distributed over a number of physical locations (e.g. in a distributed, cluster or cloud-based computing configuration) and appropriate software units may be arranged to manage and/or process data on behalf of remote devices.
The memory components may include system memory (715), which may include read only memory (ROM) and random access memory (RAM). A basic input/output system (BIOS) may be stored in ROM. System software may be stored in the system memory (715) including operating system software. The memory components may also include secondary memory (720). The secondary memory (720) may include a fixed disk (721 ), such as a hard disk drive, and, optionally, one or more storage interfaces (722) for interfacing with storage components (723), such as removable storage components (e.g. magnetic tape, optical disk, flash memory drive, external hard drive, removable memory chip, etc.), network attached storage components (e.g. NAS drives), remote storage components (e.g. cloud-based storage) or the like.
The computing device (700) may include an external communications interface (730) for operation of the computing device (700) in a networked environment enabling transfer of data between multiple computing devices (700) and/or the Internet. Data transferred via the external communications interface (730) may be in the form of signals, which may be electronic, electromagnetic, optical, radio, or other types of signal. The external communications interface (730) may enable communication of data between the computing device (700) and other computing devices including servers and external storage facilities. Web services may be accessible by and/or from the computing device (700) via the communications interface (730).
The external communications interface (730) may be configured for connection to wireless communication channels (e.g., a cellular telephone network, wireless local area network (e.g. using Wi-Fi™), satellite-phone network, Satellite Internet Network, etc.) and may include an associated wireless transfer element, such as an antenna and associated circuitry. [Only include this if you are describing mobile phone functionality] The external communications interface (730) may include a subscriber identity module (SIM) in the form of an integrated circuit that stores an international mobile subscriber identity and the related key used to identify and authenticate a subscriber using the computing device (700). One or more subscriber identity modules may be removable from or embedded in the computing device (700).
The external communications interface (730) may further include a contactless element (750), which is typically implemented in the form of a semiconductor chip (or other data storage element) with an associated wireless transfer element, such as an antenna. The contactless element (750) may be associated with (e.g., embedded within) the computing device (700) and data or control instructions transmitted via a cellular network may be applied to the contactless element (750) by means of a contactless element interface (not shown). The contactless element interface may function to permit the exchange of data and/or control instructions between computing device circuitry (and hence the cellular network) and the contactless element (750). The contactless element (750) may be capable of transferring and receiving data using a near field communications capability (or near field communications medium) typically in accordance with a standardized protocol or data transfer mechanism (e.g., ISO 14443/NFC). Near field communications capability may include a short-range communications capability, such as radio frequency identification (RFID), Bluetooth™, infra-red, or other data transfer capability that can be used to exchange data between the computing device (700) and an interrogation device. Thus, the computing device (700) may be capable of communicating and transferring data and/or control instructions via both a cellular network and near field communications capability.
The computer-readable media in the form of the various memory components may provide storage of computer-executable instructions, data structures, program modules, software units and other data. A computer program product may be provided by a computer-readable medium having stored computer-readable program code executable by the central processor (710). A computer program product may be provided by a non-transient computer-readable medium, or may be provided via a signal or other transient means via the communications interface (730).
Interconnection via the communication infrastructure (705) allows the one or more processors (710) to communicate with each subsystem or component and to control the execution of instructions from the memory components, as well as the exchange of information between subsystems or components. Peripherals (such as printers, scanners, cameras, or the like) and input/output (I/O) devices (such as a mouse, touchpad, keyboard, microphone, touch-sensitive display, input buttons, speakers and the like) may couple to or be integrally formed with the computing device (700) either directly or via an I/O controller (735). One or more displays (745) (which may be touch-sensitive displays) may be coupled to or integrally formed with the computing device (700) via a display (745) or video adapter (740).
The computing device (700) may include a geographical location element (755) which is arranged to determine the geographical location of the computing device (700). The geographical location element (755) may for example be implemented by way of a global positioning system (GPS), or similar, receiver module. In some implementations the geographical location element (755) may implement an indoor positioning system, using for example communication channels such as cellular telephone or Wi-Fi™ networks and/or beacons (e.g. Bluetooth™ Low Energy (BLE) beacons, iBeacons™, etc.) to determine or approximate the geographical location of the computing device (700). In some implementations, the geographical location element (755) may implement inertial navigation to track and determine the geographical location of the communication device using an initial set point and inertial measurement data.
The foregoing description has been presented for the purpose of illustration; it is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Persons skilled in the relevant art can appreciate that many modifications and variations are possible in light of the above disclosure.
Any of the steps, operations, components or processes described herein may be performed or implemented with one or more hardware or software units, alone or in combination with other devices. In one embodiment, a software unit is implemented with a computer program product comprising a non-transient computer-readable medium containing computer program code, which can be executed by a processor for performing any or all of the steps, operations, or processes described. Software units or functions described in this application may be implemented as computer program code using any suitable computer language such as, for example, Java™, C++, or Perl™ using, for example, conventional or object-oriented techniques. The computer program code may be stored as a series of instructions, or commands on a non-transitory computer-readable medium, such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive, or an optical medium such as a CD-ROM. Any such computer-readable medium may also reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.
Flowchart illustrations and block diagrams of methods, systems, and computer program products according to embodiments are used herein. Each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, may provide functions which may be implemented by computer readable program instructions. In some alternative implementations, the functions identified by the blocks may take place in a different order to that shown in the flowchart illustrations.
The language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based hereon. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.
Finally, throughout the specification and claims unless the contents requires otherwise the word ‘comprise’ or variations such as‘comprises’ or‘comprising’ will be understood to imply the inclusion of a stated integer or group of integers but not the exclusion of any other integer or group of integers.

Claims

CLAIMS:
1 . A computer-implemented method conducted at a first service provider comprising:
receiving, via a first secure communication link, a first transaction message from a first communication device associated with a first entity, wherein the first communication device is uniquely identifiable to the first service provider over the first communication link and wherein the first transaction message includes a first set of data elements relating to participation by the first entity in a transaction;
verifying that the first communication device and associated first entity are trusted by the first service provider;
receiving, from a second service provider, a second transaction message, the second transaction message being associated with a second entity, wherein the second transaction message includes a second set of data elements relating to participation of the second entity in the transaction;
verifying that the second service provider is trusted by the first service provider;
obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted; and,
transmitting a transaction confirmation message to one or both of the first communication device and the second service provider, the transaction confirmation message including the transaction schema for completing the transaction.
2. The method as claimed in claim 1 , including establishing the first secure communication link with the first communication device, and wherein establishing the first secure communication link includes a certificate exchange process in which the first service provider transmits a digital certificate to the first communication device for validation thereat and receives a digital certificate from the first communication device for validation.
3. The method as claimed in claim 1 or claim 2, wherein verifying that the first communication device and associated first entity are trusted by the first service provider includes validating enrolment of the first communication device with the first service provider.
4. The method as claimed in claim 2 or claim 3, wherein verifying that the first communication device and associated first entity are trusted by the first service provider includes validating the digital certificate received from the first communication device.
5. The method as claimed in any one of the preceding claims, wherein verifying that the first communication device and associated first entity are trusted by the first service provider includes querying a first entity record for a verified trust indication.
6. The method as claimed in any one of the preceding claims, wherein one or both of the first set of data elements and second set of data elements include one or both of a timestamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; an identifier associated with the first entity; and, an identifier associated with the second entity.
7. The method as claimed in any one of the preceding claims, including posting the first set of data elements to a transaction directory, the transaction directory being accessible by one or both of the second service provider or the second entity.
8. The method as claimed in any one of claims 1 to 6, including transmitting the first transaction message to the second service provider.
9. The method as claimed in claim 7 or claim 8, wherein the method includes including a first entity trust indication in one or both of the first set of data elements and transaction message, wherein the first entity trust indication is configured for verification of the source of the data elements and/or message as a trusted source.
10. The method as claimed in claim 9, including signing or encrypting the first entity trust indication with a digital certificate or private key associated with the first service provider for verification of the authenticity of the trust indication by the second service provider and/or second entity.
1 1 . The method as claimed in any one of the preceding claims, wherein verifying that the second service provider is trusted by the first service provider includes validating a digital certificate associated with the second service provider.
12. The method as claimed in any one of the preceding claims, wherein the transaction schema is configured for automatic completion of at least part of the transaction.
13. A computer-implemented method conducted at a second service provider comprising: receiving, via a second secure communication link, a second transaction message from a second communication device associated with a second entity, wherein the second communication device is uniquely identifiable to the second service provider over the secure communication link and wherein the second transaction message includes a second set of data elements relating to participation by the second in a transaction, wherein the second transaction message corresponds to a first transaction message having been received at a first service provider relating to participation by a first entity in the transaction; and,
transmitting the second transaction message to the first service provider, wherein the first service provider is trusted by the second service provider and wherein the second set of data elements are configured to be included with a first set of data elements and a trust indication in a transaction schema, wherein the trust indication confirms the transaction participants as being trusted and wherein the transaction schema is configured for completing the transaction.
14. The method as claimed in claim 13, including verifying that the second communication device and associated second entity are trusted by the second service provider, including querying a second entity record for a verified trust indication.
15. The method as claimed in claim 13 or claim 14, wherein the second set of data elements include one or both of a time stamp and an identifier in the form of one or a combination of: a globally unique transaction identifier which uniquely identifies the transaction; a communication address associated with the first entity; a communication address associated with the second entity; a an identifier associated with the first entity; and, an identifier associated with the second entity.
16. The method as claimed in any one of claims 13 to 15, including receiving the first transaction message from the first service provider.
17. The method as claimed in any one of claims 13 to 16, wherein the first transaction message includes a first entity trust indication confirming the first entity as being trusted by the first service provider.
18. The method as claimed in any one of claims 13 to 17, including obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted and including the transaction schema in the second transaction message transmitted to the first service provider.
19. A system including a first server computer having memory for storing computer-readable program code and a processor for executing the computer-readable program code, the first server computer being associated with a first service provider and comprising:
a first transaction message receiving component for receiving, via a first secure communication link, a first transaction message from a first communication device associated with a first entity, wherein the first communication device is uniquely identifiable to the first service provider over the first communication link and wherein the first transaction message includes a first set of data elements relating to participation by the first entity in a transaction;
a verifying component for verifying that the first communication device and associated first entity are trusted by the first service provider;
a second transaction message receiving component for receiving, from a second service provider, a second transaction message, the second transaction message being associated with a second entity, wherein the second transaction message includes a second set of data elements relating to participation of the second entity in the transaction, wherein the verifying component is further for verifying that the second service provider is trusted by the first service provider;
a transaction schema obtaining component for obtaining a transaction schema including the first and second sets of data elements and a trust indication confirming the transaction participants as being trusted; and,
a confirmation message transmitting component for transmitting a transaction confirmation message to one or both of the first communication device and the second service provider, the transaction confirmation message including the transaction schema for completing the transaction.
20. A system including a second server computer having memory for storing computer- readable program code and a processor for executing the computer-readable program code, the second server computer being associated with a second service provider and comprising:
a second transaction message receiving component for receiving, via a second secure communication link, a second transaction message from a second communication device associated with a second entity, wherein the second communication device is uniquely identifiable to the second service provider over the secure communication link and wherein the second transaction message includes a second set of data elements relating to participation by the second in a transaction, wherein the second transaction message corresponds to a first transaction message having been received at a first service provider relating to participation by a first entity in the transaction; and,
a second transaction message transmitting component for transmitting the second transaction message to the first service provider, wherein the first service provider is trusted by the second service provider and wherein the second set of data elements are configured to be included with a first set of data elements and a trust indication in a transaction schema, wherein the trust indication confirms the transaction participants as being trusted and wherein the transaction schema is configured for completing the transaction.
PCT/IB2019/050744 2018-01-30 2019-01-30 System and method for conducting a trusted intermediated transaction WO2019150275A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
ZA2020/04592A ZA202004592B (en) 2018-01-30 2020-07-24 System and method for conducting a trusted intermediated transaction

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2018/00614 2018-01-30
ZA201800614 2018-01-30

Publications (1)

Publication Number Publication Date
WO2019150275A1 true WO2019150275A1 (en) 2019-08-08

Family

ID=65718052

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2019/050744 WO2019150275A1 (en) 2018-01-30 2019-01-30 System and method for conducting a trusted intermediated transaction

Country Status (2)

Country Link
WO (1) WO2019150275A1 (en)
ZA (1) ZA202004592B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015120082A1 (en) * 2014-02-04 2015-08-13 Visa International Service Association Token verification using limited use certificates
WO2017096399A1 (en) * 2015-12-04 2017-06-08 Visa International Service Association Secure token distribution
US20170195298A1 (en) * 2014-05-29 2017-07-06 Entersekt International Limited Method and System for Determining a Compromise Risk Associated with a Unique Device Identifier
US20170270494A1 (en) * 2014-10-09 2017-09-21 Visa International Service Association Processing financial transactions

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015120082A1 (en) * 2014-02-04 2015-08-13 Visa International Service Association Token verification using limited use certificates
US20170195298A1 (en) * 2014-05-29 2017-07-06 Entersekt International Limited Method and System for Determining a Compromise Risk Associated with a Unique Device Identifier
US20170270494A1 (en) * 2014-10-09 2017-09-21 Visa International Service Association Processing financial transactions
WO2017096399A1 (en) * 2015-12-04 2017-06-08 Visa International Service Association Secure token distribution

Also Published As

Publication number Publication date
ZA202004592B (en) 2022-07-27

Similar Documents

Publication Publication Date Title
US11870775B2 (en) Biometric identification and verification among IoT devices and applications
US10887275B2 (en) Token based network service among IoT applications
CN109872149B (en) Method and system for using trustworthiness of digital certificates
US11870769B2 (en) System and method for identifying a browser instance in a browser session with a server
US11496312B2 (en) Collecting surveys with secure identities via a blockchain
US20220051218A1 (en) Virtual currency secured physical currency transmission system
AU2017354083A1 (en) Verifying an association between a communication device and a user
US11748745B2 (en) Parent level token issuance for asynchronous data processing based on device trust levels
CN111357026B (en) Credible insurance letter based on block chain
US20210073813A1 (en) A system and method for processing a transaction
US20220286294A1 (en) Secure digital signing of a document
US20220012711A1 (en) Establishing a shared session between entities
US20140143147A1 (en) Transaction fee negotiation for currency remittance
AU2014307582B2 (en) System and method for generating payment credentials
WO2019150275A1 (en) System and method for conducting a trusted intermediated transaction
US11010733B2 (en) Communication device interface for monetary transfers through a displayable contact list
TWI790985B (en) Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system
WO2019171288A1 (en) Contactless communication-based financial transactions
GB2605142A (en) Completing a transaction
KR20180010036A (en) Fintech server and method of providing notary service for account transfer

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19709778

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19709778

Country of ref document: EP

Kind code of ref document: A1