WO2001041088A1 - Systeme de validation pour proteger le commerce electronique - Google Patents

Systeme de validation pour proteger le commerce electronique Download PDF

Info

Publication number
WO2001041088A1
WO2001041088A1 PCT/GB2000/004271 GB0004271W WO0141088A1 WO 2001041088 A1 WO2001041088 A1 WO 2001041088A1 GB 0004271 W GB0004271 W GB 0004271W WO 0141088 A1 WO0141088 A1 WO 0141088A1
Authority
WO
WIPO (PCT)
Prior art keywords
subject
user
transaction
assessment
data
Prior art date
Application number
PCT/GB2000/004271
Other languages
English (en)
Inventor
Nicholas Henry Pope
John Gordon Ross
Original Assignee
Nicholas Henry Pope
John Gordon Ross
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nicholas Henry Pope, John Gordon Ross filed Critical Nicholas Henry Pope
Priority to EP00973082A priority Critical patent/EP1234282A1/fr
Priority to AU11634/01A priority patent/AU1163401A/en
Publication of WO2001041088A1 publication Critical patent/WO2001041088A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus

Definitions

  • the present invention relates to a validation system, including assessment and receipts (termed VAR) , for use in electronic commerce performed, for example, over the Internet (World Wide Web) .
  • VAR assessment and receipts
  • Security protocols such as SSL (Secure Socket Layer, now standardised as Transport Layer Security (TLS) protocol) , S/MIME (Secure MIME), SET (Secure Electronic Transactions) provide a means of securing e-commerce transactions and authenticating the trading partner.
  • SSL Secure Socket Layer
  • S/MIME Secure MIME
  • SET Secure Electronic Transactions
  • X.509 public key certificates are obtainable from ITU-T X.509 (93) Directory Authentication Framework, also published as International Standard ISO/IEC 9594-8.
  • Concerns relating to the validity of an identity authenticated using such protocols include the following: a) the validity of the certificate has been compromised (e.g. due to the key being compromised). In such a situation the validity of the certificate needs to be revoked.
  • X.509 defines a mechanism using a Certificate Revocation List to distribute a list of revoked certificates securely; b) the certificate is used in situations for which is not intended (i.e. invalid use of certificates); c) the certificate is fraudulent.
  • An Internet standard protocol has been defined for carrying out on-line checks on the validity of X.509 certificates (OCSP: On-line Certificate Status Protocol - Internet RFC2560) . This protocol provides access to a service which can check the validity of the certificate, including whether it has been revoked.
  • CAs It is becoming common for CAs to publish a statement of its certification practices, defining the policies and procedures used for operating its services. This information may be used to assess the trustworthiness of a CA and the hence the certificates it produces, however, this requires significant knowledge and expertise by the human user. Standard codes of practice and assessment criteria for certification authorities are being developed.
  • Such security protocols generally are designed to provide authentication at the time the transaction takes place. However, when the authentication is used to support electronic receipts the authentication information needs to remain valid over a long period so that the transaction information can be checked if there is a subsequent dispute over the transaction.
  • Two solutions are commonly used for this for X.509 digital signatures; one is for a trusted system to produced a signed time-stamp linked to fingerprint of the signed data. The other is to use a trusted archive supporting long term verification.
  • a fingerprint is typically applied by a hash,
  • a third concern with the current system of e-commerce include: a) the relying party has no means of assessing the trustworthiness of the e-commerce trading partner; b) it is difficult for the normal relying party, to assess quickly whether certificates and other verification information have been issued and are being used in a trustworthy and legitimate manner. It can take a significant time to collect the relevant information and require expert knowledge to provide such an assessment.
  • the present invention seeks to provide an improved validation system.
  • a validation system for giving an indication of trustworthiness of a subject upon request from a user, including subject assessment means operable to obtain subject data from a data source, indicating means operable to provide to a user the results of the subject assessment, timing means operable to generate an indication of the time at which a request by a user is made, and receipt generating means operable to generate a receipt indicating at least one of the user, the subject assessment and the time of the request.
  • the receipt can be used as evidence of an intended transaction with a subject.
  • the validation system may include transaction means operable to enable a transaction to be performed between a user and a subject through the system or with verification of the transaction by the system, in which case the receipt generating means can generate a receipt indicating occurrence and, preferably, the details of, the transaction.
  • the receipt generating means can generate a receipt indicating occurrence and, preferably, the details of, the transaction.
  • the term receipt used herein is intended to include evidence of a transaction that can be used by the relying party to support a claim that the transaction has taken place.
  • a validation system for giving an indication of trustworthiness of a subject upon request from a user, including subject assessment means operable to obtain subject data from at least one data source, recording means operable to record user requests and/or other user data relating to one or more subjects, and processing means operable to provide to a user an indication of the results of the subject assessment and/or recorded subject data.
  • the processing means is operable to generate a trustworthiness indicator based upon the assessed and/or stored data on a subject.
  • the trustworthiness indicator can be generated on the basis of the type of assessment data and predetermined weighting factors. For example, some types of data such as insolvency or previous legal problems can be given high weighting factors while less important types of data, such as time of delivery can be given low weighting factors. Similarly, positive types of data can be given factors which in practice offset negative data. Of course, some types of data, such as insolvency, can be set to cause a negative assessment of trustworthiness irrespective of other positive data.
  • the features of the aspect described above can be combined together, as will be apparent from the specific description below.
  • the preferred embodiments provide a computerised system (with associated user software) , which is accessible via a data network, which can provide one or more of the following services for secure electronic commerce (e-commerce) :
  • a) provides a check on the validity of certificates used for authentication; b) provides a simple means for the user to assess the trustworthiness and previous trading record of the trading party, and the strength of the security used; c) guides the user as whether he should proceed with the electronic trade or not; d) provides the user with simple to understand information on the implications of a particular trade; e) provides a means of collecting receipts which is applicable to a range of security protocols including those which are not directly based on basic digital signatures as defined in X.509. -
  • the term ⁇ subject' is used herein to indicate the party in an e-commerce transaction which is the subject of validation and assessment by this system.
  • the term ⁇ relying party' is used herein to indicate the party in an e-commerce transaction which relies on the results of the validation and assessment.
  • the merchant may be the subject and the buyer may be the relying party.
  • the originator may be the subject and the recipient acting on the e-mail may be the relying party.
  • FIG. 1 is a block diagram of an embodiment of system employing a VAR server
  • Figure 2 is a flow chart of an embodiment of operation of the system of Figure 1;
  • Figure 3 is a flow chart of an embodiment of validation operation
  • Figure 4 is a flow chart of an embodiment of validation operation using S/MIME.
  • Figure 5 shows in more detail an embodiment of system.
  • the preferred embodiment includes the following features: 1) the VAR Client, software resident in the relying parties system, which monitors the secure transaction between the relying party's Internet browser and a subject, 2) a networked VAR Server used by the relying party to provide validation and assessment services as well as a time- stamp used in creating an electronic receipt.
  • the VAR Server is a computerised system, which can be accessibly via a data network such as the public Internet or a private Intranet.
  • the server is used by a party relying on certificates to support secured electronic commerce transaction (e.g. purchase of goods or services from an Internet web server) to help check and assess the security of the transaction.
  • the VAR Server may be composed of several networked computers that together provide the VAR services.
  • the VAR Server, its relationship to the relying party and a secured transaction with a remote subject is illustrated in Figure 1.
  • the VAR Server a) determines the validity of the electronic security information, including certificates, on which an e-commerce transaction relies; b) provides an assessment of the trustworthiness of the transaction based on: i) information about the CA such as whether the
  • CA meets recognised criteria (e.g. as defined in EU legislation, standardised or accepted codes of practice) ; ii) information about the subject such as checks carried out by the CA when registering the subject, the amount of trading already carried out with the subject (derived from any record of previous validation check done on that subject) , any reports of problems from subscribers, or is a recognised to be a member of an identified scheme for payments or codes of practice; iii) information about the transaction such as legal context and cryptographic algorithms employed;
  • c) provides a time-stamp of the transaction which can be used by the relying party to produce an electronic receipt of the transaction.
  • the relying party uses the VAR Server:
  • the VAR client records both the secured data transferred during the transaction, or security tokens containing the security significant parts the transaction (e.g. initial SSL handshake), as well as the relying parties view of that transaction (e.g. as displayed), the identity of the relying party and other relevant contextual information.
  • the secured data and the contextual information are time-stamped.
  • the VAR Server may check the authenticity of the relying party' s identity before applying the time-stamp.
  • the relying party stores the secured transaction or tokens and the contextual information, along with the time-stamp, as the electronic receipt or passes the receipt to the VAR Server for storage on behalf of the user.
  • the relying party view is used as the relying party's claim for the transaction. If the subject disputes this claim it can replay the transaction from the secured transaction.
  • This embodiment may be used to support a range of protocols for securing the transaction (e.g. SSL / SMIME / SET / Signed code) . More specifically, in use, the relying party sends to the VAR Server, relevant information (see below) for validation, assessment of the secured transactions with the subject, and to request a time-stamp as the basis of an electronic receipt. This includes:
  • a simplified representation e.g. hash
  • the VAR Server On reception of this information the VAR Server: a) obtains any additional information (e.g. CA certificates, CRLs) needed to validate the received certificate (where possible arrangements will be made with
  • CAs to provide a copy of the latest CRL information direct to the validation service and to inform the validation service of any updates) ; b) checks the technical validity of the certificates) as required under X.509, including full certificate path and revocation checks;
  • the VAR Server obtains from a local database of known CAs information on the all the CA's business standing and certification practices on which the e-commerce transaction relies including: i) identification of recognised codes of practice/assessment criteria to which the CA conforms, (e.g.
  • the VAR Server looks up in its database for information on the subject of the validation and assessment including : i) the length of time over which the server has been trading (i.e. the time that validation checks were first made on that subject), ii) the number of validation checks that had been made over a recent period (e.g. 1 month), iii) the number and gravity of any reported problems when trading with the subject, iv) legal system under which the subject operates, whether the server conforms to recognised codes of practice (e.g. the Interactive Media in Retail Group code of practice for electronic commerce) , and other information on the standing of the identified entity, v) whether the subject is a recognised merchant under a payment system (e.g. credit card) vi) whether the subject is a member a scheme which has recognised codes of practice for e-commerce vii) other locally held information about the Subj ect .
  • recognised codes of practice e.g. the Interactive Media in Retail Group code of practice for electronic commerce
  • the VAR Server looks up in its other database for other assessment information relating to the transaction: i) any specific legal requirements or constraints that may exist; ii) a rating of the security of given cryptographic algorithms and key lengths or cipher suites, iii) any independent rating of the subject's commercial and security practices such as can be established through accredited membership of a recognised code of practice f) the VAR Server provides an overall assessment of the transaction in simple terms covering: i) any limits of liability associated with certificates (e.g. as indicated in the CA's practices or explicitly given in the certificate) .
  • the validation service creates a time-stamp by signing a hashed value concatenated with the current time.
  • the validation service sends back in a response to the relying party: a) an indication of whether the technical validation checks are passed; b) the identity of the certificate subject; c) the time-stamp; d) information giving reasons for any failure of checks; e) output of overall assessment; f) details in the certificates; g) other used in the assessment such as the country of registration, legal and tax implication, previous track record; h) information held on the CA and subject including information used as input to the overall assessment process .
  • the validation service maintains a record of the request and response related to the subject for use in later assessments of the subject.
  • FIG. 2 illustrates the sequence of actions carried out by the VAR Server.
  • the above description is for a service offering validation, assessment and time-stamping in a single operation.
  • the VAR Server can also be used to provide a time-stamping service as a separate independent operation without validation and assessment. Similarly validation and assessment can be provided without time-stamping.
  • the exchanges between the VAR client and the server are protected path using SSL, a cryptographic message check code or other security mechanisms which at least authenticates the server and protects the integrity of the exchange.
  • SSL Secure Sockets Layer
  • a cryptographic message check code or other security mechanisms which at least authenticates the server and protects the integrity of the exchange.
  • authentication of the relying party at their request could be offered as an optional extension to the time-stamping service to authenticate an identifier of the relying party which could be included in the time-stamp.
  • the VAR Server provides an accessible web page where any problems with the use of services provided by a given certified subject can be reported.
  • a problem report is e- mailed back to the person reporting the problem who is requested to reply confirming the source and verity of the problem report. Once confirmed the problem report is added to the local database entry for that Subject.
  • the VAR Client monitors the communications between the subject and the relying party's secured Internet browser application (e.g. Internet web browser or Internet e-mail reader) . From this information:
  • the relying party's secured Internet browser application e.g. Internet web browser or Internet e-mail reader
  • the VAR Client also obtains information from the Internet browser giving the relying party's view of the transaction.
  • This relying party view can include one or more of: • a snap shot image of the display at the key points in the transaction,
  • the VAR client calculates the hash of the secured transaction and the relying party view of the transaction, to be time-stamped by the VAR Server.
  • the secured transaction, the relying party view of the transaction and time-stamp are then placed in long-term storage medium (e.g. floppy disk, write only CD) to form the electronic receipt, or passed to the VAR Server for storage on behalf of the relying party.
  • the relying party view can be used as it's claim of what went on in the transaction. If there is a dispute with the relying party's claim of the electronic receipt based on the relying party view, then the subject can be required to replay the transaction from the secured transaction data.
  • the time-stamp gives independent proof that the transaction occurred at a given time.
  • the VAR client can either request a validation and assessment of a secured transaction on its own, a time-stamp on its own or a combination of validation and assessment with time- stamp.
  • the relying party requests a validation & assessment and a time-stamp after the initial handshake which establishes the security of the transaction.
  • the time-stamp provides basic evidence of the existence of the transaction.
  • the results of the validation and assessment can be displayed to the user for him/her to get an assessment and make an informed decision before proceeding with the rest of the transaction (e.g. revealing credit card numbers to the subject and proceeding with the order) .
  • the relying party may also request an additional time-stamp of all the secured transaction, with the relying party view, when the transaction is complete.
  • the assessment may be presented and displayed to the user in various ways depending on the uses needs. It can be simplified to a three states displayed to the user in the form of traffic lights:
  • the user can be presented with a five star assessment report. A user can request the display of full details of the assessment report should he want more information, such as the country of registration, legal and tax implication, previous track record, etc.
  • the message can be forwarded to the VAR Client when a message is selected for processing by the user.
  • the relying party requests the validation and assessment, and a time-stamp of the whole message from the server as in a single operation.
  • This embodiment also identifies an extension to SSL to provide a signature of the all the secured transaction from the subject to strengthen the evidential value of records kept by the relying party.
  • This proposed extension to the SSL protocol is to allow the relying party to request that the combined hash of data passing in each direction is digitally signed by the remote SSL party (i.e. the SSL server) .
  • This signature can be used by the relying party with the rest of the transaction to provide proof of the transaction.
  • the above description is for transactions using X.509 based digital signatures or using X.509 certificates to provide authenticated keys as in SSL.
  • the system can also be applied to other forms of certificates including the variant of X.509 defined in PGP (RFC 1991, RFC 2440) or EDIFACT certificates.
  • the system can also apply to other security protocols using digital signature (e.g. Microsoft Authenticode, sign JAR files, signed XML) in a similar way as for secure e-mail.
  • the main advantages of the described embodiments over existing validation and time-stamping systems include the ability: a) to provide an overall assessment of the security transaction in terms which: i) avoids the need for detailed technical knowledge and understanding of all the complexities of the security mechanisms used, ii) incorporates the range of factors which effect the security of the transaction including trustworthiness of the CA, subject and protections applied to the transaction, iii) provides the assessment in simple terms combining a range of complex factors into a simple rating, b) to provide an electronic receipt of a secured electronic transaction in a way which is: i) applicable across a range of security protocols including the secured web access protocol SSL, ii) avoids the VAR system having to handle any sensitive, private or personal encryption keys, iii) provides evidence of what the user saw linked to the secured transaction, c) to provide an integrated validation, assessment and time-stamping service supporting the relying party; d) does not require changes to the user's secure application (Internet Browser) software; e) does not require changes

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention porte sur un système de validation destiné à fournir une indication concernant la crédibilité d'un sujet à la demande d'un utilisateur. Ce système comprend un dispositif d'évaluation du sujet permettant d'obtenir des données sur le sujet à partir d'une source de données, un indicateur fournissant à un utilisateur les résultats de l'évaluation du sujet, un temporisateur générant une indication de temps précisant à quel moment une demande a été faire par un utilisateur et un générateur de reçu générant une indication sur le reçu au niveau de l'utilisateur, de l'évaluation du sujet et du moment de la demande. Le reçu peut être utilisé comme preuve d'une transaction envisagée avec un sujet. Le système peut également comprendre un dispositif d'enregistrement qui enregistre les demandes de l'utilisateur et/ou autres données utilisateur relatives à un ou plusieurs sujets et un dispositif de traitement fournissant à un utilisateur une indication des résultats obtenus sur l'évaluation du sujet et/ou les données enregistrées sur le sujet.
PCT/GB2000/004271 1999-12-03 2000-11-07 Systeme de validation pour proteger le commerce electronique WO2001041088A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP00973082A EP1234282A1 (fr) 1999-12-03 2000-11-07 Systeme de validation pour proteger le commerce electronique
AU11634/01A AU1163401A (en) 1999-12-03 2000-11-07 Validation system for secure electronic commerce

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB9928722.9A GB9928722D0 (en) 1999-12-03 1999-12-03 Validation system for secure electronic commerce
GB9928722.9 1999-12-03

Publications (1)

Publication Number Publication Date
WO2001041088A1 true WO2001041088A1 (fr) 2001-06-07

Family

ID=10865738

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2000/004271 WO2001041088A1 (fr) 1999-12-03 2000-11-07 Systeme de validation pour proteger le commerce electronique

Country Status (4)

Country Link
EP (1) EP1234282A1 (fr)
AU (1) AU1163401A (fr)
GB (2) GB9928722D0 (fr)
WO (1) WO2001041088A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1076279A1 (fr) 1999-08-13 2001-02-14 Hewlett-Packard Company Plate-formes d'ordinateurs et leurs procédés d'opération
GB9922665D0 (en) 1999-09-25 1999-11-24 Hewlett Packard Co A method of enforcing trusted functionality in a full function platform
WO2002086684A2 (fr) 2001-04-24 2002-10-31 Hewlett-Packard Company Systeme de securite de l'information
GB2392262A (en) * 2002-08-23 2004-02-25 Hewlett Packard Co A method of controlling the processing of data
US10122734B2 (en) 2016-11-29 2018-11-06 At&T Intellectual Property I, L.P. Secure email verification service
US11587083B2 (en) 2019-12-11 2023-02-21 At&T Intellectual Property I, L.P. Transaction validation service

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998040809A2 (fr) * 1997-03-13 1998-09-17 Cha! Technologies, Inc. Procede et systeme de traitement protege de transaction en direct
US5958050A (en) * 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
GB2337353A (en) * 1998-05-15 1999-11-17 Ibm Method of generating product survey information in an electronic payment system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2359156B (en) * 2000-02-14 2004-10-13 Reuters Ltd Methods of computer programs for and apparatus for providing and accessing digital content
EP1260079B1 (fr) * 2000-02-23 2004-07-28 Tradesafely.com Limited Procede et dispositif de verification de site internet

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5958050A (en) * 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
WO1998040809A2 (fr) * 1997-03-13 1998-09-17 Cha! Technologies, Inc. Procede et systeme de traitement protege de transaction en direct
GB2337353A (en) * 1998-05-15 1999-11-17 Ibm Method of generating product survey information in an electronic payment system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PAYS P ET AL: "An intermediation and payment system technology", COMPUTER NETWORKS AND ISDN SYSTEMS,NL,NORTH HOLLAND PUBLISHING. AMSTERDAM, vol. 28, no. 11, 1 May 1996 (1996-05-01), pages 1197 - 1206, XP004018220, ISSN: 0169-7552 *

Also Published As

Publication number Publication date
GB9928722D0 (en) 2000-02-02
EP1234282A1 (fr) 2002-08-28
GB2365160A (en) 2002-02-13
GB0028128D0 (en) 2001-01-03
AU1163401A (en) 2001-06-12

Similar Documents

Publication Publication Date Title
US5671279A (en) Electronic commerce using a secure courier system
CA2306865C (fr) Procede numerique de certification de l'identite d'un utilisateur et un systeme ordinateur
Cox et al. NetBill Security and Transaction Protocol.
US6102287A (en) Method and apparatus for providing product survey information in an electronic payment system
RU2292589C2 (ru) Аутентифицированный платеж
US6367013B1 (en) System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
Tygar Atomicity in electronic commerce
US6314517B1 (en) Method and system for notarizing digital signature data in a system employing cryptography based security
US6385725B1 (en) System and method for providing commitment security among users in a computer network
US6842863B1 (en) Certificate reissuance for checking the status of a certificate in financial transactions
US6820199B2 (en) Sending electronic transaction message, digital signature derived therefrom, and sender identity information in AADS system
CA2417406C (fr) Recu numerique de transaction
US6983368B2 (en) Linking public key of device to information during manufacture
US20040199469A1 (en) Biometric transaction system and method
US7490069B2 (en) Anonymous payment with a verification possibility by a defined party
US20030120611A1 (en) Content distribution system and content distribution method
JPH09507729A (ja) キー寄託機能付き暗号システムおよび方法
NZ508562A (en) System and method for electronic transmission, storage and retrieval of authenticated documents
JP2004506245A (ja) デバイスの公開鍵と製造中の情報とのリンク
AU2001287164A1 (en) Method and system for using electronic communications for an electronic contact
JP2002271312A (ja) 公開鍵管理方法
Van Herreweghen Non-repudiation in SET: Open issues
WO2001041088A1 (fr) Systeme de validation pour proteger le commerce electronique
US20230318832A1 (en) Token failsafe system and method
Camp An atomicity-generating protocol for anonymous currencies

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2000973082

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000973082

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 2000973082

Country of ref document: EP