Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Reliance management for electronic transaction system

a technology of electronic transaction system and reliance management, applied in the field of electronic transactions, can solve the problems of many unsolved problems, limited party's right to rely on certificates, and the specified reliance on some certificates to be per se unreliabl

Inactive Publication Date: 2001-08-02
CERTCO
View PDF0 Cites 216 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The backdrop established in these and other documents addresses some problems but leaves many of them unsolved and unresolved.
Often, a party's right to rely on a certificate is limited.
Further, reliance on some certificates is specified to be per se unreliable.
In addition, a certificate which has not been accepted by its subscriber or issued by a certification authority should not be considered to have taken effect, and could, perhaps rather loosely, be considered invalid.
Little support for risk management: The conventional system provides very few facilities or opportunities to enable a certification authority to manage the risk of certification.
The certification authority also has no way of monitoring outstanding certificates, ascertaining whether problems arise, evaluating which factors affect the risk of faulty certification or the scope of exposure to risk that the certification authority should prudently undertake.
Furthermore, conventional systems provide few facilities to help subscribers and relying parties manage their risks, including the risk of keeping the private key secure.
Relying party is under-served: To a great extent, it is the relying party, not the subscriber, who bears the risk of fraud or forgery in the transaction.
If a document is forged or is fraudulently altered, the relying party will suffer the consequences, which, according to the law of most states, is that the message is treated as void.
This state of affairs exposes the certification authority to serious liability risks in relation to the relying party and causes the certification authority to forgo the business opportunity of serving the relying party.
Lack of robustness: Because the conventional system fails to address risk management and the needs of relying parties, certification authorities have tended to interpret their roles narrowly.
This mechanical approach to certification limits the potential for CAs to add further value to electronic commerce transactions.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Reliance management for electronic transaction system
  • Reliance management for electronic transaction system
  • Reliance management for electronic transaction system

Examples

Experimental program
Comparison scheme
Effect test

example

[0219] Suppose, for example, that a certification authority, Cedric, issues a certificate, Cert-1, to a subscriber named Susan as provided in a contract with Susan. Cert-1 specifies that it is to be used with a "Type C" reliance server system, and also specifies its public key encrypted. Cert-1 specifies a assurance limit of $0; in other words, no reliance is permitted on Cert-1. Cedric provides a copy of Cert-1 to subscriber Susan, and she accepts it. Since Cert-1 is not, in itself, reliable in view of its $0 assurance limit, its essential utility is to direct relying parties to a reliance server. As the contract with Susan provides, Cedric publishes Cert-1 with Margaret, a reliance server.

[0220] Margaret establishes a new certification account and an entry in her certificate validity database for Susan's certificate, and sets parameters to govern the automatic issuance of secondary certificates based on information provided by Cedric. Margaret thereupon sends an initial message to...

second embodiment

2. SECOND EMBODIMENT

2.A Overview of Second Embodiment

[0269] An overview of the electronic transaction system 200 according to a second embodiment of the present invention is described with reference to FIG. 6. A subscriber 202 is issued one or more certificates 204 from a certification authority within an hierarchy of certification authorities 206 or from one of a number of sponsors 208. The certificates may serve to identify the subscriber 202 or to authorize certain transactions or types of transactions by the subscriber 202. Copies of the certificates (or of relevant information from the certificates) is placed in repositories or directories 210. Each certification authority and sponsor may have its own directory 210, or they may share directories 210.

[0270] The subscriber 202 transacts with a party 212 (hereinafter the relying party) by forming and digitally signing a transaction 214 which includes those of the subscriber's certificates (or unique identifiers of the subscriber's...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method of managing reliance in an electronic transaction system includes a certification authority issuing a primary certificate to a subscriber and forwarding to a reliance server, information about the issued primary certificate. The reliance server maintains the forwarded information about issued primary certificate. The subscriber forms a transaction and then provides the transaction to a relying party. The transaction includes the primary certificate or a reference thereto. The relying party sends to the reliance server a request for assurance based on the transaction received from the subscriber. The reliance server determines whether to provide the requested assurance based on the information about the issued primary certificate and on the requested assurance. Based on the determining, the reliance server issues to the relying party a secondary certificate providing the assurance to the relying party.

Description

1. Field of the Invention[0001] This invention relates to electronic transactions, and, more particularly, to services supporting reliance on digital signature certificates and managing the risk of such certificates in an electronic transaction system.2. Background of the Invention[0002] Systems for accomplishing business transactions electronically are becoming increasingly widespread, partly because of the advent of global computer networks such as the Internet, and partly because of the evolution and maturity of public key cryptography, which enhances the security of such commerce. The application of public key cryptography to electronic commerce has been heretofore envisioned in documents such as Recommendation X.509 of the International Telecommunications Union (ITU, formerly CCITT) (hereinafter "Standard X.509"), the Digital Signature Guidelines of the American Bar Association's Information Security Committee (December 1995 edition, hereinafter "ABA Guidelines"), and statutes ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G07F19/00G06F21/00G06F21/33G06Q10/10G06Q20/02G06Q20/04G06Q20/36G06Q20/38G06Q20/40G07F7/08G07F7/10G09C1/00H04L9/32
CPCG06Q10/10G06Q20/02G06Q20/04G06Q20/3674G06Q20/3821G06Q20/38215G06Q20/3829G06Q20/40G06Q20/4037G07F7/08Y10S707/99939H04L9/3268H04L2209/56
Inventor ASAY, ALANTURNER, PAUL A.SUDIA, FRANK W.ANKNEY, RICHARD
Owner CERTCO
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products