WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Method and apparatus for purchasing and delivering digital goods over a network    

Get related patents on CD
United States Patent5809144   
Link to this pagehttp://www.wikipatents.com/5809144.html
Inventor(s)Sirbu; Marvin A. (Pittsburgh, PA); Tygar; J. D. (Pittsburgh, PA); Cox; Benjamin T. H. (Pittsburgh, PA); Wagner; Thomas (Pittsburgh, PA)
AbstractA method for purchasing and delivering goods over a network is comprised of the steps of identifying a digital good to be purchased. A purchase price for the digital good is negotiated. After the negotiation step, an authenticated purchase request is sent to the merchant. The merchant encrypts the desired digital good and calculates a first cryptographic checksum for the encrypted good. The encrypted digital good and the first cryptographic checksum together with a timestamp are then transmitted to the customer. The customer calculates a second cryptographic checksum for the received encrypted digital good. The customer creates an electronic payment order containing information identifying the transaction, the second cryptographic checksum, credentials, and the timestamp. The electronic payment order is transmitted to the merchant. The merchant compares the first and second cryptographic checksums to ensure that they match, and if so, the merchant adds an electronic signature and a decryption key to the electronic payment order. The merchant submits the merchant signed electronic payment order and the key to an account server for review. The account server reviews the information in the electronic payment order and sends a message, including the key if the review is positive, to the merchant. The merchant forwards the message to the customer. If the message contained the key, the customer uses the key to decrypt the goods.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History Custom Search
Inventor     Sirbu; Marvin A. (Pittsburgh, PA); Tygar; J. D. (Pittsburgh, PA); Cox; Benjamin T. H. (Pittsburgh, PA); Wagner; Thomas (Pittsburgh, PA)
Owner/Assignee     Carnegie Mellon University (Pittsburgh, PA)
Patent assignment
All assignments
Company News
Publication Date     September 15, 1998
Application Number     08/519,074
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     August 24, 1995
US Classification     705/53 380/29 380/30 380/59 380/282 705/26 705/27 705/75 705/78 705/80
Int'l Classification     H04L 009/00
Examiner     Gregory; Bernarr E.
Assistant Examiner    
Attorney/Law Firm     Kirkpatrick & Lockhart LLP
Address
Parent Case    
Priority Data    
USPTO Field of Search     380/4 380/9 380/23 380/24 380/25 380/21 380/29 380/30 380/44 380/46 380/49 380/50 380/59 395/226 395/227 395/230 395/235 395/239 395/240 395/242 395/244 705/26 705/27 705/39 705/40 705/41 705/42 705/43 705/44 705/45
Patent Tags     purchasing delivering digital goods over a network
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5383113
Kight
705/40
Jan,1995
[0 after 0 votes]		5191573
Hair
369/84
Mar,1993
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B

[0 market size comments]
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 market share comments]
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 reasonable royalty comments]
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A

[0 Guesstimation of Royalty Value Comments]
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 license availability comments]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 owner/assignee comments]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]

[0 competitive advantage comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]

[0 commercial alternatives comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. A method for purchasing and delivering digital goods over a network, comprising the steps of:

identifying a digital good to be purchased;

establishing a purchase price for the digital good;

sending a purchase request to the merchant for the digital good;

encrypting the digital good;

calculating a first cryptographic checksum for the encrypted good;

transmitting the encrypted digital good and a timestamp to the customer;

receiving the encrypted digital good and the timestamp;

calculating a second cryptographic checksum for the received encrypted digital good;

creating an electronic payment order containing information identifying the transaction, the second cryptographic checksum, and the timestamp;

transmitting the electronic payment order to the merchant;

adding an electronic signature of the merchant and a decryption key to the electronic payment order when the first and second checksums match;

submitting the merchant signed electronic payment order and key for review;

reviewing the information in the electronic payment order and sending a message to the merchant in response to the review; and

forwarding a message containing the key to the customer when the review is positive.

2. The method of claim 1 wherein said step of establishing a purchase price includes the step of negotiating a purchase price.

3. The method of claim 1 wherein said step of establishing a purchase price includes the step of looking up a purchase price from a list.

4. The method of claim 1 wherein said step of establishing a purchase price includes the step of identifying the customer, and wherein the price is established in part on the identity of the customer.

5. The method of claim 4 additionally comprising the step of determining the customer's frequency of purchases, and wherein the price is established in part on the customer's frequency of purchases.

6. The method of claim 4 additionally comprising the steps of presenting a credential and evaluating the credential before establishing the purchase price.

7. The method of claim 4 additionally comprising the steps of presenting a coupon and evaluating the coupon before establishing the purchase price.

8. The method of claim 1 wherein said step of sending a purchase request includes sending a customer identifier and a digital good identifier.

9. The method of claim 1 wherein said step of creating an electronic payment order includes an electronic payment order having a digital signature of the customer.

10. The method of claim 9 wherein said step of creating an electronic payment order includes an electronic payment order having a customer identifier, a digital good identifier, the purchase price, and a merchant identifier.

11. The method of claim 10 wherein said step of creating an electronic payment order includes an electronic payment order having a customer account number and a customer memo field.

12. The method of claim 1 additionally comprising the steps of:

retransmitting the encrypted digital good and a timestamp to the customer when the first and second checksums do not match;

receiving the retransmitted encrypted digital good and the timestamp;

calculating a second cryptographic checksum for the received retransmitted encrypted digital good;

creating an electronic payment order containing information identifying the transaction, the second cryptographic checksum, and the timestamp; and

transmitting the electronic payment order to the merchant.

13. The method of claim 1 additionally comprising the step of aborting the purchase.

14. The method of claim 13 wherein said step of aborting the purchase is performed when the first and second checksums do not match.

15. The method of claim 1 wherein the electronic payment order includes a digital signature of the customer, and wherein said step of reviewing the information includes the step of verifying the customer's signature and the merchant's signature.

16. The method of claim 1 wherein said step of reviewing the information includes the step of verifying that the customer has the funds needed to make the purchase.

17. The method of claim 1 wherein said step of reviewing the information includes the step of verifying that the customer has the credit needed to make the purchase.

18. The method of claim 1 wherein said step of reviewing the information includes the step of verifying that the customer is authorized to make the purchase.

19. The method of claim 1 wherein the timestamp is generated so as to be fresh at the end of the transmission of the encrypted digital good.

20. The method of claim 19 wherein said step of reviewing the information includes the step of reviewing the timestamp to determine if the transaction is stale.

21. The method of claim 1 additionally comprising the step of adding a unique serial number to the electronic payment order, and wherein said step of reviewing the information includes the step of reviewing the serial number.

22. The method of claim 1 additionally comprising the steps of:

debiting the customer's account;

crediting the merchant's account;

logging the transaction; and

saving a copy of the key.

23. The method of claim 1 additionally comprising the step of transmitting the first cryptographic checksum to the customer, and wherein the customer compares the first and second checksums.

24. The method of claim 1 wherein said step of forwarding a message containing the key is performed by the merchant.

25. The method of claim 24 additionally comprising the step of the information reviewer forwarding a message containing the key to the customer when the merchant fails to forward the message.

26. The method of claim 1 wherein said step of forwarding a message containing the key is performed by the information reviewer.

27. The method of claim 1 wherein the digital good includes a digitized receipt for a nondigital good.

28. The method of claim 1 wherein the message sent in response to the review includes a message having a digital signature of the reviewer.

29. A method for purchasing and delivering digital goods over a network, comprising the steps of:

(a) identifying a digital good to be purchased;

(b) sending a message indicating what price for the digital good is acceptable to the customer;

(c) determining if the price is acceptable to the merchant, and when the price is acceptable:

(d) encrypting the digital good;

(e) calculating a first cryptographic checksum for the encrypted good;

(f) transmitting the encrypted digital good and a timestamp to the customer;

(g) receiving the encrypted digital good and the timestamp;

(h) calculating a second cryptographic checksum for the received encrypted digital good;

(i) creating an electronic payment order containing information identifying the transaction, the second cryptographic checksum, and the timestamp;

(j) transmitting the electronic payment order to the merchant;

(k) adding an electronic signature of the merchant and a decryption key to the electronic payment order when the first and second checksums match;

(l) submitting the merchant signed electronic payment order and key for review;

(m) reviewing the information in the electronic payment order and sending a message to the merchant in response to the review; and

(n) forwarding a message containing the key to the customer when the review is positive.

30. The method of claim 29 additionally comprising the step of aborting the transaction if the price is not acceptable to the merchant.

31. The method of claim 29 additionally comprising the steps of negotiating a price when the price in the message is not acceptable to the merchant, and performing steps (d) through (n) when a price has been agreed upon.

32. The method of claim 29 additionally comprising the step of identifying the customer before determining if the price is acceptable to the merchant.

33. The method of claim 32 additionally comprising the steps of presenting a credential and evaluating the credential before determining if the price is acceptable to the merchant.

34. The method of claim 32 additionally comprising the steps of presenting a coupon and evaluating the coupon before determining if the price is acceptable to the merchant.

35. The method of claim 29 wherein said step of sending a message includes sending a message including a customer identifier and a digital good identifier.

36. The method of claim 29 wherein said step of creating an electronic payment order includes creating an electronic payment order having a digital signature of the customer.

37. The method of claim 36 wherein said step of creating an electronic payment order includes an electronic payment order having a customer identifier, a digital good identifier, the purchase price, and a merchant identifier.

38. The method of claim 37 wherein said step of creating an electronic payment order includes an electronic payment order having a customer account number and a customer memo field.

39. The method of claim 29 additionally comprising the steps of:

retransmitting the encrypted digital good and a timestamp to the customer when the first and second checksums do not match;

receiving the retransmitted encrypted digital good and the timestamp;

calculating a second cryptographic checksum for the received retransmitted encrypted digital good;

creating an electronic payment order containing information identifying the transaction, the second cryptographic checksum, and the timestamp; and

transmitting the electronic payment order to the merchant.

40. The method of claim 29 additionally comprising the step of aborting the purchase.

41. The method of claim 40 wherein said step of aborting the purchase is performed when the first and second checksums do not match.

42. The method of claim 29 wherein the electronic payment order includes a digital signature of the customer, and wherein said step of reviewing the information includes the step of verifying the customer's signature and the merchant's signature.

43. The method of claim 29 wherein said step of reviewing the information includes the step of verifying that the customer has the funds needed to make the purchase.

44. The method of claim 29 wherein said step of reviewing the information includes the step of verifying that the customer has the credit needed to make the purchase.

45. The method of claim 29 wherein said step of reviewing the information includes the step of verifying that the customer is authorized to make the purchase.

46. The method of claim 29 wherein the timestamp is generated so as to be fresh at the end of the transmission of the encrypted digital good.

47. The method of claim 46 wherein said step of reviewing the information includes the step of reviewing the timestamp to determine if the transaction is stale.

48. The method of claim 29 additionally comprising the step of adding a unique serial number to the electronic payment order, and wherein said step of reviewing the information includes the step of reviewing the serial number.

49. The method of claim 29 additionally comprising the steps of:

debiting the customer's account;

crediting the merchant's account;

logging the transaction; and

saving a copy of the key.

50. The method of claim 29 additionally comprising the step of transmitting the first cryptographic checksum to the customer, and wherein the customer compares the first and second checksums.

51. The method of claim 29 wherein said step of forwarding a message containing the key is performed by the merchant.

52. The method of claim 51 additionally comprising the step of the information reviewer forwarding a message containing the key to the customer when the merchant fails to forward the message.

53. The method of claim 29 wherein said step of forwarding a message containing the key is performed by the information reviewer.

54. The method of claim 29 wherein the digital good includes a digitized receipt for a nondigital good.

55. The method of claim 29 wherein the price indicated in the message is zero.

56. The method of claim 29 wherein the message sent in response to the review includes a message having a digital signature of the reviewer.

57. A method for ordering and delivering digital goods over a network, comprising the steps of:

(a) identifying a digital good to be delivered;

(b) sending a message requesting delivery of the digital good if the price is zero;

(c) determining if the price of the good is zero, and when the price of the good is zero:

(d) encrypting the digital good;

(e) calculating a first cryptographic checksum for the encrypted good;

(f) transmitting the encrypted digital good and a timestamp to the customer;

(g) receiving the encrypted digital good and the timestamp;

(h) calculating a second cryptographic checksum for the received encrypted digital good;

(i) creating an electronic payment order containing information identifying the transaction, the second cryptographic checksum, and the timestamp;

(j) transmitting the electronic payment order to the merchant; and

(k) reviewing the information in the electronic payment order and sending a message containing the key to the customer when the review is positive.

58. The method of claim 57 additionally comprising the step of aborting the transaction if the price of the goods is not zero.

59. The method of claim 57 wherein said step of reviewing the information includes the step of comparing the first and second cryptographic checksums.

60. The method of claim 57 additionally comprising the step of identifying the customer before determining if the price of the good is zero.

61. The method of claim 60 additionally comprising the steps of presenting a credential and evaluating the credential before determining if the price of the good is zero.

62. The method of claim 60 additionally comprising the steps of presenting a coupon and evaluating the coupon before determining if the price of the good is zero.

63. The method of claim 60 wherein said step of reviewing the information includes the step of verifying that the customer is authorized to receive the good.

64. The method of claim 57 wherein said step of sending a purchase request includes sending a purchase request having a customer identifier and a digital good identifier.

65. The method of claim 57 additionally comprising the steps of:

retransmitting the encrypted digital good and a timestamp to the customer when the first and second checksums do not match;

receiving the retransmitted encrypted digital good and the timestamp;

calculating a second cryptographic checksum for the received retransmitted encrypted digital good;

creating an electronic payment order containing information identifying the transaction, the second cryptographic checksum, and the timestamp; and

transmitting the electronic payment order to the merchant.

66. The method of claim 57 additionally comprising the step of aborting the transaction.

67. The method of claim 66 wherein said step of aborting the transaction is performed when the first and second checksums do not match.

68. The method of claim 57 wherein the electronic payment order includes a digital signature of the customer, and wherein said step of reviewing the information includes the step of verifying the customer's signature.

69. The method of claim 57 wherein the timestamp is generated so as to be fresh at the end of the transmission of the encrypted digital good.

70. The method of claim 69 wherein said step of reviewing the information includes the step of reviewing the timestamp to determine if the transaction is stale.

71. The method of claim 57 additionally comprising the step of adding a unique serial number to the electronic payment order, and wherein said step of reviewing the information includes the step of reviewing the serial number.

72. The method of claim 57 additionally comprising the steps of:

logging the transaction; and

saving a copy of the key.

73. The method of claim 57 additionally comprising the step of transmitting the first cryptographic checksum to the customer, and wherein the customer compares the first and second checksums.

74. The method of claim 57 wherein the digital good includes a digitized receipt for a nondigital good.

75. The method of claim 57 wherein the message sent in response to the review includes a message having a digital signature of the reviewer.

76. A method for purchasing and delivering digital goods over a network, comprising the steps of:

(a) identifying a digital good to be delivered;

(b) sending a message requesting delivery of the digital good if the price is zero;

(c) determining if the price of the good is zero, and when the price of the good is zero, then:

encrypting the digital good under a session key shared with the customer;

calculating a first cryptographic checksum for the encrypted good;

transmitting the encrypted digital good and a timestamp to the customer;

receiving the encrypted digital good and the timestamp;

calculating a second cryptographic checksum for the received encrypted digital good;

creating an electronic message containing information identifying the transaction, the second cryptographic checksum, and the timestamp;

transmitting the electronic message to the merchant;

reviewing the information in the electronic message; and

sending a message to the customer indicating the results of the review.

77. The method of claim 76 wherein said step of reviewing the information in the electronic message includes comparing the first and second cryptographic checksums.

78. A method for purchasing and delivering digital goods over a network, comprising the steps of:

(a) identifying a digital good to be delivered;

(b) sending a message requesting delivery of the digital good if the price is zero, the message including a credential;

(c) determining if the price of the good is zero at least in part on the presented credential, and when the price of the good is zero:

encrypting the digital good under a session key shared with the consumer;

calculating a first cryptographic checksum for the encrypted good;

transmitting the encrypted digital good, the first cryptographic checksum, and a timestamp to the customer;

receiving the encrypted digital good, the first cryptographic checksum, and the timestamp;

calculating a second cryptographic checksum for the received encrypted digital good;

decrypting the encrypted digital good with the shared session key;

comparing the first cryptographic checksum to the second cryptographic checksum; and

alerting the customer if the checksums don't match.

79. A method for purchasing and delivering digital goods over a network, comprising the steps of:

identifying a digital good to be purchased;

obtaining a credential containing a cryptographic checksum of a nonce, an account number, and a copy of the nonce;

establishing a purchase price for the digital good after the merchant is made aware of the credential;

sending a purchase request to the merchant for the digital good;

encrypting the digital good;

calculating a first cryptographic checksum for the encrypted good;

transmitting the encrypted digital good and a timestamp to the customer;

receiving the encrypted digital good and the timestamp;

calculating a second cryptographic checksum for the received encrypted digital good;

creating an electronic payment order containing information identifying the transaction, the second cryptographic checksum, the timestamp, the account number to be charged, the nonce, the cryptographic checksum of the nonce, and the account number copied from the credential used to establish the purchase price;

transmitting the electronic payment order to the merchant;

adding an electronic signature of the merchant, the credential, and a decryption key to the electronic payment order when the first and second checksums match;

submitting the merchant signed electronic payment order, credential, and key for review;

reviewing the submitted information and sending a message to the merchant in response to the review; and

forwarding a message containing the key to the customer when the review is positive.

80. The method of claim 79 wherein said step of reviewing the information includes the step of determining if the customer is authorized to used the account identified in the credential.

81. The method of claim 79 wherein said step of obtaining a credential includes the step of specifying the account number to be used in the credential.

82. The method of claim 81 wherein said step of reviewing the information includes the step of determining if the account being charged is the same account as was specified when the credential was obtained.

83. The method of claim 79 wherein the account number and the nonce in the electronic payment order are encrypted so as to be readable only by the information reviewer.

84. A method of purchasing and receiving a digital good over a network, comprising the steps of:

creating a purchase request for a digital good;

transmitting the purchase request to a merchant;

receiving the digital good in encrypted form and a timestamp;

calculating a cryptographic checksum for the received encrypted digital good;

creating an electronic payment order containing information identifying the transaction, the cryptographic checksum, and the timestamp;

transmitting the electronic payment order to the merchant; and

receiving a key for decrypting the encrypted digital good.

85. The method of claim 84 additionally comprising the step of negotiating a purchase price.

86. The method of claim 84 additionally comprising the step of identifying the customer to the merchant.

87. The method of claim 86 additionally comprising the step of presenting a credential to the merchant.

88. The method of claim 86 additionally comprising the steps of presenting a coupon to the merchant.

89. The method of claim 84 wherein said step of creating a purchase request includes a purchase request having a customer identifier and a digital good identifier.

90. The method of claim 84 wherein said step of creating an electronic payment order includes an electronic payment order having a digital signature of the customer.

91. The method of claim 90 wherein said step of creating an electronic payment order includes an electronic payment order having a customer identifier, a digital good identifier, the purchase price, and a merchant identifier.

92. The method of claim 91 wherein said step of creating an electronic payment order includes an electronic payment order having a customer account number and a customer memo field.

93. The method of claim 84 additionally comprising the step of aborting the purchase.

94. The method of claim 93 additionally comprising the steps of receiving a cryptographic checksum and comparing the calculated checksum to the received checksum.

95. The method of claim 94 wherein said step of aborting the purchase is performed when the received and calculated checksums do not match.

96. The method of claim 84 wherein the digital good includes a digitized receipt for a nondigital good.

97. Apparatus for purchasing and receiving a digital good over a network, comprising:

means for creating a purchase request for a digital good;

means for transmitting the purchase request to a merchant;

means for receiving the digital good in encrypted form and a timestamp;

means for calculating a cryptographic checksum for the received encrypted digital good;

means for creating an electronic payment order containing information identifying the transaction, the cryptographic checksum, and the timestamp;

said means for transmitting transmitting the electronic payment order to the merchant and said means for receiving receiving a key; and

means responsive to said received key for decrypting the encrypted digital good.

98. A method of selling and delivering a digital good over a network, comprising the steps of:

receiving a purchase request for a digital good from a customer;

encrypting the digital good;

calculating a first cryptographic checksum for the encrypted good;

generating a timestamp;

transmitting the encrypted digital good and the timestamp to the customer;

receiving an electronic payment order from the customer containing information identifying the transaction, a second cryptographic checksum, and the timestamp;

adding an electronic signature of the merchant and a decryption key to the electronic payment order when the first and second checksums match; and

transmitting the merchant signed electronic payment order and key for review.

99. The method of claim 98 additionally comprising the step of establishing a purchase price .

100. The method of claim 99 wherein said step of establishing a purchase price includes the step of negotiating a purchase price.

101. The method of claim 99 wherein said step of establishing a purchase price includes the step of looking up a purchase price from a list.

102. The method of claim 99 wherein said step of establishing a purchase price includes the step of identifying the customer, and wherein the price is established in part on the identity of the customer.

103. The method of claim 99 additionally comprising the step evaluating a credential presented by the customer before establishing the purchase price.

104. The method of claim 99 additionally comprising the step of evaluating a coupon presented by the customer before establishing the purchase price.

105. The method of claim 98 additionally comprising the step of retransmitting the encrypted digital good and a timestamp to the customer when the first and second checksums do not match.

106. The method of claim 98 additionally comprising the step of aborting the purchase.

107. The method of claim 106 wherein said step of aborting the purchase is performed when the first and second checksums do not match.

108. The method of claim 98 wherein the timestamp is generated so as to be fresh at the end of the transmission of the encrypted digital good.

109. The method of claim 98 additionally comprising the step of adding a unique serial number to the electronic payment order.

110. The method of claim 98 additionally comprising the step of transmitting the first cryptographic checksum to the customer.

111. The method of claim 98 additionally comprising the step of forwarding a message containing a decryption key to the customer.

112. The method of claim 98 wherein the digital good includes a digitized receipt for a nondigital good.

113. Apparatus for selling and delivering a digital good over a network, comprising:

means for receiving a purchase request for a digital good from a customer;

means, responsive to said means for receiving, for encrypting the digital good;

means for calculating a first cryptographic checksum for the encrypted good;

means for generating a timestamp;

means for transmitting the encrypted digital good and the timestamp to the customer;

said means for receiving receiving an electronic payment order from the customer containing information identifying the transaction, a second cryptographic checksum, and the timestamp;

means for comparing the first and second checksums;

means, responsive to said means for comparing, for adding an electronic signature of the merchant and a decryption key to the electronic payment order when the first and second checksums match;

said means for transmitting transmitting the merchant signed electronic payment order and key for review.

114. A method of reviewing the sale of a digital good over a network, comprising the steps of:

reviewing the information in an electronic payment order signed by a merchant and containing a decryption key;

sending a message to the merchant in response to the review;

debiting the customer's account when the review is positive;

crediting the merchant's account when the review is positive;

logging the transaction in response to the review; and

saving a copy of the key.

115. The method of claim 114 wherein the electronic payment order includes a digital signature of the customer, and wherein said step of reviewing the information includes the step of verifying the customer's signature and the merchant's signature.

116. The method of claim 114 wherein said step of reviewing the information includes the step of verifying that the customer has the funds needed to make the purchase.

117. The method of claim 114 wherein said step of reviewing the information includes the step of verifying that the customer has the credit needed to make the purchase.

118. The method of claim 114 wherein said step of reviewing the information includes the step of verifying that the customer is authorized to make the purchase.

119. The method of claim 114 wherein said step of reviewing the information includes the step of reviewing a timestamp to determine if the transaction is stale.

120. The method of claim 114 wherein said step of reviewing the information includes the step of reviewing a serial number.

121. The method of claim 114 additionally comprising the step of a sending a message containing a decryption key.

122. The method of claim 114 wherein the digital good includes a digitized receipt for a nondigital good.

123. The method of claim 114 additionally comprising the step of providing an update of the status of the review.

124. The method of claim 114 additionally comprising the step of providing an update of the status of the customer's account.

125. The method of claim 114 additionally comprising the step of providing an update of the status of the merchant's account.

126. Apparatus for reviewing the sale of a digital good over a network, comprising:

means for receiving an electronic payment order signed by a merchant and containing a decryption key;

means for reviewing the information in the received electronic payment order and the merchant signature;

means for sending a message to the merchant in response to the review;

means for debiting the customer's account when the review is positive;

means for crediting the merchant's account when the review is positive;

means for logging the transaction in response to the review; and

means for saving a copy of the key in response to the review.

127. A method of establishing a shared session key between a client and server over a computer network comprising the steps of:

(a) generating a one-time random symmetric key;

(b) generating a message consisting of the one-time random symmetric key, the identity of the server, the identity of the client, and a timestamp;

(c) encrypting the message with the public key of the server;

(d) adding the client's digital signature to the encrypted message;

(e) transmitting the signed encrypted message from the client to the server;

(f) receiving the message by the server;

(g) verifying the customer's signature;

(h) decrypting the message;

(i) constructing a return message consisting of a randomly generated symmetric session key and a Kerberos-style ticket containing the key;

(j) encrypting the return message using the one-time random symmetric key received from the client;

(k) transmitting the return message from the server to the client;

(l) receiving the return message by the client; and

(m) decrypting the return message using the one-time random symmetric key to recover the Kerberos-style ticket and session key.

128. The method of claim 127 additionally comprising the step of encrypting the Kerberos-style ticket with a key known only to the server.
 Description Submit all comments and votes
 


BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention is directed generally to communications protocols, and more particularly to methods of carrying out commercial transactions over a computer network.

2. Description of the Background

Buyers and sellers increasingly want to use the Internet to conduct their business electronically. As a base for commerce, the Internet poses special challenges due to its lack of standard security mechanisms. At the same time, the ease with which buyers can peruse catalogs published via the World Wide Web makes the Internet attractive for commerce. Consumers would like to use the Internet as a means for multiple phases of the purchase process: searching for suppliers, price negotiation, ordering, and payment for goods. In the case of information items, such as software or journal pages, videos, music, or any item that can be digitized and stored, such goods can be delivered over the Internet as digital information.

Using the Internet for commerce poses new variations on traditional issues. Transactions occur in cyberspace with no easily identifiable place of business for the merchant or physical delivery site for the customer. The possibilities for fraud both from the buyer and seller's point of view raise special issues in such an environment. Transactions are subject to observation by third parties sharing the network. Although the use of computers to support transactions makes record keeping easier, it exacerbates privacy problems arising from transaction data collection by merchants or third parties.

Supporting transactions in cyberspace requires electronic analogs for many familiar procedures from face-to-face transactions. Parties need to know with whom they are dealing,

Supporting transactions in cyberspace requires electronic analogs for many familiar procedures from face-to-face transactions. Parties need to know with whom they are dealing, or at least verify their creditworthiness. They need to be able to negotiate prices, perhaps providing credentials entitling them to special discounts, such as a student ID. Parents need methods to control where their children shop in cyberspace. In the case of information goods, the value of an item may be as low as a few cents, requiring transaction mechanisms which impose per-transaction overheads much smaller than those for typical check and credit card purchases. To restrict distribution of sensitive materials, merchants need to restrict the class of customers they support. That may be accomplished through the used of some type of credential. Although there is no shortage of companies wishing to conduct business over the Internet, no mechanism has come forward which satisfies the aforementioned needs.

SUMMARY OF THE INVENTION

The present invention is directed to a method and apparatus for purchasing and delivering goods over a network. The method is comprised of the steps of identifying a digital good to be purchased. A purchase price for the digital good is negotiated. A request for quotation or a bid sent to the merchant may include credentials identifying the customer for purposes of, for example, providing a discount. After the negotiating phase, the customer requests delivery of the goods.

The merchant encrypts the digital good which the customer wishes to purchase. A first cryptographic checksum is calculated by the merchant for the encrypted good. The encrypted digital good and the first cryptographic checksum are then transmitted to the customer. A timestamp is generated by the merchant at the end of goods transmission and sent to the customer.

The customer receives the encrypted digital good and the first cryptographic checksum. The customer calculates a second cryptographic checksum for the received encrypted digital good. The customer creates an electronic payment order containing information identifying the transaction, the second cryptographic checksum, credentials, for example, authorizing the customer to purchase the goods, and a timestamp. The electronic payment order is transmitted to the merchant.

The merchant compares the first and second cryptographic checksums to ensure that they match. A match indicates that the digital good has been correctly received. The merchant adds an electronic signature and a decryption key to the electronic payment order. The merchant submits the merchant signed electronic payment order and the key to an account server for review.

The account server reviews the information in the electronic payment order and sends a message to the merchant in response to the review. The review may include verifying that the customer is authorized to make the requested purchase, verifying that the customer has the necessary funds, and ensuring that the timestamp is valid. As a result of the review, a message is sent to the merchant. In the event the review the not positive, an error code is contained within the message which explains why the electronic payment order has not been approved. If the report is positive, the message so indicates and the message contains the key.

The merchant forwards the message to the customer. If the message contained the key, the customer uses the key to decrypt the goods. If, for some reason, the customer does not obtain the key from the merchant, the customer may contact the account server and obtain a copy of the key from the server.

Objectives of the present invention include:

The customer and merchant must agree on the item to be purchased and the price to be charged. That contemplates an offer and acceptance negotiation phase between customer and merchant.

A customer may present credentials proving membership in groups to qualify for discounts or other purposes. That supports access control, which may be outsourced so that different users may use different access control servers.

The use of timestamps at the end of transmission of the digital good ensures that electronic payment orders contain a fresh timestamp.

To achieve those objectives, the method and apparatus of the present invention provide for strong authentication and privacy and a flexible access control system. Those and other advantages and benefits of the present invention will become apparent from the Description Of The Preferred Embodiments hereinbelow.

BRIEF DESCRIPTION OF THE DRAWINGS

For the present invention to be clearly understood and readily practiced, the present invention will be described in conjunction with the following figures wherein:

FIG. 1 illustrates a customer, a merchant, an account server, and a financial institution interconnected by a network;

FIG. 2 illustrates the steps in a transaction carried out between the customer, the merchant, and the account server shown in FIG. 1;

FIG. 3 illustrates the flow of payment to the merchant;

FIG. 4 illustrates the functions of the merchant software in the context of the transaction of FIG. 2;

FIG. 5 illustrates certain of the information contained in a digital message referred to as an authenticated request;

FIG. 6 illustrates certain of the information contained in a digital message referred to as a digitally signed price quotation;

FIG. 7 illustrates certain of the information contained in a digital message referred to as the digitally signed purchase request;

FIG. 8 illustrates certain of the information contained in a digital message referred to as the electronic purchase order (EPO);

FIG. 9 illustrates certain of the