US 2016/0253663 A1 - Transaction Signing Utilizing Asymmetric Cryptography - The Lens

Transaction Signing Utilizing Asymmetric Cryptography

Published: Sep 1, 2016
Earliest Priority: Feb 27 2015
Family: 7
Cited Works: 0
Cited by: 7
Cites: 0
Additional Info: Full text

Abstract

Embodiments relate to systems, apparatuses, and methods for performing transaction signing utilizing asymmetric cryptography and a private ledger. A transaction data is signed by a user device using a private key, and may be utilized in an authorization request message without including a real credential of the user. A transaction verification and accounting module (TVAM) can verify the signed transaction data and can continue processing the transaction.

Claims

A method comprising:
receiving, at a server computer, an authorization request message for a transaction involving a user and a recipient, wherein the authorization request message includes a public key of the user and signed transaction data, wherein the signed transaction data was signed using a private key of the user;

determining, by the server computer, that the public key of the user matches a stored public key associated with an entry of the user;

determining, by the server computer using the public key, that the signed transaction data was signed using the private key of the user; and

sending, by the server computer, an authorization response message indicating that the transaction is authorized.
The method of claim 1, wherein the determining that the signed transaction data was signed using the private key of the user comprises:
verifying, by the server computer, the signed transaction data using the public key of the user.
The method of claim 2, wherein the authorization request message further comprises an amount and a recipient public key.
The method of claim 3, wherein the private key is an ECC key.
The method of claim 1, wherein the authorization response message sent by the server computer does not include sensitive information of the user.
The method of claim 5, wherein the authorization response message sent by the server computer includes the public key of the user.
The method of claim 1, wherein receiving the authorization request message comprises receiving the authorization request message from an access device at the recipient.
The method of claim 7, wherein the access device sends at least some of the transaction data to a user device, and the user device signs the transaction with the private key of the user.
A server computer comprising:
a processor; and

a computer readable medium, the computer readable medium comprising code, executable by the processor, for implementing a method comprising:

receiving, at a server computer, an authorization request message for a transaction involving a user and a recipient, wherein the authorization request message includes a public key of the user and signed transaction data, wherein the signed transaction data was signed using a private key of the user;

determining, by the server computer, that the public key of the user matches a stored public key associated with an entry of the user;

determining, by the server computer using the public key, that the signed transaction data was signed using the private key of the user; and

sending, by the server computer, an authorization response message indicating that the transaction is authorized.
The server computer of claim 9, wherein the determining that the signed transaction data was signed using the private key of the user comprises:
verifying, by the server computer, the signed transaction data using the public key of the user.
The server computer of claim 10, wherein the authorization request message further comprises an amount and a recipient public key.
A method comprising:
providing, by an access device, transaction data to a user device of a user, wherein the user device signs the transaction data;

receiving, by the access device, signed transaction data and a public key of the user from the user device; and

transmitting, by the access device, an authorization request message including the signed transaction data and the public key of the user.
The method of claim 12, wherein the provided transaction data includes a public key of a recipient.
The method of claim 12, wherein the signed transaction data comprises transaction data encrypted using a private key of the user that is associated with the public key of the user.
The method of claim 12, wherein the authorization request message is transmitted to a server computer.
The method of claim 12, further comprising:
receiving, at the access device, an authorization response message for the transaction that does not include sensitive information.
The method of claim 16, wherein the authorization response message for the transaction includes the public key of the user.
An access device comprising:
a processor; and

a computer readable medium, the computer readable medium comprising code, executable by the processor to implement a method comprising:

providing transaction data to a user device of a user, wherein the user device signs the transaction data;

receiving signed transaction data and a public key of the user from the user device; and

transmitting an authorization request message including the signed transaction data and the public key of the user.
The access device of claim 18 wherein the access device comprise a device reader.
The access device of claim 18 wherein the signed transaction data comprises transaction encrypted using a private key of the user that is associated with the public key of the user.