US 12,450,599 B1
Payment management system using asymmetric cryptography to ensure information accuracy
Chun-Jen Chen, New Taipei (TW)
Assigned to OwlTing USA, Inc., Arlington, VA (US)
Filed by OwlTing USA, Inc., Arlington, VA (US)
Filed on May 27, 2025, as Appl. No. 19/220,025.
Claims priority of application No. 114118414 (TW), filed on May 16, 2025.
Int. Cl. G06Q 20/38 (2012.01); H04L 9/32 (2006.01); H04L 9/06 (2006.01); H04L 9/08 (2006.01)
CPC G06Q 20/3825 (2013.01) [H04L 9/3242 (2013.01); H04L 9/0643 (2013.01); H04L 9/0822 (2013.01); H04L 9/0825 (2013.01); H04L 9/0877 (2013.01); H04L 9/0894 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A payment management system, comprising:
a hardware security module (HSM) configured to provide a first session key and a second session key;
a first client, configured to:
provide a trade policy;
hash the trade policy with a first hash function to generate a first hash;
asymmetrically encrypt, by a first private key of a first public-private key pair, the first hash to generate a first signature; and
broadcast a first public key of the first public-private key pair;
a second client, configured to:
select at least one first order from an order pool that has a plurality of orders;
symmetrically encrypt information related to the at least one first order and the first signature by using the first session key from the HSM to create a first hash-based message authentication code (HMAC), wherein the information related to the at least one first order includes a summary of the at least one first order, a timestamp, an expired time, and the first signature;
asymmetrically encrypt the first HMAC with a second private key of a second public-private key pair to create a second signature;
wrap the information related to the at least one first order, the first signature, and the first HMAC by using the second session key from the HSM to create a first order package;
deliver the first order package, the first HMAC and the second signature to a designated processing node; and
broadcast a second public key of the second public-private key pair, the first session key, and the second session key;
an approval client, configured to:
unwrap the first order package to extract the information related to the at least one first order, the first signature, and the first HMAC by using the second session key;
confirm that the trade policy has not been tampered with by verifying the first signature using the first public key;
determine whether the at least one first order complies with the trade policy;
verify all prior signatures by using corresponding public keys, respectively;
asymmetrically encrypt a signature received from an immediately preceding client with an approval private key of an approval public-private key pair to generate an approval signature; and
broadcast an approval public key of the approval public-private key pair; and
a transaction router, configured to:
verify the approval signature by using the approval public key for executing a transaction,
wherein the HSM, the first client, the second client, the approval client and the transaction router are being implemented by one or more processors.