Dialect independent multi-dimensional integrator using a normalized language platform and secure controlled access

US 20030200172A1
Filed: 10/25/2002
Published: 10/23/2003
Est. Priority Date: 05/25/2000
Status: Active Grant

First Claim

Patent Images

1. A universal aggregator for disparate services and channels to allow for secure transactions involving authentication and/or authorization of a user with regard to a service or channel in one or more than one network comprising:

a connection of the user from a portal through which the user communicates a message containing a request to initiate a transaction at a destination in which one or more than one of an authorization or an authentication indicia is required and where access to the destination is determined by predetermined criteria associated with the request;

means for transmitting the message from the portal to a switch, the switch having means capable of determining a session key associated with the user and the user'"'"'s relationship with the destination, the destination comprising a predetermined activity in a network, device or system, the switch establishing a cache associated with the message, the cache being associated with the session key, the session key being selected from the group consisting of an existing session key and/or a new session key;

the switch comprising a processor interconnected with the means for transmitting, one or more than one network, device, or system, and a security service having means to verify the user, the verification comprising a comparison of a component contained in the message to preexisting data associated with the user, the request and the portal associated with an index of services and/or channels, devices or networks, and in which comparison,

1) if validation does not occur, the request is denied, and

2) if validation occurs, a credential is created which is thereupon transferred to the session cache, and upon verification, means to transfer one of the session key maintained in the cache, the new session key maintained in the cache, an existing credential, or the credential created in the verification to the destination associated with the request; and

means for transmitting a signal representing a determination of whether validation has occurred for the request to one or more than one of the user and the destination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of aggregating and integrating authentication and/or authorization protocols of a user or a user'"'"'s information across a wide range of related or nonrelated channels and exchange services. An interface is provided that allows multi-credential, multi-service, multi-role, and multi-channel based routing to multiple authorization and authentication providers in a secure system. Using a standardized language, the system creates a framework to enable entities to communicate and perform transactions instantly or nearly instantly, and seamlessly. The systems supports trusted and untrusted connections as well as multiple levels of encryption.

97 Citations

View as Search Results

29 Claims

1. A universal aggregator for disparate services and channels to allow for secure transactions involving authentication and/or authorization of a user with regard to a service or channel in one or more than one network comprising:
- a connection of the user from a portal through which the user communicates a message containing a request to initiate a transaction at a destination in which one or more than one of an authorization or an authentication indicia is required and where access to the destination is determined by predetermined criteria associated with the request;
  
  means for transmitting the message from the portal to a switch, the switch having means capable of determining a session key associated with the user and the user'"'"'s relationship with the destination, the destination comprising a predetermined activity in a network, device or system, the switch establishing a cache associated with the message, the cache being associated with the session key, the session key being selected from the group consisting of an existing session key and/or a new session key;
  
  the switch comprising a processor interconnected with the means for transmitting, one or more than one network, device, or system, and a security service having means to verify the user, the verification comprising a comparison of a component contained in the message to preexisting data associated with the user, the request and the portal associated with an index of services and/or channels, devices or networks, and in which comparison,
  
  1) if validation does not occur, the request is denied, and
  
  2) if validation occurs, a credential is created which is thereupon transferred to the session cache, and upon verification, means to transfer one of the session key maintained in the cache, the new session key maintained in the cache, an existing credential, or the credential created in the verification to the destination associated with the request; and
  
  means for transmitting a signal representing a determination of whether validation has occurred for the request to one or more than one of the user and the destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 29)
- - 2. The system of claim 1 in which the one or more than one authorization and authentication for the request is determined from information concerning the user, the device, the network, and the request contained in the message.
  - 3. The system of claim 2 in which the information in the message determines a security service to invoke for the activity.
  - 4. The system of claim 1 wherein the authorization or an authentication indicia is selected from the group consisting of a user ID, an ATM, a readable card, a certificate, a smart card, a magnetic stripe card, a biometric indicia, a password, a PIN, and a digital object security device.
  - 5. The system of claim 1 in which the request is transmitted to a filter to determine whether the identity or authority of the user is listed in an index of identities or authorities known to be bad.
  - 6. The system of claim 1 wherein the message is transmitted by means selected from the group consisting of wired and wireless.
  - 7. The system of claim 1 wherein the one or more than one network is the Internet.
  - 8. The system of claim 1 wherein the channel is selected from the group consisting of a card reader, an ATM, a personal telephone, a voice unit, a VRU, a pager, a television, a PDA, a PC, a vending machine, a lock box processing, a business or government computer system and network, and where the user is selected from the group consisting of an entity, an individual, a party acting on behalf of an entity or individual, a party in an exchange between financial institutions and customers, clients, account holders, creditors and debtors, a financial institution, a financial institution service provider, a merchant, a customer, a purchaser, and a client.
  - 9. The system of claim 1 including at least one adapter, the adapter capable of translating transmissions between and among the channel, device, system, destination and processor.
  - 11. The system of claim 1 or claim 10 wherein the user is a purchaser at a merchant site and the request seeks a confirmation of the existence of a current account at a financial institution associated with the purchaser.
  - 12. The system of claim 11 where the request further includes confirmation of sufficiency of funds in the account, the sufficiency of funds including an amount associated with a financial instrument of the purchaser presented to the merchant.
  - 13. The system of claim 12 where upon confirmation of the account and funds the purchaser'"'"'s financial institution generates an approval message, the approval message being transmitted to the channel.
  - 14. The system of claim 13 where the stored approval messages are used to generate a memo post that debits the purchaser'"'"'s account by the amount of the financial instrument and credits a corresponding amount to the merchant'"'"'s account at the merchant'"'"'s financial institution.
  - 15. The system of claim 1 or 10 where an alert in included in the transmission of the signal.
  - 16. The system of claim 15 where the alert is selected from the group consisting of an informational update, a fraud alert, a loyalty point, and a coupon.
  - 17. The system of claim 1 or 10 where information contained in the message about the user is compared to information contained in a database of known terrorists.
  - 18. The system of claim 1 or 10 where one or more interaction is logged and one or more than one report is generated.
  - 19. The system of claim 1 or 10 wherein the switch is capable determining and executing a determinate.
  - 20. The system of claim 1 or 10 wherein the determinate is determined based upon information contained in the message selected from the group consisting of the channel, the request, the user, the services provided from the channel, an owner of the channel, the family of service providers of the channel, the credential presented, the language, the interface, and the destination.
  - 22. The system of claim 1 or claim 10 where the verification is performed by a security service, the security service comprising a plurality of appropriate business management routines and data management routines to perform the validation.
  - 23. The system of claim 22 where the data management routines the adapter support encryption means selected from the group consisting of Federal Data Encryption Standards (DES) and crypt password encryption.
  - 24. The system of claim 1 or claim 10 where the message comprises the request, a request component, an element containing data, and the service.
  - 25. The system of claim 24 where the service is based on a semantic.
  - 26. The system of claim 25 wherein the semantic is IFX.
  - 29. The method of claim 25 in which funds transfer between institutions involved in the transaction is effected by periodic settlement between institutions.

10. A language independent integrator of related or unrelated services and channels to perform secure transactions requiring one or more authorization and authentication indicia in one or more than one network comprising:
- a connection of the user to a network from a portal through which the user communicates a message containing a request to initiate a transaction at a destination in which one or more than one of an authorization or an authentication indicia is required and where access to the destination is determined by predetermined criteria associated with the request;
  
  one or more than one adapter connected to the network, the adapter having means for translating the message from the portal into a format recognizable by the destination, the adapter further having means capable of determining a session key, the destination comprising a plurality of services in one or more than one network, the adapter establishing a cache associated with the message, the cache being associated with one of
  
  1) the session key determined by the adapter and
  
  2) a new session key;
  
  a processor interconnected with the adapter and the one or more than one network, the processor having means to verify the user with respect to predetermined information in a data store including information associated with the user, the verification comprising a multidimensional decision determined from information in the message and preexisting data associated with an index of services and channels, and upon verification, means to transfer one of the session key maintained in the cache, the new session key maintained in the cache, an existing credential, or a credential created in the verification, to the destination associated with the request; and
  
  means for transmitting a signal representing a determination of one or more than one authorization and authentication associated with the request to one or more than one of the user and the destination dependent upon the verification.
- View Dependent Claims (21)
- - 21. The system of claim 10 where the adapter comprises software capable of translating and standardizing elements selected from the group consisting of a semantic, a data format, a transport, a wire protocol of an input signal.

27. A method for allowing secure transactions involving authentication and or authorization of a user with regard to disparate services or channels in one or more than one network comprising:
- connecting a user from a portal enabling the user to communicate a message containing a request to initiate a transaction at a destination in which one or more than one of an authorization or an authentication indicia is required and in which user access to the destination to effect a predetermined activity is determined by predetermined criteria associated with the request, transmitting the message from the portal to a processor switch capable of determining a session key associated with the user and the user'"'"'s relationship with the destination, the destination, device or system, establishing in the switch a cache associated with the message and a session key selected from the group consisting of an existing session key and/or a new session key, interconnecting the processor switch with the means for transmitting, one or more than one network, device, or system, and a security service having means to verify the user by comparing a component contained in the message to preexisting data associated with the user, the request, and the portal associated with an index of services and/or channels, devices or networks, determining from the comparison that
  
  1) if a comparison does not match, denying the request and
  
  2) if a comparison matches, a) creating a credential and transferring the credential to the session cache, and b) transferring one of the session key maintained in the cache, the new session key maintained in the cache, an existing credential, or the credential created in the comparison to the destination associated with the request, and transmitting a signal representing a determination of whether match has occurred for the request to one or more than one of the user and the destination.

28. A method for validating the existence of an account and confirming the sufficiency of funds at a financial institution for a customer payment to a merchant linked to a network associated with the merchant user and the customer with regard to separate multiple channels in one or more than one network comprising:
- connecting a merchant from a portal enabling the merchant to communicate a message containing a request to initiate a transaction at a destination institution associated with a customer in which one or more than one of an authorization or an authentication indicia is required for the customer and merchant and in which merchant access to the destination to effect a predetermined activity is determined by predetermined criteria associated with the request, transmitting the message from the portal to a processor switch capable of determining a session key associated with the merchant and the merchant'"'"'s relationship with the destination, establishing in the switch a cache associated with the message and a session key selected from the group consisting of an existing session key and/or a new session key, interconnecting the processor switch with the means for transmitting, the destination network, and a security service having means to verify the merchant by comparing a component contained in the message to preexisting data associated with the merchant, the request, and the portal with respect to an index of channels at the destination, determining from the comparison that
  
  1) if a comparison does not match, denying the request and
  
  2) if a comparison matches, a) creating a credential and transferring the credential to the session cache and b) transferring the credential created in the comparison to the destination associated with the request, transmitting a signal representing a determination of whether a match has occurred to an adapter for interpreting the merchant message and verifying the customer based on information stored in a database and transmitting the interpreted message to a switch, comparing the interpreted message received by the switch to determine the customer financial institution and translating the message into a format recognizable by the customer financial institution and transmitting the translated message to the financial institution, determining the existence of the customer account and sufficiency of funds at the financial institution, upon a positive determination of the existence of the account and sufficiency of funds, transmitting an authorization signal in accordance with the request of the message to the accepting institution through the network, transferring the payment amount to an accepting institution on behalf of the merchant by debiting the purchaser'"'"'s account in the amount of the payment and crediting the merchant'"'"'s account in the amount of the payment, and recording the transfer transaction in the file of the purchaser'"'"'s account and the merchant'"'"'s account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WNR E-Pin LLC
Original Assignee
WNR E-Pin LLC
Inventors
Orkis, Randall E., Randle, William M.

Granted Patent

US 7,565,326 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/39
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G06Q 30/04   Billing or invoicing

H04L 2463/102   applying security measure f...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 69/08   Protocols for interworking;...

Dialect independent multi-dimensional integrator using a normalized language platform and secure controlled access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

97 Citations

29 Claims

Specification

Use Cases

Quick Links

Others

Dialect independent multi-dimensional integrator using a normalized language platform and secure controlled access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

29 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others