Transaction security in electronic commerce
First Claim
1. A trust server connectable to a gateway server controlling access to a remote server, the trust server comprising a validator operable to validate data received from said gateway server and to store said data in data storage such that said data is retrievable by said gateway server, wherein the validator is operable to identify time-critical and non time-critical validations of said data and to deliver status information relating to each said validation to said gateway appropriately.
1 Assignment
0 Petitions
Accused Products
Abstract
A device, system and method are described for parsing and propagating end user identity received from a terminal (1) involved in a wireless session to an application in a gateway server (13). The PLMN (7) of which terminal (1) forms part provides access to external networks including a PSTN (9). In addition to conventional telephone operations, the terminal (1) provides its user with access to the internet (11) via the gateway server (13). The gateway server (13) may be operated by a service provider or perhaps a particular organisation such as a bank which for security reasons wishes to keep control of the gateway server (13). Software through which the transactions are carried out is provided by various so-called back-end applications resident on an applications server (17). A trust server (30) is provided which is connectable to the gateway server (13) controlling access to the application server (17).
54 Citations
89 Claims
- 1. A trust server connectable to a gateway server controlling access to a remote server, the trust server comprising a validator operable to validate data received from said gateway server and to store said data in data storage such that said data is retrievable by said gateway server, wherein the validator is operable to identify time-critical and non time-critical validations of said data and to deliver status information relating to each said validation to said gateway appropriately.
- 10. A transaction security device for connection to a network including at least one terminal, the device comprising a server operable to validate data provided by a terminal over said connection in order to establish a secure session, wherein said server is operable to carry out time critical and non time-critical validations of said data and to deliver status information relating to each said validation to said device appropriately.
- 18. A transaction security system comprising a gateway server connected to a network including at least one terminal and a trust server connected to said gateway server, the trust server being operable to validate data received from said gateway server as provided by a terminal over said connection in order to establish a secure session between said terminal and gateway server, wherein the validator is operable to carry out time-critical and non time-critical validations of said data and to deliver status information relating to each said validation to said gateway server appropriately.
- 26. A transaction security method for a server connected to a network, the method comprising receiving a request to establish a secure session over a network connection and enabling said secure session in response to successful validation of data accompanying said request and following the establishment of said session, selectively performing a further validation of said data such that said session is terminated following an unsuccessful such further validation.
- 34. A transaction security device for connection to a network including at least one terminal, the device comprising a server operable to validate data provided by a terminal over said connection in order to establish a secure session and a controller providing access to at least one application over said secure session, the device being operable to respond to a request from said terminal to access an application by obtaining at least part of said previously validated data from said server and forwarding said data to said controller, wherein access to an application is determined by said controller in accordance with said data.
- 40. A transaction security system comprising a server connected to a network including at least one terminal, the server being operable to validate data provided by a terminal over said connection in order to establish a secure session therewith, said server being further operable to respond to a request from said terminal for access to an application by providing at least part of said validated data to a controller, such that a determination on whether to permit access by said terminal is made by said controller in response to said validated data.
- 46. A transaction security method for a server connected to a network, the method comprising the server acting on a request to establish a secure session over a network connection by validating data received in said request and, following establishment of said session, determining whether to allow a request to access an application by reference to at least part of said previously validated data.
- 55. A trust server connectable to a gateway server controlling access to a remote server, the trust server comprising a validator, and data storage, wherein the validator is responsive to a first request from said gateway server to deliver status information relating to data received by said gateway server and to store said data in said storage such that said data is retrievable by said gateway server, said gateway server being operable to determine from said retrieved data and status information whether to allow a request to access said remote server.
- 63. A trust server connectable to a gateway server controlling access to a remote server, the trust server comprising a validator and data storage, wherein the validator is responsive to a first request from said gateway server to deliver status information relating to data received by said gateway server and to store said data in said storage such that said data is retrievable by said gateway server for inclusion in a request to said remote server.
- 71. A transaction security device for connection to a network including at least one terminal, the device comprising a server operable to validate data provided by a terminal over said connection in order to establish a secure session, the device being operable to respond to a request from said terminal to access an application by obtaining said previously validated data from said server and forwarding said data to said application along with said request.
- 76. A transaction security system comprising a server connected to a network including at least one terminal, the server being operable to validate data provided by a terminal over said connection in order to establish a secure session therewith, said server being further operable to respond to a request from said terminal for access to an application by providing said validated data to said application, such that a determination on whether to permit access by said terminal is made by said application in response to said validated data.
- 81. A transaction security method for a server connected to a network, the method comprising acting on a request to establish a secure session over a network connection including validating data received in said request and following establishment of said session acting on a further request to access an application by providing at least part of said previously validated data to said application for authentication and/or encryption purposes.
Specification