Method and system for secure handling of elecronic business transactions on the internet
First Claim
1. A method for handling end-to-end business transactions between a user and at least one sales-entity and/or service provider via a TCP/IP controlled computer network, wherein providing a transaction managing instance for managing said end-to-end business transactions, said method comprising:
- providing a pool of IP addresses on side of said transaction managing instance;
performing an access authentication based single sign-on by said user managed by said transaction managing instance wherein said transaction managing instance is allocating an IP address out of said pool of IP addresses to said user, when said user initiates an online session for conducting at least one end-to-end business transaction with said at least one sales-entity and/or service provider;
generating a session context including said allocated IP address and user identification information and continuously monitored transaction events by said user;
transmitting an authorization request from the at least one sales-entity and/or service provider, or another service provider, to said transaction managing instance, when an at least one end-to-end business transaction with said at least one sales-entity and/or service provider occurs, wherein the transaction managing instance validates said user'"'"'s authorization for said at least one business transaction based on said session context;
monitoring said online session of said user and detecting if said online session is terminated; and
invalidating said allocated IP address and said session context, if termination of said online session is detected, and providing said IP address back to said pool of IP addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a computer-based technology for handling end-to-end business transactions in a TCP/IP-environment. A managing instance enables logon and provides a pool of IP addresses available for allocation. The managing instance allocates an IP address from the pool and establishes a tunneling IP connection between the managing instance and a user'"'"'s device. The user'"'"'s IP address together with any attributes relevant for accounting, authentication and authorization (AAA) are stored during the session time. The correlation between a user'"'"'s authentication name and an IP address assigned to that name as well as the book-keeping of the validity of that correlation is handled using a session context. Any identification process for a user/subscriber who would like to use any service offered by an e-Service provider will be conducted solely using the assigned IP address.
54 Citations
26 Claims
-
1. A method for handling end-to-end business transactions between a user and at least one sales-entity and/or service provider via a TCP/IP controlled computer network, wherein providing a transaction managing instance for managing said end-to-end business transactions, said method comprising:
-
providing a pool of IP addresses on side of said transaction managing instance;
performing an access authentication based single sign-on by said user managed by said transaction managing instance wherein said transaction managing instance is allocating an IP address out of said pool of IP addresses to said user, when said user initiates an online session for conducting at least one end-to-end business transaction with said at least one sales-entity and/or service provider;
generating a session context including said allocated IP address and user identification information and continuously monitored transaction events by said user;
transmitting an authorization request from the at least one sales-entity and/or service provider, or another service provider, to said transaction managing instance, when an at least one end-to-end business transaction with said at least one sales-entity and/or service provider occurs, wherein the transaction managing instance validates said user'"'"'s authorization for said at least one business transaction based on said session context;
monitoring said online session of said user and detecting if said online session is terminated; and
invalidating said allocated IP address and said session context, if termination of said online session is detected, and providing said IP address back to said pool of IP addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A data processing program for execution in a data processing system comprising software code portions for performing a method when said program is run on said system, said method comprising:
-
providing a pool of IP addresses on side of said transaction managing instance;
performing an access authentication based single sign-on by said user managed by said transaction managing instance wherein said transaction managing instance is allocating an IP address out of said pool of IP addresses to said user, when said user initiates an online session for conducting at least one end-to-end business transaction with said at least one sales-entity and/or service provider;
generating a session context including said allocated IP address and user identification information and continuously monitored transaction events by said user;
transmitting an authorization request from the at least one sales-entity and/or service provider, or another service provider, to said transaction managing instance, when an at least one end-to-end business transaction with said at least one sales-entity and/or service provider occurs, wherein the transaction managing instance validates said user'"'"'s authorization for said at least one business transaction based on said session context;
monitoring said online session of said user and detecting if said online session is terminated; and
invalidating said allocated IP address and said session context, if termination of said online session is detected, and providing said IP address back to said pool of IP addresses.
-
-
11. A computer program product stored on a computer usable medium, comprising computer readable program means for causing a computer to perform a method when said program is run on said computer, said method comprising:
-
providing a pool of IP addresses on side of said transaction managing instance;
performing an access authentication based single sign-on by said user managed by said transaction managing instance wherein said transaction managing instance is allocating an IP address out of said pool of IP addresses to said user, when said user initiates an online session for conducting at least one end-to-end business transaction with said at least one sales-entity and/or service provider;
generating a session context including said allocated IP address and user identification information and continuously monitored transaction events by said user;
transmitting an authorization request from the at least one sales-entity and/or service provider, or another service provider, to said transaction managing instance, when an at least one end-to-end business transaction with said at least one sales-entity and/or service provider occurs, wherein the transaction managing instance validates said user'"'"'s authorization for said at least one business transaction based on said session context;
monitoring said online session of said user and detecting if said online session is terminated; and
invalidating said allocated IP address and said session context, if termination of said online session is detected, and providing said IP address back to said pool of IP addresses. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
12. A system for handling end-to-end business transactions between at least one user and at least one sales-entity and/or service provider via a TCP/IP controlled computer network, wherein said system includes a transaction managing instance for managing said end-to-end business transactions and wherein said transaction managing instance comprises:
-
a pool of IP addresses available for allocation to said at least one user;
means for performing an access authentication based single sign-on in response to a session initiation by said at least one user and for allocating an IP address out of said pool of IP addresses to an online session initiated by said at least one user;
means for generating a session context including said allocated IP address and user identification information and continuously monitored transaction events by said at least one user;
means for processing an authorization request transmitted from the at least one sales-entity and/or service provider, or another service provider, when an at least one end-to-end business transaction with said at least one sales-entity and/or service provider occurs, and for validating said at least one user'"'"'s authorization for said at least one business transaction based on said session context;
means for monitoring said online session of said at least one user and for detecting if said online session is terminated; and
means for invalidating said allocated IP address and said generated session context, if termination of said online session is detected, and for providing said IP address back to said pool of IP addresses. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification