Authorisation system
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for securely authorising an on-line transaction, e.g. involving a micro-payment, between a customer browser and merchant server without the need for special software installed on the customer computer or a SSL connection to the merchant server. The authorisation method involves a double redirection instruction: the initial transaction request is redirected via the customer web browser to a service provider arranged to authenticate the customer, from where the authenticated instruction is further redirected via the customer web browser to a merchant site to complete the transaction. Information identifying the merchant, merchandise, etc. is included in the redirection instruction, and may be encrypted or encoded e.g. using a hash function to prevent tampering. To authorise an authenticated instruction, a cookie containing transaction identification data may be returned to the merchant web server along with the authenticated instruction. Alternatively, the service provider may set a time limit after which the authenticated instruction will no longer be valid.
-
Citations
62 Claims
-
1-49. -49. (canceled)
-
50. A method of authorising an on-line transaction between a customer web browser and a merchant web server after the customer web browser has sent a transaction request to the merchant web server, the method including the steps of:
-
identifying the transaction request with a first label;
sending a data package containing the first label to the customer web browser from the merchant web server;
redirecting the customer web browser to a service provider that is remote from the merchant web server and is arranged to authenticate the identity of the customer, the redirecting step including;
providing a second label for a first redirection instruction sent from the merchant web server to the customer web browser, the second label having a first encrypted element unique to the merchant, and the first redirection instruction being separate from the data package;
including the first label in the first redirection instruction; and
sending a modified transaction request from the customer web browser to the service provider, the modified transaction request including the first and second labels included in the first redirection instruction, the second label including the first encrypted element unique to the merchant;
confirming that the customer can be party to the transaction, the confirming step including;
authenticating the first encrypted element;
providing a third label for a second redirection instruction sent from the service provider to the customer web browser, the third label having a second encrypted element unique to the service provider;
including the first label included in the modified transaction request in the second redirection instruction;
sending a further modified transaction request from the customer web browser to the merchant web server, the further modified transaction request including the first and third labels included in the second redirection instruction, the third label including the second encrypted element; and
returning the data package from the customer web browser to the merchant web server; and
authorising the transaction, the authorising step including;
authenticating the second encrypted element; and
matching the first label included in the further modified transaction request received by the merchant web server with the first label sent in the data package that is returned to the merchant web server. - View Dependent Claims (51, 52, 53, 54, 55, 56)
-
-
57. A web server for authorising an on-line transaction request received from a customer web browser, the web server including:
-
request identifying means for giving a first label to a transaction request from the customer web browser, the request identifying means being arranged to cause a data package containing the first label to be sent to the customer web browser;
first redirection identifying means for providing the first label and a second label in a first redirection instruction sent to the customer web browser, the second label including a first encrypted element unique to the web server, the first redirection instruction being separate from the data package and causing the customer web browser to send a modified transaction request to a service provider that is remote from the merchant web server in order for the service provider to authenticate the identity of the customer, whereby a second redirection instruction is issued to the customer web browser to cause the customer web browser to send a further modified transaction request to the web server and to return the data package to the web server, the second redirection instruction and the further modified transaction request including the first label and a third label which includes a second encrypted element unique to the service provider;
authenticating means for authenticating the second encrypted element contained with the further modified transaction request received from the customer web browser; and
a computer program arranged to authorise the transaction when;
the authenticating means authenticates the second encrypted element; and
the first label included in the received further modified transaction request matches the first label in the returned data package.
-
-
58. An authorisation system for an on-line transaction between a customer web browser and a merchant web server, the system including:
-
a service provider that is remote from the merchant web server, the service provider being arranged to authenticate the identity of the customer;
a request identifier for giving a first label to a transaction request from the customer web browser to the merchant web server;
a first redirection identifier for providing the first label and a second label in a first redirection instruction sent from the merchant web server to the customer web browser, the second label including a first encrypted element unique to the merchant, the first redirection instruction causing the customer web browser to send a modified transaction request to the service provider, the modified transaction request including the first and second labels included in the first redirection instruction, the second label including the first encrypted element;
second redirection identifier for providing the first label included in the modified transaction request received by the service provider and a third label in a second redirection instruction sent from the service provider to the customer web browser, the third label including a second encrypted element unique to the service provider, the second redirection instruction causing the customer web browser to send a further modified transaction request to the merchant web server, the further modified transaction request including the first and third labels included in the second redirection instruction, the third label including a second encrypted element;
a expiry setter for including a fourth label indicative of a time limit in the second redirection instruction, the fourth label being included with the first and third labels in the further modified transaction request;
a first authentication portion for authenticating the first encrypted element in the modified transaction request to indicate to the service provider that the source of the first redirection instruction is trusted; and
a second authentication portion for authenticating the second encrypted element in the further modified transaction request to indicate to the merchant web server that the source of the second redirection instruction is trusted;
wherein;
the service provider is arranged so that the second redirection instruction is sent when the first authentication portion authenticates the first encrypted element; and
the system includes a computer program arranged to authorise the transaction when;
the second authentication portion authenticates the second encrypted element; and
the time limit indicated by the fourth label has not expired. - View Dependent Claims (59, 60, 61)
-
-
62. A web server for authorising an on-line transaction request received from a customer web browser, the web server including:
-
a request identifier for giving a first label to a transaction request from the customer web browser;
a first redirection identifier for providing the first label and a second label in a first redirection instruction sent to the customer web browser, the second label including a first encrypted element unique to the web server, the first redirection instruction causing the customer web browser to send a modified transaction request to a service provider that is remote from the merchant web server in order for the service provider to authenticate the identity of the customer, whereby a second redirection instruction is issued to the customer web browser to cause the customer web browser to send a further modified transaction request to the web server, the second redirection instruction and the further modified transaction request including a third label which includes a second encrypted element unique to the service provider and a fourth label indicative of an expiry time;
an authentication portion for authenticating the second encrypted element contained with the further modified transaction request received from the customer web browser; and
a computer program arranged to authorise the transaction when;
the authentication portion authenticates the second encrypted element; and
the time indicated by the fourth label has not expired.
-
Specification