Automatic network user identification

US 20060195597A1
Filed: 05/01/2006
Published: 08/31/2006
Est. Priority Date: 08/11/1997
Status: Abandoned Application

First Claim

Patent Images

1-26. -26. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for allowing a secure transaction system (STS) that includes an access system in communication with a network access provider (NAP) identification module to convey to a third party trusted persistent identification details relating to a customer computer station. A user identification request including a set of generally available persistent and transient IDs is received from the third party. The NAP ID module is requested to extract persistent IDs and information associated with the customer computer station and to verify the transient IDs of the customer computer station. The information is received from the NAP ID module and forwarded at least in part back to the third party.

25 Citations

View as Search Results

75 Claims

1-26. -26. (canceled)

27. A method for allowing a secure transaction system (STS) comprising an access system in communication with a network access provider (NAP) identification module to convey to a third party trusted persistent identification details relating to a customer computer station, the method including:
- receiving a user identification request from the third party, including a set of generally available persistent and transient IDs;
  
  requesting the NAP ID module to extract persistent IDs and information associated with said customer computer station and to verify the transient IDs of said customer computer station;
  
  receiving said information from the NAP ID module;
  
  forwarding at least some of said information back to the third party.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
- - 28. The method according to claim 27, for authenticating a commercial transaction offered by the third party to the customer computer station wherein said method comprises:
    - receiving from the customer computer station transaction data relating to a request by the customer computer station for purchase of goods or services offered by the point of sale computer, said transaction data being conveyed transparently to the customer computer station by the point of sale computer and containing an address of the secure transaction server for allowing the customer computer station to connect to the secure transaction server without requiring provision of a custom software agent in the customer computer station;
      
      converting a transient network ID associated with network communication to a trusted persistent user ID;
      
      conveying to the customer computer station details of the transaction for verification by the customer;
      
      upon receiving verification from the customer, obtaining from the NAP confirmation that the customer is certified to effect the requested transaction; and
      
      if the customer is certified to effect the requested transaction, providing transaction authorization to the third party application to provide said goods or services and mediating payment therefor.
  - 29. The method according to claim 27, wherein the trusted persistent user ID includes one or more of:
    - (a) caller identification information;
      
      (b) ID persistently associated with the customer computer station a customer uses to connect to the network;
      
      (c) an ID associated with the user by the NAP, such as a billing number;
      
      (d) the telephone number from which the customer has established the network connection;
      
      (e) billing account of the customer that is associated with the caller identification information;
      
      (f) a financial account;
      
      (g) credit or debit card;
  - 30. The method according to claim 27, wherein after receiving the user identification request and prior to requesting the NAP ID module to extract persistent IDs and information associated with the customer computer station there is further included extracting a transient ID of the customer computer station.
  - 31. The method according to claim 30, wherein extracting a transient ID of the customer computer station includes any one or more of the following:
    - (a) obtaining transient identity information associated with an IP address of the customer computer station from the NAP;
      
      (b) obtaining an IP address of the customer computer station from an HTTP “
      
      Forwarded-For”
      
      header;
      
      (c) obtaining an IP address of the customer computer station by instructing a browser of the customer computer station to connect in the background to an unproxied service or host;
      
      (d) obtaining an IP address of the customer computer station by downloading an application on the customer computer station for contacting the transaction service or the NAP;
      
      (e) obtaining a true IP address of the customer computer station in the event the customer computer station uses a proxy.
  - 32. The method according to claim 27, wherein the user identification request may be routed by more than one NAP and the user identification request from the third party is received via at least one identification switch that is adapted to forward third party identification requests to a respective one of the NAPs, and to route NAP originated ID replies to the third party.
  - 33. The method according to claim 30, wherein some of said transient IDs are implied by communication protocols, and are rendered explicit at either the NAP ID module or the STS.
  - 34. The method according to claim 30, wherein the NAP ID module is adapted to extract trusted persistent IDs associated with the transient IDs by retrieving data from a group of databases including an online session database in communication with said NAP which associates transient IDs with one or more trusted persistent IDs, and a user information database in communication with said NAP which associates trusted persistent IDs with further trusted persistent IDs.
  - 35. The method according to claim 30, wherein extracting the network address comprises detecting a request from the user of a specific URL identifiable by a plug-in installed in a proxy server of said NAP;
    - and said plug-in reporting the real network address of the user.
  - 36. The method according to claim 31, wherein obtaining a true IP address of the customer computer station in the event the customer computer station uses a proxy includes:
    - identifying a specific URL of the customer computer station via a network sniffer installed between the customer computer station and the proxy, said sniffer identifying a request for identification by way of one or more agreed-upon characteristics of the URL, and ascertaining the network address transient ID of the customer computer station accessing said URL and conveying the network address transient ID back to the NAP for processing the third party'"'"'s request for trusted persistent IDs.
  - 37. The method according to claim 31, wherein obtaining a true IP address of the customer computer station in the event the customer computer station uses a proxy includes:
    - (a) Instructing the customer computer station to connect directly to a specified address port or service at which resides a network address extraction module, thus circumventing the proxy server and allowing the extraction module to extract the user'"'"'s network address and transmit it to the requesting NAP.
  - 38. The method according to claim 27, wherein said NAP is one of a plurality of an Internet service providers and wherein said customer transient identity information includes at least an IP address space of a respective one of said Internet service providers and technical information needed to contact said respective Internet service provider.
  - 39. The method according to claim 28, wherein obtaining from the NAP confirmation that the customer is certified to effect the requested transaction includes determining whether the customer is authorized to conduct the transaction.
  - 40. The method according to claim 28, wherein obtaining from the NAP confirmation that the customer is certified to effect the requested transaction comprises validating financial capability of the customer to pay for the transaction.
  - 41. The method according to claim 28, wherein mediating payment comprises:
    - (a) debiting a customer account that is associated with the customer; and
      
      (b) crediting a third party account that is associated with the third part.
  - 42. The method according to claim 28, wherein mediating payment includes one of the following:
    - (a) charging of a financial account via a financial service provider;
      
      (b) billing against an account associated with a telecommunication service provider;
      
      (c) charging of a credit card or a debit card;
      
      (d) billing against an account associated with the customer at the network provider.
  - 43. The method according to claim 28, including deferring billing of the user account to a later date.
  - 44. The method according to claim 28, including billing multiple transactions simultaneously.
  - 45. The method according to claim 28, further including encrypting communication with the point of sale computer station and with the NAP server.
  - 46. The method according to claim 27, wherein forwarding comprises reporting the set of transient and persistent user IDs associated with said user to the third party.
  - 47. The method according to claim 27, wherein forwarding information comprises verifying a set of transient and persistent user IDs received as part of the third party identification request;
    - and forwarding a match score describing similarity between an extracted set of transient and trusted persistent IDs associated with said customer computer station and the information items provided in the identification request.
  - 48. The method according to claim 27, wherein forwarding information comprises obfuscating trusted persistent IDs from the third party, and substituting it instead with a persistent virtual ID for conveying to the third party.
  - 49. The method according to claim 27, further including caching information received from the NAP ID module so as to allow said information to be subsequently forwarded without requesting the NAP ID module to extract the information.
  - 50. The method according to claim 28, including:
    - (a) establishing at least one billing agreement with the third party;
      
      (b) establishing at least one billing agreement with the NAP; and
      
      (c) remitting payment in accordance with the billing agreements.
  - 51. The method according to claim 50, wherein the at least one billing agreement with the NAP relates to billing an account of said customer against a cost of said transaction.
  - 52. The method according to claim 50, wherein remitting payment comprises crediting an account of said third party by at least a portion of a cost associated with said transaction.
  - 53. The method according to claim 52, wherein crediting instructing a financial service provider to effect payment.
  - 54. The method according to claim 53, wherein said financial service provider is selected from the group consisting of a bank and a credit card company.
  - 55. The method according to claim 41, wherein said third party account is a bank account or a credit card account.
  - 56. The method according to claim 41, including deferring crediting of the third part account to a later date.
  - 57. The method according to claim 56, including crediting the third part account in respect of multiple transactions simultaneously.
  - 58. The method according to claim 28, wherein the customer computer station is configured to use a proxy for selected services or hosts only and obtaining an IP address of the customer computer station includes:
    - instructing a browser of the customer computer station to open a connection to a service or host that does not require use of a proxy; and
      
      obtaining the IP address of the customer computer station via said connection.
  - 59. The method according to claim 28, wherein obtaining an IP address of the customer computer station includes:
    - activating an application on said customer computer station for opening a connection to a server, and obtaining the IP address of the customer computer station via said connection.
  - 60. The method according to claim 32, further comprising (a) determining an identity of the NAP that serves the user and is capable of extracting trusted persistent IDs from transient IDs;
    - (b) forwarding said identification request with coupled transient IDs to the respective NAP identification module associated with said NAP;
      
      (c) determining whether said identification request includes the network address of said customer computer station as one of the transient IDs; and
      
      (d) if said identification request does not include the network address of said customer computer station, extracting the network address when the customer computer station connects to the respective NAP.
  - 61. The method according to claim 60, wherein determining the identity of the NAP comprises maintaining a look-up table of network addresses associated with a plurality of NAPs;
    - and determining the identity of the NAP by reference to said look-up table.
  - 62. The method according to claim 61, including manually updating the look-up table whenever network address assignments change.
  - 63. The method according to claim 61, including automatically said look-up table from said NAP identification module based on information reported from said access system.
  - 64. The method according to claim 61, wherein said look-up table is constructed from existing network address assignment databases.
  - 65. The method according to claim 27, wherein requesting the NAP ID module to verify the transient IDs of said customer computer station includes:
    - (a) if said transient ID is determined to be trusted, requesting the service provider to include said transient ID in an identification request and to send said identification request to a network access provider (NAP) and to provide service in accordance with said service request; and
      
      (b) if the transient ID is determined not to be trusted, requesting the service provider to verify the authenticity of said transient ID, before proceeding with conversion into persistent IDs.
  - 66. The method according to claim 65, wherein sending an identification (ID) request comprises sending the ID request via at least one identification switch.
  - 67. The method according to claim 65, further comprising:
    - (a) determining the identity of the NAP servicing said customer computer station;
      
      (b) forwarding said identification request to the NAP identification module associated with said identified NAP;
      
      (c) determining whether said identification request includes the network address of said customer computer station; and
      
      (d) if said identification request does not include the network address of said customer computer station, extracting the transient ID when the customer computer station connects to the NAP.
  - 68. The method according to claim 67, wherein forwarding said identification comprises configuring at least one network appliance to route specific requests to a specified NAP for allowing the NAP identification module associated with said specified NAP to identify said customer computer station.
  - 69. The method according to claim 68, wherein said at least one network appliance comprises one of a group including an HTTP proxy and a WAP Gateway.

70. A secure transaction system (STS) comprising an access system in communication with one or more network access provider(s) (NAP) identification module(s) for conveying to a third party trusted persistent identification details relating to a customer computer station, the system including:
- a first receiving unit for receiving a user identification request from the third party, including a set of generally available persistent and transient IDs;
  
  a request unit coupled to the first receiving unit and responsive to the user identification request for requesting the appropriate NAP ID module to extract persistent IDs and information associated with said customer computer station and to verify the transient IDs of said customer computer station;
  
  a second receiving unit for receiving said information from the NAP ID module; and
  
  a communication unit coupled to the second receiving unit for forwarding at least some of said information back to the third party.
- View Dependent Claims (71, 72, 73, 74)
- - 71. The system according to claim 70, further comprising at least one online session database in communication with said access system, said at least one online session database containing at least information associating said user'"'"'s trusted persistent IDs with the transient ID of the customer computer station, said NAP ID module being adapted to translate the transient IDs into a trusted persistent ID, and to forward the trusted persistent ID to the third party.
  - 72. The system according to claim 70, wherein said at least one NAP is in communication with said third party via at least one identification switch.
  - 73. The system according to claim 70, further comprising at least one user information database, in communication with said NAP ID module.
  - 74. The system according to claim 73, wherein said at least one user information database comprises at least one of a group of databases containing data including personal details related to said user, billing information, information about past user logins, and a reverse telephone directory.

75. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method for allowing a secure transaction system (STS) comprising an access system in communication with a network access provider (NAP) identification module to convey to a third party trusted persistent identification details relating to a customer computer station, the method including:
- receiving a user identification request from the third party, including a set of generally available persistent and transient IDs;
  
  requesting the NAP ID module to extract persistent IDs and information associated with said customer computer station and to verify the transient IDs of said customer computer station;
  
  receiving said information from the NAP ID module;
  
  forwarding at least some of said information back to the third party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trivnet Ltd. (Thales SA)
Original Assignee
Trivnet Ltd. (Thales SA)
Inventors
Wilf, Saar, Tal, Or, Shaked, Shvat, Tarsi, Yuval

Application Number

US11/414,182
Publication Number

US 20060195597A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 2221/2115   Third party

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/16   Payments settled via teleco...

G06Q 30/06   Buying, selling or leasing ...

H04L 2463/102   applying security measure f...

H04L 61/00   Network arrangements, proto...

H04L 61/35   involving non-standard use ...

H04L 63/08   for authentication of entit...

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04L 67/53   using third party service p...

H04L 69/327   in the session layer [OSI l...

H04L 69/329   in the application layer [O...

Automatic network user identification

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic network user identification

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links