System and method for providing trusted brokering services over a distributed network
First Claim
1. A method of providing an online service to a user over a public network, the online service provided by a Service Provider (SP) site to a user computer via the public network, the method comprising the steps of:
- sending a request message from the user computer to the SP site over the public network to request the use of the online service;
generating a challenge message at the SP site in response to the request message and sending the challenge message over the public network to the user computer;
generating a response message in the user computer in response to the challenge message and sending the response message over the public network to the SP site, the response message including or being based upon an identifier of the user;
sending at least the response message from the SP site to a remote online broker site, the online broker site having a brokering database which contains account information of registered users of an online brokering service of the online broker site;
processing the response message at the remote online broker site to determine whether the response message is authentic, the step of processing comprising accessing the account information in the brokering database;
sending a verification message from the remote online broker site to the SP site, the verification message indicating whether the response message is authentic;
retrieving access rights data of the user from the brokering database if the response message is authentic, the access rights data specifies a plurality of content categories to which the user has access, the plurality of content categories corresponding to a plurality of different online services offered by the SP site;
sending the access rights data from the online broker site to the SP site;
providing the online service from the SP site to the user computer over the public network if the verification message indicates that the response message is authentic; and
denying access by the user to the online service if the verification message indicates that the response message is not authentic.
2 Assignments
0 Petitions
Accused Products
Abstract
An Online Brokering Service provides user authentication and billing services to allow users to anonymously and securely purchase online services from Service Providers (SP) sites (e.g., World Wide Web sites) over a distributed public network, which may be an untrusted public network such as the Internet. Users and SP sites initially register with the Brokering Service, and are provided with respective client and server software components for using the Brokering Service. In one embodiment, when a user initially connects to an SP site, the SP site transmits a challenge message over the public network to the user computer, and the user computer generates and returns and cryptographic response message (preferably generated using a password of the user). The SP site then passes the response message to the Brokering Service, which in-turn looks up the user'"'"'s password and authenticates the response message. If the response message is authentic, the Online Brokering Service transmits an anonymous ID to the SP site, which can be used for subsequently billing the user. In addition, the Online Brokering Service transmits user-specific access rights data to the SP site, allowing the SP site to customize its services for the particular user. Billing events generated by the SP sites are transmitted to the Brokering Service, which maintains a user-viewable bill that shows all charges from all SP sites accessed by the user. Advantageously, the payment information (e.g., credit card number) and other personal information of users are not exposed to the SP sites, and are not transmitted over the distributed network.
-
Citations
46 Claims
-
1. A method of providing an online service to a user over a public network, the online service provided by a Service Provider (SP) site to a user computer via the public network, the method comprising the steps of:
-
sending a request message from the user computer to the SP site over the public network to request the use of the online service; generating a challenge message at the SP site in response to the request message and sending the challenge message over the public network to the user computer; generating a response message in the user computer in response to the challenge message and sending the response message over the public network to the SP site, the response message including or being based upon an identifier of the user; sending at least the response message from the SP site to a remote online broker site, the online broker site having a brokering database which contains account information of registered users of an online brokering service of the online broker site; processing the response message at the remote online broker site to determine whether the response message is authentic, the step of processing comprising accessing the account information in the brokering database; sending a verification message from the remote online broker site to the SP site, the verification message indicating whether the response message is authentic; retrieving access rights data of the user from the brokering database if the response message is authentic, the access rights data specifies a plurality of content categories to which the user has access, the plurality of content categories corresponding to a plurality of different online services offered by the SP site; sending the access rights data from the online broker site to the SP site; providing the online service from the SP site to the user computer over the public network if the verification message indicates that the response message is authentic; and denying access by the user to the online service if the verification message indicates that the response message is not authentic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method providing a fee-based online service from a Service Provider (SP) site to a user over a public network while concealing the payment and personal information of the user from the Service Provider, comprising the steps of:
-
providing an online broker site that provides an online brokering service, the online broker site having a brokering database which contains account information on the user and on other users of the online brokering service, the online broker site located remotely from the SP site;
establishing a connection between a computer of the user ("user computer") and the SP site over at least the public network;generating an encrypted authentication message at the user computer and sending the authentication message to the online broker site via at least the public network; verifying the authentication message at the online broker site to thereby authenticate the user, the step of verifying comprising accessing the account information of the user stored in brokering database; generating an anonymous ID at the online broker site and sending the anonymous ID to the SP site to allow the SP site to charge the user for the online service; providing the online service from the SP site to the user computer over the public network; retrieving user-specific customization data of the user from the brokering database and sending the customization data from the online broker site to the SP site, the customization data indicating a user-specified preference for the customization of the online service; adjusting the online service provided from the SP site according to the user-specified preference; and generating a billing event at the SP site and sending the billing event to the online broker site, the billing event specifying at least (1) the anonymous ID, and (2) a monetary charge to be applied to an account of the user. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for allowing users to securely access online service providers over an untrusted distributed network, comprising:
-
a plurality of Service Provider (SP) sites connected to the distributed network, each SP site running at least one service application to provide an online service to users over the distributed network; a plurality of user computers connected to the distributed network, each user computer running at least one client application for accessing online services of the SP sites; an online broker site connected to the plurality of SP sites, the online broker site running at least one brokering application to provide an online brokering service, the online broker site including a user database containing user-specific authentication information of users that have registered to use the online brokering service, the registered users accessing the SP sites from the users computers over the distributed network; a database which stores user-specific customization data, the customization data specifying preferences of the registered users with respect to the online services of the SP sites, the customization data provided to the SP sites by the online brokering service to enable the SP sites to customize the online services to the preferences of individual registered users; and an authentication protocol for allowing the online brokering service to authenticate registered users in response to user-specific authentication requests from the SP sites, the authentication requests responsive to requests from the user computers to access the online services of the SP sites, the authentication protocol implemented by software components of the user computers, the SP sites, and the online broker site. - View Dependent Claims (30, 31, 32, 33, 34)
-
-
35. A method providing a fee-based online service from a Service Provider (SP) site to a user over a distributed network while concealing the payment and personal information of the user from the Service Provider, comprising the steps of:
-
providing an online broker site that provides an online brokering service, the online broker site having a brokering database which contains account information on the user and on other users of the online brokering service, the online broker site located remotely from the SP site; sending an access request from a computer of the user ("user computer") over the distributed network to the SP site; sending an authentication request from the SP site to the online broker site in response to the access request; prompting the user for a user identifier at the user computer and sending the user identifier to the online broker site; authenticating the user at the online broker in response to the authentication request, the step of authenticating comprising using the user identifier sent from the user computer to access the account information stored within the brokering database; sending a verification message from the online broker site to the SP site in response to the authentication request, the verification message indicating whether the step of authenticating was successful; retrieving access rights data of the user from the brokering database if the step of authenticating is successful, the access rights data specifying a plurality of access rights of the user with respect to the online service and/or the SP site; sending the plurality of access rights data from the online broker site to the SP site to anonymously inform the SP site of the access rights of the user; providing the fee-based online service from the SP site to the user computer over the distributed network only if the verification message indicates that the step of authenticating was successful; generation a billing event at the SP site and sending the billing event to the online broker site, the billing event anonymously identifying the user to the online brokering service, the billing event including a charge for the providing of the online service to the user computer; and updating an account of the user at the online broker site to reflect the charge included within the billing event. - View Dependent Claims (36)
-
-
37. An online brokering service for allowing users of a public network to anonymously purchase online services from Service Provider (SP) sites on the public network, the online brokering service provided from an online broker site that is located remotely from the SP sites, the online brokering service comprising:
-
a database which contains account information of users that have registered with online brokering service, the account information including at least a unique identifier of each registered user; a billing system for recording monetary charges to accounts of registered users, the monetary charges corresponding to online services purchased from the SP sites over the public network; and a software package running at the online broker site, the software package performing at least the following functions; (a)authenticating registered users in response to authentication requests received from the SP sites, the authentication requests generated in response to attempts by registered users to access online services of the SP sites, said authenticating comprising accessing the database to verify user account information; (b)receiving user-specific billing events from the SP sites and passing the billing events to the billing system to update the accounts of registered users, each billing event specifying at least (1) an anonymous ID of a registered user, and (2) a charge to be applied to the account of the registered user; and (c) retrieving user-specific access rights data from the database in response to requests from the SP sites and transmitting the access rights data to the SP sites, the access rights data specifying a plurality of content categories or services to which a registered user has access and enabling the SP sites to provide customized access rights to the registered users. - View Dependent Claims (38, 39, 40)
-
-
41. A virtual online services network for allowing users to directly access service provider (SP) sites over a public network, comprising:
-
an online brokering service running on at least one site of a computer network, the online brokering service storing account and billing information for a plurality of users of the public network, each of the users having a respective account with the online brokering service, the online brokering service providing online access by the users to account-specific billing information; a plurality of fee-based online services running on a plurality of independent service provider (SP) sites on the public network, the SP sites directly accessible to the users over the public network, each SP site being registered with the online brokering service and being configured to use the online brokering service to authenticate the users when the users connect to the SP sites over the public network, the fee-based services configured to generate account-specific billing events in response to uses of the online services by the users and to forward the billing events to the online brokering service so that the users are billed for the online services from a centralized billing location; and a log-on protocol which allows the users to access the plurality of online services using their respective accounts with the online brokering service, the log-on protocol configured to (1) prompt a user for an account identifier, (2) cache the account identifier during the course of a user log-on session, and (3) use the cached account identifier to access multiple different SP sites, the log-on protocol thereby allowing the user to seemlessly access the plurality of fee-based online services following a single log-on event; wherein the online brokering service stores user-specific access rights data, and provides the access rights data specifying access rights for a plurality of online services for a specific user to the SP sites in response to requests from the SP sites, and wherein the fee-based online services are configured to use the access rights data to automatically provide user-customized services to the users. - View Dependent Claims (42, 43, 44)
-
-
45. An apparatus comprising:
-
A broker server operatively connected to a computer network, the broker server having a processor and a computer readable memory, the memory storing broker server implementation software, including customer access software, site linking software to link customers to selected sites on the computer network and at least one data structure; the at least one data structure including a list of registered customers along with corresponding ID and payment information, and including a list of online sites with their corresponding linking information, the list of online sites being a subset of the sites available to users of the computer network, the at least one data structure further including access rights to a plurality of online services provided by at least one online site within the list of online sites; whereby the broker server facilitates seamless connection between a selected customer from its list of customers and a selected online site from the listed online sites to create a virtual online service, including providing the selected customer'"'"'s access rights to the plurality of online services provided by the selected online site. - View Dependent Claims (46)
-
Specification