Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts

US 6,898,577 B1
Filed: 03/18/1999
Issued: 05/24/2005
Est. Priority Date: 03/18/1999
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented draft authentication method for use in e-commerce, comprising the steps of:

storing, for each of a plurality of draft drawers, at least one piece of unique identifying information, said at least one piece of unique identifying information being linked at least to said respective drawer'"'"'s financial information;

authenticating a drawer of a draft by immediately encrypting at least a portion of an identification data provided by the drawer and successfully matching the immediately encrypted identification data with said at least one stored piece of identifying information;

retrieving at least the drawer'"'"'s financial information and establishing constraints based on the retrieved financial information;

honoring a draft presented by a payee with whom the drawee has a partner relationship only when the drawer of the presented draft is successfully authenticated by drawee and the constraints are satisfied.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented draft authentication method for use in e-commerce includes the steps of establishing partner relationships between a financial institution and a plurality of World Wide Web (Web) vendors and storing, for each of a plurality of Web customers, at least one piece of unique identifying information linked to the Web customer'"'"'s financial information. Web customers executing drafts or causing drafts to be executed by the Web vendors and presented to the financial institution are authenticated by immediately encrypting at least a portion of an identification data set provided by the Web customer over the network and by successfully matching the immediately encrypted identification data set with the stored piece(s) of encrypted identifying information. The Web customer'"'"'s financial information is then retrieved only by the financial institution and constraints are established based-on the retrieved information. The financial institution then honors drafts presented by the Web vendors with whom the drawee has a partner relationship only when the Web customer is successfully authenticated and the constraints are satisfied. Only the identification information (such as biometric data and/or ID and password pairs) of each of the Web customers is securely replicated from the financial institution to each of the Web vendors. LDAP-compatible Directory software may be utilized as the means of storing, processing and replicating the Web customer'"'"'s identification information to each of the Web vendors. The financial institution warrants the security of the system and controls the replication and content of the Directories at each of the Web vendor sites.

143 Citations

40 Claims

1. A computer-implemented draft authentication method for use in e-commerce, comprising the steps of:
- storing, for each of a plurality of draft drawers, at least one piece of unique identifying information, said at least one piece of unique identifying information being linked at least to said respective drawer'"'"'s financial information;
  
  authenticating a drawer of a draft by immediately encrypting at least a portion of an identification data provided by the drawer and successfully matching the immediately encrypted identification data with said at least one stored piece of identifying information;
  
  retrieving at least the drawer'"'"'s financial information and establishing constraints based on the retrieved financial information;
  
  honoring a draft presented by a payee with whom the drawee has a partner relationship only when the drawer of the presented draft is successfully authenticated by drawee and the constraints are satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said at least one piece of identifying information includes at least one of an ID and encrypted password pair and biometric data.
  - 3. The method of claim 1, wherein said at least one piece of unique identifying information for each of the plurality of draft drawers is stored in a data structure managed by a Directory software controlled by the draft drawee.
  - 4. The method of claim 3, wherein at least a portion of the data structure is replicated, via Light Weight Directory Access Protocol (LDAP) or similar standard format, to each of the plurality of draft payees.
  - 5. The method of claim 1, wherein the establishing step further includes the steps of providing a master list to each of the plurality of draft payees, the master list including said at least one piece of unique identifying information for each of the plurality of draft drawers.
  - 6. The method of claim 1, further including the step of making a payee list available to the plurality of draft drawers, the payee list identifying the plurality of draft payees with whom the drawee has a partner relationship.
  - 7. The method of claim 6, wherein the payee list is posted on a secure World Wide Web (Web) site administered by the draft drawee, each member of the list linking to a Web site administered by one of the plurality of draft payees with whom the drawee has a partner relationship.
  - 8. The method of claim 1, wherein the honoring step includes paying the payee and at least one of debiting an account held by the drawee and charging a credit or charge card designated by the drawer of the presented draft.
  - 9. The method of claim 1, wherein the authenticating step authenticates the drawer of the draft only for a session of limited duration.
  - 10. The method of claim 1, wherein the storing step is carried out by Directory software adapted to hold at least one of said unique identifying information;
    - personal information;
      
      privileges and other characteristic information for each of said plurality of draft drawers in a secure fashion.
  - 11. The method of claim 1, wherein the identification data provided by the drawer is transmitted to the drawee over a secure communication channel.
  - 12. The method of claim 11, wherein the identification data provided by the drawer is provided in encrypted form over the secure communication channel and wherein the drawee, upon receiving the encrypted identification data, decrypts and immediately re-encrypts the identification data using an encryption scheme different from that utilized over the communication channel and matches the re-encrypted identification data with the previously stored identification information associated with the drawer.
  - 13. The method of claim 1, wherein the draft drawer, the draft drawee and the draft payee communicate over a network.
  - 14. The method of claim 13, wherein the network includes at least one of leased lines, a private network, a virtual private network and the Internet.

15. A computer-implemented method for a financial institution to carry out secure e-commerce over the World Wide Web (Web), comprising the steps of:
- assigning a unique ID and password to each of a plurality of Web customers;
  
  encrypting and storing at least the password of each of the plurality of Web customers;
  
  authenticating Web customers by requesting, encrypting and matching passwords provided by the Web customers with the stored and encrypted passwords corresponding to the Web customers'"'"' ID;
  
  providing authenticated Web customers with access to a plurality of Web vendors with whom the financial institution has a partner relationship via a secure Web site; and
  
  honoring drafts presented by the Web vendors accessed through the secure Web site for purchases made by the authenticated Web customers provided predetermined constraints are met.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The method of claim 15, wherein at least the unique ID and the encrypted password for each of the plurality of Web customers are stored in a data structure managed by a Directory software controlled by the financial institution.
  - 17. The method of claim 16, wherein at least a portion of the data structure is replicated, via a Light Weight Directory Access Protocol (LDAP) or similar standard format, to each of the plurality of Web vendors.
  - 18. The method of claim 15, wherein the establishing step further includes the steps of providing a periodically updated master list to each of the plurality of Web vendors, the master list including a plurality of IDs, a plurality of corresponding encrypted passwords and an identification of the financial institution.
  - 19. The method of claim 18, wherein each of the plurality of Web vendors maintains the master list using Directory software adapted to receive and process updates thereof from the financial institution.
  - 20. The method of claim 15, wherein the honoring step includes paying the Web vendor and at least one of debiting an account held by the Web customer and charging a credit or charge card designated by the Web customer, or other bank-sponsored means of making loans and/or extending credit.
  - 21. The method of claim 15, wherein the authenticating step authenticates the Web customer only for a session of limited duration.
  - 22. The method of claim 15, wherein the encrypting and storing step is carried out by Directory software adapted to hold at least one of personal information, passwords, privileges and characteristics of each of the plurality of Web customers in a secure fashion.
  - 23. The method of claim 15, wherein the authenticating step utilizes Directory software to access the stored and encrypted password associated with the Web customer'"'"'s ID and to match the stored and encrypted password with the immediately encrypted password.
  - 24. The method of claim 15, wherein the password provided by the Web customer is transmitted to the Web vendor over a secure communication channel.
  - 25. The method of claim 24, wherein the password provided by the Web customer is provided in encrypted form over the secure communication channel and wherein the financial institution, upon receiving the encrypted password, decrypts the password before immediately re-encrypting the password using an encryption scheme different from that utilized over the communication channel and matching the re-encrypted password with the previously stored and encrypted password associated with the Web customer'"'"'s ID.

26. A machine-readable medium having data stored thereon representing sequences of instructions which, when executed by one or more computers coupled to a network, causes said computers to perform the steps of:
- storing, for each of a plurality of draft drawers, at least one piece of unique identifying information, said at least one piece of unique identifying information being linked at least to drawer'"'"'s financial information;
  
  authenticating a drawer of a draft by immediately encrypting at least a portion of an identification data provided by the drawer and successfully matching the immediately encrypted identification data with said at least one stored identifying information;
  
  retrieving at least the drawer'"'"'s financial information and establishing constraints based on the retrieved financial information;
  
  honoring a draft presented by a payee with whom the drawee has a partner relationship only when the drawer of the presented draft is successfully authenticated by drawee and the constraints are satisfied.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 27. The machine-readable medium of claim 26, wherein said at least one piece of identifying information includes at least one of an ID and encrypted password pair and biometric data.
  - 28. The machine-readable medium of claim 26, wherein said at least one piece of unique identifying information for each of the plurality of draft drawers is stored in a data structure managed by a Directory software controlled by the draft drawee.
  - 29. The machine-readable medium of claim 28, wherein at least a portion of the data structure is replicated, via Light Weight Directory Access Protocol (LDAP) or similar standard format, to each of the plurality of draft payees.
  - 30. The machine-readable medium of claim 26, wherein the establishing step further includes the steps of providing a master list to each of the plurality of draft payees, the master list including said at least one piece of unique identifying information for each of the plurality of draft drawers.
  - 31. The machine-readable medium of claim 26, further including the step of making a payee list available to the plurality of draft drawers, the payee list identifying the plurality of draft payees with whom the drawee has a partner relationship.
  - 32. The machine-readable medium of claim 31, wherein the payee list is posted on a secure World Wide Web (Web) site administered by the draft drawee, each member of the list linking to a Web site administered by one of the plurality of draft payees with whom the drawee has a partner relationship.
  - 33. The machine-readable medium of claim 26, wherein the authenticating step authenticates the drawer of the draft only for a session of limited duration.
  - 34. The machine-readable medium of claim 26, wherein the storing step is carried out by Directory software adapted to hold at least one of said unique identifying information;
    - personal information;
      
      privileges and other characteristic information for each of said plurality of draft drawers in a secure fashion.
  - 35. The machine-readable medium of claim 26, wherein the identification data provided by the drawer is transmitted to the drawee over a secure communication channel.
  - 36. The machine-readable medium of claim 35, wherein the identification data provided by the drawer is provided in encrypted form over the secure communication channel and wherein the drawee, upon receiving the encrypted identification data, decrypts and immediately re-encrypts the identification data using an encryption scheme different from that utilized over the communication channel and matches the re-encrypted identification data with the previously stored identification information associated with the drawer.
  - 37. The machine-readable medium of claim 26, wherein the network includes at least one of leased lines, a private network, a virtual private network and the Internet.

38. A computer system for carrying out e-commerce, comprising:
- at least one first computer managed by a financial institution, said at least one first computer maintaining a first Directory software storing a plurality of IDs and corresponding encrypted passwords of a plurality of Web customers that maintain a relationship with said financial institution;
  
  at least one second computer managed by a Web vendor, said at least one second computer maintaining a second Directory software storing a master list controlled and periodically updated by the first Directory software, said master list including said plurality of IDs, said corresponding encrypted passwords and an identification of said financial institution;
  
  at least one Web-enabled device managed by a Web customer;
  
  said at least one Web-enabled device being adapted to accept input from the Web customer and to communicate with said at least one second computer to send a Web customer input ID and a Web customer input encrypted password to said second Directory software;
  
  wherein said second Directory software compares said Web customer input ID and password to entries in said master list, said at least one Web customer being authenticated by said second Directory software only upon matching both said Web customer input ID and encrypted password to an entry in the master list, said financial institution only honoring drafts executed by authenticated Web customers.
- View Dependent Claims (39, 40)
- - 39. The system of claim 38, wherein said at least one first computer, said at least one second computer and said at least one Web-enabled device are coupled to one another by a network.
  - 40. The system of claim 39, wherein the network includes at least one of leased lines, a private network, a virtual private network and the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Johnson, Richard C.
Primary Examiner(s)
Elisca, Pierre E.

Application Number

US09/272,056
Time in Patent Office

2,259 Days
Field of Search

705/57, 705/58, 705/26, 705/64, 705/44, 705/76, 705/413, 705/1, 705/50, 705/51, 705/39, 705/74, 713/200, 713/201, 713/202, 713/186, 380/241, 380/278, 380/284, 380/24
US Class Current

705/51
CPC Class Codes

G06Q 20/3674   involving authentication

G06Q 30/018   Certifying business or prod...

G06Q 30/02   Marketing; Price estimation...

H04L 63/0815   providing single-sign-on or...

Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links