Method, system and service for conducting authenticated business transactions
First Claim
1. A method for conducting authenticated business transactions involving communications using microprocessor equipped devices to communicate over a distributed network, the method being carried out by an on-line authentication service available on the distributed network, comprising the acts of:
- a) enrolling a multiplicity of users with a closed authentication infrastructure, wherein enrolling comprises obtaining and verifying the identity and other credentials of the multiplicity of users and providing each user with a unique secret necessary for later authentication to said on-line authentication service and storing the verified identity and other credentials in at least one database;
b) authenticating a plurality of the multiplicity of users to said on-line authentication service using each user'"'"'s unique secret to produce a plurality of authenticated users;
c) enabling a plurality of groups each group comprising at least two of said plurality of authenticated users to conduct interactions comprising a plurality of messages under persistent mediation of said on-line authentication service, such that each of the plurality of messages passes through said on-line authentication service and is directly monitored by said on-line authentication service;
d) wherein persistent mediation of an interaction further comprises the acts of directly compiling an audit trail of an interaction and making the audit trail available to the at least two users in the interaction in an intelligible form at any time during the interaction at the option of the at least two users, and wherein the audit trail comprises at least some of the content of the plurality of messages in the interaction; and
e) further comprising the act of providing a discovery portal available to authenticated users through the on-line authentication service such that users can search for other users based on their verified and dynamically variable credentials, whereby users may conduct authenticated interactions with each other without having a prior relationship.
0 Assignments
0 Petitions
Accused Products
Abstract
The invention pertains to a method, online service, and system, for creating partnerships based on trust relationships over a public network, authenticating trade partners, infrastructure providers and collaborators to each other, and providing users with an environment suitable for conducting transactions requiring a high level of trust. A service according to the invention is a persistent authentication and mediation service (PAMS) which is provided as an on-line service. One embodiment is a method for conducting authenticated business transactions involving microprocessor equipped devices over the Internet comprising:
- A. providing an on-line authentication service available on the distributed network;
- B. authenticating a plurality of users to said on-line authentication service using a closed authentication system to produce a plurality of authenticated users; and
- C. connecting a group of at least two of said plurality of authenticated users under persistent mediation of said on-line authentication service, producing a connected group of authenticated users.
389 Citations
29 Claims
-
1. A method for conducting authenticated business transactions involving communications using microprocessor equipped devices to communicate over a distributed network, the method being carried out by an on-line authentication service available on the distributed network, comprising the acts of:
-
a) enrolling a multiplicity of users with a closed authentication infrastructure, wherein enrolling comprises obtaining and verifying the identity and other credentials of the multiplicity of users and providing each user with a unique secret necessary for later authentication to said on-line authentication service and storing the verified identity and other credentials in at least one database; b) authenticating a plurality of the multiplicity of users to said on-line authentication service using each user'"'"'s unique secret to produce a plurality of authenticated users; c) enabling a plurality of groups each group comprising at least two of said plurality of authenticated users to conduct interactions comprising a plurality of messages under persistent mediation of said on-line authentication service, such that each of the plurality of messages passes through said on-line authentication service and is directly monitored by said on-line authentication service; d) wherein persistent mediation of an interaction further comprises the acts of directly compiling an audit trail of an interaction and making the audit trail available to the at least two users in the interaction in an intelligible form at any time during the interaction at the option of the at least two users, and wherein the audit trail comprises at least some of the content of the plurality of messages in the interaction; and e) further comprising the act of providing a discovery portal available to authenticated users through the on-line authentication service such that users can search for other users based on their verified and dynamically variable credentials, whereby users may conduct authenticated interactions with each other without having a prior relationship. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for conducting authenticated business transactions involving communications using microprocessor equipped devices to communicate over a distributed network, the method being carried out by an on-line persistent authentication and mediation service available on the distributed network, comprising the acts of:
-
a) enrolling users seeking enrollment in the persistent authentication and mediation service, to produce a multiplicity of enrolled users, wherein enrolling comprises obtaining and verifying the identity and other credentials of the multiplicity of users and providing each user with a unique secret necessary for later authentication to said on-line persistent authentication and mediation service; b) storing the verified identity and other credentials in at-least one database; c) receiving on-line requests from enrolled users for authentication to the on-line authentication service; d) authenticating enrolled users seeking authentication to the persistent authentication and mediation service using each enrolled user'"'"'s unique secret, so as to maintain a plurality of authenticated users; e) receiving requests from authenticated users to be connected to particular other authenticated users; f) connecting groups of at least two authenticated users under persistent mediation of the persistent authentication and mediation service and enabling the at least two authenticated users which are connected to conduct an interaction comprising a plurality of messages; g) repeating act (f) to produce a plurality of groups of connected users; h) mediating the interaction among the at least two users of each of said plurality of groups of connected users such that each message in the interaction passes through the persistent authentication and mediation service; i) directly compiling an audit trail of the interaction and making information from the audit trail available to the at least two users of each group of connected users in intelligible form during the interaction and j) wherein the act of enrolling users seeking enrollment in the persistent authentication and mediation service comprises the acts of; i) distributing software to a user seeking enrollment which enables microprocessor equipped devices operated by the user seeking enrollment to interact with said persistent authentication and mediation service; ii) generating a unique private key, and a unique public key for the user seeking enrollment; iii) obtaining permanent credentials particular to each of the users seeking enrollment, said credentials comprising public permanent credentials and secret permanent credentials; iv) deciding whether to approve the applicant seeking enrollment; v) distributing the unique secret comprising the unique private key in the form of a camouflaged private encryption key to the user seeking enrollment if the user seeking enrollment is approved, wherein the private encryption key is camouflaged in a software container, whereby the user'"'"'s camouflaged private encryption key will generate a correct response to an authentication challenge if a proper access code is entered, but often generates an incorrect but plausible response if an improper access code is entered, whereby if an incorrect response is used notice will be provided to the on-line persistent authentication and mediation service of a security attack; vi) distributing the unique public key to the user, wherein said unique public key is in a form which can only be decrypted with a key held under exclusive control of the persistent authentication and mediation service, whereby the persistent authentication and mediation service acts as a closed authentication infrastructure; vii) storing said permanent credentials in a customer database, said customer database being accessible to said persistent authentication and mediation service, whereby the user seeking enrollment becomes one of said multiplicity of enrolled users; and viii) repeating steps
1) through vii) for each applicant seeking enrollment. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An online service for conducting business transactions among microprocessor equipped devices over a distributed network, the online service comprising:
-
a) a host site connected to the network, the host site comprising an open software platform providing intelligent interactions; b) a persistent authentication and mediation service, the persistent authentication and mediation service comprising a software PKI authentication agent operating on said open software platform such that communications over the network by said persistent authentication and mediation service are mediated by said open software platform; c) a customer database comprising permanent credentials and dynamically variable information corresponding to users of the online service and a database manager for managing the customer database; d) software operating on said open software platform which performs at least the following functions; i) enrolling users seeking enrollment in the persistent authentication and mediation service to produce enrolled users; ii) storing credentials corresponding to enrolled users in the customer database; iii) authenticating enrolled users seeking authentication to the persistent authentication and mediation service to produce authenticated users; iv) allowing authenticated users to discover enrolled users according to search criteria; v) allowing authenticated users to be connected under mediation of the persistent authentication and mediation service through the open software platform; vi) allowing collaboration between authenticated users which have been connected; and vii) memorializing transactions between authenticated users. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A system for conducting business transactions over a distributed network, the system comprising:
-
a) a persistent authentication and mediation service site providing a persistent authentication and mediation service, said site connected to the public network, said site comprising i) an open software platform application providing intelligent interactions said platform application mediating all interactions of said persistent authentication and mediation service site via said public network, ii) an authentication agent application comprising a software pseudo-PKI authentication application operating on said open software platform application, said authentication agent application comprising software which enrolls new business users producing enrolled users and authenticates the enrolled users producing authenticated business users, iii) an audit agent application operating on said open software platform which logs and monitors interactions mediated by the open software platform, whereby every interaction among authenticated business users passes through the open software platform and is monitored by the audit agent, iv) a discovery software application operating on said open software platform such that said discovery software agent operates to enable authenticated business users to search for other users based on their credentials, and v) a collaboration software application operating on said open software wherein said collaboration software application enables groups of at least two authenticated business users to communicate under direct mediation of the audit agent and to access audit information in an intelligible form during an interaction; b) a multiplicity of user sites operated by the enrolled users, the user sites being connected to the public network, each site operating at least one computer application whereby it may interact with other business users and each site further comprising software which allows interaction with the persistent authentication and mediation service, a software camouflaged private key, and a digital certificate, said digital certificate comprising an encrypted pseudo-public key encrypted with a key which is under exclusive control of said persistent authentication and mediation service, wherein said camouflaged private key will generate a proper response to a challenge from the persistent authentication and mediation service if a correct access code is entered and may generate plausible but improper responses if incorrect access codes are entered, whereby if an incorrect response is used the persistent authentication and mediation service will be alerted to a security attack on the camouflaged private key, and c) a database of authentication information and credentials pertaining to the enrolled business users of said persistent authentication and mediation service, the database accessible to the authentication agent application and the discovery application. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. An apparatus for providing a service for conducting authenticated business transactions involving a multiplicity of users over a distributed network, the apparatus comprising:
-
a) at least one application server connected to the public network, the at least one application server having a computer processor and a computer readable memory, the memory storing the software to implement the service, the software comprising i) an open software platform providing intelligent interactions; ii) a software pseudo-PKI authentication agent application, operating on said open software platform; iii) a discovery software application, operating on said open software platform; and iv) a collaboration software application, operating on said open software platform; b) at least one database server, the at least one database server comprising a business users database, the business users database comprising i) authenticated data about registered business users, said authenticated data being protected from user modification; ii) data pertaining to registered business users which is dynamically modifiable by said business users; and iii) data needed for linking business users; whereby the application server facilitates authenticated interactions between business users, including the ability to access other authenticated users without repeated logging in, the ability to dynamically search for authenticated users according to user defined specifications, and accomplish peer to peer collaboration. - View Dependent Claims (29)
-
Specification