Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts

US 7,174,319 B2
Filed: 05/18/2005
Issued: 02/06/2007
Est. Priority Date: 03/18/1999
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented draft authentication method for use in e-commerce, comprising the steps of:

establishing a partner relationship with a plurality of draft payees, the established partner relationship authorizing the draft payee to present drafts for payment;

storing authentication information for each of a plurality of draft drawers the authentication information being linked at least to the respective drawer'"'"'s financial information;

authenticating a drawer against the stored authentication information;

retrieving at least the drawer'"'"'s financial information and establishing constraints based on the retrieved financial information;

honoring a draft presented by a payee with whom the drawee has a partner relationship only when the drawer of the presented draft is successfully authenticated by the drawee and the constraints are satisfied.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented draft authentication method for use in e-commerce includes the steps of establishing partner relationships between a financial institution and a plurality of World Wide Web (Web) vendors and storing, for each of a plurality of Web customers, at least one piece of unique identifying information linked to the Web customer'"'"'s financial information. Web customers executing drafts or causing drafts to be executed by the Web vendors and presented to the financial institution are authenticated by immediately encrypting at least a portion of an identification data set provided by the Web customer over the network and by successfully matching the immediately encrypted identification data set with the stored piece(s) of encrypted identifying information. The Web customer'"'"'s financial information is then retrieved only by the financial institution and constraints are established based on the retrieved information. The financial institution then honors drafts presented by the Web vendors with whom the drawee has a partner relationship only when the Web customer is successfully authenticated and the constraints are satisfied. Only the identification information (such as biometric data and/or ID and password pairs) of each of the Web customers is securely replicated from the financial institution to each of the Web vendors. LDAP-compatible Directory software may be utilized as the means of storing, processing and replicating the Web customer'"'"'s identification information to each of the Web vendors. The financial institution warrants the security of the system and controls the replication and content of the Directories at each of the Web vendor sites.

Citations

29 Claims

1. A computer-implemented draft authentication method for use in e-commerce, comprising the steps of:
- establishing a partner relationship with a plurality of draft payees, the established partner relationship authorizing the draft payee to present drafts for payment;
  
  storing authentication information for each of a plurality of draft drawers the authentication information being linked at least to the respective drawer'"'"'s financial information;
  
  authenticating a drawer against the stored authentication information;
  
  retrieving at least the drawer'"'"'s financial information and establishing constraints based on the retrieved financial information;
  
  honoring a draft presented by a payee with whom the drawee has a partner relationship only when the drawer of the presented draft is successfully authenticated by the drawee and the constraints are satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the authentication information includes at least one of an ID, an encrypted password and biometric data.
  - 3. The method of claim 1, wherein the authentication information for each of the plurality of draft drawers is stored in a data structure managed by a Directory software controlled by the draft drawee.
  - 4. The method of claim 3, wherein at least a portion of the data structure is replicated, via Light Weight Directory Access Protocol (LDAP) to each of the plurality of draft payees.
  - 5. The method of claim 1, wherein the establishing step further includes the steps of providing a master list to each of the plurality of draft payees, the master list including the authentication information for each of the plurality of draft drawers.
  - 6. The method of claim 1, further including the step of making a payee list available to the plurality of draft drawers, the payee list identifying the plurality of draft payees with whom the drawee has a partner relationship.
  - 7. The method of claim 6, wherein the payee list is posted on a secure site administered by the draft drawee, each member of the list linking to a site administered by one of the plurality of draft payees with whom the drawee has established a partner relationship.
  - 8. The method of claim 1, wherein the honoring step includes paying the payee and at least one of debiting an account held by the drawee and charging a credit or charge card designated by the drawer of the presented draft.
  - 9. The method of claim 1, wherein the authenticating step authenticates the drawer of the draft only for a session of limited duration.
  - 10. The method of claim 1, wherein the draft drawer, the draft drawee and the draft payee communicate over a secure communication channel of a computer network.

11. A computer-implemented method for a financial institution to carry out secure e-commerce over the World Wide Web (Web), comprising the steps of:
- storing authentication information for each of a plurality of Web customers;
  
  authenticating Web customers against the stored authentication information;
  
  providing authenticated Web customers with access to a plurality of Web vendors with whom the financial institution has a partner relationship via a secure Web site that is accessible only to authenticated Web customers; and
  
  honoring drafts presented by the Web vendors accessed through the secure Web site for purchases made by the authenticated Web customers, provided predetermined constraints are met.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the authentication information for each of the plurality of Web customers is stored in a data structure managed by a Directory software controlled by the financial institution.
  - 13. The method of claim 12, wherein at least a portion of the data structure is replicated, via a Light Weight Directory Access Protocol (LDAP) to each of the plurality of Web vendors.
  - 14. The method of claim 11, further including a step of providing a periodically updated master list to each of the plurality of Web vendors, the master list including the authentication information and an identification of the financial institution.
  - 15. The method of claim 14, wherein each of the plurality of Web vendors maintains the master list using Directory software adapted to receive and process updates thereof from the financial institution.
  - 16. The method of claim 11, wherein the honoring step includes paying the Web vendor and at least one of debiting an account held by the Web customer and charging a credit or charge card designated by the Web customer, or other bank-sponsored means of making loans and/or extending credit.
  - 17. The method of claim 11, wherein the authenticating step authenticates the Web customer only for a session of limited duration.
  - 18. The machine-readable medium of claim 17, wherein the payee list is posted on a secure World Wide Web (Web) site administered by the draft drawee, each member of the list linking to a Web site administered by one of the plurality of draft payees with whom the drawee has a partner relationship.
  - 19. The method of claim 11, wherein the storing step is carried out using Directory software adapted to hold at least one of personal information, passwords, privileges and characteristics of each of the plurality of Web customers in a secure fashion.

20. A machine-readable medium having data stored thereon representing sequences of instructions which, when executed by one or more computers coupled to a network, causes the computers to perform the steps of:
- establishing a partner relationship with a plurality of draft payees, the established partner relationship authorizing the draft payee to present drafts for payment;
  
  storing, for each of a plurality of draft drawers, authentication information that is linked at least to drawer'"'"'s financial information;
  
  authenticating a drawer using the stored authentication information;
  
  retrieving at least the drawer'"'"'s financial information and establishing constraints based on the retrieved financial information;
  
  honoring a draft presented by a payee with whom a drawee of the draft has a partner relationship only when the drawer of the presented draft is successfully authenticated by the drawee and the constraints are satisfied.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The machine-readable medium of claim 20, wherein the authentication information includes at least one of an ID, an encrypted password and biometric data.
  - 22. The machine-readable medium of claim 20, wherein the authentication information for each of the plurality of draft drawers is stored in a data structure managed by a Directory software controlled by the draft drawee.
  - 23. The machine-readable medium of claim 22, wherein at least a portion of the data structure is replicated, via Light Weight Directory Access Protocol (LDAP) to each of the plurality of draft payees.
  - 24. The machine-readable medium of claim 20, wherein the establishing step further includes the steps of providing a master list to each of the plurality of draft payees, the master list including the authentication information for each of the plurality of draft drawers.
  - 25. The machine-readable medium of claim 20, further including the step of making a payee list available to the plurality of draft drawers, the payee list identifying the plurality of draft payees with whom the drawee has a partner relationship.
  - 26. The machine-readable medium of claim 20, wherein the authenticating step authenticates the drawer of the draft only for a session of limited duration.
  - 27. The machine-readable medium of claim 20, wherein the storing step is carried out by Directory software adapted to hold the authentication information;
    - personal information;
      
      privileges and other characteristic information for each of the plurality of draft drawers in a secure fashion.

28. A computer system for carrying out e-commerce, comprising:
- at least one first computer managed by a financial institution, the at least one first computer storing identifying information of a plurality of Web customers that maintain a relationship with the financial institution;
  
  a second computer managed by a Web vendor, the second computer storing a master list controlled by the at least one first computer, the master list including the identifying information of the plurality of Web customers and an identification of the financial institution;
  
  a Web-enabled device managed by a Web customer;
  
  the Web-enabled device being adapted to accept input from the Web customer and to communicate with the second computer to provide authentication information to the second computer;
  
  wherein the second computer is configured to compare the provided authentication information to entries in the master list, the Web customer being authenticated by the second computer only upon matching the provided authentication information to an entry in the master list, and wherein the at least one first computer managed by the financial institution is configured to only honor drafts executed by authenticated Web customers.
- View Dependent Claims (29)
- - 29. The system of claim 28, wherein the at least one first computer, the at least one second computer and the at least one Web-enabled device are coupled to one another by a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Johnson, Richard C.
Primary Examiner(s)
ELISCA, PIERRE E

Application Number

US11/132,888
Publication Number

US 20050222963A1
Time in Patent Office

629 Days
Field of Search

705/51, 705/67, 705/57, 705/58, 705/1
US Class Current

705/51
CPC Class Codes

G06Q 20/3674   involving authentication

G06Q 30/018   Certifying business or prod...

G06Q 30/02   Marketing; Price estimation...

H04L 63/0815   providing single-sign-on or...

Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links