Standardized transmission and exchange of data with security and non-repudiation functions

US 7,568,222 B2
Filed: 06/11/2003
Issued: 07/28/2009
Est. Priority Date: 05/25/2000
Status: Active Grant

First Claim

Patent Images

1. A secure service network generating the normalized transmission of data among participants comprising:

an interface adapter interconnected with each network user including a) a communication protocol;

b) a proxy for the channel or participant device;

c) a channel specific converter;

d) a channel specific translator from a native format to a standardized language offered by a service in the network;

e) a session map generator; and

f) a unique identifier for document and message tracking;

the translator allowing either or both of a non-native request and/or a non-native response to the service request to and from a normalized format required for processing a participant'"'"'s request and the response by a service provider on the network;

one or more service managers that expose one or more services in a normalized format to a network user wherein the decision as to what service or series of services to execute and wherein the service or series of services reside is a function of;

a) data passed in the service request;

b) the origination point of a participant'"'"'s request; and

c) the security credentials presented at the point of origination of a participant'"'"'s request;

a session manager network service infrastructure that a) tracks the sequence of events that occur as a result of a service request by a participant;

b) maps internal and external correlation session IDs;

c) controls message processing by the adapter and service manager;

d) maintains sign-on information; and

e) performs the authorization of services according to network participant relationships i) verifying the credentials of users;

ii) maintaining contextual data associated with all service requests from network participant interaction, internal processing, and one or more than one external system of record; and

iii) formatting an electronic request from one or more user wherein data contained in a participant request is translated into an object recognizable by one or more service providers connected to the network; and

a secure connection validated by a session manager service through the network assigning a unique ID associated with the invocation of each an every service request between participants to allow processing of a specific requested service or series of services by one or more providers to one or more participants;

wherein a) the session manager service assigns a unique session key marker to each instance of participant interaction upon the validation of participant credentials, the marker allowing the unique tracking of each service used in the network and related service invocations;

b) neither participant in the interconnection is aware of other services in the network to which the other participant is entitled;

c) the session manager service is external to the network or networks with which the participants are affiliated; and

d) each service invocation is executed in an associated security context that includes authentication, authorization, encryption, and logging specific to the participant'"'"'s to the service independent of other activity on physical network connections.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of providing standardized transmission of data by translating non-native requests and or non-native responses to and from a normalized format or to a format needed for processing the request and or response. The system works with trusted and untrusted connections and systems and supports encryption at multiple layers to establish non-repudiation for a security service that integrates and/or aggregates external security applications into a single service that can provide authentication and/or authorization.

Citations

22 Claims

1. A secure service network generating the normalized transmission of data among participants comprising:
- an interface adapter interconnected with each network user including a) a communication protocol;
  
  b) a proxy for the channel or participant device;
  
  c) a channel specific converter;
  
  d) a channel specific translator from a native format to a standardized language offered by a service in the network;
  
  e) a session map generator; and
  
  f) a unique identifier for document and message tracking;
  
  the translator allowing either or both of a non-native request and/or a non-native response to the service request to and from a normalized format required for processing a participant'"'"'s request and the response by a service provider on the network;
  
  one or more service managers that expose one or more services in a normalized format to a network user wherein the decision as to what service or series of services to execute and wherein the service or series of services reside is a function of;
  
  a) data passed in the service request;
  
  b) the origination point of a participant'"'"'s request; and
  
  c) the security credentials presented at the point of origination of a participant'"'"'s request;
  
  a session manager network service infrastructure that a) tracks the sequence of events that occur as a result of a service request by a participant;
  
  b) maps internal and external correlation session IDs;
  
  c) controls message processing by the adapter and service manager;
  
  d) maintains sign-on information; and
  
  e) performs the authorization of services according to network participant relationships i) verifying the credentials of users;
  
  ii) maintaining contextual data associated with all service requests from network participant interaction, internal processing, and one or more than one external system of record; and
  
  iii) formatting an electronic request from one or more user wherein data contained in a participant request is translated into an object recognizable by one or more service providers connected to the network; and
  
  a secure connection validated by a session manager service through the network assigning a unique ID associated with the invocation of each an every service request between participants to allow processing of a specific requested service or series of services by one or more providers to one or more participants;
  
  wherein a) the session manager service assigns a unique session key marker to each instance of participant interaction upon the validation of participant credentials, the marker allowing the unique tracking of each service used in the network and related service invocations;
  
  b) neither participant in the interconnection is aware of other services in the network to which the other participant is entitled;
  
  c) the session manager service is external to the network or networks with which the participants are affiliated; and
  
  d) each service invocation is executed in an associated security context that includes authentication, authorization, encryption, and logging specific to the participant'"'"'s to the service independent of other activity on physical network connections.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The network of claim 1 wherein 1) the adapter includes functions of formatting an electronic request by translating data contained in the request, preserving a communication infrastructure for the participants, and producing an object recognizable by one or more service platform of one or more non-affiliated participant;
    - and the session manager includes functions of
      
           1) building one or more connection for one or more service platform used by one participant to communicate with the platform of another participant utilizing a different modality,
      
           2) creating an interconnection between a participant making a request and one or more service provider responding to the participant making a request,
      
           3) generating a session and creating a map of the session,
      
           4) generating at least one unique identifier for each request and response,
      
           5) logging the identifiers,
      
           6) generating one or more unique session object associated with the a network participants, and
      
           7) creating one or more file selected from the group consisting of a log, a journal, and an error report based on the unique session object.
  - 3. The network of claim 1 wherein the participant transmits the request from a channel device and said formatting preserves a communication infrastructure of the device.
  - 4. The network of claim 1 wherein credential verification effected by the session manager utilizes a single sign-on from a participant.
  - 5. The network of claim 1 wherein a log of one or more than one interface point for a specific communication is created.
  - 6. The network of claim 1 wherein the credential verification determines one or more than one level of authorization.
  - 7. The network of claim 1 wherein the adapter manages an interconnection for one or more than one user, device, request, interface, and response.
  - 8. The network of claim 1 wherein the adapter uses a model driven architecture to interface to an existing point to point architecture.
  - 9. The network of claim 1 wherein data is translated into an XML format.
  - 10. The network of claim 1 wherein the transmission includes one or more mechanism selected from the group consisting of authorization, authentication, secure communication, and non-repudiation.
  - 11. The network of claim 1 wherein the transmission is between a trusted connection and an untrusted connection.
  - 12. The network of claim 11 wherein a first user is a web bank and a second user is a demand deposit account (DDA) system.
  - 13. The network of claim 11 wherein a first participant is an ATM and the second participant is a DDA.
  - 14. The network of claim 1 wherein translation occurs between and among 1) a request being made, 2) a device me request is being made from, 3) an owner of the device making the request, 4) an agent device, service provider or infrastructure making the request, 5) a credential and or a security element presented, and 6) the service provider and or owner of the system or systems containing the information of record for the request.
  - 15. The network of claim 1 wherein non-repudiation is established by integrating and or aggregating one or more external security application into a single service providing authentication and or authorization.
  - 16. The network of claim 1 wherein the adapter interacts with one or more internal security system and or external security system to access one or more security management application.
  - 17. The network of claim 16 wherein the security management utilizes one or more than one of a resource access control facility, an access control facility, a public key infrastructure, and a lightweight directory access protocol.
  - 18. The network of claim 2 wherein the adapter uses a model driven architecture to interface to an existing point to point architecture.
  - 19. The network of claim 1 wherein the adapter stores one or more object in a central location to support fail over.
  - 20. The network of claim 1 wherein the adapter interacts with one or more internal security system and or external security system to access one or more security management application.
  - 21. The network of claim 20 wherein the security management utilizes one or more than one of a resource access control facility, an access control facility, a public key infrastructure, and a lightweight directory access protocol and a participant log on includes one or more than one of a biometric, a digital certificate, a PKI, an LDAP, and a smart card.

22. A secure normalized network comprising:
- an interface adapter interconnected with each network user including a) a communication protocol;
  
  b) a proxy for the channel or participant device;
  
  c) a channel specific converter;
  
  d) a channel specific translator from a native format to a standardized language offered by a service in the network;
  
  e) a session map generator; and
  
  f) a unique identifier for document and message tracking;
  
  the translator allowing either or both of a non-native request and/or a non-native response to the service request to and from a normalized format required for processing a participant'"'"'s request and the response by a service provider on the network;
  
  the adapter formatting an electronic request by translating data contained in the request, preserving a communication infrastructure for the participants, and producing an object recognizable by one or more service platform of one or more non-affiliated participant;
  
  one or more service managers that expose one or more services in a normalized format to a network user wherein the decision as to what service or series of services to execute and wherein the service or series of services reside is a function of;
  
  a) data passed in the service request;
  
  b) the origination point of a participant'"'"'s request; and
  
  c) the security credentials presented at the point of origination of a participant'"'"'s request;
  
  a session manager network service infrastructure that a) tracks the sequence of events that occur as a result of a service request by a participant;
  
  b) maps internal and external correlation session IDs;
  
  c) controls message processing by the adapter and service manager;
  
  d) maintains sign-on information; and
  
  e) performs the authorization of services according to network participant relationships i) verifying the credentials of users;
  
  ii) maintaining contextual data associated with all service requests from network participant interaction, internal processing, and one or more man one external of record; and
  
  iii) formatting an electronic request from one or more user wherein data contained in a participant'"'"' request is translated into an object recognizable by one or more service providers connected to the network;
  
  the session manager
  
       1) building one or more connection for one or more service platform used by one participant to communicate with the platform of another participant utilizing a different modality,2) creating an interconnection between a participant making a request and one or more service provider responding to the participant making a request,
  
       3) generating a session and creating a map of the session,
  
       4) generating at least one unique identifier for each request and response,
  
       5) logging identifiers,6) generating one or more unique session object associated with the a network participants, and
  
       7) creating one or more file selected from me group consisting of a log, a journal, and an error report based on the unique session object; and
  
  a secure connection validated by a session manager service through the network assigning a unique ID associated with the invocation of each an every service request between participants to allow processing of a specific requested service or series of services by one or more providers to one or more participants;
  
  wherein a) the session manager service assigns a unique session key marker to each instance of participant interaction upon the validation of participant credentials, the marker allowing the unique tracking of each service used in the network and related service invocations;
  
  b) neither participant in the interconnection is aware of other services in the network to which the other participant is entitled;
  
  c) the session manager service is external to the network or networks with which the participants are affiliated; and
  
  d) each service invocation is executed in an associated security context that includes authentication, authorization encryption, and logging specific to the participant'"'"'s to the service independent of other activity on physical network connections.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WMR E-Pin, LLC
Original Assignee
WMR E-Pin, LLC
Inventors
Orkis, Randall E., Randle, William M.
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
Hoang; Daniel L

Application Number

US10/459,694
Publication Number

US 20030212904A1
Time in Patent Office

2,239 Days
Field of Search

726/14
US Class Current

726/8
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G06Q 30/04   Billing or invoicing

H04L 2463/102   applying security measure f...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 69/08   Protocols for interworking;...

Standardized transmission and exchange of data with security and non-repudiation functions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Standardized transmission and exchange of data with security and non-repudiation functions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links