Method and system for secure handling of electronic business transactions on the internet

US 8,589,568 B2
Filed: 11/29/2002
Issued: 11/19/2013
Est. Priority Date: 12/21/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for handling an end-to-end business transaction between a user and an e-Service provider consisting of at least one sales-entity and/or service provider via a TCP/IP controlled computer network and a server instance for managing the end-to-end business transaction, said method comprising:

performing, by a computer device, a log-on of a user to an e-Network provider in response to the user having initiated an online session, wherein the e-Network provider, an e-Company, a server instance, and the e-Service provider are independently connected to an Internet, wherein a Network Access Server within the e-Network provider is connected to the Internet and to a database within the e-Company, wherein said performing the log-on of the user comprises said e-Network provider authenticating the user via use of information about the user stored in the database;

after said performing the log-on of the user, selecting a first Internet Protocol (IP) address from a first pool of available IP addresses held by the e-Network provider and selecting a second IP address from a second pool of available IP addresses at the server instance;

assigning the selected first IP address to the user and then connecting the user to the Internet via the Network Access Server;

assigning the selected second IP address to the user and generating an IP tunneling connection that connects the user to the server instance via the Network Access Server and the Internet, wherein said generating the IP tunneling connection is based on the second IP address;

generating a session context that includes the second IP address;

said server instance receiving an authorization request from the e-Service provider when the end-to-end business transaction is initiated between the user and the e-Service provider;

responsive to said receiving the authorization request, said server instance validating the user'"'"'s authorization for the end-to-end business transaction, wherein said validating is based on only on the second IP address in the session context; and

responsive to detection of a termination of the online session, invalidating the second IP address, invalidating the session context, and returning the second IP address to the second pool of available IP addresses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a computer-based technology for handling end-to-end business transactions in a TCP/IP-environment. A managing instance enables logon and provides a pool of IP addresses available for allocation. The managing instance allocates an IP address from the pool and establishes a tunneling IP connection between the managing instance and a user'"'"'s device. The user'"'"'s IP address together with any attributes relevant for accounting, authentication and authorization (AAA) are stored during the session time. The correlation between a user'"'"'s authentication name and an IP address assigned to that name as well as the book-keeping of the validity of that correlation is handled using a session context. Any identification process for a user/subscriber who would like to use any service offered by an e-Service provider will be conducted solely using the assigned IP address.

20 Citations

View as Search Results

9 Claims

1. A method for handling an end-to-end business transaction between a user and an e-Service provider consisting of at least one sales-entity and/or service provider via a TCP/IP controlled computer network and a server instance for managing the end-to-end business transaction, said method comprising:
- performing, by a computer device, a log-on of a user to an e-Network provider in response to the user having initiated an online session, wherein the e-Network provider, an e-Company, a server instance, and the e-Service provider are independently connected to an Internet, wherein a Network Access Server within the e-Network provider is connected to the Internet and to a database within the e-Company, wherein said performing the log-on of the user comprises said e-Network provider authenticating the user via use of information about the user stored in the database;
  
  after said performing the log-on of the user, selecting a first Internet Protocol (IP) address from a first pool of available IP addresses held by the e-Network provider and selecting a second IP address from a second pool of available IP addresses at the server instance;
  
  assigning the selected first IP address to the user and then connecting the user to the Internet via the Network Access Server;
  
  assigning the selected second IP address to the user and generating an IP tunneling connection that connects the user to the server instance via the Network Access Server and the Internet, wherein said generating the IP tunneling connection is based on the second IP address;
  
  generating a session context that includes the second IP address;
  
  said server instance receiving an authorization request from the e-Service provider when the end-to-end business transaction is initiated between the user and the e-Service provider;
  
  responsive to said receiving the authorization request, said server instance validating the user'"'"'s authorization for the end-to-end business transaction, wherein said validating is based on only on the second IP address in the session context; and
  
  responsive to detection of a termination of the online session, invalidating the second IP address, invalidating the session context, and returning the second IP address to the second pool of available IP addresses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein said validating the user'"'"'s authorization is performed by the context session using a Remote Authentication Dial In User Service (RADIUS) protocol provided by a dedicated RADIUS comprised by the e-Company.
  - 3. The method of claim 2, wherein said generating the session context is performed using the RADIUS protocol.
  - 4. The method of claim 1, wherein the IP tunneling connection is a virtual private network (VPN) connection.
  - 5. The method of claim 1, wherein the end-to-end business transaction is a service provided by the e-Service to the user, and wherein method further comprises:
    - after said validating the user'"'"'s authorization is performed and before the service has been provided by the e-Service to the user, said session context generating a sales-entity context pertaining to the service; and
      
      after the service has been provided by the e-Service to the user, said session context deleting the sales-entity context.
  - 6. The method of claim 5, wherein the server instance comprises a Network-Connector, an AAA Control Facility, and a Sales-Entity Management, wherein the Network Connector performs said generating the session context in a manner that does not restrict access by the user to the Internet in any way, wherein said AAA Control Facility performs said validating the user'"'"'s authorization, and wherein said Sales-Entity Management performs said generating a sales-entity context and said deleting the sales-entity context, and wherein the method further comprises:
    - after said service has been requested by the user and before the service has been provided to the user, said e-Company making a request to the Sales-Entity Management to determine whether a cost of the requested service is covered in compliance with a payment policy of the user; and
      
      responsive to said making the request, said Sales-Entity Management confirming to the e-Company that the cost of the requested service is covered in compliance with the payment policy of the user.
  - 7. The method of claim 6, wherein the e-Company comprises the database, a billing component interfacing with different credit card and banking institutes, and an e-service-Connector, wherein the database comprises the payment policy of the user, and wherein the method further comprises:
    - after the service has been provided to the user, said billing department invoicing the user for the service and conducting payment to the e-service-Connector for the service according to the payment policy of the user; and
      
      said e-service-Connector integrating the e-Service provider into a sales/marketing platform which enabled the e-Service provider to offer the service to the user without a need for the e-Service provider to acquire information pertaining to the payment policy of the user.
  - 8. The method of claim 1, wherein the session context resides upon an IP network layer provided by the e-Network provider.
  - 9. The method of claim 1, wherein said generating the session context results in the generated session context including content comprising user identification information and continuously monitored transaction events by the user, and wherein the method further comprises performing accounting through use of said content with respect to the end-to-end business transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Arnold, Oksana, Werner, Andreas, Kraemer, Ulrich, Lentz, Thomas
Primary Examiner(s)
Bengzon, Greg C

Application Number

US10/499,275
Publication Number

US 20050120221A1
Time in Patent Office

4,008 Days
Field of Search

709226-229, 705/40, 726/6
US Class Current

709/228
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 2463/102   applying security measure f...

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 63/0272   Virtual private networks

H04L 63/0815   providing single-sign-on or...

H04L 67/14   Session management for real...

H04L 9/40   Network security protocols

Method and system for secure handling of electronic business transactions on the internet

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure handling of electronic business transactions on the internet

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links