Method and system for secure handling of electronic business transactions on the internet
First Claim
1. A method for handling an end-to-end business transaction between a user and an e-Service provider consisting of at least one sales-entity and/or service provider via a TCP/IP controlled computer network and a server instance for managing the end-to-end business transaction, said method comprising:
- performing, by a computer device, a log-on of a user to an e-Network provider in response to the user having initiated an online session, wherein the e-Network provider, an e-Company, a server instance, and the e-Service provider are independently connected to an Internet, wherein a Network Access Server within the e-Network provider is connected to the Internet and to a database within the e-Company, wherein said performing the log-on of the user comprises said e-Network provider authenticating the user via use of information about the user stored in the database;
after said performing the log-on of the user, selecting a first Internet Protocol (IP) address from a first pool of available IP addresses held by the e-Network provider and selecting a second IP address from a second pool of available IP addresses at the server instance;
assigning the selected first IP address to the user and then connecting the user to the Internet via the Network Access Server;
assigning the selected second IP address to the user and generating an IP tunneling connection that connects the user to the server instance via the Network Access Server and the Internet, wherein said generating the IP tunneling connection is based on the second IP address;
generating a session context that includes the second IP address;
said server instance receiving an authorization request from the e-Service provider when the end-to-end business transaction is initiated between the user and the e-Service provider;
responsive to said receiving the authorization request, said server instance validating the user'"'"'s authorization for the end-to-end business transaction, wherein said validating is based on only on the second IP address in the session context; and
responsive to detection of a termination of the online session, invalidating the second IP address, invalidating the session context, and returning the second IP address to the second pool of available IP addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a computer-based technology for handling end-to-end business transactions in a TCP/IP-environment. A managing instance enables logon and provides a pool of IP addresses available for allocation. The managing instance allocates an IP address from the pool and establishes a tunneling IP connection between the managing instance and a user'"'"'s device. The user'"'"'s IP address together with any attributes relevant for accounting, authentication and authorization (AAA) are stored during the session time. The correlation between a user'"'"'s authentication name and an IP address assigned to that name as well as the book-keeping of the validity of that correlation is handled using a session context. Any identification process for a user/subscriber who would like to use any service offered by an e-Service provider will be conducted solely using the assigned IP address.
20 Citations
9 Claims
-
1. A method for handling an end-to-end business transaction between a user and an e-Service provider consisting of at least one sales-entity and/or service provider via a TCP/IP controlled computer network and a server instance for managing the end-to-end business transaction, said method comprising:
-
performing, by a computer device, a log-on of a user to an e-Network provider in response to the user having initiated an online session, wherein the e-Network provider, an e-Company, a server instance, and the e-Service provider are independently connected to an Internet, wherein a Network Access Server within the e-Network provider is connected to the Internet and to a database within the e-Company, wherein said performing the log-on of the user comprises said e-Network provider authenticating the user via use of information about the user stored in the database; after said performing the log-on of the user, selecting a first Internet Protocol (IP) address from a first pool of available IP addresses held by the e-Network provider and selecting a second IP address from a second pool of available IP addresses at the server instance; assigning the selected first IP address to the user and then connecting the user to the Internet via the Network Access Server; assigning the selected second IP address to the user and generating an IP tunneling connection that connects the user to the server instance via the Network Access Server and the Internet, wherein said generating the IP tunneling connection is based on the second IP address; generating a session context that includes the second IP address; said server instance receiving an authorization request from the e-Service provider when the end-to-end business transaction is initiated between the user and the e-Service provider; responsive to said receiving the authorization request, said server instance validating the user'"'"'s authorization for the end-to-end business transaction, wherein said validating is based on only on the second IP address in the session context; and responsive to detection of a termination of the online session, invalidating the second IP address, invalidating the session context, and returning the second IP address to the second pool of available IP addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification