Provision of authorization and other services

US 8,892,475 B2
Filed: 04/04/2006
Issued: 11/18/2014
Est. Priority Date: 09/08/2000
Status: Active Grant

First Claim

Patent Images

1. A method for providing authorization concerning electronic commerce transactions, said method comprising:

(a) establishing, for an issuing participant and a subscribing customer of the issuing participant, an authorization service that includes both a messaging specification and a set of rules governing use of the authorization service by;

(i) transmitting, by a processor, an electronic communication, by a transaction coordinator associated with the issuing participant to a transaction coordinator executed by a processor associated with a root certification authority over a communications network,wherein the processor of the root certification authority is configured to issue a digital certificate for the issuing participant,wherein the electronic communication comprises a request to approve a proposed authorization service confirming authority of at least one of an individual and a computer to transact business as an agent on behalf of the subscribing customer,wherein the proposed authorization service comprises the messaging specification and the set of rules governing use of the authorization service,wherein a set of parameters defining the proposed authorization service comprises information facilitating a response from the issuing participant to the authorization request confirming authority of the at least one individual and the computer to transact business as an agent on behalf of the subscribing customer, andwherein the messaging specification defines a format for the authorization request;

(ii) receiving, by the processor, by a policy management authority module, the electronic communication;

(iii) determining, by the processor of the policy management authority module, that the proposed authorization service complies with operating rules and specifications promulgated by the root certification authority,approving, by the processor of the policy management authority module, the proposed authorization service responsive to determining that the proposed authorization service complies with operating rules and specifications promulgated by the root certification authority;

(iv) storing by the processor, at a data directory comprising a non-transitory machine-readable storage medium communicatively coupled to the processor executing the transaction coordinator of the root certification authority, a copy of an approved messaging specification and approved implementation rules of the approved proposed authorization service and electronically notifying, by the policy management authority, the issuing participant via the communication network of the approval;

(v) receiving, by the processor, approval of the proposed authorization service from the policy management authority, responsive to receiving approval of the proposed authorization service from the policy management authority, storing, by the processor associated with the issuing participant, the proposed authorization service at a data directory, wherein the proposed authorization service comprises the copy of the approved messaging specification and the copy of the approved implementation rules of the authorization service, and notifying, by the processor of the issuing participant, the subscribing customer of the approval;

(vi) supplying attribute information to the processor of issuing participant and populating one or more credential records stored in a memory by the issuing participant computer associated with one or more individuals authorized to act on behalf of the subscribing customer; and

(b) operating the authorization service established within a trust model by;

(i) receiving, by a processor of a web server of a relying customer, a digitally signed document comprising a digital certificate;

(ii) transmitting, by the processor from the web server of the relying customer to a transaction coordinator associated with the relying participant, a request for formatting information concerning a proper format for an authorization request according to the set of rules governing the use of the authorization service;

(iii) transmitting, from the processor executing the transaction coordinator of the relying participant to the processor executing the transaction coordinator of the root certification authority, the request for formatting information;

(iv) receiving, by the processor executing the transaction coordinator of the root certification authority, the request for formatting information;

(v) applying, by the processor executing the transaction coordinator of the root certification authority, access control rules authenticating the relying customer authorization to receive the requested formatting information;

(vi) transmitting, by the processor executing the transaction coordinator of the root certification authority, the requested formatting information to the processor executing the transaction coordinator of the relying participant;

(vii) receiving, by the processor executing the transaction coordinator of the relying participant, the requested formatting information and transmitting the requested formatting information to the web server of the relying customer;

(viii) responsive to receipt of the formatting information concerning the proper format for the authorization request, formatting, by the web server of the relying customer, a verification request;

(ix) transmitting, by the processor of web server of the relying customer, the formatted verification request to the transaction coordinator of the relying participant;

(x) the processor executing the transaction coordinator of the relying participant forwarding by the processor the request for verification to the transaction coordinator of the issuing participant;

(xi) receiving by the processor the request for verification,responsive to the receipt of the request for verification, examining, by the processor executing the transaction coordinator of the issuing participant, the credential records and determining authorization of individuals to conduct transactions involving digitally signed documents on behalf of the subscribing customer;

(xii) verifiying by the processor the individual is associated with a credential record;

authorizing, by the processor executing the transaction coordinator of the issuing participant, the individual associated with the subscribing customer to conduct the transaction involving the digitally signed document on behalf of the subscribing customer responsive to verification the individual is associated with a credential record; and

(xiii) transmitting, by the processor executing the transaction coordinator of the issuing participant, to the transaction coordinator of the relying participant confirmation of said authorization; and

(xiv) the processor executing the transaction coordinator of the relying participant transmitting the confirmation of authorization to the web server of the relying customer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparati, and computer-readable media for providing authorization and other services. In a preferred embodiment, an authorization service includes both a messaging specification and a set of rules that govern its use. A first customer wishing to use the authorization service prepares a request that complies with the service'"'"'s messaging specification and transmits it to a first participant. The first participant transmits the request to a second participant, which processes the request according to authorization information provided by a second customer and rules that have been specified for the service. The second participant then prepares a response that complies with the service'"'"'s messaging specification.

Citations

18 Claims

1. A method for providing authorization concerning electronic commerce transactions, said method comprising:
- (a) establishing, for an issuing participant and a subscribing customer of the issuing participant, an authorization service that includes both a messaging specification and a set of rules governing use of the authorization service by;
  
  (i) transmitting, by a processor, an electronic communication, by a transaction coordinator associated with the issuing participant to a transaction coordinator executed by a processor associated with a root certification authority over a communications network,wherein the processor of the root certification authority is configured to issue a digital certificate for the issuing participant,wherein the electronic communication comprises a request to approve a proposed authorization service confirming authority of at least one of an individual and a computer to transact business as an agent on behalf of the subscribing customer,wherein the proposed authorization service comprises the messaging specification and the set of rules governing use of the authorization service,wherein a set of parameters defining the proposed authorization service comprises information facilitating a response from the issuing participant to the authorization request confirming authority of the at least one individual and the computer to transact business as an agent on behalf of the subscribing customer, andwherein the messaging specification defines a format for the authorization request;
  
  (ii) receiving, by the processor, by a policy management authority module, the electronic communication;
  
  (iii) determining, by the processor of the policy management authority module, that the proposed authorization service complies with operating rules and specifications promulgated by the root certification authority,approving, by the processor of the policy management authority module, the proposed authorization service responsive to determining that the proposed authorization service complies with operating rules and specifications promulgated by the root certification authority;
  
  (iv) storing by the processor, at a data directory comprising a non-transitory machine-readable storage medium communicatively coupled to the processor executing the transaction coordinator of the root certification authority, a copy of an approved messaging specification and approved implementation rules of the approved proposed authorization service and electronically notifying, by the policy management authority, the issuing participant via the communication network of the approval;
  
  (v) receiving, by the processor, approval of the proposed authorization service from the policy management authority, responsive to receiving approval of the proposed authorization service from the policy management authority, storing, by the processor associated with the issuing participant, the proposed authorization service at a data directory, wherein the proposed authorization service comprises the copy of the approved messaging specification and the copy of the approved implementation rules of the authorization service, and notifying, by the processor of the issuing participant, the subscribing customer of the approval;
  
  (vi) supplying attribute information to the processor of issuing participant and populating one or more credential records stored in a memory by the issuing participant computer associated with one or more individuals authorized to act on behalf of the subscribing customer; and
  
  (b) operating the authorization service established within a trust model by;
  
  (i) receiving, by a processor of a web server of a relying customer, a digitally signed document comprising a digital certificate;
  
  (ii) transmitting, by the processor from the web server of the relying customer to a transaction coordinator associated with the relying participant, a request for formatting information concerning a proper format for an authorization request according to the set of rules governing the use of the authorization service;
  
  (iii) transmitting, from the processor executing the transaction coordinator of the relying participant to the processor executing the transaction coordinator of the root certification authority, the request for formatting information;
  
  (iv) receiving, by the processor executing the transaction coordinator of the root certification authority, the request for formatting information;
  
  (v) applying, by the processor executing the transaction coordinator of the root certification authority, access control rules authenticating the relying customer authorization to receive the requested formatting information;
  
  (vi) transmitting, by the processor executing the transaction coordinator of the root certification authority, the requested formatting information to the processor executing the transaction coordinator of the relying participant;
  
  (vii) receiving, by the processor executing the transaction coordinator of the relying participant, the requested formatting information and transmitting the requested formatting information to the web server of the relying customer;
  
  (viii) responsive to receipt of the formatting information concerning the proper format for the authorization request, formatting, by the web server of the relying customer, a verification request;
  
  (ix) transmitting, by the processor of web server of the relying customer, the formatted verification request to the transaction coordinator of the relying participant;
  
  (x) the processor executing the transaction coordinator of the relying participant forwarding by the processor the request for verification to the transaction coordinator of the issuing participant;
  
  (xi) receiving by the processor the request for verification,responsive to the receipt of the request for verification, examining, by the processor executing the transaction coordinator of the issuing participant, the credential records and determining authorization of individuals to conduct transactions involving digitally signed documents on behalf of the subscribing customer;
  
  (xii) verifiying by the processor the individual is associated with a credential record;
  
  authorizing, by the processor executing the transaction coordinator of the issuing participant, the individual associated with the subscribing customer to conduct the transaction involving the digitally signed document on behalf of the subscribing customer responsive to verification the individual is associated with a credential record; and
  
  (xiii) transmitting, by the processor executing the transaction coordinator of the issuing participant, to the transaction coordinator of the relying participant confirmation of said authorization; and
  
  (xiv) the processor executing the transaction coordinator of the relying participant transmitting the confirmation of authorization to the web server of the relying customer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the proposed authorization service is jointly developed by the subscribing customer and the certification authority.
  - 3. The method of claim 1 wherein each credential record comprises at least one pair of a role of an individual and an attribute associated with the individual;
    - wherein;
      
      the role of the individual indicates the authority of the individual to execute an action; and
      
      the attribute represents a particular value assigned to the role for the respective individual.
  - 4. The method of claim 3 wherein at least one role is a role from the group of roles consisting of name, title, purchasing authority, and purchasing limit.
  - 5. The method of claim 1 wherein the authority is the authority of the individual to sign a particular document.
  - 6. The method of claim 1 wherein the authority is the authority of the individual to undertake a particular financial or performance obligation on behalf of the subscribing customer.
  - 7. The method of claim 1 wherein the authority is the authority of the individual to purchase a particular class of goods.
  - 8. The method of claim 1 wherein the authority is the authority of the individual to sell a particular class of goods.
  - 9. The method of claim 1 wherein the authority is the authority of the individual to negotiate a particular type of contract.
  - 10. The method of claim 1 wherein the authority is the authority of the individual to perform in a particular manner on behalf of the subscribing customer.
  - 11. The method of claim 1, wherein the request for verification that the individual is authorized to conduct the transaction comprises a dynamic request.
  - 12. The method of claim 1, wherein the request for verification concerning the individual comprises a static request for an attribute of a role associated with the individual.
  - 13. The method of claim 1, wherein after receiving the request, information pertaining to definitions of attributes is used by the transaction coordinator of the issuing participant in preparing an authorization response.
  - 14. The method of claim 1, wherein after receiving the request, information pertaining to mapping terminology from a second customer to the subscribing customer is used by the transaction coordinator of the issuing participant in preparing an authorization response.
  - 15. The method of claim 14, wherein the information pertaining to mapping terminology comprises dynamic mapping information.
  - 16. The method of claim 14, wherein the request seeks confirmation that the individual is authorized to purchase goods on behalf of the subscribing customer.
  - 17. The method of claim 14, wherein the authorization request is bundled with a certificate validation request for the digital certificate of the subscribing customer.
  - 18. The method of claim 17, wherein the authorization response indicates status of the digital certificate of the subscribing customer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IdenTrust, Inc. (Assa Abloy AB)
Original Assignee
IdenTrust, Inc. (Assa Abloy AB)
Inventors
Tallent, Guy S. Jr., Donfried, Paul A., Hicks, George M. (Mack), Lee, Elizabeth
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
Winter, John M

Application Number

US11/398,329
Publication Number

US 20060179008A1
Time in Patent Office

3,150 Days
Field of Search

705 50- 80, 705/76, 705/65, 713/156, 713/172
US Class Current

705/76
CPC Class Codes

G06Q 20/0855   involving a third party

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 30/018   Certifying business or prod...

G06Q 30/06   Buying, selling or leasing ...

H04L 2463/102   applying security measure f...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/104   Grouping of entities

Y10S 707/99939   Privileged access

Provision of authorization and other services

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Provision of authorization and other services

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links