A method for controlling access to protected computer resources provided via an Internet Protocol network that includes registering identity data of a subscriber identity module associated with at least one client computer device; storing (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module, and (iii) authorization data regarding the protect computer resources; receiving the identity data of a subscriber identity module, and a request for the protected computer resources; authenticating (i) the identity data of the at least one access server, and (ii) the identity data of a subscriber identity module; authorizing the at least one client computer device to receive at least a portion of the protected computer resources; and permitting access to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device.
|
26. A method for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the method comprising:
registering, by at least one authentication server, digital identification of an access key associated with at least one client computer device;
storing, by the at least one authentication server i n an associated database, (i) identity data of at least one access server, (ii) the digital identification of an access key associated with the at least one client computer device, and (iii) authorization data associated with the protected computer resources;
receiving, by the at least one access server, (i) the digital identification of an access key associated with the at least one client computer device and (ii) a request for the protected computer resources from the at least one client computer device;
receiving, by the at least one client computer device, an acknowledgement for the request for the protected computer resources from the at least one access server;
forwarding, by the at least one access server, (i) the identity data of the at least one access server and (ii) the digital identification of an access key received from the at least one client computer device to the at least one authentication server;
authenticating, by the at least one authentication server, (i) the identity data of the at least one access server and (ii) the digital identification of an access key associated with the at least one client computer device responsive to the request for the protected computer resources by the at least one client computer device;
authorizing, by the at least one authentication server, the at least one client computer device to receive at least the portion of the protected computer resources, based on the stored authorization data associated with the protected computer resources;
permitting access, by the at least one authentication server, to the at least a portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the digital identification of an access key associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device; and
acquiring, by at least one of the at least one access server and a server associated with the at least one authentication server, for billing purposes, usage data of the at least the portion of the protected computer resources provided to the at least one client computer device.
1. A method for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the method comprising:
registering, by at least one authentication server, identity data of a subscriber identity module associated with at least one client computer device;
storing, by the at least one authentication server in an associated database, (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module associated with the at least one client computer device, and (iii) authorization data associated with the protected computer resources;
receiving, by the at least one access server, (i) the identity data of a subscriber identity module associated with the at least one client computer device and (ii) a request for the protected computer resources from the at least one client computer device;
receiving, by the at least one client computer device, an acknowledgement for the request for the protected computer resources from the at least one access server;
forwarding, by the at least one access server, (i) the identity data of the at least one access server and (ii) the identity data of a subscriber identity module received from the at least one client computer device to the at least one authentication server;
authenticating, by the at least one authentication server, (i) the identity data of the at least one access server and (ii) the identity data of a subscriber identity module associated with the at least one client computer device responsive to the request for the protected computer resources by the at least one client computer device;
authorizing, by the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources, based on the stored authorization data associated with the protected computer resources;
permitting access, by the at least one authentication server, to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device; and
acquiring, by at least one of the at least one access server and a server associated with the at least one authentication server, for billing purposes, usage data of the at least the portion of the protected computer resources provided to the at least one client computer device.
2. The method of
3. The method of
4. The method of
5. The method of
6. The method of
7. The method of
8. The method of
9. The method of
10. The method of
11. The method of
12. The method of
13. The method of
14. The method of
15. The method of
16. The method of
17. The method of
18. The method of
19. The method of
20. The method of
21. The method of
22. The method of
23. The method of
24. The method of
25. The method of
27. The method of
28. The method of
29. The method of
30. The method of
31. The method of
32. The method of
33. The method of
34. The method of
35. The method of
36. The method of
37. The method of
38. The method of
39. The method of
40. The method of
41. The method of
42. The method of
43. The method of
44. The method of
45. The method of
46. The method of
47. The method of
48. The method of
49. The method of
50. The method of
|
The present application is a continuation of application Ser. No. 12/944,473, filed Nov. 11, 2010; which is a continuation of application Ser. No. 11/978,919, filed Oct. 30, 2007, now U.S. Pat. No. 8,127,345; which is a continuation of application Ser. No. 10/230,638, filed Aug. 29, 2002, now U.S. Pat. No. 7,290,288; which are incorporated herein by reference; and which is a continuation-in-part of application Ser. No. 08/872,710, filed Jun. 11, 1997, now U.S. Pat. No. 6,516,416.
1. Field of the Invention
The present invention generally relates to security systems for use with computer networks. More particularly, the present invention relates to a secure transaction system that is particularly adapted for use with untrusted networks, such as the Internet.
2. Description of the Prior Art
There are many businesses that are connected to the Internet or some other untrusted network. Such businesses may provide transaction services without charge for certain transactions that can be accessed by any account holder having access to the network. However, the same business may want to generate revenue from other transaction services and also to protect its business assets. In order to generate revenue, there must be control over account holder access, transaction tracking, account data, and billing. For a business to offer transaction services on an untrusted network, such as the web, it must have access to a web server that connects to the Internet. Any account holder with a web browser can then access the web site.
To implement a secure transaction system for use over the web, businesses need to implement authentication, authorization and transaction tracking. Authentication involves providing restricted access to transaction services that are made available, and this is typically implemented through traditional account holder name-password schemes. Such schemes are vulnerable to password fraud because account holders can share their usernames and password by word of mouth or through Internet news groups, which obviously is conducive to fraudulent access and loss of revenue. Authorization, on the other hand, enables authenticated account holders to access transaction services based on the permission level they are granted. Transaction tracking involves collecting information on how account holders are using a particular web site, which traditionally involved the data mining of web server logs. This information is often inadequate to link web site transaction and a particular account holder who used the web site. There is also no generic transaction model that defines a web transaction, which contributes to the difficulty in implementing an account holder model based upon transactions. Thus, there is a need for an improved secure transaction system and method for securing and tracking usage by a client computer.
The present invention discloses a system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means installed on the first server computer and client software means installed on the client computer(s) adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; the server software means being adapted to selectively request the client computer to forward the identification to the first server computer for confirmation of the hardware key being connected; the clearinghouse means being adapted to authenticate the identity of the client computer responsive to a request for selected services or resources of the first server computer; the clearinghouse means being adapted to authenticate the identity of the first server computer responsive to the client computer making the request; and the clearinghouse means being adapted to permit access to the selected request responsive to successful initial authentication of the first server computer and the client computer making the request; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.
These and other objects of the present invention will be apparent from review of the following specification and the accompanying drawings.
Broadly stated, the present invention is directed to a secure transaction system that is particularly adapted for use with an untrusted network, such as the Internet worldwide web. As used herein, an untrusted network is defined as a public network with no controlling organization, with the path to access the network being undefined and the user being anonymous. A client-server application running over such a network has no control over the transmitted information during all the phases of transmission. The present invention provides a platform for securing transactions between consumers and suppliers on an untrusted network. Because of its superior design and operation, it is capable of operating servers and transaction clearinghouses in a geographically distributed fashion. The present invention implements its platform by restricting transaction services to only authenticated and authorized account holders and by tracking their transaction in a generic transaction model that can be easily integrated to any billing model.
The system has four major components as shown in
With respect to the major components of the system as shown in
With respect to the transaction clearinghouse administration software 32, it preferably resides on a desktop PC with a browser and is connected to the LAN 40 so that it can communicate with the transaction clearinghouse database server 30. This software will typically be on the LAN 40 of the organization so that database access through the administration software 32 is restricted within the organization. Using this administration software, an administrator can define the configuration for the account holder services, administer accounts, demographic data and transaction data. In the present invention, it is contemplated that the demographic data can be personal profile information, which may include at least two of the following items of information including: e-mail address, username, password, personal identification number, billing name, billing address, billing city, billing state, billing zip code, billing country, shipping name, shipping address, shipping city, shipping state, shipping zip code, shipping country, shipping method, home phone number, work phone number, cellular phone number, facsimile phone number, credit card number, credit card expiration date, credit card type, debit card number, debit card expiration date, debit card type, card-holders name, date of birth, and social security number.
With respect to the secure transaction server 34, the software for it is preferably located on the same machine that hosts the web server. It is preferably a Sun Solaris machine or comparable computer. The secure transaction server 34 operates in conjunction with the transaction clearinghouse to authenticate and authorize account holders and to collect their transaction data. The secure transaction server 34 also interacts with the account holder software at the account holder computer 36 to provide transaction capture. The secure transaction server 34 consists of a shared object that is incorporated as a part of the web server software. It also has a collection of common gateway interface programs (CGI's) that implement authentication tasks, such as login and access device polling. A session manager is provided for building sessions for every valid account holder so that a transaction list that contains all of the tasks performed during a account holder's session can be kept. The server also includes a thin client site administration software program that provides a web based visual interface to administer the session manager and maintain account holder profiles. The server sends transaction data to the transaction clearinghouse at the end of every account holder's session and includes added functionality for processing and activating online account applications.
The account holder computer 36 includes software that enables an account holder's web browser to access the untrusted network. The account holder desktop PC contains a browser to access the untrusted network and also includes account holder software for enabling the account holder to access secure transaction services. The account holder software, in addition to enabling the access to a web site providing secure transaction services, also allows for enforcement of the login process, re-authentication process and transaction tracking. All of these features are controlled by the secure transaction server 34, which sends specific commands to the account holder software 36 to perform the tasks as needed. The account holder software is a plug-in or control that adds secure transaction functionality to standard browser software. The account holder also includes a hardware key for providing two or three factor authentication.
The account holder access components preferably use the transmission control protocol/internet protocol (TCP/IP) and transaction datagram protocol/internet protocol (UDP/IP) to communication with each other. Any communication that needs to go through the web server or the web browser will follow the hyper text transfer protocol (HTTP) which is based on TCP/IP. These protocols are well known to those skilled in the art. The account holder's PC accesses web sites using HTTP. The web server and secure transaction server 34 communicate with each other using UDP/IP. The secure transaction server 34 and the transaction clearinghouse 30 preferably communicate with each other using TCP/IP and the transaction clearinghouse servers communicate with a database using open database connectivity (ODBC) drivers most commonly over a TCP/IP network. The transaction clearinghouse administration software 32 communicates with the database using an ODBC driver, most commonly over a TCP/IP or IPX network.
The four main components of the preferred embodiment of the system as described with respect to
The manner in which the preferred embodiment of the system operates in the web environment can be broadly seen by the functional block diagram of
While the steps that have been described with respect to
Rather than describe the functions of the blocks of
The manner in which the system translates into the preferred embodiment in the web environment will be described in connection with the functional block diagram illustrated in
The transaction clearinghouse 30 also has an account holder authentication daemon 58 that processes the requests for account holder authentication by the secure transaction servers 34. A daemon 58 is a program that is not invoked explicitly, but lays dormant waiting for one or more necessary conditions to occur such as an incoming request from one of its client programs. For every account holder authentication request, the account holder authentication daemon 58 first insures it is communicating with an authentic secure transaction server 34, and then it queries the transaction clearinghouse database server 56 to find the account holder's information. Based on this information, it sends an authentication response back to the secure transaction server 34. The account holder authentication daemon 58 also processes the secure transaction server's request for an online account holder application and an online account holder activation.
The transaction clearinghouse 30 also includes a transaction daemon 60 that is an independent server process that processes transaction data update requests made by secure transaction servers 34. Similar to the account holder authentication daemon 58, the transaction daemon 60 authenticates secure transaction servers before processing their requests. Upon successful authentication, it will accept all of the transaction data sent by a server and update the transaction clearinghouse database 56 with it. The transaction daemon 60 also authenticates secure transaction servers 34 before processing their request. The transaction clearinghouse 30 has administration software 64 that provides a visual interface on a computer with a web browser to administer the transaction clearinghouse database 56.
With respect to the secure transaction server 34, it runs in conjunction with a web server and is able to provide secure transaction services using the system of the present invention. The secure transaction server 34 authorizes each web transaction that involves account holder access of transaction services and does so by communicating with the account holder software 36 to make the account holders login. If the login is successful, the secure transaction server 34 initiates a session and collects all transaction data so that at the end of a session it can send the transaction data to the transaction clearinghouse. The secure transaction server also provides the functionality of session re-authentication. The secure transaction server includes a number of subcomponents including the session manager 52 which is a server process that processes messages sent by an account holder access shared object 66, an account holder access common gateway interface programs (CGI's) 68 and the transaction clearinghouse 30.
When an account holder 36 tries to log into a secure transaction system enabled web site, the session manager 52 communicates with the transaction clearinghouse 30 to authenticate the account holder. If successful, the session manager will start a new session for the account holder and from that point on, the account holder can access transaction services. Each web transaction during the session is reported to the session manager by the shared object 66 so that the session manager 52 can build a list of transactions for the account holder. At the end of the session, the session manager will send all of the session data and transaction data to the transaction clearinghouse 30 to update the database. If the system is utilizing two or three factor authentication (e.g., the username, password, PIN plus the digital ID generated by the access media read by the hardware key attached to the account holder's computer), the session manager 52 periodically communicates with the shared object 66 to perform re-authentication which involves polling of the account holder software 36 to insure that the hardware key 54 continues to be attached to the account holder computer.
The server shared object 66 is a binary module which provides function pointers to a web server 69 to perform secure transaction server 34 specific operations. To enable this, the server configuration files need to be changed so that the web server 69 knows which transaction services are provided by the secure transaction system. In this way, whenever an account holder attempts to access a transaction service, the server will call upon the account holder access functions that are defined in the shared object 66 and the web server 69 will not process the request for transaction services until it receives permission to do so from these functions. The functions in the shared object 66 insure that the account holder is operating as a valid session. If it is not a valid session, the functions redirect the account holder to the login process so that a new session can be created for the account holder. Once there is an active session, the shared object 66 will grant permission to the web server 69 to process requests for transaction services and once the request has been processed, the shared object sends a message to the session manager 52 about a particular transaction so that the session manager can update its lists of transactions for the active session.
There are a number of account holder access common gateway interface programs (CGI'S) that are a part of the secure transaction server 34, including a login CGI 68. Any time an account holder is redirected by the system shared object 66 to login and start a new session, the login CGI gets executed. These CGI's communicate with the account holder software to authenticate the secure transaction server and send a command to force the account holder to login. When the CGI's get the login parameters sent by the account holder software 36, they send a request to the session manager 52 to authenticate the account holder and start a new session. There is also a re-authentication CGI 70 that is provided. Once a session has been initiated, periodically the shared object 66 will redirect the account holder to get re-authenticated. The re-authentication CGI 70 communicates with the account holder software 36 to poll the account holder's machine for the hardware key 54, and based upon the response, the re-authentication CGI's communicates with the session manager 52 to validate re-authentication and renew the account holder session.
The secure transaction server 34 also includes an online account holder application and activation CGI's 74 which allow a person to apply online for transaction services. The CGI's collect the application data and send it to the transaction clearinghouse 30 that updates the account holder access database. Also, for an existing account holder who is trying to apply for another account, the CGI's will communicate with the transaction clearinghouse to get the account data on the account holder in order to fill out as much of the application automatically as it can. The activation feature is for users who have been approved and are trying to access secure transaction services for the first time. The CGI's for activation insure that the account holder has properly installed the account holder software and then these CGI's will send a message to the transaction clearinghouse to activate the account holder so that these approved users can access the new service. A site administration CGI 76 is another component included for providing an HTML visual interface to define the account holder profile and administer the session manager 52 for that particular account holder profile.
The account holder software 36 is installed on the account holder's personal computer. This software enables a web browser 77 to access the transaction services 78 provided by the secure transaction server. The account holder software is a plug-in or control that adds secure transaction functionality 79 to standard browser software. The account holder software accepts messages from the web server 69 and takes actions as commanded by the secure transaction server such as making the account holder login, polling for the optional hardware key, encrypting the login parameters and sending it to the secure transaction server. The account holder software also authenticates the server 34 before accepting any commands from it so that only authenticate servers can command the account holder software.
Referring to
Referring to
The online application CGI's 74 interact with the account holder authentication daemon 58 to process an online account holder application. Normally, users fill out an online application form and submit it to one of the online application CGI's which will send all the application data in the form of an application (AP) message to the account holder authentication daemon. The daemon will verify and update the database with the application information and send back an application response (PR) message to the application CGI's indicating the status of the database update.
In cases where an existing account holder is applying for another account, the application CGI's 74 communicate with the account holder authentication daemon 58 to get the account holder information on the current account holder so that the application form can be filled automatically. In order to do this, one of the application CGI's 74 sends a verify application (VA) message to the account holder authentication daemon 58. The daemon will query the transaction clearinghouse database server 64 to verify the applicant and get the account holder information. Based on the query results, it will send a verification response (VR) back to the application CGI 74 which will contain the account holder information. The application CGI 74 will fill out the account holder part of the application form with this information. The account holder fills out the rest and submits the form that gets processed through the AP/PR message mentioned previously.
Once a user has been approved, the user needs to activate the account in order to access transaction services. This can be done online through the online activation CGI's 74. Typically, an approved user (i.e., an account holder) will have to login in order to access the online activation CGI 74, which in turn sends an AA (Activate Applicant) message to the account holder authentication daemon 58 with the approved user's login parameters. The daemon 58 will query the transaction clearinghouse database server 64 to validate this information, and based on the validation results, it will send back an activation response (AR) message to the online activation CGI.
For web applications that need credit card information on account holders, the account holder authentication daemon 58 provides an API to do so. This also assumes that the account holder has logged in successfully and has an active session, which means these web applications need to be secured. In order to obtain the credit card information, these web applications can send a CC (credit card) message to the account holder authentication daemon 58. The daemon will first validate the account holder and if the validation is successful, it will send back a credit response (CR) to the credit card processing web application 78 that includes the account holder's credit card information.
Referring to
As shown in
If the SR message has a SUCCESS status, the shared object 66 grants permission to the web server 69 to process the request for the account holder to access transaction services. At the end of processing this request, the shared object 66 calls another secure transaction system function that sends an end transaction (ET) message to the session manager so that the session manager 52 can log the end time for the specific web transaction. Periodically, the SR message will ask the shared object 66 to perform session re-authentication. At such times, the shared object 66 redirects the account holder to re-authentication CGI's 70.
With the system architecture, transactions are protected on a directory level. A web master or a system administrator needs to determine which transactions are to be protected and make sure that all these transactions are organized in separate directories from unprotected transaction services. In this way, the web server configuration can be changed to protect these particular directories using the secure transaction system. Among other things, the configuration parameters also need to state where the session manager 52 is running and the port where it is listening for UDP requests. If there are multiple account holders being hosted from the same web servers 69, it is very important to have their transaction services contained in separate directories, and also very important is to have separate copies of session managers 52 running for each account holder. This ensures that account holder authentication, authorization, and transaction tracking is done separately for separate account holders.
The secure transaction server session manager shown in
The session manager 52 maintains a binary tree list of all the active account holder sessions. For every session, it maintains a linked list of all the transactions for that session. As stated in the description of the shared object 66, every time a web request comes in for a transaction service, the web server 69 will invoke the shared object 66. The shared object 66 looks at the web server configuration files to determine which session manager 52 (hostname and UDP port number) to send its check session (CS) message. In processing a CS message, the session manager 52 will traverse its list of active sessions looking for the particular session ID, and sends the result of this search back in a session response (SR) message.
During login, the login CGI's 68 send an initiate session (IS) message to the session manager 52, which will read the login parameters, and send an authenticate login (AL) message to the transaction clearinghouse account holder authentication daemon 58. The session manager 52 will read the account holder authentication daemon's 58 authentication response (AR) and determine whether or not to create a new session entry, and sends a session response (SR) back to the login CGI's 68 indicating the result of the session initiation process.
While processing a CS message sent by the shared object 66, periodically the session manager 52 will find that a particular session needs to be re-authenticated. In such instances, the session manger 52 will respond back to the shared object 66 with a session response (SR) message that tells the shared object 66 to initiate the re-authentication process. The shared object 66 in turn invokes the re-authentication CGI's 70. The re-authentication CGI's 70 perform the re-authentication task with the account holder software 36, and sends the results in a renew session (RS) message to the session manager 52. The RS message contains the newly encrypted digital ID optionally stored on the access media which is read by the hardware key 54 attached to the account holder's machine. The session manger 52 authenticates the digital ID by comparing it to the information it has in the session entry for the particular account holder. The results of this authentication are sent back to the re-authentication CGI 70 in a session response (SR) message.
During specific time intervals as set in the session manger 52 configuration, the session manager goes through its list of sessions and times out any idle sessions, flagging them as inactive. These are sessions that have not had an activity in the last n seconds, where n is a session manager configuration (REFRESH_TIME) value. For each one of these inactive sessions, the session manager 52 initiates a process that will send all the transaction data collected for that session to the transaction clearinghouse's transaction daemon 60. The process first reads the session-entry and sends a transaction session (US) message that will tell the transaction daemon 60 how many transaction entries will be sent for that session. The US message is followed by a series of session transaction (ST) messages where each ST message represents a transaction for that session. The process terminates after sending all the US and ST messages. The transaction daemon 60 will update the transaction clearinghouse database with all the transaction data, and sends a message confirmation (MC) message back to the session manager 52. The session manager 52 determines which specific session the MC message is for, and deletes that session and its transactions from its list. If the MC message status is not successful, the session manager 52 tries to resend the transaction data. The number of retries is set in the session manager 52 configuration. If it is still unsuccessful, then the session manger 52 sends an e-mail to the system administrator indicating the error in transaction data update.
Another entity that the session manager 52 performs processing for is the site administration CGI's 76. The specific operations provided are data recovery, data dump, and data restore features. During data recovery, the site administration CGI's 76 send a DR (data recovery) message to the session manager 52. The session manager 52 will retry sending the transaction data for the session(s) specified in the DR message to the transaction clearinghouse's transaction daemon 60.
During a data dump, the site administration CGI 76 sends a data dump (DD) message to the session manager 52 who makes a copy of all the active session data into a flat text file under the filename specified in the DD message. During a restore dump, the site administration CGI 76 sends a restore dump (RD) message to the session manager 52 who reads the dump file as named in the RD message and builds its list of sessions and transactions from the dump file data. To all these messages (DR, DD, RD), the session manager 52 sends a SR message back to the site administration CGI's 76 indicating the results of the particular operations whether they were successful or not.
Referring to
The login CGI's 68 take the encrypted login parameters sent by the account holder software 36 and send an initiate session (IS) message to the session manager 52. The session manager 52 conducts the account holder verification with the aid of the transaction clearinghouse 30 and sends back a session response (SR) indicating if a new session entry was created. If SR status is successful, the login CGI 68 will put the session ID in the HTTP headers for re-authentication purposes.
As shown in
Referring to
When the application form is submitted to the web server 69, the application data is sent to another application CGI 74 who will send an application (AP) message to the account holder authentication daemon 58. The daemon 58 will verify all the application data and update the transaction clearinghouse database. The result of the database update is sent back to the application CGI 74 in an application response (PR) message. The application CGI 74 will then display the result of this process to the user on the web browser 77.
The application approval process can be conducted in a variety of ways. For account holders offering one-factor authentication only, where a hardware key 54 is not used, a user can be instantly approved during the time of application, in which case the PR message contains the username, password, PIN assigned to the user. This information is immediately displayed back to the user so that the user can quickly proceed with the account holder activation process. Alternatively, another method is not approving the application immediately. Instead, a system administrator will perform additional processing of the application data to ensure that the user meets all the prerequisites of being an account holder. This could involve things like collecting payment, credit checks, etc. Once the requirements are met, the system administrator can approve the user using the transaction clearinghouse administration application software.
The result of the application approval process is that the user will now be assigned a unique account username and a password. If the account holder uses two-factor authentication, the approval process also involves assigning a unique digital ID to the user, and microcoding that digital ID into the access media read by the hardware key 54. All this information (username, password, PIN, digital ID), the user's hardware key and access media 54, and the account holder software 36 need to be made available to the approved user so that the user can successfully install the hardware key and account holder software 36 on the desktop, and proceed with the activation process.
The activation process is complete when the user becomes an account holder for a particular set of transaction services. Similar to the application process, this can be done through either online or through the account holder administration software 32. Online activation requires an approved user to install the account holder software on their desktop and visit the activation URL using the web browser 77. When the user clicks on the activation URL, the user must login. At this point, the approved user will use the username, password, PIN and the hardware key when using a two-factor authentication login. The activation CGI 74 takes all this information and sends an approve user (AU) message to the transaction clearinghouse's account holder authentication daemon 58. This daemon 58 will accept the AU message, and verify all the information with the approved user's information in the transaction clearinghouse database. If the verification is successful, the account holder authentication daemon 58 will create a new account holder record for the user if there is not already one, and also create a new account holder record for the particular account holder(s) for which the user was approved for. The result of this process is sent back to the activation CGI in an activation response (RA) message. If RA message status is successful, the activation CGI 74 will display a successful activation message to the account holder, and give the account holder an option to change their password if desired. Otherwise, the activation CGI 74 will display the error message explaining why application activation could not be conducted successfully.
A feature of the online application and activation process is the password change feature that can be made available as a separate link in a secured web site. This link must be protected by the system so that only valid account holders can use this feature. When this link is accessed, a password/PIN change form is displayed to the account holder where they type in the old and new passwords/PINs. Once this form is submitted, a password/PIN change CGI 82 will send a change password/PIN (CP) message to the account holder authentication daemon 58 in the transaction clearinghouse that will verify the account holder and the old password/PIN. If the verification is successful, the account holder authentication daemon 58 will make the password/PIN change in the transaction clearinghouse database. The status of this process is sent back to the password change CGI 82 in a password/PIN response (RP) response. Based on the RP message status, the password/PIN change CGI will display a message to the account holder indicating whether the password/PIN change was carried out successfully.
As shown in
During data dump, the site administration CGI 76 sends a data dump (DD) message to the session manager 52 that makes a copy of all the active session data into a flat text file under a specified filename in the DD message. During restore dump, the site administration CGI 76 sends a restore dump (RD) message to the session manager 52, which reads the named dump files(s) from the RD message and builds a list of sessions and transactions from the dump file data. For any of these messages (DR, DD, RD), the session manager 52 sends a SR message back to the site administration CGI's 76 for indicating the results of success or failure for these particular operations.
FLOWCHART
REFERRED EMBODIMENT
COMPONENTS
ONTO WEB ENVIRONMENT
Client Application
Web browser
Client Messenger
a module of account holder software
Server Authenticator
a module of account holder software
Log-in interface
a module of account holder software
Access device interface
a module of account holder software
Client Cryptographer
a module of account holder software
Content Controller
a module of account holder software
Network transaction tracker
a module of account holder software
Server Application
Web Server
Communication Headers
HTTP headers
Client Authenticator
a module of Shared Object for Web Server
Transaction Monitor
a module of Shared object for Web Server
Log-in Enforcer
Log-in CGI's
Access device Validator
Re-authentication CGI's
Session Validator
a module of Session Manager
Session Initiator
a module of Session Manager
Session Terminator
a module of Session Manager
Authentication Server
Transaction clearinghouse Account holder
authentication daemon
Transaction Data Server
Transaction clearinghouse Transaction
daemon
Referring to
A flow chart of the login, account holder authentication, and session initiation subroutine is shown in
The subroutine of the transaction service and logging process (block 16) is shown in
In accordance with an important aspect of the present invention, the system is preferably adapted to periodically re-authenticate an active session to prevent unauthorized use by someone who no longer has the hardware key 54 connected to his computer. With respect to the re-authentication process, and referring to
From the CS message, the session validator searches for a session entry in its list of active sessions (block 212) and determines whether an activate session entry was found (block 214). If not, the session validator sends an unsuccessful session response to the client authenticator (block 216) and the client authenticator denies permission to service the request (block 206). The server application would again direct the account holder to the login enforced to start a new session (block 208). If an active session is found (block 214), then the session validator checks for the time of the last polling of the account holder's machine to determine whether the hardware key 54 is present (block 218). The time duration is checked to determine if the preset time limit has been exceeded (block 220), and if it has not, then the system goes to the subroutine of the transaction service and logging step (block 170) (see
With respect to the session renewal and referring to
With respect to session termination and referring to
In accordance with another important aspect of the present invention, and referring to
In
In accordance with another important aspect of the present invention, and referring to
Two types of devices, a reader and a terminal can read magnetic cards. A reader is interfaced to a personal computer for the majority of its processing requirements, while a terminal is a self-contained processing device. Magnetic card readers are available that interface to RS232 serial ports, USB ports, PCMCIA slots, parallel ports, infrared IRDA ports and keyboards. Terminals have their own operating systems and in addition to reading a magnetic card typically support other functions such as network connectivity, transaction printing, and keypad entry. Both terminals and readers are considered access devices 501 in the context of the preferred embodiment.
For example, a magnetic card reader can be attached to a personal computer (PC) and serves the role of an access device. The magnetic card reader connects in-line between a PC and its keyboard. The magnetic card reader is intended to remain virtually invisible to both the PC and the keyboard until a magnetic card is read. When a magnetic card is read, the magnetic card reader takes over the interface to the PC and sends card data using the same scan codes used by the keyboard. These scan codes are routed to the account holder software 36. Magnetic card readers also support the operation of a keypad that can be used to enter one or any combination of username, password or PIN codes in addition to the digital ID read from the access media by the access device.
In accordance with another important aspect of the present invention, and referring to
Two types of devices, a reader and a terminal can read smart cards. A reader is interfaced to a personal computer for the majority of its processing requirements, while a terminal is a self-contained processing device. Both are considered access devices in the context of the preferred embodiment. Both the terminals and the readers read and write to smart cards. Readers come in many forms and in a wide variety of capabilities. Smart card readers that interface to RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots, parallel ports, infrared IRDA ports and keyboards are presently available. Smart card terminals have their own operating systems and typically support other functions such as reading a magnetic card, network connectivity, transaction printing, and keypad entry. Both the terminals and the readers are considered access devices 504 in the context of the preferred embodiment.
Smart cards have the tremendous advantage, over their magnetic stripe ancestors, of being able to execute cryptographic algorithms locally in their internal circuitry. This means that the user's secrets (be these PIN codes or keys) never have to leave the boundaries of the tamper-resistant silicon chip, thus bringing maximum security to the overall system where the cards are used. Smart-cards contain special-purpose microcontrollers with built-in self-programmable memory and tamper-resistant features intended to make the cost of a malevolent attack more than any benefits gained from the attack. Smart Card readers can also support the operation of a keypad that can be used to enter one or any combination of username, password or PIN codes in addition to the digital ID read from the access media by the access device.
In accordance with another important aspect of the present invention, and referring to
A biometric system works by capturing the chosen biometric with a biometric reader. The reader converts the biometric into a digital identification that is stored in a local repository for comparison during authentication. In the case of the preferred embodiment, the biometric reader 506 is equivalent to the access device; the biometric identification data 507 is equivalent to the digital ID created when the access device reads the fingerprint 508 access media; and the local repository that stores the biometric identification data can be the transaction clearinghouse. When logging into the secure transaction system, the account holder would have the chosen biometric (e.g., access media—fingerprint, palm, etc.) scanned by the biometric reader 506, forwarded to the clearinghouse using the previously described log-in process (
In accordance with another important aspect of the present invention, and referring to
The root of trust is a small hardware device called a Trusted Platform Module (TPM) 510. The TPM 510 is basically a secure controller that provides features like secure memory, cryptographic sign/verify, and an immutable key pair used to generate anonymous identities. In the preferred embodiment, the CPU and its associated platform 511 is the access device and the secure memory of the TPM 510 preferably acts as the access media and holds several types of unique digital IDs. Together they provide secure CPU functionality and provide all the functions of the account holder's PC. Another important feature of the TPM 510 is the possibility of producing random numbers. The TPM 510 can create digital signatures using the random number generator as the source of randomness required by the digital ID generation process. In order to generate a unique digital ID, each single TPM 510 has a unique key that identifies the TPM.
With these capabilities, the TPM 510 is able to produce a statistically unique digital fingerprint of the PC's basic input/output system (BIOS) firmware at boot time. This fingerprint is also called an integrity metric or cryptographic digest. Once this metric is available, it is saved in the TPM's secure memory location. During the PC boot process, other integrity metrics are collected from the PC platform, for instance, fingerprints of the boot loader and the operating system itself. Device drivers may be hashed; even hardware like PCI cards can be detected and identified. Every metric of the TPM 510 is concatenated to the already available metrics. This generates a final metric, which provides a unique digital ID for the PC.
The digital ID can also be used to encrypt other unique digital identification including account numbers, digital certificates, etc., and store the results in the protected storage of the TPM. The protected storage of the TPM is essentially non-volatile storage that has a means of access control. This access control determines which entities (e.g., user, programs, etc.) have permission to read, write, modify, and update the secure memory of the TPM. It is assumed that protected storage has some form of access control protocol that is used to protect against certain kinds of attack.
A distributed architecture of the system software enabling multiple web servers 69, each of which may host their own copy of a server 34 to communicate and interact with one or more transaction clearinghouses 30 is shown in
When an account holder attempts to access a transaction service from any secure transaction enabled web sites, the respective server 69 for that web site will need to authenticate the account holder. In order to perform account holder authentication, the secure transaction server will need to interact with the system transaction clearinghouse 30 by establishing and maintaining a communication line between itself and the transaction clearinghouse. The information transmitted on this communication line is encrypted using a public/private key mechanism so that only authentic servers and an authentic transaction clearinghouse can communicate with each other. The server 69 also implements the same mechanism in sending transaction data to the transaction clearinghouse's data warehouse.
The other secure transaction servers interact with the transaction clearinghouse 30 in the same manner. Thus a transaction service can host several geographically distributed secure transaction enabled web sites. Once an account holder is authenticated at one of the system enabled web sites, that account holder can access other likewise enabled web sites transparently using the same username, password, PIN combination, and the optional digital ID read from the access media by the hardware key 54, without having to again provide their username, password, PIN, and optional digital ID thus creating a single sign-on scenario where transaction services and computer resources can be accessed from a multitude of sources. All the transaction data generated by the account holder on all these different enabled web sites will be reported back to the transaction clearinghouse, regardless of how the account holder accesses the different enabled web servers 69. In the configuration of
This also presents the possibility of transaction clearinghouses forming alliances with one another. For instance, in our example above, let's suppose transaction clearinghouse A and transaction clearinghouse B form a joint agreement that they will let each other's account holders access each other's account holder services, and each transaction clearinghouse will pay a share of the dividend to the other based on transaction volumes. In order to do this, system servers will need to be configured to perform authentication from both transaction clearinghouses. As a result, an account holder who is registered with transaction clearinghouse A can access account holder services that fall under transaction clearinghouse B.
With regard to the case of server 1 hosting account holders A and B, since now an account holder registered with transaction clearinghouse A can also access account holder services that fall under transaction clearinghouse B, account holder “a” should be able to access account holder B through server 1. In order to do this, the server 1 will need to change its configuration so that it is able to separate transaction clearinghouse A account holders from transaction clearinghouse B account holders. When account holder “a” tries to access transaction services, secure transaction server 1 will interact with transaction clearinghouse A to do authentication, and if it is account holder “b”, secure transaction server 1 will interact with transaction clearinghouse B.
However, the transaction data for a particular account holder will be sent to the transaction clearinghouse that owns the account holder. So even if account holders from transaction clearinghouse A can now access account holder B, all their transaction data will still be sent to transaction clearinghouse B. Thus, all of account holder “a” is transaction data regarding account holder B and go to transaction clearinghouse B. In this way, transaction clearinghouse B knows how many account holders from other transaction clearinghouses have accessed account holders that belong to transaction clearinghouse B, and based on that data, transaction clearinghouse B will be able to charge other transaction clearinghouses.
In accordance with another aspect of the present invention, the manner in which messages are sent among the various components will now be described in connection with the preferred embodiments of the programs that are utilized by the system. In this regard, the following is a listing of the software products that are part of the preferred embodiment of the present invention. The documents identified are specifically incorporated by reference.
Account Holder Database
Product: Sybase SQL Server XI
Installing Sybase SQL Server for Microsoft Windows NT
Sybase SQL Server Release 11.0.x
Document ID: 34714-1101-02
Last Revised Mar. 6, 1996
Introducing Sybase SQL Server for Microsoft Windows NT
Sybase SQL Server Release 11.0.x
Document ID: 31965-1101-02
Last Revised Feb. 10, 1996
Configuring and Administering Sybase SQL Server for Microsoft Windows NT
Sybase SQL Server Release 11.0.x
Document ID: 36446-1101-02
Last Revised Feb. 22, 1996
Installing Sybase Products on Sun Solaris 2.x (SPARC)
Open Client/Server Release 11.1.x
Document ID: 35075-1100-03
Last Revised Sep. 10, 1996
Open Client/Server Configuration Guide for UNIX
Open Client/Server Release 11.1.x
Document ID: 35831-1100.quadrature.02
Last Revised Aug. 21, 1996
Open Client/Server Programmer's Supplement for UNIX
Open Client/Server Release 11.1.x
Document ID: 35456-1100-04
Last Revised Aug. 23, 1996
Sybase SQL Server Utility Programs for UNIX
Sybase SQL Server Release 10.0
Document ID: 30475-01-1000-04
Change Level: 1
Last Revised Feb. 1, 1994
Sybase SQL Server System Administration Guide
Sybase SQL Server Release 10.0
Document ID: 32500-01-1000-03
Change Level: 3
Last Revised Jun. 17, 1994
Sybase SQL Server Reference Manual: Volume 1 Commands, Functions, and Topics
Sybase SQL Server Release 10.0
Document ID: 32401-01-1000-03
Change Level: 2
Last Revised Jun. 17, 1994
Sybase SQL Server Reference Manual: Volume 1 System Procedures and Catalog Stored Procedures
Sybase SQL Server Release 10.0
Document ID: 32402-01-1000-03
Change Level: 2
Last Revised Jun. 17, 1994
Sybase SQL Server 11 Unleashed
by Ray Rankins, Jeffrey R Garbus, David Solomon, and Bennett W McEwan
ISBN #0-672-30909-2
Library of Congress Catalog Card #95-72919
Sams Publishing, 201 West 103rd Street, Indianapolis, Ind. 46290
Copyright© 1996
Sybase Developer's Guide
by Daniel J Worden
ISBN #0-672-30467-8
Library of Congress Catalog Card #93-87172
Sams Publishing, 201 West 103rd Street, Indianapolis, Ind. 46290
Copyright© 1994
ODBC Driver
Intersolv DataDirect ODBC Drivers
October 1995
9420 Key West Avenue
Rockville, Md. 20850
MA-ODBC-211-DREF
Intersolv DataDirect ODBC Drivers Installation Guide
Microsoft Windows, Microsoft Windows 95, Microsoft Windows NT, and OS/2
October 1995
Key West Avenue
Rockville, Md. 20850
MA-ODBC-211-INST
Intersolv ServiceDirect Handbook
Fourth Edition November 1995
Copyright© 1995
Intersolv, Inc.
9420 Key West Avenue
Rockville, Md. 20850
QCS95-S-0231
Inside ODBC by Kyle Geiger
ISBN #1-55615-815-7
Library of Congress Catalog Card #95-18867
Microsoft Press
Copyright© 1995
Server Application (Web Server)
Product: Netscape Enterprise Server
Netscape Enterprise Server Version 2.0 Administrator's Guide
Copyright© 1996
Netscape Communications Corporation
501 East Middlefield Road
Mountain View, Calif. 94043
802-7610-10
Netscape Enterprise Server Version 2.0 Programmer's Guide
Copyright© 1996
Netscape Communications Corporation
501 East Middlefield Road
Mountain View, Calif. 94043
802-7611-10
Client Application (Web browser)
Product: Netscape Navigator
Netscape Navigator Gold Authoring Guide
Copyright© 1996
Netscape Communications Corporation
501 East Middlefield Road
Mountain View, Calif. 94043
802-7612-10
Using Netscape
ISBN #0-7897-0211-8
Library of Congress Catalog #95-67809
Copyright© 1995
Que Corporation
201 W. 103rd Street
Indianapolis, Ind. 46290
Hardware Key
Product: iKey 1000 Smart Token (Hardware Token)
Rainbow Technologies, Inc.
50 Technology Drive
Irvine, Calif. 92618
Product: Mag-Wedge Reader (Magnetic Card Reader)
Magtek
20725 South Annalee Avenue
Carson, Calif. 90746
Product: GemPC430 (Smart-Card Reader)
Gemplus Corporation
3 Lagoon Drive
Redwood City, Calif. 94065-1566
Product: FIU/SS2K (Fingerprint Biometric Reader)
Sony Electronics, Inc.
1 Sony Drive
Park Ridge, N.J. 07656-8002
Product: TPM (Trusted Platform Module—Secure CPU)
Infineon Technologies North America Corporation
1730 North First Street
San Jose, Calif. 95112
The secure transaction system (STS) is the preferred embodiment of the present invention in the web environment. The following table lists the STS software components as they relate to the present invention:
Preferred Embodiment Component
STS software component
Transaction clearinghouse user authentication
userauthd
daemon
Transaction clearinghouse transaction daemon
transactiond
Transaction clearinghouse administration
ch_admin.exe
software
STS Server Session Manager
sessiond
STS shard object for Web server
sts.so
STS log-in CGI's
start_login.cgi
login.cgi
vrfypswd.cgi
STS re-authentication CGI's
check_key.cgi
verify_key.cgi
STS online application CGI's and HTML
application.html
application.cgi
account holder.cgi
verify_applicant.cgi
STS online activation CGI's
activate.cgi
check_activate.cgi
STS password change CGI's
pswd_chg_form.cgi
chg_pswd.cgi
STS Site Administration CGI's
add_profile.cgi
del_subs.cgi
srvconf.cgi
admin_subs.cgi
profile.cgi
stadmin.cgi
chng_srvconf.cgi
data_dumprestore.cgi
smgr_restart.cgi
upd_profile.cgi
data_recovery.cgi
smgr_start.cgi
upd_subs.cgi
del_profile.cgi
smgr_stop.cgi
STS Account holder software
STS Client Plug-in
STS ActiveX component
Following is a description how these STS components can be configured, initialized, and how their day-to-day operation can be monitored. It should be understood that the component names used in these descriptions are specific to STS, and the procedures described to perform the day-to-day operation are specific to STS components, more so as an example of the preferred embodiment of the present invention in the web environment.
With respect to the configuration files that are necessary for operating the various software components of the system, each component has its own configuration file as shown below:
Daemon/Server
Configuration Filename
User Authentication
userauthd.conf
Transaction
transactiond.conf
Session Manager
sessiond.conf
Web Server
magnus.conf
obj.conf
mime.types
Each daemon accepts the name of its configuration file as a command line argument when starting the daemon. The format of the command line is:
<daemon name><configuration file>.
The transaction clearinghouse daemons can be started by using standard shell scripts.
For the account holder authentication daemon userauthd.conf), the following configuration files apply:
PARAMETER
DESCRIPTION
logdir
Absolute pathname specification of the directory which
this daemon is to create its log files in. Two instances of
the same daemon type (e.g., userauthd) cannot log to the
same directory. The daemon will not start up if it is un-
able to write to the directory.
service
Specifies the TCP port number which the daemon is to
use to listen for requests. This can be a numeric or
alphanumeric entry. If the entry is alphanumeric, there
should be a corresponding entry in the/etc/ services/file.
dbserver
The name of the database server to connect to. This entry
should correspond to an entry in the database server
interface file.
dname
The name of the database to use. A database server can
control many databases.
dbuser
The name of the database user to use when connecting to
the database. Database users can be used to control what
processes (or daemons) can connect to the database and
also what permissions they have when they connect.
Typically all transaction clearinghouse components will
use the same database server name, database name,
database username and hence database user password
entries in their configuration files.
dbpswd
The password to use for the above database user.
The file permissions for this configuration should be set
according knowing that it contains a database username
and password.
For the transaction daemon (transactiond.conf), the following configuration files apply:
PARAMETER
DESCRIPTION
logdir
Absolute pathname specification of the directory which
this daemon is to create its log files in. Two instances of
the same daemon type (e.g., transactiond) cannot log to
the same directory. The daemon will not start up if it is
unable to write to the directory.
service
Specifies the TCP port number which the daemon is to
use to listen for requests. This can be a numeric or
alphanumeric entry. If the entry is alphanumeric, there
should be a corresponding entry in the/etc/services/file.
dbserver
The name of the database server to connect to. This entry
should correspond to an entry in the database server
interface file.
dname
The name of the database to use. A database server can
control many databases.
dbuser
The name of the database user to use when connecting to
the database. Database users can be used to control what
processes (or daemons) can connect to the database and
also what permissions they have when they connect.
Typically all transaction clearinghouse components will
use the same database server name, database name,
database username and hence database account holder
password entries in their configuration files.
dbpswd
The password to use for the above database user.
The file permissions for this configuration should be set
according knowing that it contains a database username
and password.
For the session manager (sessiond.conf), the following configuration files apply:
Parameter
Description
SESSIOND_UDP_PORT
Specifies the UDP port which the
session manager will use to list for
requests from CGI programs.
SESSIOND_TCP_PORT
Specifies the TCP port which the
session manager will use to listen
for replies from the transaction
clearinghouse.
TRANSACTION_
CLEARINGHOUSE_HOST
The UNIX host name that the
transaction clearinghouse server is
running on. When the session
manager communicates with the
transaction clearinghouse, this entry
forms part of the address.
TRANSACTION_
CLEARINGHOUSE_PORT
This entry specifies the TCP port
which the session manager should
use when communicating with the
transaction clearinghouse transaction
daemon. The session manager uses
this entry and the TRANSACTION
CLEARINGHOUSE_HOST entry
to build the complete address for the
transaction daemon. This port
number should match the port
number defined in the service entry
of the transaction daemons
configuration file.
TRANSACTION_
CLEARINGHOUSE_URL_PORT
This entry specifies the TCP port
which the session manager should
use when communicating with the
transaction clearinghouse URL
tracking daemon. The session
manager uses this entry and the
TRANSACTION
CLEARINGHOUSE_HOST entry
to build the complete address for the
URL tracking daemon. This port
number should match the port
number defined in the service entry
of the URL tracking daemons
configuration file.
TRANSACTION_
CLEARINGHOUSE_AUTH_PORT
This entry specifies the TCP port
that the session manager should use
when communicating with the
transaction clearinghouse account
holder authentication daemon. The
session manager uses this entry and
the TRANSACTION
CLEARINGHOUSE_HOST entry
to build the complete address for the
account holder authentication
daemon. This port number should
match the port number defined in the
service entry of the account holder
authentication daemons
configuration file.
COMPANY_NO
Unique ID assigned to each company
defined with the secure transaction
server system.
ACCOUNT HOLDER_ID
Unique ID assigned to each account
holder defined for a company in the
secure transaction server system.
KEYCHECK_INTERVAL
The number of seconds that will
elapse before the secure transaction
server asks the browser to check for
the existence of the access device.
REFRESH_TIME
The amount of time (in seconds)
that must expire without any session
activity before a session is
considered inactive and terminated.
SESSION_REFRESH_INTERVAL
The amount of time (in seconds) that
must elapse with no new connection
requests to the secure transaction
server, which will cause the secure
transaction server to stop listening
for incoming connections and go
examine the its internal session table
to see if any sessions have become
idle (refresh time has expired for the
session). It will clean up idle sessions
and resume listening for incoming
connection requests.
LOCAL_TRANSACTION_TRACK
Indicates if the transaction tracking
data is stored locally as well as being
sent to the transaction clearinghouse
for storage. Valid entries are YES
or NO.
MAX_RESEND_NO
If the secure transaction server does
not get a confirmation message back
from the transaction clearinghouse
for information it sent to the secure
access transaction clearinghouse, the
secure transaction server will resend
the data until we get a confirmation
message or until the maximum times
to resend transaction data has been
exceeded.
ADMIN_EMAIL_ADDR
When an event occurs that requires
intervention from an administrator,
notification is sent to this email
address.
MAIL_BIN
Absolute filename specification of
the program to use to send email
notification to the person defined in
ADMIN_EMAIL_ADDR.
TRANSACTION
This defines the granularity of the
transaction data that the session
manager records about a session.
There are two valid entries:
SESSION or TRAN. TRAN
indicates that the session manager
should record information about
every transaction that occurred in a
session. SESSION indicates that
only information regarding the
session should be stored, i.e., session
start and end times, account holder
ID, number of transactions that
occurred in session manager.
LOCAL_AUTHENTICATION
Indicates if account holder
authentication should be performed
against a local database as opposed
to the transaction clearinghouse
database. Valid entries are YES or
NO. YES indicates that
authentication should be performed
locally, while NO indicates the
opposite.
RUNTIME_DIR
This is the default directory for the
secure transaction server. Here is
where the secure transaction server
will create log files and other
dynamic run time files required for
successful operation.
For the web server (magnus.conf), in order that the system shared object 66 component works correctly with the web server, the following changes need to be made to the magnus.conf file:
#
# load the account holderaccount holder access specific NSAPI functions
#
Init fn=load-modules shlib=/usr/ns-home/bin/load_modules/sts.so
funcs=init-sts,restrict-by-sts,log-end,restrict-by-rpa
#
#call init-sts to initialize sts server specific NSAPI
#variables
#
Init fn=init-sts
Sm_host=localhost
login_uri=http://10.199.199.7/cgi-bin/gatekpr/login.cgi
keycheck_url=http://10.199.199.7/cgi-bin/gatekpr/check_key.cgi
smerr_url=http://10.199.199.7/gatekpr/session_err.html
It should be noted that all the <variable>=<value> pairs listed above should appear on the line beginning Init if and should be separated with spaces. Each variable/pair value was listed on a separate line to aid clarity.
The following describes the meaning of each of NSAPI variables:
Sm_host: hostname or the IP address of the machine hosting session manager daemon(s)
login_url: URL for the account holderaccount holder access login CGI
keycheck_url: URL for account holderaccount holder access re-authentication CGI
smerr_url: URL for error HTML for session manager errors (configurable)
For the web server (obj.conf), for each directory protected by the secure transaction system, the following entries need to be inserted in obj.conf:
<Object ppath=“/usr/ns-home/htdocs_unsecure/demosite/*”>
PathCheck fn=“restrict-by-sts”
log_head=“prism_login.txt”
session_port=“50420”
trailer=“prism_tail.txt”
err_head=“prism_err.txt”
digest=“5”
AddLog fn=“log-end”
</Object>
Once again, each entry was placed on a separate line for clarity but when adding them to the configuration file all the entries should be on the same line, separated by spaces.
The variable meaning is as follows:
log_head: text file containing the HTML header tags for the login page
session_port: session manager's port number
trailer: text file containing the HTML trailer tags for login page and error pages
err_head: text file containing the HTML header tags for error pages
digest: message digest type to use for one-time-password encryption (4-MD4; 5-MD5)
For the web server configuration file (mime.types), one line needs to be added to the mime.types configuration file. The line is:
The positioning of the new line within the configuration file is not important. Adding this line enables any file with the extension pro to automatically invoke the client side software to process the file.
With respect to routine operating procedures, there are general guidelines for the orderly start up and shutdown of the system of the present invention. To start up the system, there are a sequence of activities that are involved. First, each server should be configured through its configuration files. Each of the transaction clearinghouse servers is started by a series of shell strips, which in a typical installation, will be in the directory named /usr/local/sts/transaction clearinghouse. The /usr/local part of the previous pathname was the directory specified at installation time. The scripts are named start_userauthd.sh, start_transactiond.sh and start_urltrackd.sh. After the scripts are executed, the PS-EF command is used to check if the following processes exist: userauthd, transactiond and urltrackd. The next step is to start up the database server which requires login as the account holder sybase. This login will have an environment variable called SYBASE which defines what directory SYBASE was installed to. It is necessary to move to the directory $SYBASE/bin. For each database server to be started, there is a filed called RUN_<SERVER_NAME>. If two database servers called STS and STS_backup were created during the installation, the start up files would be called RUN_STS and RUN_STS_BACKUP. This start up file should be used in conjunction with the startserver program. The exact syntax is: startserver {-f<startup files>}. To continue the example from above, the command would be: startserver -f RUN_STS -f RUN_STS_BACKUP.
With respect to the session manager, it can be started by a shell script and there will be one instance of the session manager per account holder per company. If the installation directory was specified to be /usr/local then the session manager start up scripts will be found at /usr/local/STS/sessionmgr. The naming convention for the start up scripts is: start_<account holder name>.sh. Each account holder will have its own directory off of /usr/local/STS/sessionmgr.
With respect to the web server, once its configuration files have been modified as indicated above, the account holder access component will automatically be used once the web server is started. As web servers from different vendors require different start up procedures, it is assumed that this information is already known.
With respect to shutdown, of the system and particularly the web server, it is best to start with the secure transaction server as this is the first point of contact for the account holder's browser. Like the start up procedure for the web server, the shutdown procedure will differ for each different web server.
With respect to the session manager, it is recommended that shutdown of it be done from within the server side administration program. The browser should be pointed at the URL where the server site administration program is located and the administer button for the session manager that is wanted to be stopped should be clicked. A data dump on the session manager should be performed before stopping it to avoid loss of data contained within the manager to be stopped. This is executed by entering the complete passname of the data dump file and clicking the data dump button. With respect to the transaction clearinghouse, the transaction clearinghouse daemons are shutdown using the kill command. The process identification numbers for each of the servers should be found by getting a list of all processes and searching for the process names of the start up procedures. Once the process identification numbers have been established, the command kill -9 <pid>{<pid>} should be used.
With respect to the database server, it can be shutdown using the following steps:
login into isql as the system administrator
type “shutdown <backup database server name>”
type “go”
type “shutdown”
type “go”
hadji:>isqi -Usa -P -SSTS
1> shutdown SYB_BACKUP
2> go
Backup Server: 3.48.1.1: The Backup Server will go down immediately.
Terminating sessions.
1> shutdown
2> go
Server SHUTDOWN by request.
The SQL Server is terminating this process.
00:97/05/14 14:52:40.23 server SQL Server shutdown by request.
00:97/05/14 14:52:40.24 kernel usshutdown: exiting DB-LIBRARY error:
Unexpected EOF from SQL Server.
hadji:>
It should be understood from the foregoing that a secure transaction system has been shown and described which enables a business to have total control over account holder access, transaction tracking and billing over an untrusted network such as the Internet world wide web. The system has many desirable attributes and features that enable it to provide such functionality. Moreover, it is extremely flexible in that it can operate to function with multiple servers and multiple transaction clearinghouses if desired. Moreover, two-factor authentication enables the system to frequently determine if a account holder is authentic and the system also functions to authenticate servers as well. A secure platform for businesses to securely provide transaction services to the world wide web in a way that assures revenue generation if that is a goal is a prominent feature of the system of the present invention.
While various embodiments of the present invention have been shown and described, it should be understood that other modifications, substitutions and alternatives are apparent to one of ordinary skill in the art. Such modifications, substitutions and alternatives can be made without departing from the spirit and scope of the invention, which should be determined from the appended claims.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
Gregg, Richard L., Giri, Sandeep, Goeke, Timothy C.
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
4446519, | May 26 1981 | CORBAN INTERNATIONAL, LTD , | Method and apparatus for providing security for computer software |
4471163, | Oct 05 1981 | DONALD, LYNN DUTY, AS TRUSTEE OF THE DUTY TRUST; DONALD, SARAH HOLLIS; DONALD, THOMAS CHRISTOPHER; DONALD, LYNN DUTY & DONALD, THOMAS CLAUDE AS TRUSTEES OF THE CHRONOGUARD TRUST; CHRONOGUARD, L L C | Software protection system |
4652990, | Oct 27 1983 | Remote Systems, Inc. | Protected software access control apparatus and method |
4658093, | Jul 11 1983 | ALADDIN KNOWLEDGE SYSTEMS, INC | Software distribution system |
4685055, | Jul 01 1985 | CORBAN INTERNATIONAL, LTD A CORP OF ANGUILLA | Method and system for controlling use of protected software |
4691355, | Nov 09 1984 | Pirmasafe, Inc.; PIRMASAFE, INC , AN OH CORP | Interactive security control system for computer communications and the like |
4694492, | Nov 09 1984 | Pirmasafe, Inc.; PIRMASAFE, INC | Computer communications security control system |
4723284, | Feb 14 1983 | NCR Corporation | Authentication system |
4748561, | May 14 1984 | Method of protecting computer software | |
4796220, | Dec 15 1986 | Pride Software Development Corp. | Method of controlling the copying of software |
4821118, | Oct 09 1986 | NOBLE SECURITY SYSTEMS, INC | Video image system for personal identification |
4837422, | Sep 08 1987 | DETHLOFF, JAN; DETHLOFF, NINA | Multi-user card system |
4864494, | Mar 21 1986 | COMPUTERIZED DATA SYSTEMS FOR MANUFACTURING, INC , CDSM A CORP OF AZ | Software usage authorization system with key for decrypting/re-encrypting/re-transmitting moving target security codes from protected software |
4866769, | Aug 05 1987 | IBM Corporation | Hardware assist for protecting PC software |
4885789, | Feb 01 1988 | INTERNATIONAL BUSINESS MACHINES CORPORATION, A CORP OF NEW YORK | Remote trusted path mechanism for telnet |
4907268, | Nov 03 1986 | Secure Computing Corporation | Methods and apparatus for controlling access to information processed a multi-user-accessible digital computer |
4916738, | Nov 05 1986 | International Business Machines Corp. | Remote access terminal security |
4932054, | Sep 16 1988 | SAFENET, INC | Method and apparatus for protecting computer software utilizing coded filter network in conjunction with an active coded hardware device |
4935962, | May 19 1988 | NCR Corporation | Method and system for authentication |
4962449, | Apr 11 1988 | Computer security system having remote location recognition and remote location lock-out | |
4977594, | Oct 14 1986 | ELECTRONIC PUBLISHING RESOURCES, INC | Database usage metering and protection system and method |
4993068, | Nov 27 1989 | Motorola, Inc. | Unforgeable personal identification system |
4995086, | May 06 1986 | SIEMENS AKTIENGESELLSCHAFT, A CORP OF REPUBLIC OF GERMANY | Arrangement and procedure for determining the authorization of individuals by verifying their fingerprints |
4998279, | Nov 30 1984 | EMC Corporation | Method and apparatus for personal verification utilizing nonpredictable codes and biocharacteristics |
4999806, | Sep 04 1987 | Software distribution system | |
5023907, | Sep 30 1988 | Hewlett-Packard Company | Network license server |
5032979, | Jun 22 1990 | International Business Machines Corporation | Distributed security auditing subsystem for an operating system |
5048085, | Oct 06 1989 | CISCO TECHNOLOGY, INC , A CORPORATION OF CALIFORNIA | Transaction system security method and apparatus |
5054089, | Dec 29 1988 | Kabushiki Kaisha Toshiba | Individual identification apparatus |
5060263, | Mar 09 1988 | Aladdin Knowledge Systems; Secure Computing Corporation | Computer access control system and method |
5081676, | Oct 04 1990 | SOFTWARE SECURITY, INC | Method and apparatus for protecting multiple copies of computer software from unauthorized use |
5091942, | Jul 23 1990 | Ericsson, Inc | Authentication system for digital cellular communications |
5095194, | Oct 12 1989 | PASTORIUS, BRUCE A | Holographic credit card with automatical authentication and verification |
5103476, | Nov 07 1990 | BETANET, LLC | Secure system for activating personal computer software at remote locations |
5109427, | Nov 13 1989 | Goldstar Co., Ltd. | Fingerprint recognition device using a hologram |
5109428, | Dec 06 1988 | Fujitsu Limited | Minutia data extraction in fingerprint identification |
5113499, | Apr 28 1989 | SPRINT INTERNATIONAL COMMUNICATIONS CORPORATION, A CORP OF DE | Telecommunication access management system for a packet switching network |
5138712, | Oct 02 1989 | SUN MICROSYSTEMS, INC , A CORP OF DE | Apparatus and method for licensing software on a network of computers |
5144680, | Mar 01 1985 | Mitsubishi Denki Kabushiki Kaisha | Individual identification recognition system |
5146102, | Feb 22 1990 | Kabushiki Kaisha Toshiba | Fingerprint image input apparatus including a cylindrical lens |
5146499, | Oct 27 1989 | De La Rue Cartes et Systemes SAS | Data processing system comprising authentification means viz a viz a smart card, an electronic circuit for use in such system, and a procedure for implementing such authentification |
5153919, | Sep 13 1991 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Service provision authentication protocol |
5163147, | Aug 31 1989 | Kabushiki Kaisha Toshiba | Computer system with file security function |
5168520, | Nov 30 1984 | EMC Corporation | Method and apparatus for personal identification |
5180901, | May 21 1990 | Kabushiki Kaisha Toshiba | IC card with individual authentication function |
5182770, | Apr 19 1991 | NATIONSBANK OF TEXAS, N A , AS AGENT | System and apparatus for protecting computer software |
5199066, | Apr 18 1989 | SPECIAL EFFECTS SOFTWARE, INC , A CORP OF PA | Method and apparatus for protecting software |
5204961, | Jun 25 1990 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols |
5210588, | Nov 17 1990 | Goldstar Co., Ltd. | Fingerprint identification apparatus for enhancing identification performance by forming an illumination source and a light conducting panel in a single body |
5210797, | Oct 30 1989 | KOKUSAN KINZOKU KOGYO KABUSHIKI KAISYA, A CORP OF JAPAN | Adaptive dictionary for a fingerprint recognizer |
5222133, | Oct 17 1991 | SAFENET, INC | Method of protecting computer software from unauthorized execution using multiple keys |
5222134, | Nov 07 1990 | BETANET, LLC | Secure system for activating personal computer software at remote locations |
5222152, | Nov 19 1991 | DIGITAL BIOMETRICS, INC | Portable fingerprint scanning apparatus for identification verification |
5224163, | Sep 28 1990 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method for delegating authorization from one entity to another through the use of session encryption keys |
5229764, | Jun 20 1991 | Continuous biometric authentication matrix | |
5230025, | Aug 31 1990 | DIGITAL BIOMETRICS, INC , A CORP OF MN | Method and apparatus for capturing skin print images |
5235642, | Jul 21 1992 | GOOGLE LLC | Access control subsystem and method for distributed computer system using locally cached authentication credentials |
5237614, | Jun 07 1991 | EMC Corporation | Integrated network security system |
5239583, | Apr 10 1991 | SECURA-CODE CORPORATION | Method and apparatus for improved security using access codes |
5241606, | Oct 11 1990 | MATSUSHITA ELECTRIC INDUSTRIAL CO , LTD | Person identification apparatus |
5247575, | Aug 16 1988 | WAVE SYSTEMS, CORP GRANTEE | Information distribution system |
5249230, | Nov 21 1991 | Motorola, Inc. | Authentication system |
5251259, | Aug 20 1992 | Personal identification system | |
5260999, | Jun 28 1991 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Filters in license management system |
5265162, | Jan 16 1990 | Portable pin card | |
5276314, | Apr 03 1992 | International Business Machines Corporation | Identity verification system resistant to compromise by observation of its use |
5291598, | Apr 07 1992 | NITONI PTY LIMITED | Method and system for decentralized manufacture of copy-controlled software |
5315657, | Sep 28 1990 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Compound principals in access control lists |
5321242, | Dec 09 1991 | BRINK S NETWORK, INC | Apparatus and method for controlled access to a secured location |
5325442, | May 18 1990 | U.S. Philips Corporation | Fingerprint sensing device and recognition system having predetermined electrode activation |
5329573, | Nov 27 1991 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Arrangement for obtaining authentication key parameters in a cellular mobile telecommunications switching network |
5337357, | Jun 17 1993 | SAFENET, INC | Method of software distribution protection |
5343529, | Sep 28 1993 | Transaction authentication using a centrally generated transaction identifier | |
5347580, | Apr 23 1992 | International Business Machines Corporation | Authentication method and system with a smartcard |
5349643, | May 10 1993 | International Business Machines Corporation | System and method for secure initial program load for diskless workstations |
5351303, | Feb 25 1993 | POSID, INC | Infra-red imaging and pattern recognition system |
5357573, | Aug 12 1991 | Intelligent Solution Services GmbH | Memory card |
5371794, | Nov 02 1993 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in wireless networks |
5373561, | Dec 21 1992 | Surety, LLC | Method of extending the validity of a cryptographic certificate |
5375240, | Apr 07 1992 | NITONI PTY LIMITED | Information distribution system |
5379343, | Feb 26 1993 | Motorola Mobility LLC | Detection of unauthorized use of software applications in communication units |
5412654, | Jan 10 1994 | International Business Machines Corporation | Highly dynamic destination-sequenced destination vector routing for mobile computers |
5414844, | May 24 1990 | International Business Machines Corporation | Method and system for controlling public access to a plurality of data objects within a data processing system |
5416842, | Jun 10 1994 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
5428745, | Jun 12 1992 | Dow Benelux N.V.; The Dow Chemical Company | Secure communication system for re-establishing time limited communication between first and second computers before communication time period expiration using new random number |
5442708, | Mar 09 1993 | Verizon Patent and Licensing Inc | Computer network encryption/decryption device |
5444782, | Mar 03 1993 | Verizon Patent and Licensing Inc | Computer network encryption/decryption device |
5455953, | Nov 03 1993 | RAKUTEN, INC | Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket |
5481611, | Dec 09 1993 | Verizon Laboratories Inc | Method and apparatus for entity authentication |
5483596, | Jan 24 1994 | PARALON TECHNOLOGIES INC | Apparatus and method for controlling access to and interconnection of computer system resources |
5485409, | Apr 30 1992 | INTERNATIONAL BUSINESS MACHINES CORPORATION, A CORP OF NY ; University of Maryland at College Park | Automated penetration analysis system and method |
5490216, | Sep 21 1992 | UNILOC LUXEMBOURG S A | System for software registration |
5491804, | Mar 13 1987 | International Business Machines Corp. | Method and apparatus for automatic initialization of pluggable option cards |
5497421, | Apr 28 1992 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system |
5499297, | Apr 17 1992 | McAfee, Inc | System and method for trusted path communications |
5502766, | Apr 17 1992 | McAfee, Inc | Data enclave and trusted path system |
5502831, | Feb 26 1993 | Motorola, Inc.; Motorola, Inc | Method for detecting unauthorized modification of a communication or broadcast unit |
5509070, | Dec 15 1992 | SL Patent Holdings LLC | Method for encouraging purchase of executable and non-executable software |
5511122, | Jun 03 1994 | The United States of America as represented by the Secretary of the Navy; UNITED STATES OF AMERICA, THE, AS REPRESENTED BY THE SECRETARY OF THE NAVY | Intermediate network authentication |
5513261, | Dec 29 1993 | American Telephone and Telegraph Company | Key management scheme for use with electronic cards |
5534855, | Jul 20 1992 | GOOGLE LLC | Method and system for certificate based alias detection |
5535276, | Nov 09 1994 | Verizon Patent and Licensing Inc | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
5539828, | May 31 1994 | Intel Corporation | Apparatus and method for providing secured communications |
5542046, | Oct 17 1994 | International Business Machines Corporation | Server entity that provides secure access to its resources through token validation |
5544322, | May 09 1994 | CISCO TECHNOLOGY, INC , A CORPORATION OF CALIFORNIA | System and method for policy-based inter-realm authentication within a distributed processing system |
5546463, | Jul 12 1994 | SAFENET, INC | Pocket encrypting and authenticating communications device |
5550896, | Jun 30 1994 | AVAYA Inc | Authentication hierarchical structure of switching nodes for storage of authentication information |
5572673, | Dec 01 1993 | SYBASE, INC | Secure multi-level system for executing stored procedures |
5577209, | Jul 11 1991 | Round Rock Research, LLC | Apparatus and method for providing multi-level security for communication among computers and terminals on a network |
5586260, | Feb 12 1993 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms |
5588059, | Mar 02 1995 | GENERAL DYNAMICS C4 SYSTEMS, INC | Computer system and method for secure remote communication sessions |
5590133, | Dec 10 1993 | Telefonaktiebolaget LM Ericsson | Apparatuses and mobile stations for providing packet data communication in digital TDMA cellular systems |
5590197, | Apr 04 1995 | SSL SERVICES LLC | Electronic payment system and method |
5590199, | Oct 12 1993 | Green Wireless LLC | Electronic information network user authentication and authorization system |
5592553, | Jul 30 1993 | International Business Machines Corporation | Authentication system using one-time passwords |
5604804, | Apr 23 1996 | ASSA ABLOY AB | Method for certifying public keys in a digital signature scheme |
5606615, | May 16 1995 | Computer security system | |
5613012, | Nov 28 1994 | Open Invention Network, LLC | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
5615277, | Nov 28 1994 | Open Invention Network, LLC | Tokenless security system for authorizing access to a secured computer system |
5623637, | Dec 06 1993 | HELIOSTAR LLC | Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys |
5629980, | Nov 23 1994 | CONTENTGUARD HOLDINGS, INC | System for controlling the distribution and use of digital works |
5634012, | Nov 23 1994 | CONTENTGUARD HOLDINGS, INC | System for controlling the distribution and use of digital works having a fee reporting mechanism |
5649099, | Jun 04 1993 | Xerox Corporation | Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security |
5655077, | Dec 13 1994 | Microsoft Technology Licensing, LLC | Method and system for authenticating access to heterogeneous computing services |
5657390, | Aug 25 1995 | Meta Platforms, Inc | Secure socket layer application program apparatus and method |
5659616, | Jul 19 1994 | Certco, LLC | Method for securely using digital signatures in a commercial cryptographic system |
5666411, | Jan 13 1994 | Intarsia Software LLC | System for computer software protection |
5666416, | Nov 16 1995 | ASSA ABLOY AB | Certificate revocation system |
5677953, | Sep 14 1993 | SPEX TECHNOLOGIES, INC | System and method for access control for portable data storage media |
5677955, | Apr 07 1995 | FleetBoston Financial Corporation | Electronic funds transfer instruments |
5679945, | Mar 31 1995 | BRIDGEPOINT SYSTEMS INC | Intelligent card reader having emulation features |
5687235, | Oct 26 1995 | Apple Inc | Certificate revocation performance optimization |
5696824, | Jun 07 1995 | MOCE SOLUTIONS LIMITED LIABILITY COMPANY | System for detecting unauthorized account access |
5699431, | Nov 13 1995 | ENTRUST INC | Method for efficient management of certificate revocation lists and update information |
5706349, | Mar 06 1995 | INTERNATONAL BUSINESS MACHINES CORPORATION | Authenticating remote users in a distributed environment |
5706427, | Sep 08 1995 | IDENTITY VERIFICATION SOLUTIONS LLC | Authentication method for networks |
5708709, | Dec 08 1995 | Oracle America, Inc | System and method for managing try-and-buy usage of application programs |
5708780, | Jun 07 1995 | Soverain IP, LLC | Internet server access control and monitoring systems |
5710884, | Mar 29 1995 | Intel Corporation | System for automatically updating personal profile server with updates to additional user information gathered from monitoring user's electronic consuming habits generated on computer during use |
5715314, | Oct 24 1994 | Soverain Software LLC | Network sales system |
5717756, | Oct 12 1995 | International Business Machines Corporation | System and method for providing masquerade protection in a computer network using hardware and timestamp-specific single use keys |
5717757, | Aug 29 1996 | ASSA ABLOY AB | Certificate issue lists |
5717758, | Nov 02 1995 | ASSA ABLOY AB | Witness-based certificate revocation system |
5720035, | Nov 21 1994 | Gula Consulting Limited Liability Company | System for control of access to computer machines which are connected in a private network |
5721781, | Sep 13 1995 | Microsoft Technology Licensing, LLC | Authentication system and method for smart card transactions |
5724424, | Dec 16 1993 | Soverain IP, LLC | Digital active advertising |
5737416, | Apr 25 1994 | ACTIVISION PUBLISHING, INC | Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub |
5737523, | Mar 04 1996 | Oracle America, Inc | Methods and apparatus for providing dynamic network file system client authentication |
5740361, | Jun 03 1996 | Cranberry Properties, LLC | System for remote pass-phrase authentication |
5748735, | Jul 18 1994 | Verizon Patent and Licensing Inc | Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography |
5754864, | Jun 05 1995 | Charles E. Hill & Associates, Inc. | Software piracy detection system |
5757907, | Apr 25 1994 | International Business Machines Corporation | Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification |
5757914, | Oct 26 1995 | Oracle America, Inc | System and method for protecting use of dynamically linked executable modules |
5758069, | Mar 15 1996 | RPX Corporation | Electronic licensing system |
5761306, | Feb 22 1996 | Visa International Service Association | Key replacement in a public key cryptosystem |
5761309, | Aug 30 1994 | KDDI Corporation | Authentication system |
5761649, | Apr 10 1992 | Charles E. Hill & Associates, Inc. | Method for updating a remote computer |
5765152, | Oct 13 1995 | DIGIMARC CORPORATION AN OREGON CORPORATION | System and method for managing copyrighted electronic media |
5771291, | Dec 11 1995 | MDM GROUP | User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer |
5774550, | Apr 01 1994 | Daimler AG | Vehicle security device with electronic use authorization coding |
5774552, | Dec 13 1995 | NCR Corporation | Method and apparatus for retrieving X.509 certificates from an X.500 directory |
5778071, | Jul 12 1994 | SAFENET, INC | Pocket encrypting and authenticating communications device |
5778072, | Jul 07 1995 | Sun Microsystems, Inc. | System and method to transparently integrate private key operations from a smart card with host-based encryption services |
5781723, | Jun 03 1996 | Microsoft Technology Licensing, LLC | System and method for self-identifying a portable information device to a computing unit |
5784463, | Dec 04 1996 | SSL SERVICES LLC | Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method |
5784464, | May 02 1995 | Fujitsu Limited | System for and method of authenticating a client |
5790677, | Jun 29 1995 | SET SECURE ELECTRONIC TRANSACTION LLC | System and method for secure electronic commerce transactions |
5793868, | Aug 29 1996 | ASSA ABLOY AB | Certificate revocation system |
5809144, | Aug 24 1995 | Carnegie Mellon University | Method and apparatus for purchasing and delivering digital goods over a network |
5809145, | Jun 28 1996 | Arvato Digital Services LLC | System for distributing digital information |
5815574, | Dec 15 1994 | International Business Machines Corporation | Provision of secure access to external resources from a distributed computing environment |
5815665, | Apr 03 1996 | Microsoft Technology Licensing, LLC | System and method for providing trusted brokering services over a distributed network |
5818936, | Mar 15 1996 | EMC Corporaton | System and method for automically authenticating a user in a distributed network system |
5826011, | Dec 26 1995 | SAFENET, INC | Method of metering and protecting computer software |
5828833, | Aug 15 1996 | Hewlett Packard Enterprise Development LP | Method and system for allowing remote procedure calls through a network firewall |
5841970, | Sep 08 1995 | IDENTITY VERIFICATION SOLUTIONS LLC | Authentication method for networks |
5845070, | Dec 18 1996 | GUYZAR LLC | Security system for internet provider transaction |
5864620, | Apr 24 1996 | Internet Commerce Services Corporation | Method and system for controlling distribution of software in a multitiered distribution chain |
5864757, | Dec 12 1995 | BELLSOUTH INTELLECTUAL PROPERTY GROUP, INC ; Bellsouth Intellectual Property Corporation | Methods and apparatus for locking communications devices |
5867665, | Mar 24 1997 | Cisco Technology, Inc | Domain communications server |
5870723, | Nov 28 1994 | Open Invention Network, LLC | Tokenless biometric transaction authorization method and system |
5872915, | Dec 23 1996 | International Business Machines Corporation | Computer apparatus and method for providing security checking for software applications accessed via the World-Wide Web |
5878142, | Jul 12 1994 | SAFENET, INC | Pocket encrypting and authenticating communications device |
5884148, | Jul 08 1996 | Opuswave Networks, Inc | Wireless local loop system and method |
5884169, | Jan 05 1995 | NTT Mobile Communications Network Inc. | Roaming mobile communication system and method |
5889958, | Dec 20 1996 | ASCEND COMMUNICATIONS, INC | Network access control system and process |
5892900, | Aug 30 1996 | INTERTRUST TECHNOLOGIES CORP | Systems and methods for secure transaction management and electronic rights protection |
5892902, | Sep 05 1996 | INTELLECTUAL VENTURES ASSETS 19 LLC | Intelligent token protected system with network authentication |
5903652, | Nov 25 1996 | Microsoft Technology Licensing, LLC | System and apparatus for monitoring secure information in a computer network |
5903721, | Mar 13 1997 | CHA! TECHNOLOGIES SERVICES, INC | Method and system for secure online transaction processing |
5908469, | Feb 14 1997 | GOOGLE LLC | Generic user authentication for network computers |
5910987, | Feb 13 1995 | INTERTRUST TECHNOLOGIES CORP | Systems and methods for secure transaction management and electronic rights protection |
5922074, | Feb 28 1997 | EMC IP HOLDING COMPANY LLC | Method of and apparatus for providing secure distributed directory services and public key infrastructure |
5923756, | Feb 12 1997 | HANGER SOLUTIONS, LLC | Method for providing secure remote command execution over an insecure computer network |
5926624, | Sep 12 1996 | Audible, Inc | Digital information library and delivery system with logic for generating files targeted to the playback device |
5930804, | Jun 09 1997 | U S PHILIPS CORPORATION | Web-based biometric authentication system and method |
5938350, | Jun 19 1997 | Datamax Corporation | Thermal ink printer with ink ribbon supply |
5940504, | Jul 01 1991 | INFOLOGIC SOFTWARE, INC ; Intertrust Technologies Corporation | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
5943423, | Dec 15 1995 | Intellectual Ventures II LLC | Smart token system for secure electronic transactions and identification |
5943425, | Jul 29 1996 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Re-authentication procedure for over-the-air activation |
5956404, | Sep 30 1996 | BT AMERICAS INC | Digital signature with auditing bits |
5969316, | Oct 22 1997 | Cybermark LLC | Smart card for offline automated meal plans |
5970145, | Oct 26 1995 | Sun Microsystems, Inc. | System and method for protecting use of dynamically linked executable modules |
5970408, | May 02 1997 | TELEFONAKTIEBOLAGET L M ERICSSON PUBL | Communication control circuitry and method for a group of commonly-moving mobile transceiver units |
5982898, | Mar 07 1997 | AT&T Corp. | Certification process |
5983347, | Aug 08 1996 | Bayerische Motoren Werke Aktiengesellschaft | Authentication device with electronic authentication communication |
5983350, | Sep 18 1996 | McAfee, LLC | Secure firewall supporting different levels of authentication based on address or encryption status |
5987134, | Feb 23 1996 | Fuji Xerox Co., Ltd. | Device and method for authenticating user's access rights to resources |
5987232, | Sep 08 1995 | IDENTITY VERIFICATION SOLUTIONS LLC | Verification server for use in authentication on networks |
5999711, | Jul 18 1994 | Microsoft Technology Licensing, LLC | Method and system for providing certificates holding authentication and authorization information for users/machines |
6003135, | Jun 04 1997 | SPEX TECHNOLOGIES, INC | Modular security device |
6003136, | Jun 27 1997 | Unisys Corporation | Message control system for managing message response in a kerberos environment |
6005939, | Dec 06 1996 | GOOGLE LLC | Method and apparatus for storing an internet user's identity and access rights to world wide web resources |
6006332, | Oct 21 1996 | Case Western Reserve University | Rights management system for digital media |
6011910, | Apr 08 1997 | Hewlett Packard Enterprise Development LP | Supporting authentication across multiple network access servers |
6021202, | Dec 20 1996 | FleetBoston Financial Corporation | Method and system for processing electronic documents |
6021333, | Nov 01 1993 | Intel Corporation | Method and system for transferring information within a mobile communication system |
6035402, | Dec 20 1996 | GTE CyberTrust Solutions Incorporated | Virtual certificate authority |
6041357, | Feb 06 1997 | TUMBLEWEED HOLDINGS LLC | Common session token system and protocol |
6041411, | Mar 28 1997 | SELFSERVE USA, INC | Method for defining and verifying user access rights to a computer information |
6044471, | Jun 04 1998 | Z4 TECHNOLOGIES, INC | Method and apparatus for securing software to reduce unauthorized use |
6047376, | Oct 18 1996 | TOSHIBA INFORMATION SYSTEMS JAPAN | Client-server system, server access authentication method, memory medium stores server-access authentication programs, and issuance device which issues the memory medium contents |
6052785, | Nov 21 1997 | CLOUD SOFTWARE GROUP SWITZERLAND GMBH | Multiple remote data access security mechanism for multitiered internet computer networks |
6055637, | Sep 27 1996 | Hewlett Packard Enterprise Development LP | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential |
6061346, | Jan 17 1997 | TELEFONAKTIEBOLAGET LM ERICSSON PUBL | Secure access method, and associated apparatus, for accessing a private IP network |
6070243, | Jun 13 1997 | Alcatel USA Sourcing, Inc | Deterministic user authentication service for communication network |
6075860, | Feb 19 1997 | Hewlett Packard Enterprise Development LP | Apparatus and method for authentication and encryption of a remote terminal over a wireless link |
6088451, | Jun 28 1996 | Verizon Patent and Licensing Inc | Security system and method for network element access |
6108420, | Apr 10 1997 | NETACTIVE INC | Method and system for networked installation of uniquely customized, authenticable, and traceable software application |
6122631, | Mar 28 1997 | International Business Machines Corporation | Dynamic server-managed access control for a distributed file system |
6137791, | Mar 25 1997 | TELEFONAKTIEBOLAGET L M ERICSSON PUBL | Communicating packet data with a mobile station roaming within an incompatible mobile network |
6151628, | Jul 03 1997 | UTSTARCOM, INC | Network access methods, including direct wireless to internet access |
6161139, | Jul 10 1998 | ENTRUST, INC | Administrative roles that govern access to administrative functions |
6173403, | Apr 30 1997 | ACHATES REFERENCE PUBLISHING, INC | Method and apparatus for distributing information products |
6185587, | Jun 19 1997 | International Business Machines Corporation | System and method for building a web site with automated help |
6212634, | Nov 15 1996 | Soverain IP, LLC | Certifying authorization in computer networks |
6219790, | Jun 19 1998 | ASCEND COMMUNICATIONS, INC | Centralized authentication, authorization and accounting server with support for multiple transport protocols and multiple client types |
6223984, | Mar 31 1995 | EAST FAIRFAX LLC | Distinct smart card reader having wiegand, magnetic strip and bar code types emulation output |
6226744, | Oct 09 1997 | AT&T Corp | Method and apparatus for authenticating users on a network using a smart card |
6247011, | Dec 02 1997 | VistaPrint Limited; Vistaprint Schweiz GmbH | Computerized prepress authoring for document creation |
6249873, | Feb 28 1997 | EMC IP HOLDING COMPANY LLC | Method of and apparatus for providing secure distributed directory services and public key infrastructure |
6256737, | Mar 09 1999 | CITIBANK, N A | System, method and computer program product for allowing access to enterprise resources using biometric devices |
6279112, | Oct 29 1996 | Soverain IP, LLC | Controlled transfer of information in computer networks |
6308273, | Jun 12 1998 | Microsoft Technology Licensing, LLC | Method and system of security location discrimination |
6377994, | Apr 15 1996 | International Business Machines Corporation | Method and apparatus for controlling server access to a resource in a client/server system |
6434137, | Nov 01 1993 | Intel Corporation | Method and system for transferring information within a mobile communication system |
6442608, | Jan 14 1999 | Cisco Technology, Inc. | Distributed database system with authoritative node |
6466571, | Jan 19 1999 | UTSTARCOM, INC | Radius-based mobile internet protocol (IP) address-to-mobile identification number mapping for wireless communication |
6466964, | Jun 15 1999 | Cisco Technology, Inc. | Methods and apparatus for providing mobility of a node that does not support mobility |
6470453, | Sep 17 1998 | Cisco Technology, Inc. | Validating connections to a network system |
6477708, | Apr 04 1997 | Fujitsu Limited | Bidirectional communication system, client terminal, client management server, and broadcast server |
6484258, | Aug 12 1998 | Kyberpass Corporation | Access control using attributes contained within public key certificates |
6510236, | Dec 11 1998 | International Business Machines Corporation | Authentication framework for managing authentication requests from multiple authentication devices |
6516416, | Jun 11 1997 | PRISM TECHNOLOGIES, L L C | Subscription access system for use with an untrusted network |
6546487, | Oct 26 1995 | Sun Microsystems, Inc. | System and method for protecting use of dynamically linked executable modules |
6553492, | Oct 18 1996 | Toshiba Information Systems (Japan) Corporation | Client-server system, server access authentication method, memory medium stores server-access authentication programs, and issuance device which issues the memory medium contents |
6571287, | Jan 14 1999 | Cisco Technology, Inc. | Distributed database system with authoritative node |
6606711, | Nov 30 1998 | Microsoft Technology Licensing, LLC | Object security boundaries |
6615258, | Nov 01 1997 | Verizon Patent and Licensing Inc | Integrated customer interface for web based data management |
6615264, | Apr 09 1999 | Oracle America, Inc | Method and apparatus for remotely administered authentication and access control |
6636894, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability |
6728536, | May 02 2000 | Telefonaktiebolaget LM Ericsson | Method and system for combined transmission of access specific access independent and application specific information over public IP networks between visiting and home networks |
6738901, | Dec 15 1999 | 3M Innovative Properties Company | Smart card controlled internet access |
6785729, | Aug 25 2000 | MARSHMAN RESEARCH LLC | SYSTEM AND METHOD FOR AUTHORIZING A NETWORK USER AS ENTITLED TO ACCESS A COMPUTING NODE WHEREIN AUTHENTICATED CERTIFICATE RECEIVED FROM THE USER IS MAPPED INTO THE USER IDENTIFICATION AND THE USER IS PRESENTED WITH THE OPPRTUNITY TO LOGON TO THE COMPUTING NODE ONLY AFTER THE VERIFICATION IS SUCCESSFUL |
6832255, | Apr 20 1998 | Jifmar Pty Ltd | Access control method and apparatus |
6931530, | Jul 22 2002 | THALES DIS CPL USA, INC | Secure network file access controller implementing access control and auditing |
7039021, | Oct 05 1999 | NEC Corporation | Authentication method and apparatus for a wireless LAN system |
7117376, | Dec 27 2000 | Intel Corporation | Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations |
7149815, | Dec 06 1996 | The Distribution Systems Research Institute | Integrated information communication system using internet protocol |
7231661, | Jun 21 2001 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Authorization services with external authentication |
7233997, | Jun 26 1997 | Meta Platforms, Inc | Data communications |
7275260, | Oct 29 2001 | Oracle America, Inc | Enhanced privacy protection in identification in a data communications network |
7290288, | Aug 29 2002 | PRISM TECHNOLOGIES, L L C | Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network |
7296152, | Jul 09 2002 | Cisco Technology, Inc. | System and method for providing access to a network in a communications environment |
7360078, | Jul 05 1999 | THOMSON LICENSING S A | Communication methods and apparatus |
7370350, | Jun 27 2002 | Cisco Technology, Inc. | Method and apparatus for re-authenticating computing devices |
7370364, | Jul 31 2000 | ELLACOYA NETWORKS, LLC | Managing content resources |
7373662, | Aug 27 2002 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Secure resource access |
7392390, | Dec 12 2001 | Valve Corporation | Method and system for binding kerberos-style authenticators to single clients |
7502726, | Jun 13 2001 | Citrix Systems, Inc. | Systems and methods for maintaining a session between a client and host service |
7502929, | Oct 16 2001 | Cisco Technology, Inc. | Method and apparatus for assigning network addresses based on connection authentication |
7788705, | Aug 12 2002 | JPMORGAN CHASE BANK, N A ; MORGAN STANLEY SENIOR FUNDING, INC | Fine grained access control for wireless networks |
7882552, | Oct 13 1998 | SYNAMEDIA LIMITED | Remote administration of smart cards for secure access systems |
7900242, | Jul 12 2001 | INVT SPE LLC | Modular authentication and authorization scheme for internet protocol |
7920706, | Oct 28 2002 | Nokia Technologies Oy | Method and system for managing cryptographic keys |
8127345, | Jun 11 1997 | Prism Technologies LLC | Method and system for managing access to protected computer resources provided via an internet protocol network |
8255989, | Sep 26 2001 | Google Technology Holdings LLC | Access control and key management system for streaming media |
8387155, | Jun 11 1997 | Prism Technologies LLC | System for managing access to protected computer resources |
20010045451, | |||
20020133412, | |||
20020162029, | |||
20030200465, | |||
20030233580, | |||
20040024764, | |||
20080066168, | |||
20080256628, | |||
20090006850, | |||
EP268141, | |||
EP398492, | |||
EP456386, | |||
EP456920, | |||
EP588415, | |||
EP636963, | |||
EP645688, | |||
EP727894, | |||
EP747845, | |||
EP748095, | |||
EP750436, | |||
EP752635, | |||
EP758835, | |||
EP762261, | |||
EP762289, | |||
EP788688, | |||
EP792044, | |||
EP794479, | |||
EP807911, | |||
EP875841, | |||
EP912959, | |||
EP913966, | |||
EP935221, | |||
EP969366, | |||
EP1104142, | |||
EP1796013, | |||
JP10285156, | |||
JP11355266, | |||
JP2002197064, | |||
JP39444, | |||
JP5333775, | |||
JP8097852, | |||
JP8153072, | |||
JP8249253, | |||
JP8292929, | |||
JP9081518, | |||
JP9081519, | |||
JP964870, | |||
JP981520, | |||
WO46681, | |||
WO184765, | |||
WO230082, | |||
WO3001324, | |||
WO3067439, | |||
WO3067905, | |||
WO3073783, | |||
WO9426044, | |||
WO9520279, | |||
WO9526094, | |||
WO9607256, | |||
WO9642041, | |||
WO9705551, | |||
WO9713353, | |||
WO9715008, | |||
WO9716911, | |||
WO9802011, | |||
WO9819224, | |||
WO9841044, | |||
WO9843446, | |||
WO9851104, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jan 28 2013 | Prism Technologies LLC | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Date | Maintenance Schedule |
Feb 25 2017 | 4 years fee payment window open |
Aug 25 2017 | 6 months grace period start (w surcharge) |
Feb 25 2018 | patent expiry (for year 4) |
Feb 25 2020 | 2 years to revive unintentionally abandoned end. (for year 4) |
Feb 25 2021 | 8 years fee payment window open |
Aug 25 2021 | 6 months grace period start (w surcharge) |
Feb 25 2022 | patent expiry (for year 8) |
Feb 25 2024 | 2 years to revive unintentionally abandoned end. (for year 8) |
Feb 25 2025 | 12 years fee payment window open |
Aug 25 2025 | 6 months grace period start (w surcharge) |
Feb 25 2026 | patent expiry (for year 12) |
Feb 25 2028 | 2 years to revive unintentionally abandoned end. (for year 12) |