US2006020783A1PendingUtilityA1

Method, system and service for conducting authenticated business transactions

53
Assignee: FISHER DOUGLASPriority: Aug 30, 2000Filed: Aug 5, 2005Published: Jan 26, 2006
Est. expiryAug 30, 2020(expired)· nominal 20-yr term from priority
Inventors:Douglas Fisher
G06Q 20/40G06Q 20/108G06Q 30/00G06Q 50/188G06Q 20/382H04L 9/3271G06Q 20/367G06Q 20/3829G06Q 20/02G06Q 20/3674G06Q 20/0855G06Q 20/401
53
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The invention pertains to a method, on-line service, and system, for creating partnerships based on trust relationships over a public network, authenticating trade partners, infrastructure providers, and collaborators to each other, and providing users with an environment suitable for conducting transactions requiring a high level of trust. A service according to the invention is a persistent authentication and mediation service (PAMS) which is provided as an on-line service. One embodiment is a method for conducting authenticated business transactions involving microprocessor equipped devices over the Internet comprising: A. Providing an on-line authentication service available on the distributed network; B. Authenticating a plurality of users to said on-line authentication service using a closed authentication system to produce a plurality of authenticated users; and C. Connecting a group of at least two of said plurality of authenticated users under persistent mediation of said on-line authentication service, producing a connected group of authenticated users.

Claims

exact text as granted — not AI-modified
1 . A method for conducting authenticated business transactions involving communications using microprocessor equipped devices to communicate over a distributed network, the method being carried out by an on-line authentication service available on the distributed network, comprising the acts of: 
 a) enrolling a multiplicity of users with a closed authentication infrastructure, wherein enrolling comprises obtaining and verifying the identity and other credentials of the multiplicity of users and providing each user with a unique secret necessary for later authentication to said on-line authentication service and storing the verified identity and other credentials in at least one database;    b) authenticating a plurality of the multiplicity of users to said on-line authentication service using each user's unique secret to produce a plurality of authenticated users; and    c) enabling a plurality of groups each group comprising at least two of said plurality of authenticated users to conduct interactions with each other comprising a plurality of messages under persistent mediation of said on-line authentication service, such that each of the plurality of messages passes through said on-line authentication service and is directly monitored by said on-line authentication service.    
   
   
       2 . The method of  claim 1 , further comprising the act of providing each of the at least two users in an interaction verified information about each other user in the interaction in an intelligible form before beginning the interaction whereby each user may decide whether to proceed with an interaction based on the verified information provided by the on-line authentication service.  
   
   
       3 . The method of  claim 1  wherein persistent mediation of an interaction further comprises the acts of directly compiling an audit trail of an interaction and making the audit trail available to the at least two users in the interaction in an intelligible form at any time during the interaction at the option of the at least two users and wherein the audit trail comprises at least some of the content of the plurality of messages in the interaction.  
   
   
       4 . The method of  claim 1  wherein the unique secret comprises a private encryption key, and said closed authentication infrastructure comprises a pseudo-PKI system of a type which cryptographically camouflages a user's private encryption key in a software container, whereby the user's camouflaged private key will generate a correct response to an authentication challenge if a proper access code is entered, but often generates an incorrect but plausible response which if used will provide a notice to the on-line authentication service of a security attack on the camouflaged key.  
   
   
       5 . The method of  claim 4 , wherein enrolling a multiplicity of users further comprises the act of providing each of said multiplicity of users with a public key encrypted on a certificate which can only be decrypted using a secret key under exclusive control of the on-line authentication service, whereby the pseudo-PKI system operates as a closed authentication infrastructure and the on-line authentication service is capable of authenticating users without storing a cryptographic key of the user other than during the act of authenticating.  
   
   
       6 . A method for conducting authenticated business transactions involving communications using microprocessor equipped devices to communicate over a distributed network, the method being carried out by an on-line persistent authentication and mediation service available on the distributed network comprising the acts of: 
 a) enrolling users seeking enrollment in the persistent authentication and mediation service, to produce a multiplicity of enrolled users, wherein enrolling comprises obtaining and verifying the identity and other credentials of the multiplicity of users and providing each user with a unique secret necessary for later authentication to said on-line persistent authentication and mediation service;    b) storing the verified identity and other credentials in at least one database;    c) receiving on-line requests from enrolled users for authentication to the on-line authentication service;    d) authenticating enrolled users seeking authentication to the persistent authentication and mediation service using each enrolled user's unique secret, so as to maintain a plurality of authenticated users;    e) receiving requests from authenticated users to be connected to particular other authenticated users;    f) connecting groups of at least two authenticated users under persistent mediation of the persistent authentication and mediation service and enabling the at least two authenticated users which are connected to conduct an interaction comprising a plurality of messages;    g) repeating act (f) to produce a plurality of groups of connected users;    h) mediating the interaction among the at least two users of each of said plurality of groups of connected users such that each message in the interaction passes through the persistent authentication and mediation service; and    i) directly compiling an audit trail of the interaction and making information from the audit trail available to the at least two users of each group of connected users during the interaction in an intelligible form wherein the audit trail contains at least some of the content of the plurality of messages in the interaction.    
   
   
       7 . The method of  claim 6 , wherein the act of authenticating users comprises using an authentication method of the users' choosing.  
   
   
       8 . The method of  claim 6 , wherein the act of compiling an audit trail comprises using an audit trail method of the users' choosing.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.