CA2507346A1 - Security account for online and offline transactions - Google Patents
Security account for online and offline transactions Download PDFInfo
- Publication number
- CA2507346A1 CA2507346A1 CA 2507346 CA2507346A CA2507346A1 CA 2507346 A1 CA2507346 A1 CA 2507346A1 CA 2507346 CA2507346 CA 2507346 CA 2507346 A CA2507346 A CA 2507346A CA 2507346 A1 CA2507346 A1 CA 2507346A1
- Authority
- CA
- Canada
- Prior art keywords
- account
- security
- security account
- access
- subsidiary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Comprised of a computer account, bearing a computer address within a data bank, which functions somewhat similarly to a firewall proxy, and which is assigned, by the administrators of the data bank, to an individual person or legal entity (the account holder(s)), usually in exchange of a service fee, and which is used to effect various types of transactions of information or data, stored or recorded in subsidiary accounts, relative to the security account, and which are exclusively accessible to the account holder and administered by him, such transactions having been preauthorized by the account holder in view of the person or group or legal entity requesting access to, or having been granted access to, or transfer of, specific information or data from the security account.
Description
2507346 SECURITY ACCOUNT FOR ONLINE AND OFFLINE TRANSACTIONS Pierre Richard Godsey PAGE : 3 / 11 DESCRIPTION:
Consisting of a computer address within a data bank, which functions somewhat similarly to a firewall proxy, and which is assigned, by the administrators of the data bank, to an individual person or legal entity (the account holder(s)), usually in exchange of a service fee, and which is used to effect various types of transactions of information or data, such transactions having been preauthorized by the account holder in view of the person or group or legal entity requesting access to, or having been granted access to, or transfer of, specific information or data.
The distinction between this device and a normal firewall proxy is that the administration and authorization is established by the security account holder and not by the data bank administrator, and also that this is not a firewall that has an effect at the protocol or packet level, although it might be implemented as such. The rules of acceptance or refusal of a transaction are determined by the account holder in relation to the nature of the information or data requested or preauthorized for transfer, in view of a specific transaction or class of transactions. These rules can be established as a function of criteria that can be related to location, type of service offered by the requestor or according to his identity, date or time period, frequency or periodicity, and such rules would be made available to the account holder, by the administrator of the data bank, in the form of a software tool kit, rult; engine, menu of options or library of functions put at his disposal.
The requestor (client request) would normally be the holder of, and thus have access to, a similar security account, so as to facilitate the transaction through the network linked to the data bank, but transactions could also be effected througth the Internet, or through a vendor's terminal. The said data bank could be implemented in a distributed fashion, or similar security accounts could be located in distinct data banks, capable of security and transparent communications between each other.
As an example of how this might be used, a purchaser shopping online highlights the total amount of a transaction and clicks his right mouse-button item which is programmed at the vendor's site, as well as at the client's browser to effect a bidirectional transfer of information, the details of which vary, according to the nature of the transaction.
In the case of a purchase of an item, or group of items, the amount, ID
number, as well as the full details of the transaction would be transferred to the purchaser's account, in the form of a read-only link, and the information pertaining; to the purchaser, i.e., name, address, etc. along with his data bank account identification would be transferred to the vendor's account relating to this transaction, also in the form of a read-only link, 2507346 SECURITY ACCOUNT FOR ONLINE AND OFFLINE TRANSACTIONS Pierre Richard Godsey PAGE : 4 / 11 indicating to the vendor, that this particular transaction has in fact been preauthorized by the purchaser, and that a transfer of funds or data, relating to this transaction, has been authorized by the purchaser (the account holder) and are available to the vendor, or possibly, will be once shipment of goods have been realized, in which case, the purchaser might have the opportunity to cancel the transaction by withdrawing his autorisation for this particular transaction up to the moment of shipment, for example.
The transaction would then be conducted throught the data bank network, such transaction having in fact been preauthorized at both ends, that is the vendor-account-holder and the purchaser-account-holder.
Behind this security account, the security account holder can establish other accounts, for example, a debit account, or credit accounts, medical recordt accounts, personal information accounts, which are not directly accessible from the security account card, which is similar to a magnetic stripe bank card, at a minimum. The security account holder can choose to transfer a certain amount from one of the subsidiary accounts to his security account, for example to go shopping, or for current expenses. At that point, the amount that has been transferred is exposed in the same manner as in an account linked to the present type of debit or credit card emitted by all banks. But the exposure is limited to the amount the security account holder has chosen to transfer, and which corresponds to his spending habits and comfort level.
The security account holder can also choose to preauthorize a particular transaction with a specific vendor, for example in the case of an Internet transaction. The transaction could also be limited in terms of locality, date and time slot, amount or range of amount, frequency, type of goods or service, etc.
The security account holder would effect these authorizations or transfers of data, information, or funds, using the usual means of electronic banking, through the Internet, or at his local bank, or through the data bank's customer service, over the phone, using the normal computer-banking methods with various levels of authentication and encryption which are in current use.
Any transaction coming through to this security account which has not been previously authorized by the account holder, either by direct transfer of funds to the security account, or a preauthorization for a transaction directed at a specific vendor possibly for a specified amount, or approximate amount, etc. would be deemed to be fraudulent, and could be used to trigger a specific response, possibly involving law authorities.
This implies that authentication of the requestor, as it relates to the security account, could actually be optional, and the use of security lines between the vendor/requestor, and the data bank could also be made optional, since the object of the transaction is controlled by authorization, as allocated by the account holder.
2507346 SECURITY ACCOUNT FOR ONLINE AND OFFLINE TRANSACTIONS Pierre Richard Godsey PAGE : 5 / I 1 The subsidiary accounts, to which only the holder of the security account has access, when taken together, constitute a small personal network which is controlled and administered by the account holder for data or funds transfers between accounts and payment authorizations. Viewed in this context, the security account, to which the security account card is directly linked, is in fact a type of firewall proxy, since it does indeed function like the main firewall that would be installed at the access point of the data bank to the network or the Internet. But this data bank firewall is under the authority of the system administrators of the data bank, whereas the personal firewall proxy is under the final authority of the account holder.
This also allows for totally security financial and data transactions through the Internet.
There are very interesting possibilities relating to personal information storage, in the sense that access to this information would be allocated by the account holder. This also applies to medical records, such as diagnostics rendered by a doctor, ar in a medical institution. The following is an example of the possible use of the security account in medical practice.
Both the doctor and the account holder subscribe to a security account. Upon completion of the examination or treatment, the doctor enters pertinent information in a subsidiary account which is linked to the patient's security account address. This creates a corresponding reference, or link, in the the medical subsidiary account of the patient's securit)~ account, linked to this doctor's security account address (or number). If a prescription is given to the patient, it is entered in the same fashion.
When the patient (security account holder) goes to a medical facility or to a drugstore to obtain the treatment or prescription, both o:f which would also have a security account, and submits his card to the pharmacist or medical practitioner, they automatically have access to the unfulfilled prescription or diagnostic. Once the precription or treatment has been given or administered in the specified quantity and frequency, to the security account holder, a record of this is entered in the pharmacist's or medical practitioner's subsidiary account linked to the security account holder's medical subsidiary account. A
permanent record is thus established of the treatment which has been received by the security account holder in relation to this practitioner or facility.
The interesting thing is that medical practitioners would have access to all previous treatments to which the security account holder would have been a subjected to, and thus could be automatically informed of any and all conflicting side-effects between present or past treatments or prescriptions.
It would also be possible to conduct ongoing anonymous statistical analysis regarding particular symptoms as they relate to previously received treatments or medicines, and this could be invaluable to medical research.
2507346 SECURITY ACCOUNT FOR ONLINE AND OFFLINE TRANSACTIONS Pierre Richard Godsey PAGE : 6 / 11 The same general procedures could be applied to academic records, professional records and accreditations, or government sevices. Another very important application is that of voting systems, where a permanent record would be maintained by the data bank, and voting could be done electronically. This would also allow, should the account holder make his information available for such use, verifiable surveys to be conducted, possibly in exchange of an automatic payment, should survey firms choose to make use of the account holder's information, all this on a totally anonymous basis.
But the basic use of this product is still as a totally secure data bank account, which can be tied to a magnetic or smart card, for example.
The important aspect of all this is that the security account holder is always the one authorizing the degree of access to his information or data or funds, that he should choose to allow to whatever party has a need for it (obviously excepting legal access by government agents).
In time, this functionality would be enhanced through features built-in to the browsers, thus greatly facilitating transactions conducted through this system, and enhancing the commercial value of the browser as well as that of this security account system.
Consisting of a computer address within a data bank, which functions somewhat similarly to a firewall proxy, and which is assigned, by the administrators of the data bank, to an individual person or legal entity (the account holder(s)), usually in exchange of a service fee, and which is used to effect various types of transactions of information or data, such transactions having been preauthorized by the account holder in view of the person or group or legal entity requesting access to, or having been granted access to, or transfer of, specific information or data.
The distinction between this device and a normal firewall proxy is that the administration and authorization is established by the security account holder and not by the data bank administrator, and also that this is not a firewall that has an effect at the protocol or packet level, although it might be implemented as such. The rules of acceptance or refusal of a transaction are determined by the account holder in relation to the nature of the information or data requested or preauthorized for transfer, in view of a specific transaction or class of transactions. These rules can be established as a function of criteria that can be related to location, type of service offered by the requestor or according to his identity, date or time period, frequency or periodicity, and such rules would be made available to the account holder, by the administrator of the data bank, in the form of a software tool kit, rult; engine, menu of options or library of functions put at his disposal.
The requestor (client request) would normally be the holder of, and thus have access to, a similar security account, so as to facilitate the transaction through the network linked to the data bank, but transactions could also be effected througth the Internet, or through a vendor's terminal. The said data bank could be implemented in a distributed fashion, or similar security accounts could be located in distinct data banks, capable of security and transparent communications between each other.
As an example of how this might be used, a purchaser shopping online highlights the total amount of a transaction and clicks his right mouse-button item which is programmed at the vendor's site, as well as at the client's browser to effect a bidirectional transfer of information, the details of which vary, according to the nature of the transaction.
In the case of a purchase of an item, or group of items, the amount, ID
number, as well as the full details of the transaction would be transferred to the purchaser's account, in the form of a read-only link, and the information pertaining; to the purchaser, i.e., name, address, etc. along with his data bank account identification would be transferred to the vendor's account relating to this transaction, also in the form of a read-only link, 2507346 SECURITY ACCOUNT FOR ONLINE AND OFFLINE TRANSACTIONS Pierre Richard Godsey PAGE : 4 / 11 indicating to the vendor, that this particular transaction has in fact been preauthorized by the purchaser, and that a transfer of funds or data, relating to this transaction, has been authorized by the purchaser (the account holder) and are available to the vendor, or possibly, will be once shipment of goods have been realized, in which case, the purchaser might have the opportunity to cancel the transaction by withdrawing his autorisation for this particular transaction up to the moment of shipment, for example.
The transaction would then be conducted throught the data bank network, such transaction having in fact been preauthorized at both ends, that is the vendor-account-holder and the purchaser-account-holder.
Behind this security account, the security account holder can establish other accounts, for example, a debit account, or credit accounts, medical recordt accounts, personal information accounts, which are not directly accessible from the security account card, which is similar to a magnetic stripe bank card, at a minimum. The security account holder can choose to transfer a certain amount from one of the subsidiary accounts to his security account, for example to go shopping, or for current expenses. At that point, the amount that has been transferred is exposed in the same manner as in an account linked to the present type of debit or credit card emitted by all banks. But the exposure is limited to the amount the security account holder has chosen to transfer, and which corresponds to his spending habits and comfort level.
The security account holder can also choose to preauthorize a particular transaction with a specific vendor, for example in the case of an Internet transaction. The transaction could also be limited in terms of locality, date and time slot, amount or range of amount, frequency, type of goods or service, etc.
The security account holder would effect these authorizations or transfers of data, information, or funds, using the usual means of electronic banking, through the Internet, or at his local bank, or through the data bank's customer service, over the phone, using the normal computer-banking methods with various levels of authentication and encryption which are in current use.
Any transaction coming through to this security account which has not been previously authorized by the account holder, either by direct transfer of funds to the security account, or a preauthorization for a transaction directed at a specific vendor possibly for a specified amount, or approximate amount, etc. would be deemed to be fraudulent, and could be used to trigger a specific response, possibly involving law authorities.
This implies that authentication of the requestor, as it relates to the security account, could actually be optional, and the use of security lines between the vendor/requestor, and the data bank could also be made optional, since the object of the transaction is controlled by authorization, as allocated by the account holder.
2507346 SECURITY ACCOUNT FOR ONLINE AND OFFLINE TRANSACTIONS Pierre Richard Godsey PAGE : 5 / I 1 The subsidiary accounts, to which only the holder of the security account has access, when taken together, constitute a small personal network which is controlled and administered by the account holder for data or funds transfers between accounts and payment authorizations. Viewed in this context, the security account, to which the security account card is directly linked, is in fact a type of firewall proxy, since it does indeed function like the main firewall that would be installed at the access point of the data bank to the network or the Internet. But this data bank firewall is under the authority of the system administrators of the data bank, whereas the personal firewall proxy is under the final authority of the account holder.
This also allows for totally security financial and data transactions through the Internet.
There are very interesting possibilities relating to personal information storage, in the sense that access to this information would be allocated by the account holder. This also applies to medical records, such as diagnostics rendered by a doctor, ar in a medical institution. The following is an example of the possible use of the security account in medical practice.
Both the doctor and the account holder subscribe to a security account. Upon completion of the examination or treatment, the doctor enters pertinent information in a subsidiary account which is linked to the patient's security account address. This creates a corresponding reference, or link, in the the medical subsidiary account of the patient's securit)~ account, linked to this doctor's security account address (or number). If a prescription is given to the patient, it is entered in the same fashion.
When the patient (security account holder) goes to a medical facility or to a drugstore to obtain the treatment or prescription, both o:f which would also have a security account, and submits his card to the pharmacist or medical practitioner, they automatically have access to the unfulfilled prescription or diagnostic. Once the precription or treatment has been given or administered in the specified quantity and frequency, to the security account holder, a record of this is entered in the pharmacist's or medical practitioner's subsidiary account linked to the security account holder's medical subsidiary account. A
permanent record is thus established of the treatment which has been received by the security account holder in relation to this practitioner or facility.
The interesting thing is that medical practitioners would have access to all previous treatments to which the security account holder would have been a subjected to, and thus could be automatically informed of any and all conflicting side-effects between present or past treatments or prescriptions.
It would also be possible to conduct ongoing anonymous statistical analysis regarding particular symptoms as they relate to previously received treatments or medicines, and this could be invaluable to medical research.
2507346 SECURITY ACCOUNT FOR ONLINE AND OFFLINE TRANSACTIONS Pierre Richard Godsey PAGE : 6 / 11 The same general procedures could be applied to academic records, professional records and accreditations, or government sevices. Another very important application is that of voting systems, where a permanent record would be maintained by the data bank, and voting could be done electronically. This would also allow, should the account holder make his information available for such use, verifiable surveys to be conducted, possibly in exchange of an automatic payment, should survey firms choose to make use of the account holder's information, all this on a totally anonymous basis.
But the basic use of this product is still as a totally secure data bank account, which can be tied to a magnetic or smart card, for example.
The important aspect of all this is that the security account holder is always the one authorizing the degree of access to his information or data or funds, that he should choose to allow to whatever party has a need for it (obviously excepting legal access by government agents).
In time, this functionality would be enhanced through features built-in to the browsers, thus greatly facilitating transactions conducted through this system, and enhancing the commercial value of the browser as well as that of this security account system.
Claims (3)
1. A system of secondary proxy firewall accounts (the security accounts) which are located behind and subjected to the rules and control of a normal proxy firewall system, established according to standard available commercial practice and controlling access to a network server or data bank (either or both being possibly implemented in a distributed architecture), each security account being comprised of:
a) a process and methods (computer hardware or software) permitting the primary administrators of the primary proxy firewall to assign a computer address, within a computer data bank or computer server, to each secondary proxy firewall account such that they can be accessed from a local network, a wide area network, or the Internet, each of the latter under the control of the primary proxy firewall, and that communications are occurring under normal or standard commercially available conditions, such as the telephone, cable or broadband Internet systems, radio link, secured virtual private network links or leased lines, or through customer service operations offered by banking, service or government institutions, or their agents;
b) a process and methods (computer hardware or software) of creating and assigning such secondary proxy firewall accounts (henceforth, the subsidiary security accounts) to specific users or legal entities (the assignees), normally in exchange of a service fee;
c) a process and computer methods (computer hardware or software) of transferring control and administrative priviledges of the security account to the assignee of said security account (secondary proxy firewall);
d) a process and computer methods (hardware or software) allowing the assignee to create additional subsidiary accounts (or computer addresses), relative to the assignee's primary security account, each of which may be provided, by the assignee of the primary security account according to his designs, with certain capabilities and limitations according to the possibilities to which he has been given access to (or her) by the administrator of the primary proxy firewall, in the form of a tool kit of design applications, menu of functions or function library, procedures, rule engines and data types, preferably in a form that makes these usable by novice users, and which are used to effect various types of transactions or transformations of information or data, stored or recorded in the subsidiary accounts, relative to the primary security account; these access rules can be established as a function of criteria that can be related to location, type of service offered by incoming requests, time period or date, frequency or periodicity;
e) a process and computer methods such that the the assignee (the account holder) is given exclusive access to the primary security account as well as to the subsidiary security accounts he has created and administers, and such access is implemented through high security encrypted communications requiring the use of current available techniques, such as those requiring the use of public-private keys;
f) a process and computer methods which allow the security account assignees (the account holders) to enter or delete data into the security accounts, as well as to effect and/or preauthorize, by implementing rules into the primary security account (the secondary firewall proxy) affecting various transactions between the subsidiary security accounts and the primary security account, in regards to specific external client requests or transactions arriving at the primary security account;
g) a process and computer methods which allow the execution, or denial of, transactions that have been preauthorized by the assignee (the security account holder), in view of the person or group or legal entity requesting access to, or having been granted access to, or transfer of, specific information or data from the primary security account;
h) a process and computer methods which permit the implementation, by the assignee (the account holder), of the rules of acceptance, or refusal of, a transaction request submitted by a requesting party, institution or machine, according to the nature of the information, data or funds requested or preauthorized for transfer, in view of a specific transaction or class of transactions or request, which are external to the primary security account;
h) a process and computer methods which ensures that each access or transaction is recorded according to a normalized format, most likely in XML, in the appropriate designated subsidiary account of each of the agents or participants to the security account system, that a permanent record of the legal framework or clauses pertaining to a particular transaction, or a permament link to such, in both the first party's subsidiary account pertaining to the second party, as well as the second party's subsidiary account pertaining to the first party.
a) a process and methods (computer hardware or software) permitting the primary administrators of the primary proxy firewall to assign a computer address, within a computer data bank or computer server, to each secondary proxy firewall account such that they can be accessed from a local network, a wide area network, or the Internet, each of the latter under the control of the primary proxy firewall, and that communications are occurring under normal or standard commercially available conditions, such as the telephone, cable or broadband Internet systems, radio link, secured virtual private network links or leased lines, or through customer service operations offered by banking, service or government institutions, or their agents;
b) a process and methods (computer hardware or software) of creating and assigning such secondary proxy firewall accounts (henceforth, the subsidiary security accounts) to specific users or legal entities (the assignees), normally in exchange of a service fee;
c) a process and computer methods (computer hardware or software) of transferring control and administrative priviledges of the security account to the assignee of said security account (secondary proxy firewall);
d) a process and computer methods (hardware or software) allowing the assignee to create additional subsidiary accounts (or computer addresses), relative to the assignee's primary security account, each of which may be provided, by the assignee of the primary security account according to his designs, with certain capabilities and limitations according to the possibilities to which he has been given access to (or her) by the administrator of the primary proxy firewall, in the form of a tool kit of design applications, menu of functions or function library, procedures, rule engines and data types, preferably in a form that makes these usable by novice users, and which are used to effect various types of transactions or transformations of information or data, stored or recorded in the subsidiary accounts, relative to the primary security account; these access rules can be established as a function of criteria that can be related to location, type of service offered by incoming requests, time period or date, frequency or periodicity;
e) a process and computer methods such that the the assignee (the account holder) is given exclusive access to the primary security account as well as to the subsidiary security accounts he has created and administers, and such access is implemented through high security encrypted communications requiring the use of current available techniques, such as those requiring the use of public-private keys;
f) a process and computer methods which allow the security account assignees (the account holders) to enter or delete data into the security accounts, as well as to effect and/or preauthorize, by implementing rules into the primary security account (the secondary firewall proxy) affecting various transactions between the subsidiary security accounts and the primary security account, in regards to specific external client requests or transactions arriving at the primary security account;
g) a process and computer methods which allow the execution, or denial of, transactions that have been preauthorized by the assignee (the security account holder), in view of the person or group or legal entity requesting access to, or having been granted access to, or transfer of, specific information or data from the primary security account;
h) a process and computer methods which permit the implementation, by the assignee (the account holder), of the rules of acceptance, or refusal of, a transaction request submitted by a requesting party, institution or machine, according to the nature of the information, data or funds requested or preauthorized for transfer, in view of a specific transaction or class of transactions or request, which are external to the primary security account;
h) a process and computer methods which ensures that each access or transaction is recorded according to a normalized format, most likely in XML, in the appropriate designated subsidiary account of each of the agents or participants to the security account system, that a permanent record of the legal framework or clauses pertaining to a particular transaction, or a permament link to such, in both the first party's subsidiary account pertaining to the second party, as well as the second party's subsidiary account pertaining to the first party.
2. A process and. computer methods such that an individual or institution implementing such a system needs to create its own primary security account, as described in claim (1), comprised of:
a) a process or computer methods of adding to its own primary security account, at least one subsidiary security account for each agent (be it human, computer, machine or otherwise) or employee it has under its juridiction that will interact with the security account system;
b) a process and computer methods of registering in subsidiary accounts relating respectively to each agent or employee, according to a normalized format most likely implemented in XML
format, verified and authenticated copies of documents relating to identity, credentials and assigned roles of each of the agents or employees of the individual or institution, such that each entry becomes permamently stored in the account and to which access rules may be implemented, as always by the account holder;
c) a process and computer methods permitting agents or employees of the institution or data bank to then be assigned their own primary security account (or to use one they may already have access to) to which they have primary access as they are now the primary account holders of these new primary security accounts, as in claim (1), d) a process and computer methods allowing the creation of read-only links from one specific security account or subsidiary security account to another, which belongs to a different assignee or administrator, such as in claim (2)(b) (such as verified credential or role-based data being accessed by its bearer from the emitting institution), but such information being accessible through a read-only link to the security subsidiary account of the institution or data bank to which they are related, and linked;
d) a process and computer methods allowing an assignee to implement and export, a read-only link to other security accounts being controlled by external agents, individuals or institutions, according to the rules implemented in the original link by its owning assignee, in order, for example, to allow communicating to an external agent the existence of a verified authenticated role, credential, identity, licence, and such data, in other words, creating a read-only link, which is exported, to a read-only link;
e) a process and computer methods allowing an assignee of a security account, as in claim (1), to use their security account for their own purposes and transactions, and create additional subsidiary security accounts pertaining to other functions, companies, data banks or institutions, which would be subjected to the access controls implemented by each account holder, in regards to each specific request for information or data pertaining to each specific transaction with one of these agents or entities;
f) a process and computer methods allowing a security account assignee (a security account holder) to establish a standard document in a subsidiary security account which is publicly and freely accessible by accessing its security account through the Internet, or through another network, which could correspond to a normal web page, or e-mail address, the access to each being possibly restricted according to a specific rule set.
a) a process or computer methods of adding to its own primary security account, at least one subsidiary security account for each agent (be it human, computer, machine or otherwise) or employee it has under its juridiction that will interact with the security account system;
b) a process and computer methods of registering in subsidiary accounts relating respectively to each agent or employee, according to a normalized format most likely implemented in XML
format, verified and authenticated copies of documents relating to identity, credentials and assigned roles of each of the agents or employees of the individual or institution, such that each entry becomes permamently stored in the account and to which access rules may be implemented, as always by the account holder;
c) a process and computer methods permitting agents or employees of the institution or data bank to then be assigned their own primary security account (or to use one they may already have access to) to which they have primary access as they are now the primary account holders of these new primary security accounts, as in claim (1), d) a process and computer methods allowing the creation of read-only links from one specific security account or subsidiary security account to another, which belongs to a different assignee or administrator, such as in claim (2)(b) (such as verified credential or role-based data being accessed by its bearer from the emitting institution), but such information being accessible through a read-only link to the security subsidiary account of the institution or data bank to which they are related, and linked;
d) a process and computer methods allowing an assignee to implement and export, a read-only link to other security accounts being controlled by external agents, individuals or institutions, according to the rules implemented in the original link by its owning assignee, in order, for example, to allow communicating to an external agent the existence of a verified authenticated role, credential, identity, licence, and such data, in other words, creating a read-only link, which is exported, to a read-only link;
e) a process and computer methods allowing an assignee of a security account, as in claim (1), to use their security account for their own purposes and transactions, and create additional subsidiary security accounts pertaining to other functions, companies, data banks or institutions, which would be subjected to the access controls implemented by each account holder, in regards to each specific request for information or data pertaining to each specific transaction with one of these agents or entities;
f) a process and computer methods allowing a security account assignee (a security account holder) to establish a standard document in a subsidiary security account which is publicly and freely accessible by accessing its security account through the Internet, or through another network, which could correspond to a normal web page, or e-mail address, the access to each being possibly restricted according to a specific rule set.
3. A process and computer methods such that the primary or subsidiary security accounts, as described in (1), may be created and linked to a security account card (a standard bank card having a simple magnetic stripe or to a smart card or other computer memory device) comprising:
a) A process and computer methods to permit machine reading of the computer address or other information relative to the said security account, or to a smart card or other memory device, and which allows its use as a normal debit or credit card when subsidiary accounts are created specifically for financial transactions, by using the appropriate data types, for example, or allowing linkage to regular bank debit, credit, savings or other financial accounts, or lines of credit, possibly active within multiple external banking or financial institutions;
b) a process and computer methods for the security account holder to implement the means of restricting access to such external accounts through the security account rule set, which is implemented on the security account, and where such restricted access is directed to specific requests being addressed by external agents to the security account, and the implemented rule set allows transactions to be fulfilled, or not, in response to the specific requests, in accordance to the directives implemented by the security account holder, within the constraints of the tools, procedures and rules put at the assignee's disposal by the primary external proxy firewall administrators;
c) a process and computer methods implementing a secure communication channel, possibly through a virtual private network, or secured leased lines between the primary firewall administrations, whereby effecting preapproved electronic financial transactions, where both the assignee and the remote web site are security account holders, as in claim (1), and where one of the parties establishes a read-only link to a contract, purchase ordE:r or other form, while the other party establishes a read-only link to a payment preappoval and verified identity information, for example, but transactions could also be effected througth the Internet, an appropriately configured ATM, or in person at a vendor with an active security account terminal;
d) a process and computer methods implementing a secure link, during financial transactions, in the vendor's new subsidiary account linked to the purchaser's identity, if required, relating to the particular transaction, indicating to the vendor, that this particular transaction has in fact been preauthorized by the purchaser, and that a transfer of funds or data, relating to this transaction, has been preauthorized by the purchaser (the account holder) and are available to the vendor;
e) a process and computer methods implementing a means of guaranteeing to the vendor (or other party) the availability of funds or other information or data for a particular transaction, if so required and accepted by both parties, and the possibility of witholding preauthorized funds, or data, relating to a particular transaction until it can be verified, possibly through a third party, or other agent, also using a security account, that goods have been shipped, or that a service has been delivered or effected, in which case, the purchaser might have the opportunity to cancel the transaction by withdrawing his autorisation for this particular transaction up to the moment of shipment, or some other stipulation, for example;
f) a process and computer methods to implement a means for the account holder to establish links to permanent information maintained in the subsidiary accounts relating to him in external security accounts with which he may have a relationship, and where such a link is required to be established with another account holder's subsidiary account, or is useful is some fashion, so as to give access to the permanent verifiable information relevant to the first account holder, such as professional accreditations, licenses or government authorizations;
g) a process and computer methods to implement a means for allowing role based access control by a first assignee logging-in to his own security account, possibly to access role based authorization data in a third-party's linked security account, and then reading-in another assignee's security card in order to access information uniquely related to the verified role authorized by the information obtained from the third-party's security account, relating to the first party.
a) A process and computer methods to permit machine reading of the computer address or other information relative to the said security account, or to a smart card or other memory device, and which allows its use as a normal debit or credit card when subsidiary accounts are created specifically for financial transactions, by using the appropriate data types, for example, or allowing linkage to regular bank debit, credit, savings or other financial accounts, or lines of credit, possibly active within multiple external banking or financial institutions;
b) a process and computer methods for the security account holder to implement the means of restricting access to such external accounts through the security account rule set, which is implemented on the security account, and where such restricted access is directed to specific requests being addressed by external agents to the security account, and the implemented rule set allows transactions to be fulfilled, or not, in response to the specific requests, in accordance to the directives implemented by the security account holder, within the constraints of the tools, procedures and rules put at the assignee's disposal by the primary external proxy firewall administrators;
c) a process and computer methods implementing a secure communication channel, possibly through a virtual private network, or secured leased lines between the primary firewall administrations, whereby effecting preapproved electronic financial transactions, where both the assignee and the remote web site are security account holders, as in claim (1), and where one of the parties establishes a read-only link to a contract, purchase ordE:r or other form, while the other party establishes a read-only link to a payment preappoval and verified identity information, for example, but transactions could also be effected througth the Internet, an appropriately configured ATM, or in person at a vendor with an active security account terminal;
d) a process and computer methods implementing a secure link, during financial transactions, in the vendor's new subsidiary account linked to the purchaser's identity, if required, relating to the particular transaction, indicating to the vendor, that this particular transaction has in fact been preauthorized by the purchaser, and that a transfer of funds or data, relating to this transaction, has been preauthorized by the purchaser (the account holder) and are available to the vendor;
e) a process and computer methods implementing a means of guaranteeing to the vendor (or other party) the availability of funds or other information or data for a particular transaction, if so required and accepted by both parties, and the possibility of witholding preauthorized funds, or data, relating to a particular transaction until it can be verified, possibly through a third party, or other agent, also using a security account, that goods have been shipped, or that a service has been delivered or effected, in which case, the purchaser might have the opportunity to cancel the transaction by withdrawing his autorisation for this particular transaction up to the moment of shipment, or some other stipulation, for example;
f) a process and computer methods to implement a means for the account holder to establish links to permanent information maintained in the subsidiary accounts relating to him in external security accounts with which he may have a relationship, and where such a link is required to be established with another account holder's subsidiary account, or is useful is some fashion, so as to give access to the permanent verifiable information relevant to the first account holder, such as professional accreditations, licenses or government authorizations;
g) a process and computer methods to implement a means for allowing role based access control by a first assignee logging-in to his own security account, possibly to access role based authorization data in a third-party's linked security account, and then reading-in another assignee's security card in order to access information uniquely related to the verified role authorized by the information obtained from the third-party's security account, relating to the first party.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA 2507346 CA2507346A1 (en) | 2005-05-13 | 2005-05-13 | Security account for online and offline transactions |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA 2507346 CA2507346A1 (en) | 2005-05-13 | 2005-05-13 | Security account for online and offline transactions |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2507346A1 true CA2507346A1 (en) | 2006-11-13 |
Family
ID=37450451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA 2507346 Abandoned CA2507346A1 (en) | 2005-05-13 | 2005-05-13 | Security account for online and offline transactions |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2507346A1 (en) |
-
2005
- 2005-05-13 CA CA 2507346 patent/CA2507346A1/en not_active Abandoned
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10223695B2 (en) | Centralized identity authentication for electronic communication networks | |
| US10636023B2 (en) | Universal secure registry | |
| US8316418B2 (en) | Verification engine for user authentication | |
| CN102959559B (en) | For the method producing certificate | |
| US8099301B2 (en) | Secure on-line authentication system for processing prescription drug fulfillment | |
| US20030115148A1 (en) | Method and apparatus for processing a secure transaction | |
| US20010027527A1 (en) | Secure transaction system | |
| US20030069857A1 (en) | Proxy system for customer confidentiality | |
| KR20030019466A (en) | Method and system of securely collecting, storing, and transmitting information | |
| WO2008045667A2 (en) | Verification and authentication systems and methods | |
| WO2006039364A9 (en) | System and method for electronic check verification over a network | |
| US20030229792A1 (en) | Apparatus for distributed access control | |
| US20020120585A1 (en) | Action verification system using central verification authority | |
| US7603320B1 (en) | Method and system for protecting sensitive information and preventing unauthorized use of identity information | |
| CA2507346A1 (en) | Security account for online and offline transactions | |
| JP2002324050A (en) | Personal authentication data providing system and method | |
| AU743570B1 (en) | Means and method of registering new users in a system of registered users | |
| WO2002001517A1 (en) | A method for carrying out electronic commerce transactions | |
| KR20020000906A (en) | Issue system and method of prepaid and anonymous on-line credit card | |
| UA21431U (en) | Computer system of cashlees settlement to execute payment operations by the users of mobile appliances of electronic communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDC | Correction of dead application (reinstatement) | ||
| FZDE | Dead |
Effective date: 20140423 |