METHOD AND SYSTEM FOR CARRYING OUT ELECTRONIC TRANSACTIONS
Field of the invention
This invention relates to an electronic transactions method on a network and a data processing system for implementing said method. The invention therefore relates to information technology and in particular to electronic transactions on an information network.
Background of the invention
In modern society information regarding individuals or other legal persons is certified in many different information networks and portions of information networks such as in the information networks of the social welfare office, police, tax office, automobile registration centre, direct marketing association, department stores and/or trade unions.
A citizen can connect to some individual information networks. For example when the tax office offers their clients the opportunity to make tax- related statements electronically, the client can be connected to the information network of the tax office. Information is safeguarded with the aid of electronic identification of the individual, certification and electronic signing of documents. As another example a client can log-in to the information network of an insurance corporation on the basis of electronic identification and file a damage claim. As a third example the client is offered a sen/ice where many electronic transactions forms have been brought together and which a legal person may then use to perform electronic transactions. An example of a service such as that mentioned in the last example is the service offered by www.lomake.fi (visited 4.4.2003).
Information regarding citizens is also moved and distributed in networks between different quarters. However the individual himself is not able to participate in these types of arrangements. It is difficult for the individual to keep track of what information regarding him is maintained in the systems of different authorities or to utilize this information when dealing with the authorities or with other instances. Nor can an individual use current electronic transactions services to conduct reciprocal business or add information certified by a different authority as part of an electronic transaction, nor do known electronic transactions services support the use of billing servers or billing service platforms or Internet data stream services or Internet call services.
Brief description of the invention
The object of the invention is to develop a method and a data processing system and hardware implementing said method with which an electronic transactions service for legal persons can be implemented and in which the above-mentioned problems can be solved. The object of the invention is achieved with a method and a system characterized in that which is listed in the independent claims. The preferred embodiments of the invention are the object of the dependent claims.
The preferred embodiments of the invention may involve one or more of the following characteristics in different combinations:
(i) a citizen or other legal person is recognized and certified into the data processing system using electronic (other legal person) and/or biometrical (citizens only) recognition and certification. Recognition and certification can also be performed when logging-in as the device user or when logging-in to the operating system, or further when logging-in as a user of the information network, as long as the data processing system is constructed such that for its part identification and certification are imple- mented;
(ii) a person logging-in to the data processing system (1-2) is recognized by at least one of the following methods: electronic personal identification card, personal identification number, password, identification service provided by a bank, telephone service or business, encryption key, an encryption signature key or biometrics or a SIM (Subscriber Identity Module) used for logging-in to a GSM (Global System for Mobile communications) information network or a USIM card (Universal Subscriber Identity Module) used for logging-in to a UMTS (Universal Mobile Telecommunications System) information network, or a parallel card of a SIM and USIM card; (iii) the data processing system may be located in a wireless or wired information network for example in a GSM or UTMS network, the Internet, a local network's server or data terminal or in a digital television operator's server
or data terminal or generally in any type of network's server, data terminal or proxy server; (iv) with the aid of the said electronic identification methods a user interface is created for a legal person in the said data processing system using program tools to implement personal and private protection in the electronic transactions environment created; (v) with the aid of the said electronic identification methods a user interface is created for a legal person in the data processing system using program tools to implement a personal and private protection in the electronic transactions environment created and that the said environment is built with the aid of one or more program modules, which are located in and are executed in the data termi- nal and/or server of the data processing system which is the object of the said logging-in action, and that the duties of the program modules include one or more of the following:
- providing a user interface for a legal person; - implementing electronic and/or biometric recognition, or in the case of recognition implemented by some other system, the useful application of this recognition information; - the operational logic, which is needed for sending, receiving, handling and saving information related to electronic transactions;
- methods for encryption and decryption of electronic transactions information, electronic signature and use of other certifications as well as encryption of communications;
- implementing communication connections to data processing systems providing electronic transactions, data processing sys-
terns providing information recording, electronic transactions environments for other legal persons, as well as to data processing systems that offer services for man- agement of electron transactions environments for a legal person, management of the certifications of electron transactions environments as well as, compiling of statistics, observing and billing regarding the use of electronic transactions environment resources; (vi) with the aid of the said logging-in and the said recognition an electronic transactions environment is built for a legal person using some electronic encryption method; (vii) the electronic protection method involves the protection of the data storage using an electronic identifier, electronic currency loaded into the data processing system, program module loading and configuration require and are based on electronic recognition; (viii) the said electronic transactions environment implements interfaces fulfilling information security requirements in systems offering electronic transactions and data processing systems of instances collecting and saving information regarding a legal person and/or a data proc- essing system in which is collected the said information from the data processing systems of several instances; (ix) the said electronic transactions environment may be implemented with the aid of the interfaces and software to an information network's server or the proxy server of a communications network or a wired or wireless information network's client data terminal; (x) the electronic transactions software comprises necessary technical equipment using registered information through the said interfaces; (xi) in the data processing system a client user interface is constructed through which a legal person who has
logged into the data processing system uses electronic transactions services;
(xii) if needed, an interface can also be created from the said data processing system to the data processing system of another wired or wireless information network, one which implements the same sort of electronic transactions environment and to which the other legal person is (i) recognized and certified according to the object. This interface can, if needed, be used for conducting elec- tronic transactions between two or more legal persons;
(xiii) if needed, an interface can also be built from the said device to the server handling electronic transactions billing services or to the billing service platform's server or with the aid of electronic transactions to the server or service platform's server providing information network services; (xiv) if needed, during the said electronic transactions event a legal person has possibility of gathering registered information regarding himself and obtained from an infor- mation network as well as participating in the moving and distribution within information networks of registered information regarding himself; (xv) if needed, using the said interfaces a legal person has the possibility during an electronic transactions event of executing electronic transactions requiring payment; and
(xvi) the said services requiring payment may also include data stream services such as for example Internet phone or message services such as electronic mail and
SMS and MMS message services. (xvii) into the data processing system is built firewall technology due to which the data processing system has the possibility of managing the applications and traffic used by the data processing system by allowing or blocking use of specified applications and/or by allowing or block- ing traffic from specified IP-addresses and/or by allowing or blocking the use of specified TCP port numbers.
One embodiment of the method and system of the invention is based on that, on the basis of electronic identification of an individual, personal electronic transactions and user interface software is constructed that is not dependent upon the electronic transactions service provider's client relation- ship or processes, and it contains interfaces for different instances (e-desktop environment), services to read, receive, give, edit or complete information regarding the individual using a terminal device, which is functionally linked through the interface to another individual and server and/or at least two other servers, where information regarding the individual is stored and from which at least one server offers electronic transactions sen/ices.
One embodiment of the method and system of the invention is based on that the individual can, using the reciprocal electronic transactions interface of the e-desktop environment, form with the aid of the reciprocal transactions data stream services such as for example videoconferences or Internet phone services with another legal person. If needed, the call can be performed as a service requiring payment through the interface of a billing server or billing service platform.
Another embodiment of the method and system of the invention is based on that an individual can, with the aid of the services of the e-desktop environment, read, receive, give, edit or complete information regarding himself from at least two separate sources using the first server, which is functionally linked through the interface to the other server where information regarding this individual is stored permanently or with partial permanence.
One third embodiment of the method and system of the invention makes it possible for a member of society, using the services provided by the e-desktop environment, to participate in the moving and distribution within information networks of certified information regarding himself such that privacy protection and information security requirements are fulfilled.
One fourth embodiment of the method and system of the invention offers a service that is located between the one who is the partner saving the registered information to his data processing system through his actions, such as the tax office, and the client (e-desktop environment) thus offering the client an interface with the registered information and for example the possibility of collecting information from different information registries. Additionally it makes possible for the client for example the combining of information from different
registries or information analysis, saving or even access to registered information gathered from several sources.
In one additional embodiment of the method and system of the invention access to information is through a personalized user interface. One optional embodiment of the method and system of the invention involves the management of certifications, which are a prerequisite for electronic transactions when gathering certified information from different authorities for example for a tax statement or support applications.
One advantage of a method and system according to the invention is that it (e-desktop environment) assures the privacy and information security of the client.
Brief description of figures
The invention will now be described in more detail through the use of the preferred embodiments shown in the accompanying drawings, in which: Fig. 1 is an overview that shows and describes the invention and the central elements of its exemplary embodiments;
Fig. 2 is a flow chart of a single exemplary electronic transactions event;
Fig. 3 shows as an example the data terminal configuration needed in a particular electronic transaction; and
Fig. 4 shows as an example one possible e-desktop system software solution.
Detailed description of the invention
The scope of application of the invention and its preferred embodi- ments is, among others, an information network service which offers the client, based on recognition of the client, electronic transactions and user interface software that is independent of the electronic transactions service provider's client relationship and processes as well as interfaces to different instances (e- desktop environment) and access through an interface into an information network to registered information regarding that client. Using the user interface of a service (e-desktop environment services) according to the invention and its different embodiments a client can obtain information from information regarding himself that is registered in the network and may utilize this information for example in electronic transactions. The services in question are called e- desktop environment services in this document (e-desktop, an electronic iden-
tification of an individual worldwide web). Additionally, in this document the term information network means for example a combination of the services offered between computers and the services offered by the data transfer connections between computers. An information network can be for example an Internet, Intranet or Extranet information network.
Fig. 1 shows as examples the elements of a system according to the invention and some of its embodiments. The e-desktop server illustrates the server 1-2. It can be a device or software handling a certain task or storing certain information. The server can be a physical network server or its virtual counterpart based for example on Java component technology. The server 1-2 is implemented for example as a WWW-server, in which case the user interface is offered to the user as a web page with which the user can operate the browser program to be controlled in the data terminal, such as with Microsoft Internet Explorer or Netscape Navigator. The citizen can read 1-50, 1-52 from the server or use certified information 1-6, document copies or references to documents received 1-40, 1-42 from authorities 1-20, 1-22, and on the server he can transact, read, complete, correct, edit and send 1-44 transaction forms 1-4 or transaction applications. Information may for example be in the form of text and/or sound and/or graphics. The e-desktop API 1-10, 1-12 describes an interface that offers a connection between the data processing system of an authority 1-20, 1-22 or other actor and the e-desktop server 1-2. The interface can offer transaction forms and applications based on for example XML technology (XML, Extensible Markup Language) and Java components. Communications between the e- desktop API and the e-desktop service may be handled for example by SOAP messages (SOAP, Simple Object Access Protocol) using SSL encryption (SSL, Secure Sockets Layer).
In Fig. 1 electronic ID illustrates the electronic identification of an individual, which can be executed in many ways, for example using an electronic personal identity card and/or biometrics. Further, logging-in can be implemented using the SIM (Subscriber Identity Module) cards used in logging-in by GSM (Global System for Mobile communications) networks, or SIM cards used in logging-in by UTMS (Universal Mobile Telecommunications System) or parallel cards of SIM and USIM cards. SIM and USIM smart cards may be used only for example in the case that they are personal cards of a legal person and therefore identify exactly this person as the user of the information network.
Because a connection contract of a legal person is made with a legal person, then a normal connection contract of the telecommunications operator therefore implements one-to-one the identification of an individual using a SIM or USIM smart card. SIM and USIM cards can be moved from one device to an- other or from them can be made parallel cards and their use implemented in the data processing system of the e-desktop service using many log-in forms of the invention with the aid of a new device.
On the part of a more detailed description of biometrics, reference is directed to for example the Internet address www.biometricsinstitute.org (vis- ited 4.4.2003).
The service provider, such as from the server of an authority can be the information network connections to a data storage of a certifier, and the client, the citizen, using the user interface implemented by the sen ice logic of the e-desktop environment, can make statements or requests in electronic form utilizing the registered information in question. Alternatively the client can just store, analyse or comment this information.
The e-desktop environment and its services may alternatively be composed of program modules that the client may use in the information network. Program modules could be offered for example by the parties engaged in implementing the sen/ice. In this case there is no actual e-desktop server, but the service is constructed upon the connection of the client network to the client terminal and by loading these modules into the client terminal. Alternatively the program modules can additionally be loaded into use by some other server to which the client is connected. Using the working functions of the pro- gram modules, a transaction application process can be formed for use by the client that executes the services of an independent e-desktop server.
Fig. 2 shows a signal diagram of a single exemplary electronic transactions event where the client fills in a housing support application at the social welfare office and needs a tax statement for this application. In stage 2-2 the client, for example a citizen makes a connection from the terminal to an e-desktop sen ice (an instance). In this connection a suitable recognition method is used, for example a personal electronic identity card or a combination of several recognition methods. The e-desktop service constructs, independent of the electronic transactions service provider's client relationship and processes and based on identification, a personal electronic transactions and user interface software and an interface for network search-
ing and for different instances. To find the desired service the client may use the service menu or a search function of the e-desktop. In stage 2-4 the e- desktop searches the network for a desired address or service object and sends to it a service request message. To protect the privacy of the client the message can be transmitted for example using a secure connection. In stage 2-6 the API of social welfare office object communicates with the data processing system of the social welfare office, and in stage 2-8 the data processing system of the social welfare office produces the base information regarding the interface. Base information means here for example earlier certified, prior known information such as a history of decisions.
The API of social welfare office can transmit in stage 2-10 a form or form application as well as precompleted information to the e-desktop, which offers the client a user interface for filling in the form. Because the client needs the tax statement of the previous year as an attachment to the housing support application, in stage 2-12 he connects to the information service of the tax office. Alternatively the client could have already obtained a copy of the tax statement in question from the tax authority. At the same time the e-desktop searches the network for the correct service object.
The service object offered by the API of tax office is capable of ei- ther directly retrieving the information requested as shown in the figure, or it can use the e-desktop environment to offer a user interface to locate the information. After this, in stage 2-16 the data processing system of the tax authority returns the tax statement to the interface, and in stage 2-18 the interface transmits the document in certified form or a reference to the document to the e-desktop element, where the client can check it.
In stage 2-20 the client, using the e-desktop, sends the filled-out form, which can have as an attachment the certified tax statement or a reference to it. The form can be certified by the electronic signature of the client. After this the interface, in stage 2-22, sends the application to data processing system of the social welfare office. The client can at stage 2-24, if he desires, give a copy of the application to the e-desktop, from which he can retrieve it when he desires. If necessary the data processing systems of the social welfare and the tax office authorities can communicate directly with one another in stage 2-26, if information is exchanged as mere references. Communication can also occur through the e-desktop APIs.
The interface service of the client can be created and managed over the encrypted network connection from an information network server to a data terminal. The service logic can be based on the representation, storage or utilization of the information registered in the network in electronic transactions, as well as upon the combination of registered information as a collective document.
Information registered in the network is retrieved and if necessary stored on the server of the service provider or in the data terminal of the client. According to service logic the information can be presented, analysed and combined forming different aggregate compositions.
For transmitting registered information into the data processing system to the service recipient encrypted information network connections can be constructed to the data storages that maintain the registers. Storage of information to one's own data storage of the client's personal transactions envi- ronment server, independent of the electronic transactions service provider's client relationship or processes and constructed by the e-desktop sen ice, can likewise be done in encrypted form.
The user interface of the service offered by the environment constructed by the e-desktop service can be client-specific, for example the per- sonal WWW page (WWW World Wide Web) of each client from which access can be offered by hyperlinks either by encrypted connection to information in the information networks of the collectors of the registries or from the registries to information stored in encrypted form in the data structure of the service provider. The personal WWW page of the client is just one example instead of which the user interface can be formed for example using a separate application.
In some embodiments of the invention from an information security standpoint it is important that information is only to decrypt with the personal key ofthe recognized and certified client. In an information network information can be moved by secure connection between the service provider's server and the data storage that has collected registered information.
In one alternative embodiment of the invention the personal transactions environment independent of the electronic transactions service provider's client relationship or processes and constructed by the e-desktop service has the functionalities of a firewall.
If electronic transacting requires the use of certificates to prove the source of documents, an electronic certificate can be attached to the documents. The tax authority can for example certify its documents regarding a client using an electronic signature, and a provider of electronic transactions ser- vices can, from the signature of the tax authority, certify that a document is an authentic and non-forgeable document from the tax authority.
In the personal transactions environment service independent of the electronic transactions service provider's client relationship or processes and constructed by the e-desktop service for electronic transactions the appear- ance and data structure (such as data fields) of the user interface can be formed using an XML document sent by the data processing system providing the transactions service. Further it is possible to construct software implementing the application logic used in transactions of the client using program modules that are loaded into use according to the transaction application - for in- stance from the data processing system of an insurance company and/or from the data processing system of a health centre for example to make an accident claim.
In any event the e-desktop environment of the client constructed by the e-desktop service executes, among other things, the management of elec- tronic transactions certificates, providing an environment implementing application logic, management of client events as well as management of client and data processing system interfaces. In general in the said e-desktop environment application logic is implemented, but the server can also function as a proxy server managing certifications of registered information and their trans- mission to application which is loaded onto the client machine. Under certain circumstances electronic transactions can be transferred to occur on the server of the party providing the transaction.
In the method according to the invention and its preferred embodiments the personal electronic transactions environment of the data processing system, to be built for a legal person meeting personal privacy and information security requirements and independent of the electronic transactions service provider's client relationship or processes, can be created entirely or partially for the server of the communications network, the proxy server of the communications network, the data terminal of a wired or wireless network or a combi- nation of these, and that the environment can be entirely or partially constantly loaded in the data terminal such that in connection with logging-in to the said
data terminal the said electronic transactions environment is immediately available for use. The environment can be divided for example between a mobile data terminal and a network server such that at least a portion of the database belonging to the data processing system is located on the network server to speed up service and create an adequate storage capacity.
Fig. 3 shows an electronic ID card 3-2, card reader 3-4 and the data terminal configuration required for electronic transactions 3-6 ... 3-12. The data terminal in question or other data terminal providing corresponding functionality and protection as well as the WWW user interface provided by the e-desktop server form user interface of the client in the e-desktop environment. The architecture of the data terminal or work station, through which the client can connect to the sen/ice, can comprise for example the driver for card reader 3- 6, the PKI-client element 3-8, the API element 3-10 and the web browser 3-12. An electronic identity card of an individual is an officially approved electronic identification and certificate when transacting with authorities. An electronic identity card, recognition, encryption and signatures are based on the electronic transactions standards verified by the Ministry of Communications. Additionally the e-desktop enables the sending of encrypted and signed documents using one's own key. If the client terminal is connected to an information network such as for example through a wired subnetwork of the Internet, an electronic ID card is well suited for this purpose. A suitable solution used for example in the smart phones of a wireless network or in some other wireless client terminal can also function as the identifier, wherein the SIM card and the electronic ID card used in the telecommunications operator's data terminal and of the client recognition are combined in the same smart card. The invention is not however limited to the said smart card technologies for client recognition, but in each service entirety the most suitable and adequate recognition method may be used for recognition and certification. In Fig. 4 is shown one possible e-desktop server software solution.
Relating to use of the e-desktop server several light servers can be used and their configurations can be identical. Using known IP routing technologies the load can be evenly distributed between the servers. The server can contain the necessary basic transactions services software for implementing the personal transactions service independent of the electronic transactions service provider's client relationship or processes and based on recognition, an user inter-
face and interfaces for various instances, as well as for management of the personal information management of the client. The server can additionally retrieve from the network services available at a given time, such as forms and applications such as for example using web sen/ice or CORBA technologies (CORBA, Common Object Request Broker Architecture). The own notes and references of the client, documents he has himself produced as well as copies can be stored in the e-desktop database server.
According to the e-desktop API the service provider can add to his own data processing system an adapter software implementing the require- ments of the e-desktop API and through it inform the e-desktop system of the services offered, for example forms and/or applications. For communication purposes for example small service providers, whose volume is not too great, can use light web-service technology and SOAP messages (reference a) (SOAP, Simple Object Access Protocol), whereas large service providers can communicate using more scaleable ORB technology (reference b). Connections in relation to the e-desktop data storage can be handled in the same way.
In the following are listed terms used in Fig. 4: Apache SSL: Apache WWW server with SSL protocol support (SSL, Secure Socket Layer); Apache Jakarta: WWW server extension for Java programming environments, such as sen let, JSP (JSP, Java Server Pages);
JCA API: Java Cryptographic Architecture API (API, Application Interface) for handling encryptions; Java XML API/DOM: Parsing of an XML documents and organization of DOM (Document Object Model) elements;
Java SOAP API: SOAP protocol support of Java; and
JAVA ORB RMI: Support for a service implementing CORBA methods using ORB messages and (RMI, Remote Method Invocation) MOP protocol (HOP, Internet Inter-ORB Protocol). The purpose of Fig. 4 is to show that the architecture required by the invention and its different embodiments can also be implemented using current technology. Alternatively the architecture shown in Fig. 4 could in its essential elements be based for example on Microsoft's .NET architecture.
For recognition of the client and forming of a protected terminal connection known electronic ID technology can be used. The e-desktop environment can be implemented in a WWW server using Java components and
XML technology. The e-desktop service can be physically composed of a group of servers between which data processing is distributed using component technology. Broker processes (ORB) work as the distributors of service information, search the system for free resources and connect the client to the service objects. An e-desktop instance or its parts can also function directly in the client data terminal.
The e-desktop environment can communicate with services of the authorities or other actors with SSL-protected HOP requests through ORB or alternatively with SOAP messages. Documents and forms are loaded as XML documents which can have in them functional applet-type portions depending on the structure and contents of the document. On the other hand the service application can also be an entirely independent program.
The client can store all the applications he has made as well as copies he has taken of authorities' information in the e-desktop environment. For the latter part the storing can be virtual, i.e. the e-desktop can store mere references. Because each document can be certified using certificate of the party, which is responsible for the authenticity of the information, the following parts are added to the document or its copy: 1) As a Data XML document certified by the certification key of its source and encrypted; 2) XSUXSLT-definition (XLS XSLT, a language describing the appearance of an XML document) for representing a document; and 3) The comments of the client in suitable XML format and certified by the certification key of the client.
Each party who offers sen/ices through the e-desktop requires an e-desktop API or connection. The e-desktop API can be described with the aid of the definition of claims, which are among others
The interface must provide to the network service objects (ORB) according to the description of the e-desktop as well as web services;
The documents offered must comply with the DTD or XML scheme definitions according to the e-desktop descriptions and to whose definitions there may come profession- specific characteristics determined by a working group; ORB-mediated sen/ice requests follow agreed-upon IDL descriptions (IDL, Interface Definition Language); - SOAP messages according to the e-desktop descriptions are used for sending messages;
Communications are encrypted according to the requirements given (for example SSL); XML documents are encrypted and certified; The interface must be able to communicate with the inter- faces of other sen/ice provider, for example when retrieving a document on the basis of a reference. This communication can be implemented as encrypted SOAP messages (for the legal protection of the client there are also grounds for the e-desktop to have knowledge of all these events). How the interface communicates with the inner data processing system of the service provider must be solved on a case-by-case basis.
In describing the invention there is mention of the service object of the e-desktop environment or transactions service, with which access to a service can be constructed and which can itself implement service functions. This is implemented by creating for the client a user interface with which he attains the use of the sen ices and objects offered by the e-desktop environment. There are many implementation forms of the service object dependent on the technology used to implement the data processing system and on what functions the service object is expected to execute. The service offered by the e- desktop environment and through it the service objects of the transactions services, are a part of a system used to build for a client access outside his own machine to remotely located resources.
One way of implementing the service object is using Java technology. In a hyperlinked document using Java technology for example "signed applets"-type applets, i.e. small applications that are written in the Java language and execute in the browser window of the data terminal can be distributed to the client. "Signed applets" have an electronic signature that is created using a private key.
J2EE supports a multi-step application model containing Enter- prise Java Beans EJB, servlets and Java Server Pages and middleware elements in which the levels of the service logic separate client requests from traditional server functions. In the model the interaction of the client interface is transferred to the server's side. In the interaction model the server updates the client user interface with HTML or XML documents and the client interface therefore remains thin. Enterprise Java Beans are server-side Java-based components that implement server logic and proxy server software. EJB ele-
ments can be used to implement for example authentication, CORBA interactivity and supervision of object-based transactions.
Java Beans Java classes can be combined in a user interface applications. Servlets are software components that implement on the server, i.e. between client requests and the system, functionality corresponding to CGI programming (CGI, Common Gateway Interface).
EESSI (EESSI, European Electronic Signature Standardization Initiative) and the USA government's Digital Secure Algorithm (DSA) are standards plans relating to electronic signing. PKI (PKI; Public Key Infrastructure) makes use of the use of public and private keys for encryption, digital signing and management of certificates, which bind the name of the public key. CA (CA, Certificate Authorities) function as a trusted third quarter, i.e. as the manager of certificates such as is the population register centre in Finland.
For a service provided by the e-desktop environment the binding of a digital document can be important. Because of this can be demanded that the document have a time stamp of a time stamping agency, to whom a contract is sent and from whom a time stamp is received. The office sees only an encrypted document with a digital signature and adds to it a time stamp regarding when it received the document and signs the entirety using its own private key. Methods regarding the time stamp will not be further described in this document, and for further information reference is made to the Internet address www.authentidate.com (visited 4.4.2003).
Because the service provided by the e-desktop environment requires the transfer of confidential information in a network in conjunction with electronic transactions, encryption technologies are a mandatory part of the application. For application programmers the Java environment offers software interfaces for the creation of a confidential electronic transactions environment using the following methods: Java Cryptography Extension (JCE), Java Secure Socket Extension (JSSE) and Java Authentication and Authorization Service (JAAS). JCE supports public key algorithms, such as Diffie-Hellman and RSA. Further information regarding the JCE API method is available at the address httpJ/java.sun.com/products/jce/doc/guide/API_users_guide.html (visited
4.4.2003).
Java IDL (IDL, Interface Definition Language) adds to application programming the possibility of transparently calling service objects across the network using HOP (Internet Inter-ORB Protocol) protocols.
When providing an e-desktop provided service client user interface using an Internet browser and utilizing applets, applets to which it is desired to give the right to e.g. read or write to files, certifying must be done using a digital certificate. This protection model suits the service model of the e-desktop environment well, making it possible for the client to add to a transactions form attachment files from his own machine and to store files from the e-desktop environment on his own machine. Applets of the type mentioned can also be given the right to use a specific port on the server machine. Because e- desktop servers are usually protected with firewalls this is one of the important characteristics from the viewpoint of an application programmer.
The actual application server, which for example the e-desktop server could implement using Java technology, has within it web server software and supports application programming interfaces such as the above- mentioned EJB, JSP, servlets and JMS. The Java server platform is also well suited as the technology of the e-desktop because in e-desktop service in different application forms service agents can be used who and whose state is transferred across the network as objects and collected in the client terminal or server as a software agent. Java component or object technology enables the implementation of an e-desktop service as a distributed system. Service agent registration into a network to locaters of services for example in the registration application of the services of JINI or Parlay.org enables the locating of services and their loading from the network into use using a service agent. Methods for registering into the network of different services also suit the e-desktop service platform quite nicely. The invention and its preferred embodiments solve several problems in known art. One problem type can be examined from the viewpoint of information management. In current development it is characteristic that the cooperation and direct exchange of information of the authoritative quarters and business's data storages and data processing systems is being greatly developed. It can be thought that development is based on a view according to which all information regarding societal actions is one large data storage to whose planning general data storage technology principles are applied, such as the avoidance of multiple storing. In this universal data storage the central individual type, the citizen, is currently stored contrary to many information management principles. The information of the citizen, which clearly forms its own entity, is stored in the data storages of other quarters as splinters of in-
formation. In addition to generally known information technology disadvantages, the result is the legal and ethical problems. The problems worsen when the mutual integration of different systems accelerates and the citizen has ever weakening possibilities of supervising the exchange of information regarding himself.
Another problem type can be examined from the viewpoint of societal development. In the fast integration development of data storages regarding societal actions the citizen has remained a bystander, although there have been attempts to fix this. In conjunction with different types of e-desktop solutions a fresh example is the EU commission's suggestion of a general social security card of EU-citizens, into which would in the future be loaded all health information regarding that citizen. It is obvious that development cannot lead to a group of separate solutions for every area of life, but development must be led toward such an instrument with which the citizen can manage many types of information regarding himself and that the instrument in question is completely open in relationship to the citizen. The e-desktop according to the invention and its preferred embodiments is such an instrument.
In the first practical stage of the e-desktop system it can be thought that it is above all a service system that virtually creates his personal data storage for the citizen to see, such as personal information, marital status, decisions by authorities, health information etc. Additionally it offers a connection to the services of authorities. In the future it is however possible that the e- desktop may function as the real data storage of this type of information, which the state offers to all its citizens. The citizen has up until this point been able to supervise the combining of information regarding himself only if the transactions occur in paper form, as well as by taking advantage of the right allowed by law to see information regarding himself. By the invention and its preferred embodiments the problems in question have now for the first time been solved by means of in- formation technology.
The basic idea of the invention and its preferred embodiments is that when moving even more to the electronic transfer, handling and exchange of information, the citizen has at his disposal an electronic "window" through which he can follow, see and supervise what happens to information regarding himself, take part in the progress of events and transact effectively.
One advantage of a method and system according to the invention is that it makes it possible for a member of society to take part in the transfer and distribution in an information network of information regarding himself such that privacy protection and information security requirements are met. Another advantage of a method and system according to the invention is that it provides a service that is located between the party saving registered information to his data processing system through his actions, for example the tax office, and the client, making possible for the client an interface to registered information, for example the possibility of combining informa- tion to gather together registered information required in electronic transactions from different data storages. Additionally it makes possible for the client for example the combining of information in different registers and or analysis, storage of the information or even access to registered information collected from several sources. In some embodiments of the method and system according to the invention access to information is through a personalized user interface.
In one embodiment of the method and system according to the invention management of certificates is implemented, which is a prerequisite in electronic transactions when gathering for example certified information from various authorities for a tax statement or support applications.
One advantage of the method and system according to the invention is that it protects the privacy and information security of the client and improves legal protection.
Additionally the invention and its different embodiments improve coordination and cooperation between different actors, for example between banking sector.
Because the law contains the right for a member of society to have access to information regarding himself, a sen/ice according to the invention and its various embodiments aids the authorities in fulfilling this responsibility to inform. The service also enables so-called one-window electronic transactions by providing a client interface and client recognition and certification as well as management of the certificates of electronic documents through one "window", i.e. through the service. This can be implemented for example through the personalized WWW service page of each client. The invention and its various embodiments can be adapted to implement responsibilities of the society, or among other things in the areas of
economic, health, safety and legal protection according to the needs of the client as well to further and simplify electronic transactions.
The invention and its various embodiments can be adapted in electronic transactions utilizing the registered information regarding the client of authorities, institutions, general government or companies. This type of information could be for example the information registered by authoritative quarters such as the social welfare office, tax authority, police, population register centre or health centre. On the other hand, they can also be the information associable to the client of and registered by bank, municipality, housing association, insurance corporations or store.
As one application example mention can be made of a form of service like the making of an invention announcement to the Patents and Registration Board.
The e-desktop environment also enables electronic transactions between clients, for example the making of a bill of purchase between two individuals. The e-desktop environment can offer its clients prepared transaction forms for the general contract events such as barter trade, car trade etc. and on the other hand form bases, which by editing can be made to bring forward the purpose of the agreement from the client's side. During reciprocal transac- tions the clients can each log-in to the system from their own data terminal or from the same machine. Reciprocal transactions can also occur between more than two clients.
To implement reciprocal transactions the e-desktop environment can have a server (implements the service logic) and a software process that implement reciprocal services. The transaction forms of the service offered on this server can be seen and if needed edited by both (all) participants in reciprocal transactions, who certify the transaction forms with their electronic signatures. The service can offer a view of the transaction form, and clients log-in to a joint transactions event and the e-desktop server recognizes and certifies just as in other transactions events. An official quarter such as a sale notary or the like can also take part in the transactions event and confirm the document with his own signature. Further it is possible to add an official time stamp to the document.
Because a bill for electronic service can be directed to the legal person logged-in to a system that implements the method according to the invention and its preferred embodiments, used he any sort of service whatsoever
that is built into the e-desktop API, electronic transactions can also be used to provide information network services. Such services can be a service for access to an information network, which can be based on a connection contract and visiting in the networks of other telecommunications operators based on a network-visiting contract between telecommunications operators. In the method according to the invention and its preferred embodiments the personal electronic transactions environment of a legal person can form a transactions connection to a communications network access sen/ice as well as to data processing systems offering other communications services. A telecommunica- tions operator offering information network services using electronic transactions can construct in his data processing system an e-desktop API supporting electronic transactions.
Using the service a legal person can be offered for example access code required for access to DVB, DVB-H, GSM/GPRS, UMTS and WLAN networks or other code prerequisite for access to the technical network of the said networks and/or parameter values, configuration information and/or files prerequisite for use or supporting technical use of the offered communications services.
In the following is described an example of a transactions service of a telecommunications operator according to the method, an Internet phone service.
One possible sen/ice form for reciprocal transactions could be an Internet phone service or other data stream service. The widespread expansion of Internet phone service has been forced to wait because there has not been a business model based on it and supporting Internet phone services, with which cash flow financing could be solved. This invention presents a method, data processing system model and data terminal and server device software with which this problem is solved by a service utilizing the method and system of the invention.
In this and the following paragraph are presented the technical background and service models on which Internet phone services are generally based. The basic model for Internet phone sen/ices is a call between two PCs, both of which are connected to the Internet, where in the model the PC's software compresses and decompresses the sound. In another model the
Internet phone service provider (ITPS) is a port server in between an IP network and a mobile phone network or phone network. In a third model the IP network functions between the phone networks of the caller and call recipient. In this model the costs of the IP network from the long-distance call are cov- ered by using the IP network to connect the local phone networks. The ITSP can gather billing data on a session basis e.g. based on recognition of its client. Telephone operators however collect information that can then be used to connect an ITSP to a client for billing purposes. In the model the Internet phone service operator must have a contract with both telephone companies. The port server can also be implemented as an integrated solution, where different types of interfaces and/or routing features and/or landline or mobile network connection technologies are integrated into the service platform of the IP- calls.
There are several standards for the formation, maintenance and conclusion of speech connection in an Internet network. The most important standards are VoIP standards H.323 and all of H.323 related standards such as H.245, H.225, H.450, G.723, G.729 etc. Audio coding in a data terminal regards standards G.711 (64 kbits/s), other supported codecs are G.722 (on a 7 kHz band 64, 56 and 48 kbit/s), G.723 (5.3 and 6.4 kbit/s), G.728 (16 kbit/s), G.729 ( 8 kbit/sd) and GSM codec (5.6 - 13 kbit/s). G.722, G.722, G.728, and G.729. H.245 are standards relating to the management of the system. Standard H.225.0 relates to management of the call, i.e. it implements call signalling. H.225.0 and H.245 use trustworthy TCP protocols in connection with Internet calls. A part of the H.323 standard, RTP (Real Time Protocol), is de- veloped by IETF. RTCP or Real Time Transport Control Protocol is a protocol for management of the RTP connection. Using RTP, speech can be transferred over a UDP connection. Using the protocol speech is synchronized using sequences and time stamps added to header information. Because in the transfer of speech QoS, i.e. connection quality parameters, are important, for reservation of resources in the network either DiffServ and MPLS protocols can be used to guarantee adequate connection quality. For the initialization, modification and conclusion of an Internet phone session an Internet phone application can also use a Session Initiation Protocol. In the data load of a SIP protocol a standard-form description of the codec and connection addresses used in a phone connection is transmitted from application to application. The general content standard for a protocol message is the Session Description
Protocol (SDP) or the SDPng (ng = next generation) which is now being developed from SDP. SIP protocol includes SIP registration servers, and utilizing SIP registration procedures, a mobile IP characteristic is implemented, i.e. it supports client movement in an IP subnetwork. A SIP protocol INVITE mes- sage is for example a SDP data load that contains information about the program tools of the data terminal, such as codecs. As an application support in the Internet call is a SIP user agent (UA) which has an interface for example just for the protocols transmitting speech. OPTIONS SIP message can be used to request UA characteristics. All in all the basic characteristics of the SIP pro- tocol are to transmit information regarding the characteristics of the software interface of the data terminal as well as those of the connection to be formed.
Because in a service implemented by the method and system of the invention the legal person is identified and certified, a bill can be formed for the use of the electronic transactions sen/ice, and the bill is sent to the service handling billing. Such service can be for example a billing service of a bank that performs the paying of the bill from the account of the legal person recognized. Other bill handling services are also possible; one environment for handing billing is described in more detail later.
Internet phone services can be offered according to the invention and its preferred embodiments for example using the electronic application of the e-desktop environment between a legal person and an instance providing electronic transactions sen/ice. To the e-desktop phone service can then be joined basic characteristics offered by the e-desktop environment such as recognition of a legal person and billing operations regarding a call. A liable-to- charge Internet phone service offered by a PC - e-desktop transactions service is preferably for example an information service, "help desk" service or some other information service, the cost of whose services it is desired to cover by a billing for calls. To offer the e-desktop Internet phone service mentioned above, the server offering the e-desktop Internet phone service as transactions service must be equipped with the interface software that is prerequisite for Internet phone services (e.g. the said SIP UA and required streaming data transfer and management protocols). A basic characteristic of the e-desktop environment services is also the reciprocal transactions of e- desktop clients, and Internet phone sen/ice characteristic between clients can be one e-desktop environment service.
In the following is described one e-desktop Internet phone service billing form. For support of the billing operation a billing environment according to the definition of the Open Mobile Alliance (OMA) can also be used, in which the Internet call session can be one form of billable services of the e-desktop. An Internet call can be considered as one billable event that can be billed according to the length of the session or as an individual event. The e-desktop environment can also be in the direction of the billing-transactions service provider. In an OMA billing environment billing can be based on billing information gathered by the proxy server. Further it can be based on "push or pull"-type contents and distribution. Billing can also occur from the server of the content producer. An OMA billing environment is formed of logical units, "entities". In a billing environment defined by OMA the billing data of the billing operations is formed (either by the proxy server or by the content server) as an XML message (Charging Detail Record, CDR) using Usage Recording of the logical en- tity and sent into the billing environment for continued handling. In the OMA billing environment billing is mainly externalised from the content and event server to an external billing server. The server of the service provider must form an interface for an e)rternal billing environment. At the minimum this interface is formed of Usage Recording Entity. The logical entity Charging Control receives the message. Charging Control contains functions for the processing of billing data such as pricing, collecting of billing events, data filtering or other application-specific pre-handling of billing information. Charging Control can also collect billing information from many devices attached to the different network. The service provider's server interface to the billing environment can comprise in addition to Usage Recording entity, Charging Control entity as well. The logical entity Business Support receives the billing data processed by the Charging Control entity and transforms this information into a bill. The Business Support entity can have an interface to the billing systems that execute the final billing. The server of the service provider may also contain also this entity, in which case it can handle the entire billing operation with the billing system of the interface (e.g. the system of a bank or credit card company). The OMA system has a standardized way of constructing a billing proxy server between the service provider's and the actual systems handling the billing (bill payment). In the e-desktop environment the interface to the billing environments can also be constructed according to the OMA billing environment in
some manner of forming as described above either from the e-desktop server or from the servers providing Internet phone service as a transactions service. On the other hand the e-desktop server can function as the billing proxy server in an OMA billing environment. Using the method and system according to the invention and its preferred embodiments an e-desktop electronic transactions environment independent of the electronic transactions service provider's client relationship or processes can also be implemented in the client terminal. In this event the electronic transactions user interface and transactions software as well as the interfaces to different instances and other e-desktop client terminals (to e- desktop electronic transactions environments) can be implemented in the client data terminal. The client terminal can be preferably a WLAN terminal, but also a UMTS or GPRS terminal, in which the said interfaces are constructed on top of IP communications protocol using connection and application protocols and software components technology. Because in the said radio interfaces it is possible to implement several simultaneous IP connections, it is possible to form and maintain several sessions requiring mobile transactions from the electronic transactions environment of the client data terminal.
The client terminal described in the previous paragraph can be a personal mobile data terminal of a citizen, e.g. a PDA or mobile phone. In the e-desktop electronic transactions environment UA support can be implemented, with which interfaces to new electronic transactions instances can be found and added to the transactions environment. On the other hand each client terminal (e-desktop electronic transactions environment) can register onto the directory server in the network and define those services that the client terminal can offer, e.g. Internet phone service or video conferencing. The communications network can also offer WLAN roaming services through the e- desktop API. Further the electronic transactions environment of the client terminal can support MMS message service. Reciprocal communications using the said services can be implemented between two client terminals directly, without a communications coupling centre, through the IP routing network. The e-desktop electronic transactions data processing system of the client terminal can also have an address book, in which frequently-used connection addresses for example for Internet phone service of electronic transactions ser- vice, can be stored. The address book can be completed using UA and a locator of registered services. Through the e-desktop API some sort of directory
service could also offer this connection information. In an electronic transactions personal data terminal according to the invention electronic transactions services and services supporting electronic transactions can be located in the menus of the data terminal. In this case the client user interface is reminiscent of a familiar mobile phone user interface. In the last mentioned case the data terminal can be equipped with software implementing an e-desktop electronic transactions environment according to the invention and its preferred embodiments and a legal person can log-in to this electronic transactions service independent of the electronic transactions service provider's client relationship or processes as he logs-in to the data terminal. The encryption keys of a legal person can in this case be taken into use for example by reading a smart card such as a electronic ID card with the data terminal. Alternatively the keys can be stored on the smart card of the data terminal and they can be taken into use through a definite identification. Yet another possible e-desktop environment sen/ice form is the encryption and storing in the system of pictures sent by the client on the service. These pictures could have been taken and/or sent for example by a camera mobile station or by a camera attached to the information network. Also in this service, as when transacting with authorities or conducting reciprocal transactions, the e-desktop environment can offer client recognition and certification as well as services of the interface described above. The purpose of a message storage service is that a client or authority can store a picture or sound file as support to a contract or to document a picture or sound file as an officially approved recording. Adding a time stamp is in this case frequently an essential part of the service. The client may for example wish to store in the e- desktop environment pictures of his own apartment that he is offering for rent. In the case that a future tenant treats the apartment irresponsibly, this picture material may be used as evidence in a damage claim against the tenant. The stored material can relate to security if the client feels himself to be threatened or is a witness in a situation where he may possibly later need evidential strength. An authority can also use a similar system. For example at a police work site a camera could be attached to clothing and hidden, a camera whose picture is, using a wireless short-distance network, stored to a "black" box located in a car or through an authorities' network or a public network to a server of an information network in encrypted form. Because of privacy protection the
encryption can be a part of the requirement specification of the service and the encryption can be allowed decryption only for example by a legal decision.
The invention and its different embodiments man involve information security politics, which can be described among others as the following: 1. Recognition of a citizen is based on generally used, adequate dependable methods.
2. All communications related to the e-desktop system can be appropriately protected.
3. All information relating to a citizen, that is sent and/or stored in the e- desktop system contains a certificate of its source and can be protected such that only the citizen can gain access to the information.
4. All information relating to a citizen that is sent from the e-desktop system to a service provider or authority contains a certificate of its source and is protected such that only the aforementioned service provider or the authority can gain access to the information.
5. An authority managing the e-desktop system enjoys the trust of all parties and assures that if a citizen is prevented from using e-desktop services for example due to sickness, death, being taken into custody or some similar valid reason, access to information regarding this citi- zen will be arranged for he to whom this right legally belongs.
In the event that the information protection politics regarding the invention and its different embodiments are implemented by current means, it can be done for example in the following way:
1. Recognition of the citizen occurs with the use of an electronic per- sonal identification card and PIN code and/or biometric recognition, or other general and adequate method.
2. All communications related to the e-desktop system are protected using SSL or other similar technology.
3. information that the individual receives in the e-desktop environment is signed by the producer of the information using an electronic signature and encrypted with the public key of the citizen. In this way the citizen can be assured of the source of the information and information cannot be read other than by using the private key of the citizen. When the citizen produces information himself that is stored in the e- desktop environment (for example a copy of a filled form), the infor-
mation is stored protected by the public key of the citizen and certified by the signature of the citizen.
4. When a citizen sends information from the e-desktop environment to a service provider or authority, it is certified by the signature of the citizen and encrypted by the public key of the service provider or authority such that only the service provider or authority concerned can read the information and verify its source.
5. In a situation provided by the law when the key information and signature rights of a citizen are transferred to a guardian or trusted indi- vidual, the recognition information of the citizen are surrendered to this person, or by some other technical method it is enabled the limited handling of the affairs of a citizen without endangering information security. It must be noticed that for power of attorney proceedings or other partial surrender and use of personal information there may be need for an adaptive case-related, single-use key and protection practise mechanism. With consideration for death, injury or other inhibition, biometric recognition must not be the only possibility.
In the above, different embodiments of the invention are described by examples. It will be appreciated that the embodiments shown and/or their individual characteristics can be combined to provide new embodiments. These different new combinations are on the basis of what was presented above obvious to a person skilled in the art and each of them is dependant upon their scope of application and they cannot reasonably all be separately described in this description.
To a person skilled in the art it is obvious that as technology develops the basic idea of the invention can be implemented in many different ways. The invention and its embodiments are not limited to the examples described above, but can be varied within the scope of the claims.
Attachment: Abbreviations used in the application
Apache SSL, Apache www server with SSL-protocol support
Apache Jakarta, www server extension for Java programming environments
API, Application Interface, subclass library or object classes for using a service or other resource in an application. applet, software (Java) provided by the operating system, generally loads along with a www-page CORBA, Common Object Request Broker Architecture, a method by which softwares (objects) in the network can find one another and request services from one another
DTD, Document Type Definition, XML (originally SGML) language for describing a document type. EJB, Enterprise Java Beans, Java environment component technology
IDL, Interface Definition Language, a description language for ORB-system services
HOP, Internet Inter-ORB Protocol, a communications protocol for ORB- service requests and responses J2EE, Java 2 Enterprise Edition, a Java programming environment that offers a complete solution for object-oriented distributed systems.
JGA API, Java Cryptographic Architecture API for handling encryption
Java, a programming language and common program execution environment
Java component, Java program part that can be taken into use through the network and during program execution
Java XML API/DOM, XML document parser and DOM (Document Object Model) element organization
JMS, Java Message Service, a Java environment message sending method JSP, Java Server Pages, Java-based programming technique for www ser- vices
MS Crypto API, Microsoft's software interface for encryption/decryption ORB, a service implementing the CORBA-method service object, software (one or several components) that can be loaded upon request through a network during program execution to implement a particular ser- vice
PKCS#11, an open-source software interface for encryption/decryption
PKI, Public Key Infrastructure, a general name for asymmetrical encryption and for management of its keys interface (here) a connection that enables the cooperation of two different types of software RMI, Remote Method Invocation, a call to a remote sub-program (in an ORB connection) servlet, a program (Java) located on a www server and related to a www- application
SOAP, Simple Object Access Protocol, an XML-based message format for sending reciprocal service requests between applications in web service technology application logic, the part of a computer application responsible for the actual processing of information
SSL, Secure Socket Layer, a common communications encryption protocol web service, a method in which network servers request services from one another using SOAP messages
XML, Extended Markup Language, a meta-language that enables a common storage form for all text information
J UL Schema, a description language for XML documents
XSL/XSLT, a language for describing the appearance of an XML document