The invention generally is in the field of computer-related transactions in the Internet arena and more specifically concerns a method and system for handling end-to-end business transactions in a Transmission Control Protocol/Internet Protocol (TCP/IP) environment.
Known Business-to-Customer (B2C) or Business-to-Business (B2B) service transactions can be divided into services being delivered electronically, e.g. media streaming, file transfer, e-mail, SMS, games, etc., and services which demand for physical delivery of goods like retail business. Professional websites or web portals providing the aforementioned services need to have implemented a process for limiting user access to those users having necessary access rights.
A known particular problem in that arena thus is authentication by third parties, in the following simply referred to as user authentication. Since the Internet Protocol, under a process view, is stateless, in order to guarantee authenticity of a user entering an access restricted website or web portal, it is necessary to perform a user authentication procedure repeatedly when entering another or even the same website or portal again.
A first approach addressing the above issue is disclosed in European patent application EP 1 039 724 A2. Described is a system for user authentication by means of the user's IP address which is assigned to a user's computer by a Dynamic Host Configuration Protocol (DHCP) server. Hereby the data pair user/IP address is used for user authentication on side of an authentication server. After that server has detected that the user is authorized, the mentioned data pair is stored in a Lightweight Directory Access Protocol (LDAP) server. The stored information can then be used for authentication of the user in applications running on other computers.
As another approach, PCT application WO 113 598 A2 discloses a dynamic wireless Internet address assignment scheme for user authentication. A unique IP address is assigned to a user of a mobile communication device communicating via an Optical Burst-Switching (OBS) network. The OBS, in particular, includes a master ticketing authority that maintains a database of unique IP addresses that can be assigned to users entering the network. The OBS further includes a gateway, a master routing database, and at least one mobile communication device in contact with an OBS. In that approach, authentication of users in the network is accomplished through the transmittal of encrypted random numbers between a user authentication site and a mobile communication device.
The above discussed prior art approaches comprise or require rather complex and expensive technology for handling the subject end-to-end business transactions between a user and one or more Internet sales-entity (product, etc.) and/or service providers where the business transaction strictly requires access authorization by the user to the one or more websites or -portals.
In addition, the above mentioned DHCP protocol does not allow to determine the end or termination of an existing online session of a user. Since an IP address is allocated dynamically, a third person can principally abuse an already allocated IP address, as the IP address is still registered on the LDAP server in the name of the preceding user. This existing approach insofar can not be regarded to be secure.
In addition, the known approaches do not provide a technically simplified platform for service delivery and payment in an IP environment on the Internet, as mentioned beforehand. In addition, accounting within the internet is not solved at the moment in general. Furthermore, there is no network based on the edge available authentication and access control facility. Nowadays every service provider has to install their own application specific solution.