The present invention relates to computer systems, and more particularly to a method to encapsulate and control a unit of work for communication and interaction between unsecured parties on a network.
Computer systems traditionally provide authentication at the system level through account identifiers and passwords, and subsequently record or transaction level access is controlled either through access control lists or application software control. Access to the system through accounts and passwords is required before access to the transaction.
The primary limitation of this traditional approach is that for secure access to the record or transaction, each potential participant or user of the transaction must be defined as a valid user on the system. Systems do not allow participation of unregistered users in the process in a secure manner at the transaction level.
The Internet dramatically demonstrates that as a network expands, the network becomes dramatically more valuable to the organization. The value of the network is proportional to the potential pool of participants in the business process. However, participation of unregistered users is limited to basic access to the system. This access may consist of, for example, browsing the web site and downloading public software.
There is no way to distinguish groups of unregistered users other than to again group them with roles and publishing the accounts and passwords for these roles. It is also impossible to register every single potential user on the Internet as the pool of such users would potentially run in the hundreds of millions. Because of this user base extension it is not possible for each and every individual user of the system to operate from a required platform or load proprietary software to run the workflow application or be a registered user on the system. Therefore, a need exists for a new work access method which focuses on the de-segmentation of the market in all inclusionary process in order to expand the potential reach of the work process to potentially include any potential user on the web.
An example of a transaction that requires a transaction between two unregistered parties is an electronic commerce purchase on the Internet. Current approaches require either registration of the user with the seller or alternatively the use of a third party verifier (e.g. SET, DigiCash) to allow the transaction to occur between parties. Systems currently available do not allow users to participate in an external system on a temporary secure basis. An example transaction is the purchase of a book across the Internet. The user may purchase a book through the Internet from an on-line vendor. The financial transaction is through a third party verifier (e.g. SET).
A need has thus arisen for a method for communicating transactions between unsecured parties which provides for the encapsulation of the transaction to allow the transaction to occur between unregistered parties and thereby allowing a user to track and control the transaction in the data base and workflow of the party processing the transaction.
The present method provides for the capability to identify and create discrete work units that can be communicated between remote users. The discrete unit is referred to as a courier agent. The agent provides all necessary computing infrastructure plus the required work data for a user to execute the work. Work that currently operates in a secure connected synchronous computing environment can be separated as a discrete transaction and processed outside of secure environment boundaries. The discrete transaction, via the courier agent, can also operate in an asynchronous distributed and/or mobile computing environment. Using the present unique identifier, a transaction can be managed throughout the life of the transaction by the workflow or other similar facilities of the central computing environment.