1. Field of the Invention
This invention relates to the field of universal smart card access.
Portions of the disclosure of this patent document contain material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office file or records, but otherwise reserves all copyright rights whatsoever. Sun, Sun Microsystems, the Sun logo, Java, JavaBeans, HotJava and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
2. Background Art
The internet has become a pathway to a number of goods and services that in the past were only available in direct transactions or through special purpose networks. However, it is desirable to provide a manner to increase the availability of goods and services through the internet while maintaining adequate levels of security and authentication.
Consumers and users can access goods and services in direct transactions or via networks. In direct transactions, a consumer may purchase goods or services at a store or other point of sale location, using cash, checks, or credit cards. A consumer may also access and purchase goods and services using the internet. In internet transactions, the customer often pays for goods or a one time service with a credit card. Some internet services may be recurring or subscription services. In those cases, the customer provides automatic debiting from a credit card to pay or pre-pay for the services.
Sometimes a computer user is an employee of a company that has a proprietary network or secure intranet. Often the employee wishes to access company network services and data when traveling or when otherwise outside of the company firewall (such as working from home). Traditionally, the employee would be denied access to the company network, or, some limited access is granted. In some cases, access is granted by using some authentication protocol (possibly including password, hash, encryption, etc.).
One thing the above scenarios have in common is the notion of providing some sort of identification or authorization to perform the desired transaction. At a point of sale purchase, the consumer may provide some form of identification in addition to cash, check, or credit card, or the consumer may be known to the seller. For some internet transactions, the user must register with the service provider and wait for credit card approval before services are provided or goods are shipped. In the case of the company network, the employee provides a password for authorization, and may also need knowledge of a correct dial in number or port to even attempt access of the company network. Further, because of the security schemes involved, access to the system may require a high speed connection or high power processor to handle sophisticated security systems. Such configurations may not always be available.
Referring again to consumer transactions, a consumer may have a number of credit cards (e.g. Visa, Mastercard, American Express, Discover) that entitle the user to make purchases and have funds advanced on the user""s behalf for goods and services. For an employee, a corporation may provide an employee with a corporate ID card that entitles the employee to access to certain physical locations, and might also be used to access goods and services. For example, an employee may need the card to enable the employee to access certain computer networks, intranets, web sites, etc., that would not be accessible without the card. Some companies may also permit employees to xe2x80x9cchargexe2x80x9d goods or services in company provided locations, such as food services, supplies, company stores, or the like.
A problem with current technology is the need to have a different card for each service provider, and sometimes different cards for the same service provider. When the user has three different credit card accounts, the user must have three physical credit cards. If the user also needs a company ID card, the user must carry one of those. Thus, it is a disadvantage to the user to need to carry multiple cards.
Another problem with current technology is the need to have secure, authorized, and trusted transactions for each card. Currently, each card issuer has a specific technique for providing trusted, secure, or authorized transactions. This requires companies that agree to interact with more than one kind of card to be able to satisfy the techniques and protocols or each card. When the consumer is considered to be the client in a client/server relationship, a problem arises for the server to be able to support many possible authorization protocols. Not only must a server pick and choose which standards to support, but the server must be ready to upgrade or add service for protocols that may not even exist yet.
For example, one prior art scheme for implementing the fund transfer aspect of smart cards is known as the xe2x80x9cMondexxe2x80x9d system. The Mondex system is a method of transferring funds or tokens from one smart card to another. The Mondex system is a seven step system of communications, challenges, and acknowledgments between two smart cards or between a smart card and a host system. Another token transfer scheme is a system used by Visa that is a five step system. Other schemes are three step systems. American Express, MasterCard, and Discover may each have proprietary systems as well.
Finally, there has to date been no satisfactory way to permit access to potentially private or restricted company resources via the internet using standard browsers.
The present invention provides two way authentication, credit, debit, and stored value operations on a smart card. The invention permits the use of universally available networks to access corporate, private, and proprietary devices. The invention provides strong authentication, offers optional encryption of the established session, and operates without requiring special permission to reconfigure firewalls. One application of the invention provides a universal token scheme that can be used in debit and stored value transactions. In one embodiment, devices and services are treated as URLs and a smart card is configured to perform the necessary HTTP protocol to access the URL.