Browse Prior Art Database

Login-less Simplified Transaction process

IP.com Disclosure Number: IPCOM000015567D
Original Publication Date: 2002-Feb-01
Included in the Prior Art Database: 2003-Jun-20
Document File: 2 page(s) / 133K

Publishing Venue

IBM

Abstract

Disclosed is a user authentication meachanism for an online application system on the internet, which eliminates the whole process of the applicant having to logon to the system.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 54% of the total text.

Page 1 of 2

Login-less Simplified Transaction process

    Disclosed is a user authentication meachanism for an online application system on the internet, which eliminates the whole process of the applicant having to logon to the system.

In an online system, it is common to use the user ID and password for user authentication. However, this authentication method leaves some problems. For example,
1. In some cases, session timeout may occur during the logon process.
2. There is no way to enter the system if the user forgets his/her user ID or password These problems could be solved by authenticating the user by signing the application form with a digitial signature, when the applicant submits the form to the server. The following example describe the process flow of a governmental online application without a logon process.

1. User Registration
(1) The applicant obtains a Digital Certificate from a civil Certificate Authority.
(2) The applicant makes a user registration before submitting an application. Using a web browser, the applicant downloads a user registration form (HTML form) from the website of the government office, and input user information such as their name, address, phone number, and e-mail address.
(3) Data is converted to an XML file, signed by XML-Signature, and then submitted to the server.
(4) The XML-Signature is verified upon whether the applicant has a private key, and whether the data has not been changed. Then the validity of the Digital Certificate is verified using the CRL (Certificate Revocation List). When the verification is done, the user is registerd to the database.

2. Application
(5) Using a browser, the applicant downloads the application form (HTML form) from the website of the government office, and input required information.
(6) Data is converted to an XML file, signed by XML-Signature, and then submitted to the server.
(7) The XML-Signature is verified upon whether the applicant has a pri...