Browse Prior Art Database

Secure Authentication, Authorization and charging method using SAML (Security Assertion Markup Language) token.

IP.com Disclosure Number: IPCOM000125725D
Original Publication Date: 2005-Jun-14
Included in the Prior Art Database: 2005-Jun-14
Document File: 3 page(s) / 95K

Publishing Venue

IBM

Abstract

The purpose of this article is to describe a secure authentication and charging method, using SAML (Security Assertion Markup Language) as a language and framework. It can be considered a kind of SSO-based solution per money creditation and trust exchange. This solution is very secure and XML-based and less complex than a solution utilizing PKI. It is much easier for users to trust and use solutions of their local operator, bank or other authority, than i.e. PKI and Verisign as certificate and PKI issuer. Many XML-based application using SSO technique exist but none of them have the simplicity and at the same time the robustness of an SAML-based application.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 50% of the total text.

Page 1 of 3

Secure Authentication, Authorization and charging method using SAML (Security Assertion Markup Language) token.

Disclosed is an implementation model within an architecture that can be used for providing significantly more secure and reliable authentication methods as well as money transactions and data charging. It also solves the problem of delivering secure tokens by means of using existing solutions and also by adding new features to them.

   Common solutions when dealing with web payment work like this. First the user is required to buy goods and then is required to make a payment for instance via credit card. After that, the web solution will check the credit card limit or bank account. My solution is different because the user first requests a money credit trust token from a bank for instance and then using that secure token can buy goods in many different web site supporting SAML (Security Assertion Markup Language being developed by the OASIS XML-Based Security Services Technical Committee (SSTC))

   Before SAML was developed the problem was that the architecture created were very complex. The target was to allow the web user to authenticate over same web portal and then using SSO technique try to use some web service and get charged for them. The result was that in order to create a secure architecture we had to include things like PKI, Cryptography, Secret key, etc, with strong relationship between parties involved.

   SAML wants to break this wall. The Issuer Authority will create the SAML assertion which the web service will utilize and it will be completely unknown from the Authority. The web service will trust the authority opposed to a Certificate or PKI issuer, for example.

   The previous architecture had to face problems like creating proprietary protocols which is unecessary when uding SAML.

   The solution provides a way to utilize the Bank or Telco as a Secure Issuer Authority or other trusted third party. The role of this Authority will not only be to check the identity of the Web user but also to change the identity once any web service is used.

   Things like SOAP message interface, XML digital Signature, SSL are based natively in the SAML solutions and thus a new charging feature to complete the architecture has been added.

   SAML does not define any new technology or approaches for authentication or authorization. It simply defines a common XML-based language for describing the information or outputs generated by these systems. SAML is an emerging standard from the Organization for the Advancement of Structured Information Standards (OASIS), an international consortium that creates interoperable industry specifications based on XML.

   Based on this information this articles describes a secure architecture for authorization, authentication and transmission of data using an XML-based framework.

   This article describes a new secure method to create a unique secure token to be utilized by the Service provider, Telco, Banks or finan...