Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment
First Claim
1. A method for authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment comprising:
- (a) receiving, via a secure transmission in the wireless network, from the user device associated with the user at a first server subsystem associated with a first ip address, an electronic login request comprising login credential data comprising an alphanumeric text sequence;
(b) verifying, by the first server subsystem, the login credential data is valid login credential data, wherein the login credential data is verified if the login credential data is valid login credential data;
(c) in the case where the login credential data is verified, generating, at the first server subsystem;
(1) a first payload used to authenticate the user device associated with the user, comprising login credential verification information and a first session identifier; and
(2) a first digital signature of the first server subsystem comprising a first hash of the first payload, the first hash being encrypted using a first identity provider sub-system private key;
(d) transmitting, from the first server subsystem to the user device via the secure transmission over the wireless network, the first payload and the first digital signature;
(e) receiving, from the user device via the secure transmission over the wireless network at the first server subsystem;
(1) a second payload comprising the first session identifier and a first one-time token generated by the user device using a shared secret seed; and
(2) a second digital signature of the user device comprising a second hash of the second payload;
(f) verifying, by the first server subsystem, the second payload including the first session identifier and the one-time token;
(g) in the case where the second payload is verified, authorizing, by the first server subsystem, the user device to communicate with a second server subsystem associated with a second ip address via the first server subsystem; and
(h) securely transmitting, from the user device via the secure transmission over the wireless network and the first server subsystem to the second server subsystem, a third payload, and a third digital signature.
2 Assignments
0 Petitions
Accused Products
Abstract
Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.
415 Citations
11 Claims
-
1. A method for authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment comprising:
-
(a) receiving, via a secure transmission in the wireless network, from the user device associated with the user at a first server subsystem associated with a first ip address, an electronic login request comprising login credential data comprising an alphanumeric text sequence; (b) verifying, by the first server subsystem, the login credential data is valid login credential data, wherein the login credential data is verified if the login credential data is valid login credential data; (c) in the case where the login credential data is verified, generating, at the first server subsystem; (1) a first payload used to authenticate the user device associated with the user, comprising login credential verification information and a first session identifier; and (2) a first digital signature of the first server subsystem comprising a first hash of the first payload, the first hash being encrypted using a first identity provider sub-system private key; (d) transmitting, from the first server subsystem to the user device via the secure transmission over the wireless network, the first payload and the first digital signature; (e) receiving, from the user device via the secure transmission over the wireless network at the first server subsystem; (1) a second payload comprising the first session identifier and a first one-time token generated by the user device using a shared secret seed; and (2) a second digital signature of the user device comprising a second hash of the second payload; (f) verifying, by the first server subsystem, the second payload including the first session identifier and the one-time token; (g) in the case where the second payload is verified, authorizing, by the first server subsystem, the user device to communicate with a second server subsystem associated with a second ip address via the first server subsystem; and (h) securely transmitting, from the user device via the secure transmission over the wireless network and the first server subsystem to the second server subsystem, a third payload, and a third digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification