Methods and systems for authentication and authorization
First Claim
1. In a computing environment having a connection to a network, computer readable code readable by a computer system in said environment, for enabling a server computer within the computing environment to both authenticate a user of a client computer within the computing environment and to verify that the user is authorized to request that the server computer carry out a requested action, comprising:
- a digital certificate assigned to the user of the client computer, the digital certificate comprising a first code portion and a second code portion, wherein the first code portion of the digital certificate is configured enable authentication of the user, the first code portion defines a public key, a certificate serial number, a certificate validity period, a digital signature of the certificate authority, and an extension field, and wherein the second code portion of the digital certificate is configured to define an authority of the user of the client computer to request that the server computer carry out the requested action, the second code portion being configured for inclusion within the extension field of the first code portion, the authority of the user defined within the second code portion of the certificate being verifiable by the server computer independently of the digital certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method for ensuring non-repudiation of a payment request and/or other action may include a step of receiving, over a network, the payment request together with a digital certificate identifying a user having caused the payment request to be generated. The certificate may include certificate-identifying information, user-identifying information, authority information that defines and delimits the authority of the user to make the payment request. The certificate-identifying information and the user-identifying information included within the received certificate may be validated. The authority information included within the received certificate may then be validated. The payment request and/or other action is then only executed when the certificate-identifying information, the user-identifying information and the authority information within the received certificate are successfully validated.
119 Citations
28 Claims
-
1. In a computing environment having a connection to a network, computer readable code readable by a computer system in said environment, for enabling a server computer within the computing environment to both authenticate a user of a client computer within the computing environment and to verify that the user is authorized to request that the server computer carry out a requested action, comprising:
-
a digital certificate assigned to the user of the client computer, the digital certificate comprising a first code portion and a second code portion, wherein the first code portion of the digital certificate is configured enable authentication of the user, the first code portion defines a public key, a certificate serial number, a certificate validity period, a digital signature of the certificate authority, and an extension field, and wherein the second code portion of the digital certificate is configured to define an authority of the user of the client computer to request that the server computer carry out the requested action, the second code portion being configured for inclusion within the extension field of the first code portion, the authority of the user defined within the second code portion of the certificate being verifiable by the server computer independently of the digital certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for ensuring non-repudiation of a payment request, the payment request being generated in a computing environment having a connection to a network, the method comprising the steps of:
-
receiving, over the network, the payment request together with a certificate identifying a user having caused the payment request to be generated, the certificate including certificate-identifying information and user-identifying information, the certificate further including authority information defining an authority of the user to make the payment request;
validating the certificate-identifying information and the user-identifying information included within the received certificate;
validating the authority information included within the received certificate, and executing of the payment request only when the certificate-identifying information, the user-identifying information and the authority information within the received certificate is successfully validated. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A software application configured to carry out a financial transaction, the application being configured to run on a computer coupled to a network, and comprising, stored on a computer-readable medium:
-
certificate receiving code which is configured to receive a digital certificate from a user over the network, the certificate including certificate-identifying information and user-identifying information, the certificate further including authority information that defines an authority granted to the user to request that the financial transaction be carried out;
certificate validating code configured to enable validation of the certificate-identifying information and user-identifying information within the received certificate, and authorization validating code configured to enable validation of the authority information within the received certificate against corresponding authority information for the user stored in a data structure that is independent of the received certificate. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer-implemented method for controlling authority of employees of a company within in a computing environment, the company having a hierarchical management structure, the method comprising the steps of:
-
creating or receiving a primary digital certificate, the primary digital certificate including primary authority information that defines and grants primary rights to a primary employee as defined by the hierarchical management structure;
creating secondary digital certificates and assigning the created secondary certificates to selected secondary employees requiring access to the computing environment, each of the selected secondary employees occupying a predefined position within the hierarchical management structure that is hierarchically lower than that of the primary employee, each of the secondary certificates including secondary authority information that defines and grants secondary rights, the secondary rights being derivative from the primary rights and being commensurate with the predefined position of the selected secondary employee within the hierarchical management structure, and allowing each selected secondary employee to exercise only those rights within the computing environment that are granted by the secondary rights defined within the assigned secondary certificate. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification