AUTHENTICATED AND COMMUNICATING VERIFIABLE AUTHORIZATION BETWEEN DISPARATE NETWORK DOMAINS
First Claim
1. A method for a user to access a secure Internet site, the method utilizing user credential data and other user data, the method comprising the steps of:
- a first, authentication server checking user credential data according to a first predetermined plan;
said authentication server authorizing said user to access a secure Internet site to transmit a specified transaction thereat if said user credentials permit;
said authentication server creating a digitally signed request comprising said other user data for said authorized user according to said predetermined plan;
transmitting said digitally signed request from the authentication server to a second, vendor server at said secure Internet site and maintaining in a database, an ID for a vendor and specific requirements of the vendor;
the authentication server creating a web page for the vendor using said specific requirements, and sending said web page to the user;
said user adding user information to said web page and sending said web page, with said user information, to the vendor server;
verifying the validity of said digitally signed request including the step of passing said request from the vendor server at the secure Internet site to a third, verification server, separate from the vendor server; and
said verification server determining whether said digitally signed request is valid and thereby determining whether said specified transaction is authorized.
0 Assignments
0 Petitions
Accused Products
Abstract
Verifiable authentication credentials are provided to foreign systems without passing an id and password to the protected resource. A user wishing to access a secure remote site is prompted for credentials, the credentials are authenticated locally and a digitally signed token is created. The token is redirected to the secure remote site by the user'"'"'s browser using HTTP redirection. The digitally signature is verified by the secure remote site preferably by a digital signature web service. The remote site establishes communications with the user if the digital signature is valid.
-
Citations
30 Claims
-
1. A method for a user to access a secure Internet site, the method utilizing user credential data and other user data, the method comprising the steps of:
-
a first, authentication server checking user credential data according to a first predetermined plan;
said authentication server authorizing said user to access a secure Internet site to transmit a specified transaction thereat if said user credentials permit;
said authentication server creating a digitally signed request comprising said other user data for said authorized user according to said predetermined plan;
transmitting said digitally signed request from the authentication server to a second, vendor server at said secure Internet site and maintaining in a database, an ID for a vendor and specific requirements of the vendor;
the authentication server creating a web page for the vendor using said specific requirements, and sending said web page to the user;
said user adding user information to said web page and sending said web page, with said user information, to the vendor server;
verifying the validity of said digitally signed request including the step of passing said request from the vendor server at the secure Internet site to a third, verification server, separate from the vendor server; and
said verification server determining whether said digitally signed request is valid and thereby determining whether said specified transaction is authorized. - View Dependent Claims (2, 6, 7, 8, 9, 10)
-
-
3. (canceled)
-
4. (canceled)
-
5. (canceled)
-
11. A system for a user to access a secure Internet site, the system utilizing user credential data and other user data, the system, comprising:
-
a first, authorization server checking user credential data according to a first predetermined plan; and
authorizing said user to access a secure Internet site to transact a specified transaction thereat if said user credentials permit;
said authorization server creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan; and
a transmitting said digitally signed request to a second vendor server at said secure Internet site;
a database holding an ID for a vendor and specific requirements of the vendor;
said authentication server creating a web page for the vendor using said specific requirements, and sending said web page to the user;
said user adding user information to said web page and sending said web page, with said user information, to the vendor server; and
a third, digital signature verifier server, separate from the vendor server, receiving the digitally signed request from the vendor server at the secure Internet site to determine whether said digitally signed request is valid and thereby to determine whether said specified transaction is authorized. - View Dependent Claims (12, 16, 17, 18, 19, 20)
-
-
13. (canceled)
-
14. (canceled)
-
15. (canceled)
-
21. A computer program product for a user to access a secure Internet site, the computer program product utilizing user credential data and other user data, the computer program product comprising a computer readable medium having computer readable program code therein, the computer program product comprising:
-
computer readable program code for using a first, authentication server for checking user credential data according to a first predetermined plan;
computer readable program code for using the authentication server for authorizing said user to access a secure Internet site to transact a specified transaction thereat if said user credentials permit;
computer readable program code for using the authentication server for creating a digitally authorized user according to a second predetermined plan; and
computer readable program code for transmitting said digitally signed request from the authentication server to a second, vendor server at said secure Internet site;
computer readable program code for using the authentication server for creating a web page for a given vendor using specific requirements of said given vendor, and sending said web page to the user;
computer readable program code for enabling said user to add user information to said web page to send said web page, with said user information, to the vendor server; and
computer readable program code for passing said request from the vendor server at the secure Internet site to a third, verification server, separate from the vendor server, to determine whether said digitally signed request is valid and thereby to determine whether said specified transaction is authorized. - View Dependent Claims (22, 26, 27, 28, 30)
-
-
23. (canceled)
-
24. (canceled)
-
25. (canceled)
-
29. (canceled)
Specification