SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC TRANSACTION

US 20130019098A1
Filed: 09/14/2012
Published: 01/17/2013
Est. Priority Date: 10/27/2009
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating an electronic request between a client computer and a transaction server, the method comprising:

(A) receiving, at a suitably programmed application server, an electronic application request for an application from the client computer, wherein the electronic request comprises an identity of a user originating the electronic request;

(B) constructing, using the suitably programmed application server and responsive to the receiving (A), a signing key as a first function of a first plurality of parameters, wherein the plurality of parameters comprises (i) an identity of a user originating the electronic request for the application, (ii) a first time based salt value, and (iii) a secret that is shared between the suitably programmed application server and the transaction server; and

(C) embedding the signing key in an unbranded version of the application thereby forming a branded version of the application, wherein the branded version of the application is configured to (i) sign a request with the signing key thereby forming a signed request, and (ii) submit the signed request to the transaction server with the identity of the user and the identifier that identifies the distributor or developer of the application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authenticating a request between a client computer and a transaction server are provided. An application request, comprising an identity of a user originating the request, is received at an application server from the client. The application server constructs a signing key based on (i) the identity of the user making the request, (ii) a time based salt value, (iii) a secret shared between the application and transaction servers and, optionally, (iv) an identifier of the distributor or developer of the application. The signing key is embedded in an unbranded version of the application thereby branding the application. The branded application can sign a request with the signing key and submit the signed request to the transaction server with the identity of the user and the identifier of the distributor or developer of the application.

231 Citations

27 Claims

1. A method for authenticating an electronic request between a client computer and a transaction server, the method comprising:
- (A) receiving, at a suitably programmed application server, an electronic application request for an application from the client computer, wherein the electronic request comprises an identity of a user originating the electronic request;
  
  (B) constructing, using the suitably programmed application server and responsive to the receiving (A), a signing key as a first function of a first plurality of parameters, wherein the plurality of parameters comprises (i) an identity of a user originating the electronic request for the application, (ii) a first time based salt value, and (iii) a secret that is shared between the suitably programmed application server and the transaction server; and
  
  (C) embedding the signing key in an unbranded version of the application thereby forming a branded version of the application, wherein the branded version of the application is configured to (i) sign a request with the signing key thereby forming a signed request, and (ii) submit the signed request to the transaction server with the identity of the user and the identifier that identifies the distributor or developer of the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, wherein the first plurality of parameters further comprises an identifier that identifies the distributor or developer of the application.
  - 3. The method of claim 1, wherein the embedding (C) is performed by the suitably programmed application server and the method further comprises:
    - (D) electronically delivering the branded version of the application to the client computer.
  - 4. The method of claim 1, wherein the embedding (C) is performed by the client computer and the method further comprises, prior to the embedding (C):
    - electronically delivering the signing key to the client computer.
  - 5. The method of claim 1, wherein the first function is a hashing function and wherein the signing key is a hash of (i) the identity of the user originating the electronic request for the application, (ii) the identifier that identifies the distributor or developer of the application, (iii) the first time based salt value, and (iv) the secret that is shared between the suitably programmed application server and the transaction server.
  - 6. The method of claim 1, wherein the first function is a hashing function and wherein the signing key is a hash of (i) the identity of the user originating the electronic request for the application, (ii) the first time based salt value, and (iii) the secret that is shared between the suitably programmed application server and the transaction server.
  - 7. The method of claim 1 wherein the first time based salt value is an integer divide of (i) Coordinated Universal Time (UTC) associated with the receiving (A) and (ii) a predetermined time increment.
  - 8. The method of claim 1 wherein the first time based salt value is an integer divide of (i) Coordinated Universal Time (UTC) associated with the constructing (B) and (ii) a predetermined time increment.
  - 9. The method of claim 1, wherein the signed transaction request is an in-game transaction to buy an in-game upgrade using an account associated with the identity of the user that is maintained on the transaction server.
  - 10. The method of claim 9, wherein the in-game upgrade is a level unlock, a purchase of virtual equipment, a purchase of a virtual special weapon, a purchase of a cheat, or a purchase of virtual currency.
  - 11. The method of claim 1, wherein the branded version of the application is a social networking application, a financial services application, an accounting application, or a tax preparation application.
  - 12. The method of claim 1, the method further comprising:
    - executing the branded application using the client computer, wherein the client computer is suitably programmed to execute the branded application;
      
      using the executed branded application to make a request that comprises a signature based upon the signing key; and
      
      communicating the signed request to the transaction server.
  - 13. The method of claim 12, wherein the signed request includes the identity of the user and the identifier that identifies the distributor or developer of the application.
  - 14. The method of claim 12, the method further comprising:
    - (i) receiving the signed request at the transaction server;
      
      (ii) forming a reconstructed signing key;
      
      wherein the transaction server is suitably programmed to perform the forming and wherein the forming comprises applying a second function to a second plurality of parameters, wherein the second plurality of parameters comprises;
      
      (i) the identity of the user making the request, (ii) a second time based salt value, and (iii) the secret that is shared between the suitably programmed application server and the transaction server;
      
      (iii) forming a signature from the reconstructed signing key; and
      
      (iv) assessing the signed request, wherein the assessing;
      
      (a) achieves a verified state when the signature formed from the reconstructed signing key matches the signature in the transaction request, or(b) achieves a failed state when the signature formed from the reconstructed signing key does not match the signature in the transaction request.
  - 15. The method of claim 14, wherein the second plurality of parameters further comprises an identifier that identifies the distributor or developer of the application.
  - 16. The method of claim 14, wherein the second function is a hashing function and wherein the reconstructed signing key is a hash of (i) the identity of the user originating the electronic request for the application, (ii) the identifier that identifies the distributor or developer of the application, (iii) the second time based salt value, and (iv) the secret that is shared between the suitably programmed application server and the transaction server.
  - 17. The method of claim 14, wherein the second function is a hashing function and wherein the reconstructed signing key is a hash of (i) the identity of the user originating the electronic request for the application, (ii) the second time based salt value, and (iii) the secret that is shared between the suitably programmed application server and the transaction server.
  - 18. The method of claim 14, wherein the second time based salt value is an integer divide of (i) Coordinated Universal Time (UTC) associated with the receiving (H), forming (I), or verifying (J) and (ii) the predetermined time increment.
  - 19. The method of claim 14 wherein, when the failed state is achieved, the method further comprises repeating the forming (i), forming (ii), and assessing (iii) with the second time based salt value incremented or decremented.
  - 20. The method of claim 14 wherein, when the verified state is achieved, the method further comprises servicing the request, using the transaction server, wherein the transaction server is suitably programmed to service the request when the verified state is achieved.
  - 21. The method of claim 1, wherein the suitably programmed application server is a server other than the transaction server.
  - 22. The method of claim 1, wherein the suitably programmed application server and the transaction server are the same server.
  - 23. The method of claim 1, wherein the application is a FLASH application.

24. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism for authenticating an electronic request between a client computer and a transaction server, the computer program mechanism comprising computer executable instructions for:
- (A) receiving, at a suitably programmed application server, an electronic application request for an application from the client computer, wherein the electronic request comprises an identity of a user originating the electronic request;
  
  (B) constructing, using the suitably programmed application server and responsive to the receiving (A), a signing key as a function of a plurality of parameters, wherein the plurality of parameters comprises (i) an identity of a user originating the electronic request for the application, (ii) a first time based salt value, and (iii) a secret that is shared between the suitably programmed application server and the transaction server; and
  
  (C1) embedding the signing key in an unbranded version of the application thereby forming a branded version of the application, wherein the branded version of the application is configured to (i) sign a request with the signing key thereby forming a signed request, and (ii) submit the signed request to the transaction server with the identity of the user and the identifier that identifies the distributor or developer of the application or(C2) delivering the signing key to the client computer
- View Dependent Claims (25)
- - 25. The computer program product of claim 24, wherein the plurality of parameters further comprises an identifier that identifies the distributor or developer of the application.

26. A system comprising:
- (A) means for receiving, at a suitably programmed application server, an electronic application request for an application from the client computer, wherein the electronic request comprises an identity of a user originating the electronic request;
  
  (B) means for constructing, using the suitably programmed application server and responsive to the receiving (A), a signing key as a function of a plurality of parameters, wherein the plurality of parameters comprises (i) an identity of a user originating the electronic request for the application, (ii) a first time based salt value, and (iii) a secret that is shared between the suitably programmed application server and the transaction server; and
  
  (C1) means for embedding the signing key in an unbranded version of the application thereby forming a branded version of the application, wherein the branded version of the application is configured to (i) sign a request with the signing key thereby forming a signed request, and (ii) submit the signed request to the transaction server with the identity of the user and the identifier that identifies the distributor or developer of the application or(C2) means for delivering the signing key to the client computer.
- View Dependent Claims (27)
- - 27. The system of claim 26, wherein the plurality of parameters further comprises an identifier that identifies the distributor or developer of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Gupta, Vikas, Bayes, Luke, Mills, Allan, Seregine, Mikhail, Bhanoo, Hemant Madhav

Granted Patent

US 8,943,322 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC TRANSACTION

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

231 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC TRANSACTION

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

231 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others