SECURE AUTHENTICATION METHOD AND SYSTEM FOR ONLINE TRANSACTIONS
First Claim
1. A secure authentication method for online transactions, the method comprising:
- generating, using one or more computer processors, a random session key to encrypt communications between a client and a server;
verifying a user identity of a user using the client based on the generated random session key;
in the event that the verification of the user identity is successful, generating transaction image information, encrypting the transaction image information based on the random session key, and transmitting the encrypted transaction image information to the client;
receiving a confirmation of the transaction image information, the confirmation comprising a transaction signature;
verifying the transaction signature based on the random session key.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention relate to a secure authentication method for online transactions, an online transaction secure authentication system, an online transaction secure authentication client, and a computer program product for secure authentication of online transactions thereof. The secure authentication method includes: generating, using one or more computer processors, a random session key to encrypt communications between a client and a server; verifying a user identity of a user using the client based on the generated random session key; in the event that the verification of the user identity is successful, generating transaction image information, encrypting the transaction image information based on the random session key, and transmitting the encrypted transaction image information to the client; receiving a confirmation of the transaction image information, the confirmation comprising a transaction signature; and verifying the transaction signature based on the random session key.
-
Citations
26 Claims
-
1. A secure authentication method for online transactions, the method comprising:
-
generating, using one or more computer processors, a random session key to encrypt communications between a client and a server; verifying a user identity of a user using the client based on the generated random session key; in the event that the verification of the user identity is successful, generating transaction image information, encrypting the transaction image information based on the random session key, and transmitting the encrypted transaction image information to the client; receiving a confirmation of the transaction image information, the confirmation comprising a transaction signature; verifying the transaction signature based on the random session key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An online transaction secure authentication system, the system comprising:
-
a one time password (OTP) control; an OTP control server; and an OTP authentication platform, wherein; the OTP control and OTP control server are configured to generate random session keys for encrypted communications between the OTP control and the OTP control server and verify user identity of the OTP control based on the random session keys; and the OTP authentication platform; is connected to the OTP control server, generates transaction image information after receiving a user identity verification successful message sent by the OTP control server, encrypts the transaction image information based on a random session key, transmits the transaction image information to the OTP control, and after the OTP control confirms the transaction image information, verifies a transaction signature based on the random session key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for secure authentication of online transactions, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
generating, using one or more computer processors, a random session key to encrypt communications between a client and a server; verifying a user identity of a user using the client based on the generated random session key; in the event that the verification of the user identity is successful, generating transaction image information, encrypting the transaction image information based on the random session key, and transmitting the encrypted transaction image information to the client; receiving a confirmation of the transaction image information, the confirmation comprising a transaction signature; verifying the transaction signature based on the random session key. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. An online transaction secure authentication client, the client comprising:
-
at least one processor configured to; receive a random session key to encrypt communications between the client and a server; encrypt user machine information of a user based on the received random session key; send the encrypted user machine information to the server; receive encrypted transaction image information from the server; encrypt a confirmation of the transaction image information; and send the confirmation of the transaction image information to the server; and a memory coupled with the processor, wherein the memory provides the processor with instructions. - View Dependent Claims (23, 24, 25, 26)
-
Specification