SECURE AUTHENTICATION IN A MULTI-PARTY SYSTEM
First Claim
1. A method of operating an authentication server to notify a network entity of a transaction via a network, comprising:
- receiving, from a first network entity via the network, an identifier of a second network entity, a transaction identifier, transaction approval and authentication requirements, and a message regarding the transaction, wherein the message is encrypted with a credential of the second network entity;
transmitting, to the second network entity via the network, the received transaction identifier, transaction approval and any authentication requirements, and encrypted message;
receiving, from the second network entity via the network after transmitting the transaction identifier, transaction approval and authentication requirements, and encrypted message, at least one of a transaction approval and authentication information;
determining, based on any received authentication information, that the second network entity is authentic; and
transmitting to the first network entity a notification of any determination and any received transaction approval.
8 Assignments
0 Petitions
Accused Products
Abstract
An authentication server transmits a random number to and receives a other information from a service provider. Later, the first random number is received from a requester and a provider identifier, the received other information and provider authentication policy requirements are transmitted to the requester. A user identifier and validation information are received from the requester. The received validation information is determined to correspond to the provider authentication policy requirements, and compared with stored user validation information associated with the received user identifier to authenticate the requester. A message, including both the random number and other information, signed with a credential of the requesting user is received and transmitted to the first provider.
57 Citations
21 Claims
-
1. A method of operating an authentication server to notify a network entity of a transaction via a network, comprising:
-
receiving, from a first network entity via the network, an identifier of a second network entity, a transaction identifier, transaction approval and authentication requirements, and a message regarding the transaction, wherein the message is encrypted with a credential of the second network entity; transmitting, to the second network entity via the network, the received transaction identifier, transaction approval and any authentication requirements, and encrypted message; receiving, from the second network entity via the network after transmitting the transaction identifier, transaction approval and authentication requirements, and encrypted message, at least one of a transaction approval and authentication information; determining, based on any received authentication information, that the second network entity is authentic; and transmitting to the first network entity a notification of any determination and any received transaction approval. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network server for notifying a network entity of a transaction via a network, comprising:
-
a data store configured to store authentication information for authenticating network entities; a processing unit configured to (1) receive, from a first network entity via the network, an identifier of the second network entity, a transaction identifier, transaction approval and authentication requirements, and a message regarding the transaction, wherein the message is encrypted with a credential of the second network entity, and (2) direct transmission, to the second network entity via the network, of the received transaction identifier, transaction approval and any authentication requirements, and encrypted message, (3) receive, from the second network entity via the network after transmitting the transaction identifier, transaction approval and authentication requirements, and encrypted message, at least one of a transaction approval and authentication information, (4) determine, based on any received authentication information and the stored authentication information, that the second network entity is authentic, and (5) direct transmission, to the first network entity, of a notification of any determination and any received transaction approval. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An article of manufacture for authenticating a network user to another network entity, comprising:
-
non-transitory storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to; to notify a network entity of a transaction via a network, comprising; receive, from a first network entity via the network, an identifier of a second network entity, a transaction identifier, transaction approval and authentication requirements, and a message regarding the transaction, wherein the message is encrypted with a credential of the second network entity; transmit, to the second network entity via the network, the received transaction identifier, transaction approval and any authentication requirements, and encrypted message; receive, from the second network entity via the network after transmitting the transaction identifier, transaction approval and authentication requirements, and encrypted message, at least one of a transaction approval and authentication information; determine, based on any received authentication information, that the second network entity is authentic; and transmit to the first network entity a notification of any determination and any received transaction approval. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification