A COMPUTER IMPLEMENTED METHOD TO IMPROVE SECURITY IN AUTHENTICATION/AUTHORIZATION SYSTEMS AND COMPUTER PROGRAMS PRODUCTS THEREOF
0 Assignments
0 Petitions
Accused Products
Abstract
A computer implemented method and computer program products to improve security in authentication/authorization systems
The computer implemented method comprising controlling the access to different resources and actions defined for a user by a first server, reducing the exposure time at which such operations are available, establishing a dual channel verification through the use of a second server and a defining a secure channel for certificate exchange for authentication.
The computer programs implement the method.
-
Citations
30 Claims
-
1-15. -15. (canceled)
-
16. A computer implemented method to improve security in authentication/authorization systems, the method comprising:
-
receiving, by a first server, from a user via a first dedicated program, a request to be logged into a service of said first server; and authenticating, by said first server, credentials information of said user in order to authorize said service login request, said credentials information comprising information validating the identity of the user in the first server, the method comprising; receiving, by a second server, from a second dedicated program installed in a computing device of said user, configuration information that the user has established for the operations provided by the first server; requesting, by the user, once the service login request being authorized by the first server, to perform an operation in the first server; receiving, by the second server, from the first server, a request about an operation status associated to what said user has established about said requested operation in order to assist the first server in authorizing or rejecting the requested operation; and verifying, by the second server, said operation status previously established by the user for said requested operation, and in case said operation status being established as valid by the user, the second server generating an extra authentication factor mechanism for reinforcing authorization of said requested operation, wherein said extra authentication factor mechanism includes a public/private key encryption process or the use of a public/private key for generating a digital signature. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification