Method and apparatus for generating queries for secure authentication and authorization of transactions
First Claim
Patent Images
1. A method for generating a query comprising the steps of:
- a) receiving a cookie that includes an encrypted buffer that includes a profile code that indicates the services that a user is entitled to use, said profile code encrypted using an encryption key generated using a first seed component, a second seed component and a third seed component, said first seed component further comprising user identification data, said cookie also including said a second seed component and said third seed component, said second seed component and said third seed component not encrypted;
b) generating a request buffer that indicates a desired service;
c) receiving said user identification data from a user;
d) encrypting said request buffer using said second seed component as an encryption key so as to form an encrypted portion of a query; and
e) generating a query that comprises said user identification data received in step c) and that includes said encrypted portion of said query, said query also including said third seed component and said encrypted buffer, said third seed component and said user identification data received in step c) not encrypted.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for authenticating and authorizing online transactions. An authentication cookie is transmitted to a client system. The authentication cookie includes a user encryption key and an encrypted buffer that contains user identification data and a profile code. Subsequent requests for the particular service use the authentication cookie to generate a query that includes the encrypted buffer and user identification data entered by the user. Portions of the query are encrypted using the user encryption key. Queries received at each authentication and authorization server are authenticated by reconstructing the user encryption key using information transmitted in the clear and decrypting the query using both the reconstructed user encryption key and the secret key. The user identification data entered by the user is then compared with the user identification data in the encrypted buffer for further authentication. The profile code is analyzed for determining authorization. If the query is authenticated and authorized, the authentication and authorization server forwards the request to a server that provides the desired service.
143 Citations
20 Claims
-
1. A method for generating a query comprising the steps of:
-
a) receiving a cookie that includes an encrypted buffer that includes a profile code that indicates the services that a user is entitled to use, said profile code encrypted using an encryption key generated using a first seed component, a second seed component and a third seed component, said first seed component further comprising user identification data, said cookie also including said a second seed component and said third seed component, said second seed component and said third seed component not encrypted;
b) generating a request buffer that indicates a desired service;
c) receiving said user identification data from a user;
d) encrypting said request buffer using said second seed component as an encryption key so as to form an encrypted portion of a query; and
e) generating a query that comprises said user identification data received in step c) and that includes said encrypted portion of said query, said query also including said third seed component and said encrypted buffer, said third seed component and said user identification data received in step c) not encrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
f) transmitting said query to an authentication server.
-
-
3. A method as recited in claim 2 further including the steps of:
g) receiving a response from said authentication server.
-
4. A method as recited in claim 3 wherein the response received in step g) is encrypted using said second seed component as an encryption key.
-
5. A method as recited in claim 1 wherein said user identification data is numerical and wherein said third seed component further comprises a randomly generated number.
-
6. A method as recited in claim 5 wherein said encryption key is determined using a hash of at least three elements.
-
7. A method as recited in claim 6 wherein said encryption key is determined by a MD-5 hash of said first seed component, said second seed component and said third seed component.
-
8. A method as recited in claim 6 wherein said encrypted buffer is further encrypted using said second seed component.
-
9. A computer system comprising:
-
a processor coupled to a bus;
a memory unit coupled to said bus and comprising instructions that when executed by said processor implement a method for generating a query comprising the steps of;
a) receiving a cookie that includes an encrypted buffer that includes a profile code that indicates the services that a user is entitled to use, said profile code encrypted using an encryption key generated using a first seed component, a second seed component and a third seed component, said first seed component further comprising user identification data, said cookie also including said a second seed component and said third seed component, said second seed component and said third seed component not encrypted;
b) generating a request buffer that indicates a desired service;
c) receiving said user identification data from a user;
d) encrypting said request buffer using said second seed component as an encryption key so as to form an encrypted portion of a query; and
e) generating a query that comprises said user identification data received in step c) and that includes said encrypted portion of said query, said query also including said third seed component and said encrypted buffer, said third seed component and said user identification data received in step c) not encrypted. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
f) transmitting said query to an authentication server.
-
-
11. A computer system as recited in claim 10 wherein said method further comprises the step of:
g) receiving a response from said authentication server.
-
12. A computer system as recited in claim 11 wherein the response received in step g) is encrypted using said second seed component.
-
13. A computer system as recited in claim 9 wherein said user identification data is numerical and wherein said third seed component is a randomly generated number.
-
14. A computer system as recited in claim 9 wherein said encryption key is determined using a hash of at least three elements.
-
15. A computer system as recited in claim 14 wherein said encryption key is determined using a MD-5 hash of said first seed component, said second key component, and said third seed component.
-
16. A computer system as recited in claim 14 wherein said computer system further comprises a palmtop computer.
-
17. A method for generating a query from a palmtop computer comprising:
-
a) providing user identification data to a user, said user identification data comprising a first seed component of three seed components used for generating an encryption key;
b) receiving a cookie that includes a second seed component and a third seed component of said three seed components used to generate said encryption key, said cookie also including an encrypted buffer encrypted using said encryption key;
c) generating a request buffer that indicates a desired service;
d) receiving said user identification data from a user;
e) encrypting said request buffer using said second seed component as an encryption key so as to form an encrypted portion of a query; and
f) generating a query that comprises said user identification data received in step d) and that includes said encrypted portion of said query, said query also including said third seed component and said encrypted buffer, said third seed component and said user identification data received in step d) not encrypted. - View Dependent Claims (18, 19, 20)
g) transmitting said query.
-
-
19. The method of claim 18 further comprising the steps of:
h) receiving a response.
-
20. The method of claim 17 wherein said encryption key is determined using a MD-5 hash of said first seed component, said second key component, and said third seed component.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeAccess Company Limited
-
Original AssigneePalmsource Incorporated (Access Company Limited)
-
InventorsLennie, Robert, Dalbec, Gabe, Chen, Carl
-
Primary Examiner(s)Caldwell, Andrew
-
Assistant Examiner(s)Simitoski, Michael J.
-
Application NumberUS09/608,670Time in Patent Office1,642 DaysField of Search709/228, 709/229, 709/226, 709/219, 707/9, 707/151, 713/155, 713/160, 713/168, 713/201, 705/76, 705/77, 705/79, 711/156, 711/164US Class Current713/181CPC Class CodesG06F 1/1626 with a single-body enclosur...G06F 1/1632 External expansion units, e...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/388 using mutual authentication...G06Q 20/40 Authorisation, e.g. identif...G06Q 20/4014 Identity check for transact...G06Q 20/40975 using encryption thereforG07F 7/1008 Active credit-cards provide...H04L 2209/56 Financial cryptography, e.g...H04L 2209/80 Wireless network architectu...H04L 63/0414 during transmission, i.e. p...H04L 63/08 for authentication of entit...H04L 9/3271 using challenge-response
