Secure authentication for authorization for transaction processing
First Claim
1. A method of processing a query sent from a client system comprising the steps of:
- using a processor to;
access said query comprising user identification data, said query further comprising an unencrypted portion comprising unencrypted data and an encrypted portion comprising an encrypted buffer encrypted using a first encryption key, said encrypted buffer also encrypted using a second encryption key;
obtain said second encryption key;
decrypt at least a portion of said encrypted portion using said second encryption key;
decrypt said encrypted buffer using said first encryption key;
determine authentication by comparing said user identification data to user identification data contained within said encrypted buffer;
determine authorization to use a service requested in said query based on information indicating services accessible by said user contained within said encrypted buffer if said user identification data matches user identification data contained within said encrypted buffer; and
generate and transmit to said client system an error message if said user identification data does not match said user identification data contained within said encrypted buffer.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for authenticating and authorizing online transactions. An authentication cookie is transmitted to a client system. The authentication cookie includes a user encryption key and an encrypted buffer that contains user identification data and a profile code. Subsequent requests for the particular service use the authentication cookie to generate a query that includes the encrypted buffer and user identification data entered by the user. Portions of the query are encrypted using the user encryption key. Queries received at each authentication and authorization server are authenticated by reconstructing the user encryption key using information transmitted in the clear and decrypting the query using both the reconstructed user encryption key and the secret key. The user identification data entered by the user is then compared with the user identification data in the encrypted buffer for further authentication. The profile code is analyzed for determining authorization. If the query is authenticated and authorized, the authentication and authorization server forwards the request to a server that provides the desired service.
-
Citations
8 Claims
-
1. A method of processing a query sent from a client system comprising the steps of:
-
using a processor to; access said query comprising user identification data, said query further comprising an unencrypted portion comprising unencrypted data and an encrypted portion comprising an encrypted buffer encrypted using a first encryption key, said encrypted buffer also encrypted using a second encryption key; obtain said second encryption key; decrypt at least a portion of said encrypted portion using said second encryption key; decrypt said encrypted buffer using said first encryption key; determine authentication by comparing said user identification data to user identification data contained within said encrypted buffer; determine authorization to use a service requested in said query based on information indicating services accessible by said user contained within said encrypted buffer if said user identification data matches user identification data contained within said encrypted buffer; and generate and transmit to said client system an error message if said user identification data does not match said user identification data contained within said encrypted buffer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification
-
- Resources
-
Current AssigneePalmsource Incorporated (Access Company Limited)
-
Original AssigneeAccess Company Limited
-
InventorsLennie, Robert, Chen, Carl, Dalbec, Gabe
-
Primary Examiner(s)BROWN, CHRISTOPHER J
-
Application NumberUS12/361,546Publication NumberTime in Patent Office1,076 DaysField of Search726/4, 713/187, 705/64US Class Current726/4CPC Class CodesG06Q 20/382 insuring higher security of...H04L 63/0428 wherein the data content is...H04L 63/0471 applying encryption by an i...H04L 63/08 for authentication of entit...H04L 63/0884 by delegation of authentica...H04L 67/02 based on web technology, e....H04L 69/329 in the application layer [O...Y10S 707/99931 Database or file accessing
