Transaction authorization
First Claim
1. A computer-implemented method for transaction authorization within a security service, the computer-implemented method comprising:
- receiving a request, by a reverse proxy server, from a requestor for an authorized transaction of an application;
presenting the requestor to a confirmation page of the application;
submitting a confirmed transaction request to the application;
intercepting by a computer the confirmed transaction request by the security service, wherein a transaction identifier is cached to form a cached transaction identifier;
requesting by the computer the requestor to authenticate to form an authentication request;
placing the cached transaction identifier into the authentication request;
determining by the computer whether the requestor was authenticated;
responsive to a determination the requestor authenticated, receiving authentication information-comprising an associated transaction identifier;
determining whether the cached transaction identifier is equivalent to the authentication information; and
responsive to a determination that the cached transaction identifier is equivalent to authentication information, passing the request with the cached transaction identifier in the request to an application.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment provides a computer-implemented method for transaction authorization within a security service. The computer-implemented method intercepts a request by a security service, wherein a transaction identifier is cached to form a cached transaction identifier, and requests the requester to authenticate to form an authentication request. The computer-implemented method further determines whether the requester was authenticated, and responsive to a determination the requester was authenticated, receives authentication information, including an associated transaction identifier. The request is intercepted and the cached transaction identifier inserted. The computer-implemented method further determines whether the cached transaction identifier is equivalent to the authentication information, including an associated transaction identifier, and responsive to a determination that the cached transaction identifier is equivalent to authentication information, including an associated transaction identifier, passes the request to the application.
11 Citations
19 Claims
-
1. A computer-implemented method for transaction authorization within a security service, the computer-implemented method comprising:
-
receiving a request, by a reverse proxy server, from a requestor for an authorized transaction of an application; presenting the requestor to a confirmation page of the application; submitting a confirmed transaction request to the application; intercepting by a computer the confirmed transaction request by the security service, wherein a transaction identifier is cached to form a cached transaction identifier; requesting by the computer the requestor to authenticate to form an authentication request; placing the cached transaction identifier into the authentication request; determining by the computer whether the requestor was authenticated; responsive to a determination the requestor authenticated, receiving authentication information-comprising an associated transaction identifier; determining whether the cached transaction identifier is equivalent to the authentication information; and responsive to a determination that the cached transaction identifier is equivalent to authentication information, passing the request with the cached transaction identifier in the request to an application. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A data processing system for transaction authorization within a security service, the data processing system comprising:
-
a bus; a memory connected to the bus, the memory comprising computer-executable instructions therein; a communications unit connected to the bus; a processor unit connected to the bus, wherein the processor unit executes the computer-executable instructions to direct the data processing system to; receive a request, by a reverse proxy server, from a requestor for an authorized transaction of the application; present the requestor to a confirmation page of the application; submit a confirmed transaction request to the application; intercept the request by the security service, wherein a transaction identifier is cached to form a cached transaction identifier; request the requestor to authenticate to form an authentication request; place the cached transaction identifier into the authentication request; determine whether a requestor was authenticated; responsive to a determination the requestor authenticated, receive authentication information comprising an associated transaction identifier; determine whether the cached transaction identifier is equivalent to the authentication information; and responsive to a determination that the cached transaction identifier is equivalent to the authentication information, pass the request with the cached transaction identifier in the request to an application. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product for transaction authorization within a security service, the computer program product comprising one or more computer-readable tangible storage devices:
-
computer-executable instructions, stored on at least one of the one or more storage devices, for receiving the request by a reverse proxy server from a requestor for an authorized transaction of the application computer-executable instructions, stored on at least one of the one or more storage devices, for presenting the requestor to a confirmation page of the application; computer-executable instructions, stored on at least one of the one or more storage devices, for submitting a confirmed transaction request to the application; computer-executable instructions, stored on at least one of the one or more storage devices, for intercepting a request by the security service, wherein a transaction identifier is cached to form a cached transaction identifier; computer-executable instructions, stored on at least one of the one or more storage devices, for requesting a requestor to authenticate to form an authentication request; computer-executable instructions, stored on at least one of the one or more storage devices, for placing the cached transaction identifier into the authentication request; computer-executable instructions, stored on at least one of the one or more storage devices, for determining whether the requestor was authenticated; computer-executable instructions, stored on at least one of the one or more storage devices, responsive to a determination the requestor authenticated, for receiving authentication information comprising an associated transaction identifier; computer-executable instructions, stored on at least one of the one or more storage devices, for determining whether the cached transaction identifier is equivalent to the authentication information; and computer-executable instructions, stored on at least one of the one or more storage devices, responsive to a determination that the cached transaction identifier is equivalent to the authentication information, for passing the request with the cached transaction identifier in the request to an application. - View Dependent Claims (14, 15, 16, 17)
-
-
18. An apparatus for transaction authorization within a security service, the apparatus comprising:
-
a reverse proxy server, for receiving requests from a requestor for a transaction, the reverse proxy server comprising a security plug-in in a web server implementing a security service; an authentication service in communication with the reverse proxy server, wherein the authentication service authenticates a user; a security service in communication with the reverse proxy server, wherein the security service intercepts the request and redirects the request for authentication; an application in communication with the reverse proxy server, wherein the application generates and uses a transaction identifier; and a cache memory, in communication with the security service, that stores the transaction identifier, wherein the transaction identifier is used by the security service and authentication service to authenticate the requestor and the transaction, wherein the application places a cached transaction identifier into the authentication request. - View Dependent Claims (19)
-
Specification