Authenticating and communicating verifiable authorization between disparate network domains
First Claim
1. A method for a user to access a secure Internet site of a specified vendor, utilizing user credential data and other user data and without passing a user ID and password to the secure Internet site, the method comprising the steps of:
- receiving a request from a user computer system via an intranet, to an authentication server for access to a secure Internet site for a specified transaction with a specified vendor;
maintaining in a database, an ID for the specified vendor and specific requirements of the specified vendor;
the authentication server creating a web page for the specified vendor using said specific requirements, and sending said web page to the user computer system;
receiving, by the authentication server, from said user computer system via the intranet, said web page, said web page comprising user provided user credential data;
the authentication server checking the user credential data of the user including a user ID and password according to a first predetermined plan to determine that the user is permitted access to said secure Internet site;
said authentication server authorizing said user to access the secure Internet site to transmit the specified transaction thereat based on said user credential data permitting said access;
said authentication server creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan;
transmitting said digitally signed request over the intranet from the authentication server to the user computer system, for forwarding, by said user computer system, to a vendor server at said secure internet site, said digitally signed request over the Internet;
verifying the validity of said digitally signed request including receiving said digitally signed request from the vendor server at the secure Internet site, at a third, verification service, separate from the vendor server;
said verification service determining whether said digitally signed request is valid and thereby determining whether said specified transaction is authorized; and
based on said digitally signed request being valid, the verification service informing the vendor server that the user is authorized for the specified transaction, and the authorized user obtains access to the secure Internet site for the authorized specified transaction without passing the user credential data to the secure Internet site and without giving the secure Internet site access to the authentication server.
0 Assignments
0 Petitions
Accused Products
Abstract
Verifiable authentication credentials are provided to foreign systems without passing an id and password to the protected resource. A user wishing to access a secure remote site is prompted for credentials, the credentials are authenticated locally and a digitally signed token is created. The token is redirected to the secure remote site by the user'"'"'s browser using HTTP redirection. The digital signature is verified by the secure remote site preferably by a digital signature web service. The remote site establishes communications with the user if the digital signature is valid.
75 Citations
20 Claims
-
1. A method for a user to access a secure Internet site of a specified vendor, utilizing user credential data and other user data and without passing a user ID and password to the secure Internet site, the method comprising the steps of:
-
receiving a request from a user computer system via an intranet, to an authentication server for access to a secure Internet site for a specified transaction with a specified vendor; maintaining in a database, an ID for the specified vendor and specific requirements of the specified vendor; the authentication server creating a web page for the specified vendor using said specific requirements, and sending said web page to the user computer system; receiving, by the authentication server, from said user computer system via the intranet, said web page, said web page comprising user provided user credential data; the authentication server checking the user credential data of the user including a user ID and password according to a first predetermined plan to determine that the user is permitted access to said secure Internet site; said authentication server authorizing said user to access the secure Internet site to transmit the specified transaction thereat based on said user credential data permitting said access; said authentication server creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan; transmitting said digitally signed request over the intranet from the authentication server to the user computer system, for forwarding, by said user computer system, to a vendor server at said secure internet site, said digitally signed request over the Internet; verifying the validity of said digitally signed request including receiving said digitally signed request from the vendor server at the secure Internet site, at a third, verification service, separate from the vendor server; said verification service determining whether said digitally signed request is valid and thereby determining whether said specified transaction is authorized; and based on said digitally signed request being valid, the verification service informing the vendor server that the user is authorized for the specified transaction, and the authorized user obtains access to the secure Internet site for the authorized specified transaction without passing the user credential data to the secure Internet site and without giving the secure Internet site access to the authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for a user to access a secure Internet site, the system utilizing user credential data and other user data, the system comprising:
-
an authentication server for receiving from a user at a user computer system, via an intranet, a request for access to a secure Internet site for a specified transaction with a specified vendor; a database holding an ID for the specified vendor and specific requirements of the specified vendor; said authentication server creating a web page for the vendor using said specific requirements, and sending said web page to the user computer system;
wherein user credential data is added to said web page and said web page is sent, with said user credential data, to the authentication server via said intranet;the authentication server checking the user credential data according to a first predetermined plan, and authorizing said user to access the secure Internet site to transact a specified transaction thereat based on said user credentials permitting said access; said authentication server creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan; transmitting said digitally signed request over the intranet from the authentication server to the user computer system for forwarding, by said user computer system, to a vendor server at said secure internet site, said digitally signed request over the Internet; a verification service, separate from the vendor server, receiving the digitally signed request from the vendor server at the secure Internet site to determine whether said digitally signed request is valid and thereby to determine whether said specified transaction is authorized; and
wherein;based on said digitally signed request being valid, the verification service informs the vendor server that the user is authorized for the specified transaction, and the authorized user obtains access to the secure Internet site for the authorized specified transaction without passing the user credential data to the secure Internet site and without giving the secure Internet site access to the authentication server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for a user to access a secure Internet site, the computer program product utilizing user credential data and other user data, the computer program product comprising a tangible computer readable device having computer readable program code tangibly embodied therein, the computer program product comprising:
-
computer readable program code for using an authentication server for receiving from a user computer system, a request from a user, via an intranet, for access to a secure Internet site for a specified transaction with a specified vendor; computer readable program code for using the authentication server for creating a web page for the specified vendor using specific requirements of said specified vendor, and sending said web page to the user computer system; computer readable program code for receiving, by the authentication server, from said user computer system via the intranet, said web page, said web page comprising user provided user credential data; computer readable program code for using the authentication server for authorizing said user to access the secure Internet site to transact the specified transaction thereat based on said user credentials permitting said access; computer readable program code for using the authentication server for creating a digitally signed request comprising said other user data for said authorized user according to a second predetermined plan; computer readable program code for transmitting said digitally signed request over the intranet from the authentication server to the user computer system, for forwarding, by said user computer system, to a vendor server at said secure internet site, said digitally signed request over the Internet; computer readable program code for receiving said request from the vendor server at the secure Internet site, at a verification service separate from the vendor server, to determine whether said digitally signed request is valid and thereby to determine whether said specified transaction is authorized; and computer readable program code for informing the vendor server, based on said digitally signed request being valid, that the user is authorized for the specified transaction, and the authorized user obtains access to the secure Internet site for the authorized specified transaction without passing the user credential data to the secure Internet site and without giving the secure Internet site access to the authentication server. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification