Systems and methods for facilitating user authentication over a network
First Claim
1. A method for facilitating transactions over a network, the method comprising:
- communicating with a web-client over the network;
receiving a request for authentication from the web-client over the network, the request including user information related to a user;
verifying that the user information includes a first integer value P corresponding to a first identification number related to the user and a second integer value Q corresponding to a second identification number related to the user;
challenging the web-client over the network by generating and sending a plurality of different random integer values to the web-client over the network including a first random integer value R, a second random integer value T, and a third random integer value K;
defining a first line segment PR between the first integer value P and the first random integer value R;
defining a second line segment QT between the second integer value Q and the second random integer value T;
determining an intersection point S of the first line segment PR and the second line segment QT;
calculating a first hash value from the third random integer value K and the intersection point S;
receiving a second hash value from the web-client over the network;
performing a first authentication protocol by comparing the first hash value with the second hash value, wherein if the first and second hash values match, then the web-client is authenticated, and wherein if the first and second hash values do not match, then the first authentication protocol is aborted; and
storing information related to performing the first authentication protocol.
2 Assignments
0 Petitions
Accused Products
Abstract
In accordance with embodiments of the present disclosure, systems and methods for facilitating network transactions include user authentication over a network by providing strong mutual authentication of client web application to server side application server, providing session encryption key negotiation after authentication to continue encryption during communication, and providing a high-level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm. In various implementations, the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password or personal identification number) with something the user Has (e.g., a secure identification card) to create a stronger identity authentication proof for access to a mobile device and applications running on the mobile device.
-
Citations
24 Claims
-
1. A method for facilitating transactions over a network, the method comprising:
-
communicating with a web-client over the network; receiving a request for authentication from the web-client over the network, the request including user information related to a user; verifying that the user information includes a first integer value P corresponding to a first identification number related to the user and a second integer value Q corresponding to a second identification number related to the user; challenging the web-client over the network by generating and sending a plurality of different random integer values to the web-client over the network including a first random integer value R, a second random integer value T, and a third random integer value K; defining a first line segment PR between the first integer value P and the first random integer value R; defining a second line segment QT between the second integer value Q and the second random integer value T; determining an intersection point S of the first line segment PR and the second line segment QT; calculating a first hash value from the third random integer value K and the intersection point S; receiving a second hash value from the web-client over the network; performing a first authentication protocol by comparing the first hash value with the second hash value, wherein if the first and second hash values match, then the web-client is authenticated, and wherein if the first and second hash values do not match, then the first authentication protocol is aborted; and storing information related to performing the first authentication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for facilitating transactions over a network, the system comprising:
-
a communication component adapted for communicating with a web-client over the network; and a processing component adapted for; receiving a request for authentication from the web-client over the network, the request including user information related to a user; verifying that the user information includes a first integer value P corresponding to a first identification number related to the user and a second integer value Q corresponding to a second identification number related to the user; challenging the web-client over the network by generating and sending a plurality of different random integer values to the web-client over the network including a first random integer value R, a second random integer value T, and a third random integer value K; defining a first line segment PR between the first integer value P and the first random integer value R; defining a second line segment QT between the second integer value Q and the second random integer value T; determining an intersection point S of the first line segment PR and the second line segment QT; calculating a first hash value from the third random integer value K and the intersection point S; receiving a second hash value from the web-client over the network; performing a first authentication protocol by comparing the first hash value with the second hash value, wherein if the first and second hash values match, then the web-client is authenticated, and wherein if the first and second hash values do not match, then the first authentication protocol is aborted; and storing information related to performing the first authentication protocol. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable medium on which are stored computer readable instructions and when executed operable to:
-
communicate with a web-client over the network; receive a request for authentication from the web-client over the network, the request including user information related to a user; verify that the user information includes a first integer value P corresponding to a first identification number related to the user and a second integer value Q corresponding to a second identification number related to the user; challenge the web-client over the network by generating and sending a plurality of different random integer values to the web-client over the network including a first random integer value R, a second random integer value T, and a third random integer value K; define a first line segment PR between the first integer value P and the first random integer value R; define a second line segment QT between the second integer value Q and the second random integer value T; determine an intersection point S of the first line segment PR and the second line segment QT; calculate a first hash value from the third random integer value K and the intersection point S; receive a second hash value from the web-client over the network; perform a first authentication protocol by comparing the first hash value with the second hash value, wherein if the first and second hash values match, then the web-client is authenticated, and wherein if the first and second hash values do not match, then the first authentication protocol is aborted; and store information related to performing the first authentication protocol. - View Dependent Claims (24)
-
Specification