System and methods for online authentication
First Claim
1. A method of authenticating a network client to a relying party computer via a computer server, the network client being configured to communicate with the relying party computer and the computer server, the network client being further configured to communicate with a token manager, the token manager being configured to communicate with a hardware token interfaced with the token manager, the method comprising the computer server:
- receiving a transaction code from one of the token manager and the network client via a first communications channel;
receiving a transaction request from the relying party computer via a second communications channel distinct from the first communications channel, wherein the transaction request comprises a transaction pointer that is associated with the hardware token;
correlating the transaction pointer with the transaction code to identify the token manager;
transmitting an authentication request message to one of the token manager and the network client via the first communications channel;
polling for a response to the authentication request message from one of the token manager and the network client;
receiving a credential from one of the token manager and the network client via the first communications channel; and
transmitting an authorization signal to the relying party computer in response to the transaction request in accordance with a determination of validity of the credential and data originating from the hardware token, the authorization signal facilitating authentication of the network client to the relying party computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.
-
Citations
16 Claims
-
1. A method of authenticating a network client to a relying party computer via a computer server, the network client being configured to communicate with the relying party computer and the computer server, the network client being further configured to communicate with a token manager, the token manager being configured to communicate with a hardware token interfaced with the token manager, the method comprising the computer server:
-
receiving a transaction code from one of the token manager and the network client via a first communications channel; receiving a transaction request from the relying party computer via a second communications channel distinct from the first communications channel, wherein the transaction request comprises a transaction pointer that is associated with the hardware token; correlating the transaction pointer with the transaction code to identify the token manager; transmitting an authentication request message to one of the token manager and the network client via the first communications channel; polling for a response to the authentication request message from one of the token manager and the network client; receiving a credential from one of the token manager and the network client via the first communications channel; and transmitting an authorization signal to the relying party computer in response to the transaction request in accordance with a determination of validity of the credential and data originating from the hardware token, the authorization signal facilitating authentication of the network client to the relying party computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium comprising computer processing instructions for execution by a computer server, the computer processing instructions, when executed by the computer server, causing the computer server to perform a method of authenticating a network client to a relying party computer via the computer server, the network client being configured to communicate with the relying party computer and the computer server, the network client being further configured to communicate with a token manager, the token manager being configured to communicate with a hardware token interfaced with the token manager, the method comprising:
-
receiving a transaction code from one of the token manager and the network client via a first communications channel; receiving a transaction request from the relying party computer via a second communications channel distinct from the first communications channel, wherein the transaction request comprises a transaction pointer that identifies the hardware token; correlating the transaction pointer with the transaction code to identify the token manager; transmitting an authentication request message to one of the token manager and the network client via the first communications channel; polling for a response to the authentication request message from one of the token manager and the network client; receiving a credential from one of the token manager and the network client via the first communications channel; and transmitting an authorization signal to the relying party computer in response to the transaction request in accordance with a determination of validity of the credential and data originating from the hardware token, the authorization signal facilitating authentication of the network client to the relying party computer. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification