Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment
First Claim
1. A computer system comprising:
- (a) a web server associated with a first ip address;
(b) a server sub-system operatively connected to the web server and associated with a second ip address; and
(c) an identity provider sub-system operatively connected to the web server,wherein the identity provider sub-system is associated with the first ip address, andwherein the identity provider sub-system is configured to perform the following steps;
(1) receiving, at the identity provider sub-system via a secure transmission over a wireless network, from a user device associated with a user, an electronic login request comprising login credential data comprising an alphanumeric text sequence,wherein the electronic login request is received by the web server, andwherein the electronic login request is communicated from the user device to the identity provider sub-system via the web server;
(2) verifying, by the identity provider subsystem, that the login credential data is valid login credential data,wherein the login credential data is verified if the login credential data is valid login credential data;
(3) in the case where the login credential data is verified, generating, at the identity provider sub-system;
(A) a first payload comprising login credential verification information and a first session identifier; and
(B) a first digital signature of the identity provider sub-system comprising a first hash of the first payload, the first hash being encrypted using a first identity provider sub-system private key;
(4) transmitting, from the identity provider sub-system to the user device via the secure transmission over the wireless network, the first payload and the first digital signature,wherein the first payload and the first digital signature are communicated by the identity provider sub-system to the user device via the web server;
(5) receiving, from the user device via the secure transmission over the wireless network at the identity provider sub-system;
(A) a second payload comprising the first session identifier and a first one-time token generated by the user device using a shared secret seed; and
(B) a second digital signature of the user device comprising a second hash of the second payload,wherein the second payload and the second digital signature are communicated by the user device to the identity provider sub-system via the web server;
(6) verifying, by the identity provider sub-system, the second payload;
(7) in the case where the second payload is verified, authorizing, by the identity provider sub-system, the user device to communicate with the server sub-system associated with the second ip address via the identity provider sub-system; and
(8) transmitting, from the user device via the secure transmission over the wireless network to the server sub-system, a third payload, and a third digital signature,wherein the third payload and third digital signature are communicated by the user device to the server sub-system via the identity provider sub-system and the web server.
2 Assignments
0 Petitions
Accused Products
Abstract
Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.
411 Citations
11 Claims
-
1. A computer system comprising:
-
(a) a web server associated with a first ip address; (b) a server sub-system operatively connected to the web server and associated with a second ip address; and (c) an identity provider sub-system operatively connected to the web server, wherein the identity provider sub-system is associated with the first ip address, and wherein the identity provider sub-system is configured to perform the following steps; (1) receiving, at the identity provider sub-system via a secure transmission over a wireless network, from a user device associated with a user, an electronic login request comprising login credential data comprising an alphanumeric text sequence, wherein the electronic login request is received by the web server, and wherein the electronic login request is communicated from the user device to the identity provider sub-system via the web server; (2) verifying, by the identity provider subsystem, that the login credential data is valid login credential data, wherein the login credential data is verified if the login credential data is valid login credential data; (3) in the case where the login credential data is verified, generating, at the identity provider sub-system; (A) a first payload comprising login credential verification information and a first session identifier; and (B) a first digital signature of the identity provider sub-system comprising a first hash of the first payload, the first hash being encrypted using a first identity provider sub-system private key; (4) transmitting, from the identity provider sub-system to the user device via the secure transmission over the wireless network, the first payload and the first digital signature, wherein the first payload and the first digital signature are communicated by the identity provider sub-system to the user device via the web server; (5) receiving, from the user device via the secure transmission over the wireless network at the identity provider sub-system; (A) a second payload comprising the first session identifier and a first one-time token generated by the user device using a shared secret seed; and (B) a second digital signature of the user device comprising a second hash of the second payload, wherein the second payload and the second digital signature are communicated by the user device to the identity provider sub-system via the web server; (6) verifying, by the identity provider sub-system, the second payload; (7) in the case where the second payload is verified, authorizing, by the identity provider sub-system, the user device to communicate with the server sub-system associated with the second ip address via the identity provider sub-system; and (8) transmitting, from the user device via the secure transmission over the wireless network to the server sub-system, a third payload, and a third digital signature, wherein the third payload and third digital signature are communicated by the user device to the server sub-system via the identity provider sub-system and the web server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification