Secure registration
First Claim
1. A method of secure communication between first and second network servers on a data communication network, said method comprising:
- receiving a request from a user of a client computer for a selected service to be provided by the second network server, said request being received at the second network server via a browser of the client computer, said client computer and said second network server being coupled to the data communication network;
initiating a transaction between the second network server and the first network server in response to the request, said first network server also being coupled to the data communication network;
said second network server;
defining a data structure associated with the transaction;
generating a digital signature of the data structure;
adding the digital signature to the data structure;
generating an index associated with the transaction, wherein the index corresponds to a value generated as a function of data associated with the transaction, the first network server, and the second network server, said value being unique to the transaction and to the first network server and to the second network server;
adding the index to the data structure; and
directing the client computer from the second network server to the first network server with the data structure and the added digital signature, wherein the first network server stores one or more indices from previous transactions in a memory area, and wherein the first network server compares the index in the data structure received from the client computer against the stored indices to prevent a replay attack.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure site-to-site transactional communication between at least two network servers coupled to a data communication network, including secure registration by an authentication server associated with a multi-site user authentication system. A network server receives a request via a browser f of a client computer. In response, the network server initiates a transaction with the authentication server and defines a data structure, such as a query string, associated with the transaction. The network server also generates a digital signature of the data structure and then adds it to the data structure before directing the client computer from the network server to the authentication server with the data structure and the added digital signature. The network server also adds an index to the data structure. The index is associated with the transaction and unique, per transaction, to the network server initiating the transaction.
125 Citations
41 Claims
-
1. A method of secure communication between first and second network servers on a data communication network, said method comprising:
-
receiving a request from a user of a client computer for a selected service to be provided by the second network server, said request being received at the second network server via a browser of the client computer, said client computer and said second network server being coupled to the data communication network; initiating a transaction between the second network server and the first network server in response to the request, said first network server also being coupled to the data communication network; said second network server; defining a data structure associated with the transaction; generating a digital signature of the data structure; adding the digital signature to the data structure; generating an index associated with the transaction, wherein the index corresponds to a value generated as a function of data associated with the transaction, the first network server, and the second network server, said value being unique to the transaction and to the first network server and to the second network server; adding the index to the data structure; and directing the client computer from the second network server to the first network server with the data structure and the added digital signature, wherein the first network server stores one or more indices from previous transactions in a memory area, and wherein the first network server compares the index in the data structure received from the client computer against the stored indices to prevent a replay attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
- 16. A system of secure communication between first and second network servers coupled to a data communication network, said system comprising the second network server, said second network server receiving and responsive to a request from a user of a client computer to provide a selected service, said second network server receiving the request via a browser of the client computer, said second network server initiating a transaction with said first network server in response to the request and defining a data structure associated with the transaction, said second network server further generating a digital signature of the data structure and generating an index associated with the transaction, wherein the index corresponds to a value generated as a function of data associated with the transaction the first network server and the second network server, said value being unique to the transaction and to the first network server and to the second network server, said second network server further adding the digital signature and the index to the data structure whereby the client computer is directed from the second network server to the first network server with the data structure and the added digital signature, wherein the first network server stores one or more indices from previous transactions in a memory area for comparison with the index from the data structure received from the client computer to prevent a replay attack.
-
26. A method of secure registration by an authentication server associated with a multi-site user authentication system, said method comprising:
-
receiving a request from a user of a client computer for access to a network server, said request being received at the network server via a browser of the client computer, said client computer, network server, and authentication server being coupled to a data communication network; said network server; initiating a registration transaction between the network server and the authentication server in response to the request for registering the user of the client computer for access to the network server; defining a query string associated with the registration transaction; generating a digital signature of the query string; adding the digital signature to the query string as a query string parameter; generating an index associated with the transaction, wherein the index corresponds to a value generated as a function of data associated with the transaction, the first network server, and the second network server, said value being unique to the transaction and to the authentication server and to the network server; adding the index to the data structure; and directing the client computer from the network server to the authentication server with the query string and the added digital signature, wherein the authentication server stores one or more indices from previous registration transactions in a memory area, and wherein the authentication server compares the index from the data structure received from the client computer against the stored indices to prevent a replay attack. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. One or more computer storage media having stored thereon a data structure comprising:
-
a first data field containing data representing a query string, said query string being associated with a transaction between at least two network servers and a client computer coupled to a data communication network; a second data field containing data representing a first query string parameter added to the query string, said first query string parameter comprising a digital signature of the query string; and a third data field containing data representing a second query string parameter added to the query string, said second query string parameter comprising an index associated with the transaction, wherein the index corresponds to a value generated as a function of data associated with both of the network servers and with the transaction, wherein the value is unique to both of the network servers and to the transaction, wherein one of the network servers directs a client computer from said one of the network servers to the other network server with the data structure, wherein said other network server stores one or more indices from previous transactions in a memory area, and wherein said other network server compares the index from the third field in the data structure against the stored indices to prevent a replay attack. - View Dependent Claims (37, 38, 39, 40, 41)
-
Specification