Method and apparatus for generating queries for secure authentication and authorization of transactions
US6836845B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 30, 2000 |
| Grant date | Dec 28, 2004 |
| Priority date | — |
| Expiry date | Nov 19, 2022 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/80
- WIPO fieldIT methods for management
- WIPO sectorElectrical engineering
Abstract
A method and apparatus for authenticating and authorizing online transactions. An authentication cookie is transmitted to a client system. The authentication cookie includes a user encryption key and an encrypted buffer that contains user identification data and a profile code. Subsequent requests for the particular service use the authentication cookie to generate a query that includes the encrypted buffer and user identification data entered by the user. Portions of the query are encrypted using the user encryption key. Queries received at each authentication and authorization server are authenticated by reconstructing the user encryption key using information transmitted in the clear and decrypting the query using both the reconstructed user encryption key and the secret key. The user identification data entered by the user is then compared with the user identification data in the encrypted buffer for further authentication. The profile code is analyzed for determining authorization. If the query is authenticated and authorized, the authentication and authorization server forwards the request to a server that provides the desired service.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.