Secure authentication and authorization for transaction processing
US7487360B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 26, 2003 |
| Grant date | Feb 3, 2009 |
| Priority date | — |
| Expiry date | Jul 13, 2026 |
Classification
- Technology area (CPC Y)Emerging Cross-Sectional Technologies
- CPC primaryY10S707/99931
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and apparatus for authenticating and authorizing online transactions. An authentication cookie is transmitted to a client system. The authentication cookie includes a user encryption key and an encrypted buffer that contains user identification data and a profile code. Subsequent requests for the particular service use the authentication cookie to generate a query that includes the encrypted buffer and user identification data entered by the user. Portions of the query are encrypted using the user encryption key. Queries received at each authentication and authorization server are authenticated by reconstructing the user encryption key using information transmitted in the clear and decrypting the query using both the reconstructed user encryption key and the secret key. The user identification data entered by the user is then compared with the user identification data in the encrypted buffer for further authentication. The profile code is analyzed for determining authorization. If the query is authenticated and authorized, the authentication and authorization server forwards the request to a server that provides the desired service.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.