Method and system for secure authentication of a user by a host system

Assignee

• Citibank Development Center, Inc. · US

Inventors

• Michael Grandcolas · Santa Monica, US
• Marc Guzman · West Hollywood, US
• Thomas Yee · San Fernando, US
• Dilip Parekh · Los Angeles, US
• Yongqiang CHEN · Beijing, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/56
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which during a log on process, an encryption applet and the public key of a public/private key pair of a banking application server, the private key for which is known by a hardware security module (HSM) of the banking application, are downloaded by a user's browser. The applet contains code for generating a DES key and performing DES and PKI encryption. A user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of the application server by the applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server.