Methods and apparatus for enabling secure network-based transactions

摘要

A security process involves log-in and data exchange between a server and a user operating a computerized appliance. The process requires a user-specific token, independent verification of the server execution within a programmed time window. A hash created at the client side is reproduced at the server side from separate data and compared to the client hash. Too much time or incorrect hash denies access.

主权项

1. An access security process, comprising:
opening a connection to an interactive web site executing on a processor of an Internet-connected server by a client computerized appliance asserting a URL in a web browser; displaying a log-in mechanism to the client computerized appliance by the interactive web site, enabling a user operating the client computerized appliance to enter log-in information; in response to a successful log-in, sending to the client computerized device, data including a time stamp of the time of the log-in, and a page location of an applet to be run by the client computerized appliance to continue the security process; through executing the applet on the client computerized device, determining the domain of the server by querying the page that includes the applet, and searching data storage devices coupled to the client computerized device for an encrypted token compatible with the security process; on finding the token, rendering a virtual keypad on a display of the client computerized appliance, enabling the user to enter a PIN known to the user for decrypting the encrypted token; if the PIN does not successfully decrypt the token, suspending the security process; in the event the PIN successfully decrypts the token, salting the decrypted token value with the time stamp and the domain by adding the domain on one end of the token string and the time stamp on the other end, and hashing the result by a specific hash function; sending the hash value of the decrypted, salted token value to the interactive web page at the server; invoking a dll at the server, retrieving a token stored at the server, salting that token with the domain of the server and the original time stamp sent to the client computerized appliance, and hashing the result by the specific hash function; comparing the hash value received from the client computerized appliance with the hash value generated by the dll at the server, and determining passage of time from the time of the original time stamp to present time; if the passage of time is greater than a preprogrammed time, or if the hash values do not match, denying access by the user at the server; and if the passage of time is within the time window and the hash values do match, granting access to the user at the server.