| 摘要 |
Systems, methods, and computer program products are provided for secure authentication of third-parties accessing a network system (e.g., a website or the like) through an intermediary entity (i.e., a trusted caller). A session token having a predetermined time-out period (i.e., an expiration time) is implemented in conjunction with a rotating key that is generated for each request and response pair associated with each call/interaction between the third-party entity and the network system. In this regard, the third-party entity must authenticate themselves each time they interact (i.e., call-in) into the network system by presenting the assigned session token and rotating key communicated in response to the previous interaction. As such hijacking of the third-party's network session with the network system is prevented by implementing tokens that expire, in unison with, encrypted rotating keys that are valid only until the next third-party call-in/interaction with the network entity.
|
