Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website
Abstract
This invention discloses a system and methods for defeating a so-called man-in-the-middle (MITM) attack. An electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to a first network website, is generated by said first network website and that electronic instruction is assigned a unique onetime identification token. Said electronic instruction with said unique onetime identification token is transmitted by said first network website to said local/mobile computing device. Said unique onetime identification token is also maintained in a database of unique onetime identification tokens resident on said first network website. In addition, said unique onetime identification token is sent to a secondary network website, where it is also stored in a database of unique onetime identification tokens. Said unique onetime identification token may also contain a time expiration value which defines the validity period for said unique transaction identifier.
Claims
exact text as granted — not AI-modifiedWe claim the following:
1 . A method for defeating a man in the middle attack against network servers on a network whereby a first software program executing on a first network server website sends a unique onetime identification token to a secondary network server for inclusion in a database of authorized unique control identifiers, said unique onetime identification token includes a time expiration value, defining a time period during which said unique onetime identification token is considered valid for matching with an identical unique onetime identification token received by said secondary network server from a user's computing device, comprising the method steps of:
a. said secondary network server receives said unique onetime identification token and logs said time expiration value from said first network server website and places said unique onetime identification token received from said first network server website into its database of authorized unique onetime identification tokens; b. said secondary network server only considers said unique onetime identification token to be valid in said database of authorized unique onetime identification tokens during a period of time defined by said time expiration value; c. said secondary network server applies said time expiration value to said unique onetime identification token beginning when said unique onetime identification token is placed into said database of said authorized unique onetime identification tokens; d. said unique onetime identification token is only considered valid and available for matching for the time period beginning with insertion of said unique onetime identification token into said database of authorized unique onetime identification tokens and its validity expires upon reaching said time expiration value defined as starting with its insertion into said database of authorized unique onetime identification tokens, plus the time expiration value assigned by said first network server website; e. said unique onetime identification token that has an expired time expiration value is marked as used and cannot be matched to incoming said unique onetime identification tokens received from said users computing devices.
2 . The method of claim 1 where said unique onetime identification token and a time expiration value is sent to said secondary network server and said unique onetime identification token without said time expiration value is sent to said user's computing device, said user's computing device sends said unique onetime identification token along with a set of specified distinctive identifiers to said secondary network server.
3 . The method of claim 2 where said secondary network server receives said unique onetime identification token along with a set of specified distinctive identifiers from said user's computing device and said secondary network server attempts to match said received unique onetime identification token against an identical unique onetime identification token in said database of authorized unique onetime identification tokens and if said received unique onetime identification token is not matched against any unique onetime identification token in said database of authorized unique onetime identification tokens, said secondary network server shall not attempt to match said received set of specified distinctive identifiers from said user's computing device against a database with a plurality of a sets of specified distinctive identifiers.
4 . The method of claim 3 where said received unique onetime identification token is matched against a said unique onetime identification token in said database of authorized unique onetime identification tokens, said secondary network server shall attempt to match said received set of specified distinctive identifiers from said user's computing device against a database with a plurality of a set of specified distinctive identifiers and if said matching is successful, said secondary network server shall notify said first network server website that said matching of said received set of specified distinctive identifiers was successful, and if said matching is not successful, said secondary network server shall notify said first network server website that said matching of said received set of specified distinctive identifiers was not successful.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.