US2021295327A1PendingUtilityA1

Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website

69
Assignee: STREUTER GARY WILLIAMPriority: Nov 17, 2010Filed: Jun 10, 2021Published: Sep 23, 2021
Est. expiryNov 17, 2030(~4.3 yrs left)· nominal 20-yr term from priority
G06Q 20/40G06Q 20/382G06Q 20/02H04L 63/0861G06Q 20/1085G06Q 20/308G06Q 20/409G06Q 20/4097H04L 63/083H04L 63/102G06Q 20/40145H04L 2463/082
69
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

This invention discloses a system and methods for defeating a so-called man-in-the-middle (MITM) attack. An electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to a first network website, is generated by said first network website and that electronic instruction is assigned a unique onetime identification token. Said electronic instruction with said unique onetime identification token is transmitted by said first network website to said local/mobile computing device. Said unique onetime identification token is also maintained in a database of unique onetime identification tokens resident on said first network website. In addition, said unique onetime identification token is sent to a secondary network website, where it is also stored in a database of unique onetime identification tokens. Said unique onetime identification token may also contain a time expiration value which defines the validity period for said unique transaction identifier.

Claims

exact text as granted — not AI-modified
We claim the following: 
     
         1 . A method for defeating a man in the middle attack against network servers on a network whereby a first software program executing on a first network server website sends a unique onetime identification token to a secondary network server for inclusion in a database of authorized unique control identifiers, said unique onetime identification token includes a time expiration value, defining a time period during which said unique onetime identification token is considered valid for matching with an identical unique onetime identification token received by said secondary network server from a user's computing device, comprising the method steps of:
 a. said secondary network server receives said unique onetime identification token and logs said time expiration value from said first network server website and places said unique onetime identification token received from said first network server website into its database of authorized unique onetime identification tokens;   b. said secondary network server only considers said unique onetime identification token to be valid in said database of authorized unique onetime identification tokens during a period of time defined by said time expiration value;   c. said secondary network server applies said time expiration value to said unique onetime identification token beginning when said unique onetime identification token is placed into said database of said authorized unique onetime identification tokens;   d. said unique onetime identification token is only considered valid and available for matching for the time period beginning with insertion of said unique onetime identification token into said database of authorized unique onetime identification tokens and its validity expires upon reaching said time expiration value defined as starting with its insertion into said database of authorized unique onetime identification tokens, plus the time expiration value assigned by said first network server website;   e. said unique onetime identification token that has an expired time expiration value is marked as used and cannot be matched to incoming said unique onetime identification tokens received from said users computing devices.   
     
     
         2 . The method of  claim 1  where said unique onetime identification token and a time expiration value is sent to said secondary network server and said unique onetime identification token without said time expiration value is sent to said user's computing device, said user's computing device sends said unique onetime identification token along with a set of specified distinctive identifiers to said secondary network server. 
     
     
         3 . The method of  claim 2  where said secondary network server receives said unique onetime identification token along with a set of specified distinctive identifiers from said user's computing device and said secondary network server attempts to match said received unique onetime identification token against an identical unique onetime identification token in said database of authorized unique onetime identification tokens and if said received unique onetime identification token is not matched against any unique onetime identification token in said database of authorized unique onetime identification tokens, said secondary network server shall not attempt to match said received set of specified distinctive identifiers from said user's computing device against a database with a plurality of a sets of specified distinctive identifiers. 
     
     
         4 . The method of  claim 3  where said received unique onetime identification token is matched against a said unique onetime identification token in said database of authorized unique onetime identification tokens, said secondary network server shall attempt to match said received set of specified distinctive identifiers from said user's computing device against a database with a plurality of a set of specified distinctive identifiers and if said matching is successful, said secondary network server shall notify said first network server website that said matching of said received set of specified distinctive identifiers was successful, and if said matching is not successful, said secondary network server shall notify said first network server website that said matching of said received set of specified distinctive identifiers was not successful.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.