As increasingly more sensitive transactions move on-line, securing the transactions and preventing identify theft becomes an increasing concern. Traditional security measures of usernames and passwords are at times not enough to secure a site. Even when websites attempt to secure a website or application, they may not have the know-how or the resources to properly secure the website and the sensitive transaction. Furthermore, computer security is an ever-evolving battle and websites and application developers may not be able to keep up-to date with the latest security measures to provide an adequate account security.
Currently available secondary authentication services fail to address all of these concerns. In order to integrate outside authentication services into various web and remote access products, most services require “backend” integration. In other words, the customer resource (e.g., VPN device) is configured to speak one of its native authentication protocols (e.g., RADIUS, LDAP, AD, etc) to a backend authentication service. Since the customer is usually intending to augment their existing authentication without any frontend customization (e.g., username and passwords validating against a LDAP server), wedging in an additional authentication stage is often difficult. Thus, there is a need in the digital user verification field to create a new and useful method for verifying embeddable authentication.
In solving the aforementioned problems, one method of the preferred embodiment can include initiating an authentication session at a host server; delivering a transaction token from the host server to a host website comprising an embeddable interface; receiving a signed authentication token at the host server from the embeddable interface, wherein the signed authentication token is authenticated by an authentication server in response to a user challenge delivered by the authentication server to the embeddable interface. The first method of the preferred embodiment can also include verifying the signed authentication token at the host server.
A second method of the preferred embodiment can include receiving at an authentication server a transaction token from a host website, the host website including an embeddable interface and prompting a user challenge by the authentication server at the embeddable interface. The second method of the preferred embodiment can also include in response to a successful user challenge, creating a signed authentication token and transmitting the signed authentication token from the authentication server to the embeddable interface.
A third method of the preferred embodiment can include receiving at an authentication server an authentication session initialization request from an embeddable interface and prompting a user challenge by the authentication server at the embeddable interface. The third method of the preferred embodiment can also include in response to a successful user challenge, signing the transaction token by the authentication server to create a signed authentication token; and verifying the signed authentication between the authentication server and a VPN system. Additional features, aspects, and advantages of the methods of the preferred embodiment are described in detail below with reference to the following drawings.