1. Field of the Invention
The present invention relates generally to an improved data processing system and, more specifically, to a computer-implemented method, a data processing system, and a computer program product for transaction authorization.
2. Description of the Related Art
A typical use case involves a user attached to a network, where the user opens a browser and authenticates to a system by providing a username and an associated password. The user, a customer of a financial service, then wants to transfer funds to an external account. The funds transfer operation is considered a sensitive operation since the money transfer will be sent beyond the bank's infrastructure. The bank has implemented a policy requiring the user to authenticate again in order to prove that the same user is still using the browser, before executing the sensitive transaction.
This authentication may use a different authentication mechanism or method than the one originally used to gain access to the system, such as biometric data in combination with the username and password. Each sensitive transaction requires the user to authenticate so the authentication event must be valid for only the single transaction being processed. Additional sensitive transactions will need to be individually authenticated at the time that the transactions are requested. Once the authentication is complete, without an intervening operation occurring in the meantime, the transaction can be authorized and processed by the application.
In this example, transaction authorization refers to the process of intercepting a transaction request, authenticating the user, and subsequently authorizing the transaction, all within a tamper-proof environment. For atomic transactions in a web environment, the fundamental requirements include that a single authentication event has been performed immediately prior to the authorization event, and ensuring that the transaction contents have not been modified after the authentication has been performed. Enforcing that the transaction contents have not been modified ensures that the final transaction processed is the transaction that has been authenticated.
A number of existing methods have been used to attempt to satisfy the transaction authorization requirement, including use of an application tier. Current solutions typically rely on the transaction authorization to be performed in the application tier itself. In this solution, a security service performs the initial authentication and course grained access control, but relies on the application itself to perform the operations required for transaction authorization. This method leads to authentication, authorization and audit implementations that are disjoint from the security service solution. In the case of post-event audit analysis, the reliance on the application approach makes retrospective analysis of transaction audit events more difficult.
In another example, a typical security service may authorize a request based on the resource being accessed, such as, “is this user permitted to access resource X?” This model is limited since there is no way to associate an exclusive authentication operation to a single request's lifecycle.
Current implementations also rely on re-authentication and step-up functions to implement the transaction authorization requirements. Re-authentication typically requires that the same authentication mechanism to be used during the re-authentication operation as was used during that user's original authentication. Step-up authentication requires a higher-level authentication mechanism be used, and the user's session then remains at the higher authentication level for the remainder of the session. In a hybrid model, the re-authentication and step-up authentication capabilities of the security service are leveraged to perform authentication. However, the application tier is responsible for implementing a method to maintain transaction integrity. The security service typically overloads re-authentication and step-up features, which have the restrictions noted previously. The hybrid model is also vulnerable to security exposures since there is no method for guaranteeing a single authentication operation is tied to a single transaction. Current implementations typically use timeout variables, and other information within cookies, to maintain state information across connections. However, it does not completely eliminate the chance of exploitation since the authentication operation is performed by another component. A solution that removes the deficiencies of the described approaches is required.