| CPC H04L 63/0428 (2013.01) [H04L 9/3213 (2013.01); H04L 63/0815 (2013.01); H04L 63/10 (2013.01)] | 17 Claims |
|
1. A method for securing confidential data used in accessing online resources, comprising:
authenticating, by communication between a client device and an identity provider (IDP) via a communication network, a user account for use by a client application of the client device based upon user credentials associated with the user account by:
sending, from a user agent running on the client device, the user credentials to the IDP;
receiving, at the user agent, an encrypted message containing an authorization code from the IDP; and
providing, by the user agent, the authorization code to the client application;
sending, from the client application to the IDP, a token request message including the authorization code to indicate authentication of the user account;
receiving, at the client application from the IDP, an encrypted access token having a payload including a user identifier that is encrypted as part of the encrypted access token;
sending, from the client application to a resource server via the communication network, a resource request including the encrypted access token; and
receiving, at the client application from the resource server, a resource request response based upon the encrypted access token.
|