Abstract: Financial institution back office computerized transaction-processing system with embedded privacy and security layer (EPSL) enables strong transaction authentication prior to a merchant or vendor contact, based on a user account number, transaction conditions like anticipated transaction time and money, user two-factor authentication with a static transaction PIN and a transaction session-specific random partial password or PIN recognition algorithm. User enters the user name and then, challenged by server with a random session-specific subset of a password or PIN character's consecutive position numbers, enters based on cognitive association a one time authentication response. The authentication session is interactive, transaction session-specific, and followed by either a transaction denial or an alphanumeric transaction signature generated by EPSL for this specific transaction. Then, the user submits her request to a transaction counterpart along with the transaction signature.

Abstract: An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol. The server encrypts a particular data random key by first veiling the particular data random key using a first conversion array seeded by a shared secret, and then encrypting the veiled particular data random key. The client decrypts and unveils the particular data random key using the shared secret, and returns a similarly veiled version of the particular data random key using a second conversion array seeded by a shared secret. Access to the shared secret indicates authenticity of the stations. The procedure may be repeated for a second shared secret for strong authentication, without allowing shared secrets to pass via untrusted media.

Abstract: An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol, so that key management becomes an essential part of the authentication protocol itself. The system provides a secure distribution of a secret session random key used in symmetric cryptography. Successful exchange of this encryption key allows for secure transit of the protocol data over communication lines in encrypted form, permitting explicit mutual authentication of the connected parties. The post-authentication stage of the communication session can use secure encryption for the data exchange, since each party has already obtained the secret session random key.

Abstract: An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol. The server provides ephemeral encryption keys in response to a request during a Session Random Key (SRK) initiation interval. SRK is provided for all sessions initiated in the SRK initiation interval. A set of ephemeral intermediate Data Random Keys (DRK) is associated with each request. A message carrying the SRK is sent to the requestor. A response from the requester includes a shared parameter encrypted using the SRK verifying receipt of the SRK. After verifying receipt of the SRK at the requester, at least one message is sent by the server carrying an encrypted version of one of said set of ephemeral intermediate DRK to be accepted as an encryption key for the session.