A computer-implemented method of improving security in authentication / authorization systems and their software products

摘要

A computer implemented method to improve security in authentication / authorization systems, where a second server (200), in connection with a user's computing device (100), through a second specialized program (102) installed in said computing device is used to manage a status of the accounts that the user (100) has on a first server (300) and a status of the operations defined for a particular account, said account status and said operating status being configured, whenever the user (100) wants, as valid or invalid by the user (100) through the second specialized program (102) and stored in a memory of the second server (200), and said statement of account and said statement of operation by the user (100) once a pairing process with the second server (200) has been completed, said pairing process ensuring the privacy of the user (100), buy The method being: - receiving, by said first server (300), from the user (100) through a first specialized program (101) that includes a browser, a request to log into a service of said first server (300) , said request including the provision of identification information that validates the identity of the user (100) on the first server (300); - authenticating, by said first server (300), said user identification information (100) to authorize said service login request; - request, by the user (100) through the first specialized program (101), once the first server (300) authenticates the service login request, to perform an operation on the first server (300) associated with the requested service; - receiving, by the second server (200), from the first server (300), a request about an operation status associated with what said user (100) has established about said requested operation to help the first server (300) to authorize or reject the requested operation; - verify, by the second server (200), said state of operation previously established by the user (100) for said requested operation; and - in response to said operating state established as valid by the user (100), in addition, performing either an additional authentication factor mechanism, either by the second server (200) or by the first server (300), to strengthen the authorization of said requested operation, wherein said additional authentication factor mechanism includes performing a public / private key encryption process to demonstrate that the user (100) that requires the operation has the private key of a digital certificate or the use of a public / private key to generate a digital signature of an authentication token to show that the user (100) requiring the operation has the private key of a digital certificate.