System and method for anti-phishing authentication
First Claim
1. A method for providing security against phishing attacks, the method comprising:
- providing encrypted commitment information to a client;
receiving a dynamic credential from the client, in response to the encrypted commitment information provided;
determining when the dynamic credential is valid based on the received dynamic credential;
sending a commitment key for the encrypted commitment information to the client, when the determination indicates that the dynamic credential is a valid dynamic credential;
receiving a static credential from the client in response to the sent commitment key; and
authenticating the client based on the dynamic credential and the static credential.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.
651 Citations
19 Claims
-
1. A method for providing security against phishing attacks, the method comprising:
-
providing encrypted commitment information to a client; receiving a dynamic credential from the client, in response to the encrypted commitment information provided; determining when the dynamic credential is valid based on the received dynamic credential; sending a commitment key for the encrypted commitment information to the client, when the determination indicates that the dynamic credential is a valid dynamic credential; receiving a static credential from the client in response to the sent commitment key; and authenticating the client based on the dynamic credential and the static credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for providing security against phishing attacks, comprising one or more client devices or server devices, the system comprising a memory, the memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
-
provide encrypted commitment information to a client; receive, a dynamic credential from the client, in response to the encrypted commitment information provided; determine when the dynamic credential is valid based on the received dynamic credential; send a commitment key for the encrypted commitment information to the client when the determination indicates that the dynamic credential is a valid dynamic credential; receive, a static credential from the client in response to the sent commitment key; and authenticate the client based on the dynamic credential and the static credential. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable storage medium having stored thereon instructions for providing security against phishing attacks, comprising executable code which when executed by one or more processors, cause the one or more processors to:
-
provide encrypted commitment information to a client; receive a dynamic credential from the client, in response to the encrypted commitment information provided; determine when the dynamic credential is valid based on the received dynamic credential; send a commitment key for the encrypted commitment information to the client when the determination indicates that the dynamic credential is a valid dynamic credential; receive a static credential from the client in response to the sent commitment key; and authenticate the client based on the dynamic credential and the static credential.
-
Specification