Method and System for Authentication
First Claim
1. A method for authentication carried out at a service provider, comprising:
- starting a session with a client;
receiving a challenge from the client;
responding to the challenge with a response; and
sending a key to the client in non-OCR (optical character recognition) format, wherein the key is used for the session between the client and the service provider.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for authentication are provided for verifying a service provider and providing a secure session. The method carried out at the service provider (402) includes: starting (403) a session with a client (401); receiving a challenge (405) from the client (401); responding to the challenge with a response (408); and sending a key (408) to the client (401) in non-OCR format, wherein the key is used for the session between the client (401) and the service provider (402). The response to the challenge is known only to the client (401) and the service provider (402). The key is used by the client (401) to encrypt (412) all the communications with the service provider (402) in the session. The response and the key may be sent to an alternative channel previously supplied by the client (401).
-
Citations
28 Claims
-
1. A method for authentication carried out at a service provider, comprising:
-
starting a session with a client; receiving a challenge from the client; responding to the challenge with a response; and sending a key to the client in non-OCR (optical character recognition) format, wherein the key is used for the session between the client and the service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for authentication carried out at a service provider, comprising:
-
starting a session with a client; receiving a challenge from the client; and responding to the challenge with a response to an alternative communication channel previously supplied by the client.
-
-
14. A method for authentication carried out at a service provider, comprising:
-
starting a session with a client; receiving a challenge from the client; responding to the challenge with a response; and sending an alternative address for the service provider to the client. - View Dependent Claims (15, 16)
-
-
17. A computer program product stored on a computer readable storage medium for, comprising computer readable program code means for performing the steps of:
-
starting a session with a client; receiving a challenge from the client; responding to the challenge with a response; and sending a key to the client in non-OCR format, wherein the key is used for the session between the client and the service provider.
-
-
18. A system for authentication including a server comprising:
-
a receiving means for initiating a client session; a response generating mechanism; a key generator for a session key; a non-OCR formatter for formatting the key; a transmitting means for transmitting the response and the key to a client. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification