AUTHENTICATION OF A SERVER BY A CLIENT TO PREVENT FRAUDULENT USER INTERFACES
First Claim
1. A method of authentication between a client and a server including a shared secret, said client and server being coupled to a data communication network, the method comprising:
- receiving, at the server, a request from the client for content, the request comprising configuration data associated with an authentication token, said client being accessed by a user at the client;
obtaining, from a memory area accessible to the server, the authentication token associated with the received configuration data in response to the received request; and
delivering the requested content to the client with the obtained authentication token as the shared secret, wherein the client authenticates the server with the authentication token.
1 Assignment
0 Petitions
Accused Products
Abstract
Protecting a user against web spoofing in which the user confirms the authenticity of a web page prior to submitting sensitive information such as user credentials (e.g., a login name and password) via the web page. The web page provides the user with an identifiable piece of information representing a shared secret between the user and the server. The user confirms the correctness of the shared secret to ensure the legitimacy of the web page prior to disclosing any sensitive information via the web page.
79 Citations
20 Claims
-
1. A method of authentication between a client and a server including a shared secret, said client and server being coupled to a data communication network, the method comprising:
-
receiving, at the server, a request from the client for content, the request comprising configuration data associated with an authentication token, said client being accessed by a user at the client; obtaining, from a memory area accessible to the server, the authentication token associated with the received configuration data in response to the received request; and delivering the requested content to the client with the obtained authentication token as the shared secret, wherein the client authenticates the server with the authentication token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more computer-readable storage media having computer-executable components stored thereon for authentication between a client and a server including a shared secret, said client and server being coupled to a data communication network, the components comprising:
-
a network component for receiving, at the server via the data communication network, a request from the client for content, the request comprising configuration data associated with an authentication token, and the client being accessed by a user at the client; a shared secret component for obtaining, from a memory area accessible to the server, the authentication token associated with the received configuration data in response to the request received by the network component; and a user interface component for delivering the requested content to the client with the authentication token as the shared secret obtained by the shared secret component, wherein the client authenticates the server with the authentication token. - View Dependent Claims (18)
-
-
19. A system for authentication between a client and a server including a shared secret, said client and server being coupled to a data communication network, the system comprising:
-
a database accessible to the server, said database storing a record having a first field storing configuration data and a second field identifying an authentication token associated with the configuration data stored in the first field; and a processor associated with the server, said processor executing computer-executable instructions to perform; receiving, at the server, a request from the client for content, the request comprising the configuration data, and the client being accessed by a user at the client; obtaining, from the database, the authentication token associated with the received configuration data in response to the received request; and delivering the requested content to the client with the obtained authentication token as the shared secret, the requested content including a field for receiving a credential from the client after the client authenticates the server with the authentication token. - View Dependent Claims (20)
-
Specification