AUTHENTICATION OF A SERVER BY A CLIENT TO PREVENT FRAUDULENT USER INTERFACES

US 20100115594A1
Filed: 01/13/2010
Published: 05/06/2010
Est. Priority Date: 02/05/2003
Status: Active Grant

First Claim

Patent Images

1. A method of authentication between a client and a server including a shared secret, said client and server being coupled to a data communication network, the method comprising:

receiving, at the server, a request from the client for content, the request comprising configuration data associated with an authentication token, said client being accessed by a user at the client;

obtaining, from a memory area accessible to the server, the authentication token associated with the received configuration data in response to the received request; and

delivering the requested content to the client with the obtained authentication token as the shared secret, wherein the client authenticates the server with the authentication token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protecting a user against web spoofing in which the user confirms the authenticity of a web page prior to submitting sensitive information such as user credentials (e.g., a login name and password) via the web page. The web page provides the user with an identifiable piece of information representing a shared secret between the user and the server. The user confirms the correctness of the shared secret to ensure the legitimacy of the web page prior to disclosing any sensitive information via the web page.

79 Citations

View as Search Results

20 Claims

1. A method of authentication between a client and a server including a shared secret, said client and server being coupled to a data communication network, the method comprising:
- receiving, at the server, a request from the client for content, the request comprising configuration data associated with an authentication token, said client being accessed by a user at the client;
  
  obtaining, from a memory area accessible to the server, the authentication token associated with the received configuration data in response to the received request; and
  
  delivering the requested content to the client with the obtained authentication token as the shared secret, wherein the client authenticates the server with the authentication token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising receiving a credential from the client via the delivered content.
  - 3. The method of claim 2, wherein received credential comprises one or more of the following:
    - a login name, a password, and an electronic mail address.
  - 4. The method of claim 1, wherein the content comprises a login interface or a web form or both.
  - 5. The method of claim 1, wherein obtaining the authentication token comprises indexing into a database storing the authentication token via the received configuration data.
  - 6. The method of claim 1, wherein the configuration data comprises a user identifier or a filename identifying the authentication token or both.
  - 7. The method of claim 1, wherein delivering the requested content comprises delivering the requested content as a hypertext markup language (HTML) document to the client with the obtained authentication token as the shared secret only if the document is unframed by the client.
  - 8. The method of claim 1, further comprising modifying the requested content to include the obtained authentication token.
  - 9. The method of claim 1, wherein the obtained authentication token comprises two images, and wherein delivering the requested content comprises delivering a web page with the requested content to the client, the web page including the two images as the shared secret.
  - 10. The method of claim 1, wherein the authentication token is stored in a file conforming to a predetermined data size.
  - 11. The method of claim 1, wherein the authentication token is stored in a file, and further comprising padding the file to a predetermined data size prior to delivering the requested content to the client with the authentication token as the shared secret.
  - 12. The method of claim 1, wherein the authentication token is stored in a file, and further comprising compressing the file to a predetermined data size prior to delivering the requested content to the client with the authentication token as the shared secret.
  - 13. The method of claim 1, wherein one or more computer readable storage media have computer-executable instructions stored thereon for performing the method recited in claim 1.
  - 14. The method of claim 1, wherein the client includes a computer system having a client display and a user interface selection device, wherein receiving comprises receiving the request for content from the client via the user interface selection device, and wherein delivering comprises delivering the user interface to the client for display on the client display.
  - 15. The method of claim 14, further comprising receiving a credential from the client, the credential being submitted by the user accessing the client from the delivered user interface via the user interface selection device.
  - 16. The method of claim 14, wherein prior to receiving the request for content, further comprising:
    - delivering a plurality of tokens to the client for rendering on the client display, wherein the user accesses the client to select the authentication token as the shared secret from the delivered plurality of tokens via the user interface selection device;
      
      receiving an execution signal from the client via the user interface selection device, the received execution signal comprising a notification from the client of the selected authentication token; and
      
      delivering, to the client for storage, the configuration data identifying the selected authentication token.

17. One or more computer-readable storage media having computer-executable components stored thereon for authentication between a client and a server including a shared secret, said client and server being coupled to a data communication network, the components comprising:
- a network component for receiving, at the server via the data communication network, a request from the client for content, the request comprising configuration data associated with an authentication token, and the client being accessed by a user at the client;
  
  a shared secret component for obtaining, from a memory area accessible to the server, the authentication token associated with the received configuration data in response to the request received by the network component; and
  
  a user interface component for delivering the requested content to the client with the authentication token as the shared secret obtained by the shared secret component, wherein the client authenticates the server with the authentication token.
- View Dependent Claims (18)
- - 18. The computer-readable storage media of claim 17, further comprising a selection component for:
    - receiving, at the server, a request from the client to establish the shared secret;
      
      provisioning the authentication token as the shared secret to the client in response to the received request; and
      
      delivering, to the client for storage, the configuration data identifying the provisioned authentication token.

19. A system for authentication between a client and a server including a shared secret, said client and server being coupled to a data communication network, the system comprising:
- a database accessible to the server, said database storing a record having a first field storing configuration data and a second field identifying an authentication token associated with the configuration data stored in the first field; and
  
  a processor associated with the server, said processor executing computer-executable instructions to perform;
  
  receiving, at the server, a request from the client for content, the request comprising the configuration data, and the client being accessed by a user at the client;
  
  obtaining, from the database, the authentication token associated with the received configuration data in response to the received request; and
  
  delivering the requested content to the client with the obtained authentication token as the shared secret, the requested content including a field for receiving a credential from the client after the client authenticates the server with the authentication token.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the record stores a user identifier in the first field and a filename for each of two images in the second field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Paya, Ismail Cem, Chow, Trevin, Peterson, Christopher N.

Granted Patent

US 8,776,199 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0869   for achieving mutual authen...

H04L 63/1483   service impersonation, e.g....

H04L 9/0844   with user authentication or...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

H04N 21/2265   Server identification by a ...

H04N 21/25816   involving client authentica...

H04N 21/25875   involving end-user authenti...

AUTHENTICATION OF A SERVER BY A CLIENT TO PREVENT FRAUDULENT USER INTERFACES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

AUTHENTICATION OF A SERVER BY A CLIENT TO PREVENT FRAUDULENT USER INTERFACES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others