Method and apparatus for authentication of users and web sites

US 7,100,049 B2
Filed: 05/09/2003
Issued: 08/29/2006
Est. Priority Date: 05/10/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method of providing and authenticating a web page, comprising:

at least as part of a registration process performed at least in part to identify customization information for a user to allow the user to perceptively authenticate at least the web page;

identifying the customization information by at least one selected from;

allowing a user to provide the customization information;

allowing the user to select the customization information from a set comprising the customization information and other information; and

providing the customization information to the user; and

associating with a user identifier the customization information identified;

providing the user identifier in a cookie;

encrypting the cookie;

storing the cookie on a computer system operated by the user;

responsive to a request for the web page, reading the cookie stored;

providing the web page requested;

responsive to the cookie read, providing the customization information identified, via at least one selected from;

a) a secure connection and;

b) a communication channel different from that used to provide the web page; and

authenticating the web page by comparing said customization information to the customization information identified.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method allows a user to authenticate a web site, a web site to authenticate a user, or both. When a user requests a web page from the web site, customization information that is recognizable to the user is provided to allow the user to authenticate the web site. A signed, encrypted cookie stored on the user'"'"'s system allows the web site to authenticate the user.

Citations

21 Claims

1. A method of providing and authenticating a web page, comprising:
- at least as part of a registration process performed at least in part to identify customization information for a user to allow the user to perceptively authenticate at least the web page;
  
  identifying the customization information by at least one selected from;
  
  allowing a user to provide the customization information;
  
  allowing the user to select the customization information from a set comprising the customization information and other information; and
  
  providing the customization information to the user; and
  
  associating with a user identifier the customization information identified;
  
  providing the user identifier in a cookie;
  
  encrypting the cookie;
  
  storing the cookie on a computer system operated by the user;
  
  responsive to a request for the web page, reading the cookie stored;
  
  providing the web page requested;
  
  responsive to the cookie read, providing the customization information identified, via at least one selected from;
  
  a) a secure connection and;
  
  b) a communication channel different from that used to provide the web page; and
  
  authenticating the web page by comparing said customization information to the customization information identified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 additionally comprising:
    - adding a signature of the cookie to the cookie prior to the storing step; and
      
      verifying the signature of the cookie read.
  - 3. The method of claim 1 wherein the customization information is provided as part of the web page.
  - 4. The method of claim 1 wherein the customization information is provided substantially concurrently with the web page but separately therefrom.
  - 5. The method of claim 1, wherein the providing the customization information step comprises providing to a database over a network, the user identifier from the cookie read.
  - 6. The method of claim 1:
    - additionally comprising the step of receiving an indicia of an authentication of the user; and
      
      wherein, the associating step is responsive to the receiving the indicia step.
  - 7. The method of claim 6 wherein the indicia comprises a system administrator password.
  - 8. The method of claim 1 wherein the customization information is received as part of the web page;
    - andthe web page and customization information are provided via a secure connection.
  - 9. The method of claim 1 wherein the customization information is identified via a secure connection.
  - 10. The method of claim 9 wherein the customization information is provided to a database operated by a party other than the party operating the web site.
  - 11. The method of claim 1 wherein the web page received comprises a form for entering confidential information.

12. A system for providing a web page in a manner that allows its authentication, comprising:
- a registration manager for, at least as part of a registration process performed at least in part to identify customization information for a user to allow the user to perceptively authenticate at least the web page,identifying the customization information by at least one selected from;
  
  allowing a user to provide the customization information;
  
  allowing the user to select the customization information from a set comprising the customization information and other information; and
  
  providing the customization information to the user,and for associating in a database coupled to a database output a user identifier with the customization information identified and for providing the user identifier at an output;
  
  a cookie builder having an input coupled to the registration manager output, the cookie builder for providing the user identifier in a cookie at an output;
  
  a cookie encryptor having an input coupled to the cookie builder output, the cookie encryptor for encrypting the cookie and providing the encrypted cookie at an output;
  
  a cookie storage having an input/output coupled to the cookie encryptor output, the cookie storage for storing the cookie on a computer system operated by the user;
  
  a web application having an input coupled for receiving a request for a web page, the web application for, responsive to the request for the web page, for reading the cookie stored via the web application input, for providing at least a portion of the web page at a first output, and providing at a second output the user identifier from the cookie read; and
  
  a customization information provider having an input coupled to the web application second output for receiving the user identifier, the customization information provider for retrieving at least a portion of the customization information from the database via an input/output coupled thereto, the customization information provider for, responsive to the web page requesting confidential information or providing information for which an indicia of authentication can be desired by the user, providing at an output the customization information identified, via at least one selected from;
  
  a) a secure connection and;
  
  b) a communication channel different from that used to provide the web page.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12 additionally comprising:
    - a cookie signer coupled between the cookie builder output and the cookie encryptor input, the cookie signer for adding a signature of the cookie to the cookie; and
      
      a user authenticator having an input for receiving the cookie from a verification output of the registration manager, the user authenticator for verifying the signature of the cookie and providing at an output an indication of authenticity responsive to at least a portion of the cookie and the signature of the cookie; and
      
      wherein the web application provides the web page responsive to the indication received at a web application authentication input coupled to the user authenticator output.
  - 14. The system of claim 12 wherein the customization information provider provides the customization information integrated as part of the web page.
  - 15. The system of claim 12 wherein the customization information provider provides the customization information substantially concurrently with the web page but separately therefrom.
  - 16. The system of claim 12, wherein the database is accessed on a network remote from the web application.

17. A computer program product comprising a computer useable medium having computer readable program code embodied therein for providing a web page in a manner that allows its authentication, the computer program product comprising computer readable program code devices configured to cause a computer to:
- at least as part of a registration process performed at least in part to identify customization information for a user to allow the user to perceptively authenticate at least the web page;
  
  identify the customization information by at least one selected from;
  
  allowing a user to provide the customization information;
  
  allowing the user to select the customization information from a set comprising the customization information and other information; and
  
  providing the customization information to the user; and
  
  associate with a user identifier customization information identified;
  
  provide the user identifier in a cookie;
  
  encrypt the cookie;
  
  store the cookie on a computer system operated by the user;
  
  responsive to a request for the web page, read the cookie stored;
  
  provide the web page requested;
  
  responsive to the cookie read, provide the customization information identified via at least one selected from;
  
  a) a secure connection and;
  
  b) a communication channel different from that used to provide the web page; and
  
  authenticate the web page by comparing said customization information to the customization information identified.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer program product of claim 17 additionally comprising computer readable program code devices configured to cause the computer to:
    - add a signature of the cookie to the cookie prior to the storing step; and
      
      verify the signature of the cookie read.
  - 19. The computer program product of claim 17 wherein the customization information is provided as part of the web page.
  - 20. The computer program product of claim 17 wherein the customization information is provided substantially concurrently with the web page but separately therefrom.
  - 21. The computer program product of claim 17, wherein the computer readable program code devices configured to cause the computer to provide the customization information step comprise computer readable program code devices configured to cause the computer to provide to a database over a network, the user identifier from the cookie read.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Inventors
Gasparini, Louis A, Gotlieb, Charles E
Primary Examiner(s)
Revak, Christopher
Assistant Examiner(s)
Abrishamkar, Kaveh

Application Number

US10/435,322
Publication Number

US 20040168083A1
Time in Patent Office

1,208 Days
Field of Search

713/201, 713/200, 713/170, 713/176, 726/10
US Class Current

713/170
CPC Class Codes

G06F 21/31   User authentication

G06F 21/445   by mutual authentication, e...

G06F 21/6263   during internet communicati...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 63/1466   Active attacks involving in...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

Method and apparatus for authentication of users and web sites

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authentication of users and web sites

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links