System and method for authentication of users and web sites
First Claim
Patent Images
1. A method of providing a web page to a device for authentication by a user, the method comprising the steps of:
- responsive to a request for the web page, determining whether an encrypted cookie comprising a user identifier is stored on the device;
responsive to a determination that an encrypted cookie comprising a user identifier is not stored on the device, performing steps comprising;
requesting the user to provide indicia of the user'"'"'s identity;
determining a user identifier based at least in part on the indicia;
determining whether the user identifier is associated with customization information;
responsive to a determination that the user identifier is not associated with customization information, performing steps comprising;
requesting the user to identify customization information by at least one selected from;
allowing the user to provide the customization information;
allowing the user to select the customization information from a set comprising the customization information and other information; and
providing the customization information to the user;
associating with the user identifier the customization information identified;
providing the user identifier in a cookie;
encrypting the cookie; and
storing the cookie on the device;
responsive to a determination that the user identifier is associated with customization information, performing steps comprising;
providing the customization information, via at least one selected from;
a secure connection; and
a communication channel different from that used to provide the web page;
such that the user may authenticate the web page based at least in part on the customization information;
providing the user identifier in a cookie;
encrypting the cookie; and
storing the cookie on the device;
responsive to a determination that an encrypted cookie comprising a user identifier is stored on the device, performing steps comprising;
reading the cookie stored;
providing the web page requested; and
responsive to the cookie read, providing the customization information associated with the user identifier stored in the cookie, via at least one selected from;
a secure connection; and
a communication channel different from that used to provide the web page;
such that the user may authenticate the web page based at least in part on the customization information.
14 Assignments
0 Petitions
Accused Products
Abstract
A system and method allows a user to authenticate a web site, a web site to authenticate a user, or both. When a user requests a web page from the web site, customization information that is recognizable to the user is provided to allow the user to authenticate the web site. A signed, encrypted cookie stored on the user'"'"'s system allows the web site to authenticate the user.
336 Citations
22 Claims
-
1. A method of providing a web page to a device for authentication by a user, the method comprising the steps of:
-
responsive to a request for the web page, determining whether an encrypted cookie comprising a user identifier is stored on the device; responsive to a determination that an encrypted cookie comprising a user identifier is not stored on the device, performing steps comprising; requesting the user to provide indicia of the user'"'"'s identity; determining a user identifier based at least in part on the indicia; determining whether the user identifier is associated with customization information; responsive to a determination that the user identifier is not associated with customization information, performing steps comprising; requesting the user to identify customization information by at least one selected from; allowing the user to provide the customization information; allowing the user to select the customization information from a set comprising the customization information and other information; and providing the customization information to the user; associating with the user identifier the customization information identified; providing the user identifier in a cookie; encrypting the cookie; and storing the cookie on the device; responsive to a determination that the user identifier is associated with customization information, performing steps comprising; providing the customization information, via at least one selected from; a secure connection; and a communication channel different from that used to provide the web page; such that the user may authenticate the web page based at least in part on the customization information; providing the user identifier in a cookie; encrypting the cookie; and storing the cookie on the device; responsive to a determination that an encrypted cookie comprising a user identifier is stored on the device, performing steps comprising; reading the cookie stored; providing the web page requested; and responsive to the cookie read, providing the customization information associated with the user identifier stored in the cookie, via at least one selected from; a secure connection; and a communication channel different from that used to provide the web page; such that the user may authenticate the web page based at least in part on the customization information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of authenticating at least a portion of a web site accessed by a user through a device, comprising:
-
electronically providing to a web server comprising the web site a request for at least one web page; responsive to a determination that the device does not have an encrypted cookie comprising a user identifier associated with customization information, electronically receiving an encrypted cookie comprising a user identifier, the user identifier having been associated with customization information, the customization information having been identified by at least one selected from; allowing the user to provide the customization information; allowing the user to select the customization information from a set comprising the customization information and other information; and providing the customization information to the user; responsive to a determination that the device does have an encrypted cookie comprising a user identifier associated with customization information, electronically providing to the web server the encrypted cookie; electronically receiving the at least one web page and the customization information; and authenticating the at least the portion of the web site responsive to the customization information received. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer program product comprising a computer useable medium having computer readable program code embodied therein for providing a web page to a device for authentication by a user, the computer program product comprising computer readable program code devices configured to cause a computer to perform operations comprising:
-
responsive to a request for the web page, determining whether an encrypted cookie comprising a user identifier is stored on the device; responsive to a determination that an encrypted cookie comprising a user identifier is not stored on the device, performing operations comprising; requesting the user to provide indicia of the user'"'"'s identity; determining a user identifier based at least in part on the indicia; determining whether the user identifier is associated with customization information; responsive to a determination that the user identifier is not associated with customization information, performing operations comprising; requesting the user to identify customization information by at least one selected from; allowing the user to provide the customization information; allowing the user to select the customization information from a set comprising the customization information and other information; and providing the customization information to the user; associating with the user identifier the customization information identified; providing the user identifier in a cookie; encrypting the cookie; and storing the cookie on the device; responsive to a determination that the user identifier is associated with customization information, performing operations comprising; providing the customization information, via at least one selected from; a secure connection; and a communication channel different from that used to provide the web page; such that the user may authenticate the web page based at least in part on the customization information; providing the user identifier in a cookie; encrypting the cookie; and storing the cookie on the device; responsive to a determination that an encrypted cookie comprising a user identifier is stored on the device, performing operations comprising; reading the cookie stored; providing the web page requested; and responsive to the cookie read, providing the customization information associated with the user identifier stored in the cookie, via at least one selected from; a secure connection; and a communication channel different from that used to provide the web page; such that the user may authenticate the web page based at least in part on the customization information. - View Dependent Claims (14, 15, 16, 17)
-
-
18. An apparatus comprising:
-
a memory; a processor coupled thereto, wherein the processor is operative to provide a web page to a device for authentication by a user, by performing operations comprising; responsive to a request for the web page, determining whether an encrypted cookie comprising a user identifier is stored on the device; responsive to a determination that an encrypted cookie comprising a user identifier is not stored on the device, performing operations comprising; requesting the user to provide indicia of the user'"'"'s identity; determining a user identifier based at least in part on the indicia; determining whether the user identifier is associated with customization information; responsive to a determination that the user identifier is not associated with customization information, performing operations comprising; requesting the user to identify customization information by at least one selected from; allowing the user to provide the customization information; allowing the user to select the customization information from a set comprising the customization information and other information; and providing the customization information to the user; and associating with the user identifier the customization information identified; providing the user identifier in a cookie; encrypting the cookie; storing the cookie on the device; responsive to a determination that the user identifier is associated with customization information, performing operations comprising; providing the customization information, via at least one selected from; a secure connection and; a communication channel different from that used to provide the web page; such that the user may authenticate the web page based at least in part on the customization information; providing the user identifier in a cookie; encrypting the cookie; and storing the cookie on the device; responsive to a determination that an encrypted cookie comprising a user identifier is stored on the device, performing operations comprising; reading the cookie stored; providing the web page requested; responsive to the cookie read, providing the customization information associated with the user identifier stored in the cookie, via at least one selected from; a secure connection and; a communication channel different from that used to provide the web page; such that the user may authenticate the web page based at least in part on the customization information. - View Dependent Claims (19, 20, 21, 22)
-
Specification