System and method for authentication of users and web sites

US 7,346,775 B2
Filed: 08/28/2006
Issued: 03/18/2008
Est. Priority Date: 05/10/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method of providing a web page to a device for authentication by a user, the method comprising the steps of:

responsive to a request for the web page, determining whether an encrypted cookie comprising a user identifier is stored on the device;

responsive to a determination that an encrypted cookie comprising a user identifier is not stored on the device, performing steps comprising;

requesting the user to provide indicia of the user'"'"'s identity;

determining a user identifier based at least in part on the indicia;

determining whether the user identifier is associated with customization information;

responsive to a determination that the user identifier is not associated with customization information, performing steps comprising;

requesting the user to identify customization information by at least one selected from;

allowing the user to provide the customization information;

allowing the user to select the customization information from a set comprising the customization information and other information; and

providing the customization information to the user;

associating with the user identifier the customization information identified;

providing the user identifier in a cookie;

encrypting the cookie; and

storing the cookie on the device;

responsive to a determination that the user identifier is associated with customization information, performing steps comprising;

providing the customization information, via at least one selected from;

a secure connection; and

a communication channel different from that used to provide the web page;

such that the user may authenticate the web page based at least in part on the customization information;

providing the user identifier in a cookie;

encrypting the cookie; and

storing the cookie on the device;

responsive to a determination that an encrypted cookie comprising a user identifier is stored on the device, performing steps comprising;

reading the cookie stored;

providing the web page requested; and

responsive to the cookie read, providing the customization information associated with the user identifier stored in the cookie, via at least one selected from;

a secure connection; and

a communication channel different from that used to provide the web page;

such that the user may authenticate the web page based at least in part on the customization information.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method allows a user to authenticate a web site, a web site to authenticate a user, or both. When a user requests a web page from the web site, customization information that is recognizable to the user is provided to allow the user to authenticate the web site. A signed, encrypted cookie stored on the user'"'"'s system allows the web site to authenticate the user.

336 Citations

22 Claims

1. A method of providing a web page to a device for authentication by a user, the method comprising the steps of:
- responsive to a request for the web page, determining whether an encrypted cookie comprising a user identifier is stored on the device;
  
  responsive to a determination that an encrypted cookie comprising a user identifier is not stored on the device, performing steps comprising;
  
  requesting the user to provide indicia of the user'"'"'s identity;
  
  determining a user identifier based at least in part on the indicia;
  
  determining whether the user identifier is associated with customization information;
  
  responsive to a determination that the user identifier is not associated with customization information, performing steps comprising;
  
  requesting the user to identify customization information by at least one selected from;
  
  allowing the user to provide the customization information;
  
  allowing the user to select the customization information from a set comprising the customization information and other information; and
  
  providing the customization information to the user;
  
  associating with the user identifier the customization information identified;
  
  providing the user identifier in a cookie;
  
  encrypting the cookie; and
  
  storing the cookie on the device;
  
  responsive to a determination that the user identifier is associated with customization information, performing steps comprising;
  
  providing the customization information, via at least one selected from;
  
  a secure connection; and
  
  a communication channel different from that used to provide the web page;
  
  such that the user may authenticate the web page based at least in part on the customization information;
  
  providing the user identifier in a cookie;
  
  encrypting the cookie; and
  
  storing the cookie on the device;
  
  responsive to a determination that an encrypted cookie comprising a user identifier is stored on the device, performing steps comprising;
  
  reading the cookie stored;
  
  providing the web page requested; and
  
  responsive to the cookie read, providing the customization information associated with the user identifier stored in the cookie, via at least one selected from;
  
  a secure connection; and
  
  a communication channel different from that used to provide the web page;
  
  such that the user may authenticate the web page based at least in part on the customization information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 additionally comprising:
    - adding a signature of the cookie to the cookie prior to the storing step; and
      
      verifying the signature of the cookie read.
  - 3. The method of claim 1 wherein the customization information is provided as part of the web page.
  - 4. The method of claim 1 wherein the customization information is provided substantially concurrently with the web page but separately therefrom.
  - 5. The method of claim 1, wherein the providing the customization information step comprises providing to a database over a network, the user identifier from the cookie read.
  - 6. The method of claim 1:
    - additionally comprising the step of receiving an indicia of an authentication of the user; and
      
      wherein, the associating step is responsive to the receiving the indicia step.
  - 7. The method of claim 6 wherein the indicia comprises a system administrator password.

8. A method of authenticating at least a portion of a web site accessed by a user through a device, comprising:
- electronically providing to a web server comprising the web site a request for at least one web page;
  
  responsive to a determination that the device does not have an encrypted cookie comprising a user identifier associated with customization information, electronically receiving an encrypted cookie comprising a user identifier, the user identifier having been associated with customization information, the customization information having been identified by at least one selected from;
  
  allowing the user to provide the customization information;
  
  allowing the user to select the customization information from a set comprising the customization information and other information; and
  
  providing the customization information to the user;
  
  responsive to a determination that the device does have an encrypted cookie comprising a user identifier associated with customization information, electronically providing to the web server the encrypted cookie;
  
  electronically receiving the at least one web page and the customization information; and
  
  authenticating the at least the portion of the web site responsive to the customization information received.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8 wherein the customization information is received as part of the web page;
    - andthe web page and customization information are provided via a secure connection.
  - 10. The method of claim 8 wherein the customization information is identified via a secure connection.
  - 11. The method of claim 10 wherein the customization information is provided to a database operated by a party other than the party operating the web site.
  - 12. The method of claim 8 wherein the web page received comprises a form for entering confidential information.

13. A computer program product comprising a computer useable medium having computer readable program code embodied therein for providing a web page to a device for authentication by a user, the computer program product comprising computer readable program code devices configured to cause a computer to perform operations comprising:
- responsive to a request for the web page, determining whether an encrypted cookie comprising a user identifier is stored on the device;
  
  responsive to a determination that an encrypted cookie comprising a user identifier is not stored on the device, performing operations comprising;
  
  requesting the user to provide indicia of the user'"'"'s identity;
  
  determining a user identifier based at least in part on the indicia;
  
  determining whether the user identifier is associated with customization information;
  
  responsive to a determination that the user identifier is not associated with customization information, performing operations comprising;
  
  requesting the user to identify customization information by at least one selected from;
  
  allowing the user to provide the customization information;
  
  allowing the user to select the customization information from a set comprising the customization information and other information; and
  
  providing the customization information to the user;
  
  associating with the user identifier the customization information identified;
  
  providing the user identifier in a cookie;
  
  encrypting the cookie; and
  
  storing the cookie on the device;
  
  responsive to a determination that the user identifier is associated with customization information, performing operations comprising;
  
  providing the customization information, via at least one selected from;
  
  a secure connection; and
  
  a communication channel different from that used to provide the web page;
  
  such that the user may authenticate the web page based at least in part on the customization information;
  
  providing the user identifier in a cookie;
  
  encrypting the cookie; and
  
  storing the cookie on the device;
  
  responsive to a determination that an encrypted cookie comprising a user identifier is stored on the device, performing operations comprising;
  
  reading the cookie stored;
  
  providing the web page requested; and
  
  responsive to the cookie read, providing the customization information associated with the user identifier stored in the cookie, via at least one selected from;
  
  a secure connection; and
  
  a communication channel different from that used to provide the web page;
  
  such that the user may authenticate the web page based at least in part on the customization information.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13 additionally comprising computer readable program code devices configured to cause the computer to:
    - add a signature of the cookie to the cookie prior to the storing step; and
      
      verify the signature of the cookie read.
  - 15. The computer program product of claim 13 wherein the customization information is provided as part of the web page.
  - 16. The computer program product of claim 13 wherein the customization information is provided substantially concurrently with the web page but separately therefrom.
  - 17. The computer program product of claim 13, wherein the computer readable program code devices configured to cause the computer to provide the customization information step comprise computer readable program code devices configured to cause the computer to provide to a database over a network, the user identifier from the cookie read.

18. An apparatus comprising:
- a memory;
  
  a processor coupled thereto, wherein the processor is operative to provide a web page to a device for authentication by a user, by performing operations comprising;
  
  responsive to a request for the web page, determining whether an encrypted cookie comprising a user identifier is stored on the device;
  
  responsive to a determination that an encrypted cookie comprising a user identifier is not stored on the device, performing operations comprising;
  
  requesting the user to provide indicia of the user'"'"'s identity;
  
  determining a user identifier based at least in part on the indicia;
  
  determining whether the user identifier is associated with customization information;
  
  responsive to a determination that the user identifier is not associated with customization information, performing operations comprising;
  
  requesting the user to identify customization information by at least one selected from;
  
  allowing the user to provide the customization information;
  
  allowing the user to select the customization information from a set comprising the customization information and other information; and
  
  providing the customization information to the user; and
  
  associating with the user identifier the customization information identified;
  
  providing the user identifier in a cookie;
  
  encrypting the cookie;
  
  storing the cookie on the device;
  
  responsive to a determination that the user identifier is associated with customization information, performing operations comprising;
  
  providing the customization information, via at least one selected from;
  
  a secure connection and;
  
  a communication channel different from that used to provide the web page;
  
  such that the user may authenticate the web page based at least in part on the customization information;
  
  providing the user identifier in a cookie;
  
  encrypting the cookie; and
  
  storing the cookie on the device;
  
  responsive to a determination that an encrypted cookie comprising a user identifier is stored on the device, performing operations comprising;
  
  reading the cookie stored;
  
  providing the web page requested;
  
  responsive to the cookie read, providing the customization information associated with the user identifier stored in the cookie, via at least one selected from;
  
  a secure connection and;
  
  a communication channel different from that used to provide the web page;
  
  such that the user may authenticate the web page based at least in part on the customization information.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The apparatus of claim 18 wherein the processor is further operative to add a signature of the cookie to the cookie prior to the storing step;
    - and verify the signature of the cookie read.
  - 20. The apparatus of claim 18 wherein the customization information is provided as part of the web page.
  - 21. The apparatus of claim 18 wherein the customization information is provided substantially concurrently with the web page but separately therefrom.
  - 22. The apparatus of claim 18 wherein the processor is further operative to provide to a database over a network, the user identifier from the cookie read.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Inventors
Gasparinl, Louis A, Gotlieb, Charles E
Primary Examiner(s)
Zia; Syed A.
Assistant Examiner(s)
Abrishamkar; Kaveh

Application Number

US11/511,998
Publication Number

US 20060288213A1
Time in Patent Office

568 Days
Field of Search

None
US Class Current

713/170
CPC Class Codes

G06F 21/31   User authentication

G06F 21/445   by mutual authentication, e...

G06F 21/6263   during internet communicati...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 63/1466   Active attacks involving in...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

System and method for authentication of users and web sites

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

336 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication of users and web sites

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

336 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links