×

Authentication of a server by a client to prevent fraudulent user interfaces

  • US 7,685,631 B1
  • Filed: 02/05/2003
  • Issued: 03/23/2010
  • Est. Priority Date: 02/05/2003
  • Status: Active Grant
First Claim
Patent Images

1. A method of establishing a shared secret for use during authentication between a client and an authentication server, said client and authentication server being coupled to a data communication network, the method comprising:

  • receiving, at the authentication server, a first request from the client to establish the shared secret, said client being accessed by a user at the client;

    provisioning an authentication token as the shared secret to the client in response to the received first request, said provisioned authentication token for use by the user accessing the client to authenticate the authentication server;

    delivering, to the client for storage, configuration data identifying the provisioned authentication token;

    receiving, at the authentication server via a second server, a second request from the client for content, said second request comprising the configuration data;

    comparing an address of the second server to a list of valid referrers;

    obtaining, from a memory area accessible to the authentication server, the authentication token associated with the received configuration data in response to determining that the second server is on the list of valid referrers; and

    delivering the requested content and the obtained authentication token as the shared secret to the client via a frame of a web page of the second server in response to determining the second server to be on the list of valid referrers.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×