Authentication of a server by a client to prevent fraudulent user interfaces
First Claim
1. A method of establishing a shared secret for use during authentication between a client and an authentication server, said client and authentication server being coupled to a data communication network, the method comprising:
- receiving, at the authentication server, a first request from the client to establish the shared secret, said client being accessed by a user at the client;
provisioning an authentication token as the shared secret to the client in response to the received first request, said provisioned authentication token for use by the user accessing the client to authenticate the authentication server;
delivering, to the client for storage, configuration data identifying the provisioned authentication token;
receiving, at the authentication server via a second server, a second request from the client for content, said second request comprising the configuration data;
comparing an address of the second server to a list of valid referrers;
obtaining, from a memory area accessible to the authentication server, the authentication token associated with the received configuration data in response to determining that the second server is on the list of valid referrers; and
delivering the requested content and the obtained authentication token as the shared secret to the client via a frame of a web page of the second server in response to determining the second server to be on the list of valid referrers.
3 Assignments
0 Petitions
Accused Products
Abstract
Protecting a user against web spoofing in which the user confirms the authenticity of a web page prior to submitting sensitive information such as user credentials (e.g., a login name and password) via the web page. The web page provides the user with an identifiable piece of information representing a shared secret between the user and the server. The user confirms the correctness of the shared secret to ensure the legitimacy of the web page prior to disclosing any sensitive information via the web page.
-
Citations
17 Claims
-
1. A method of establishing a shared secret for use during authentication between a client and an authentication server, said client and authentication server being coupled to a data communication network, the method comprising:
-
receiving, at the authentication server, a first request from the client to establish the shared secret, said client being accessed by a user at the client; provisioning an authentication token as the shared secret to the client in response to the received first request, said provisioned authentication token for use by the user accessing the client to authenticate the authentication server; delivering, to the client for storage, configuration data identifying the provisioned authentication token; receiving, at the authentication server via a second server, a second request from the client for content, said second request comprising the configuration data; comparing an address of the second server to a list of valid referrers; obtaining, from a memory area accessible to the authentication server, the authentication token associated with the received configuration data in response to determining that the second server is on the list of valid referrers; and delivering the requested content and the obtained authentication token as the shared secret to the client via a frame of a web page of the second server in response to determining the second server to be on the list of valid referrers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for establishing a shared secret with a client coupled to a data communication network, said system comprising:
-
an affiliate server coupled to the data communication network for providing content to the client, said affiliate server having a web page including a frame; an authentication server coupled to the data communication network, said authentication server being configured for; receiving a first request from the client, wherein said first request is a request to establish a shared secret; provisioning, to the client in response to receiving the first request, an authentication token as the shared secret, wherein said provisioned authentication token is for use by a user accessing the client to authenticate the authentication server, delivering, to the client for storage, configuration data identifying the provisioned authentication token, receiving, from the client via the affiliate server, a second request, wherein said second request is a request for content and comprises the configuration data, comparing an address of the affiliate server to a list of valid referrers to determine whether the affiliate server is a valid referrer to the authentication server, and obtaining, from a memory area accessible to the authentication server, the authentication token associated with the received configuration data and delivering, to the client via the frame of the web page of the affiliate server, the requested content and the obtained authentication token as the shared secret in response to determining the affiliate server is a valid referrer to the authentication server.
-
Specification