System and method for website authentication using a shared secret
First Claim
Patent Images
1. A method for authenticating a web site to a user, including:
- receiving at a third party authentication server a request from a user computer, the request based upon a URL contained in a page sent from a web server to the user computer, where the URL points to the authentication server and includes a digital signature created using a cryptographic key of the web server;
receiving a user identifier from the user computer;
authenticating the web server by verifying that the digital signature is the digital signature created using the cryptographic key of the web server;
if the web server is successfully authenticated, then sending a copy of an authentication device to the user computer, the authentication device being a shared secret between the user and the authentication server.
6 Assignments
0 Petitions
Accused Products
Abstract
A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user'"'"'s browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.
-
Citations
16 Claims
-
1. A method for authenticating a web site to a user, including:
-
receiving at a third party authentication server a request from a user computer, the request based upon a URL contained in a page sent from a web server to the user computer, where the URL points to the authentication server and includes a digital signature created using a cryptographic key of the web server; receiving a user identifier from the user computer; authenticating the web server by verifying that the digital signature is the digital signature created using the cryptographic key of the web server; if the web server is successfully authenticated, then sending a copy of an authentication device to the user computer, the authentication device being a shared secret between the user and the authentication server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for authenticating a web site to a user, including:
-
a processor; a memory coupled to said processor, said memory storing instructions adapted to be executed by said processor to receive a URL from a user computer, where the URL includes a digital signature created using a cryptographic key at a web server, authenticate the web server by verifying that the digital signature is the digital signature created using the cryptographic key of the web server, and if the web server is authenticated, send to the user computer an authentication device based upon a user identifier received from the user computer, the authentication device being a shared secret between the user and the authentication server. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium storing instructions adapted to be executed by a processor to perform steps including:
-
receiving at a third party authentication server a request from a user computer, the request based upon a URL contained in a page sent from a web server to the user computer, where the URL points to the authentication server and includes a digital signature created using a cryptographic key of the web server; receiving a user identifier from the user computer; authenticating the web server by verifying that the digital signature is the digital signature created using the cryptographic key of the web server; if the web server is successfully authenticated, then sending a copy of an authentication device to the user computer, the authentication device being a shared secret between the user and the authentication server. - View Dependent Claims (14, 15, 16)
-
Specification