Mutual authentication
First Claim
1. A method of mutual authentication between an authentication server and a user comprising the steps of:
- an authentication server verifying a source of a request received at the authentication server from a first page displayed in a user device;
responsive to the verified request, the authentication server presenting a secured object to a second page in the user device, wherein the secured object is secured with respect to the second page and includes a passphrase, known by a user, and a credentials input text field, wherein the second page is different from the first page, wherein the passphrase is displayed on the second page only when the second page has a keyboard focus, and wherein the credentials input text field, but not the passphrase, is displayed when the second page does not have the keyboard focus;
wherein the presenting the passphrase to the user allows the user to authenticate the authentication server and allows the user to supply credentials of the user if the user successfully authenticates the authentication server from the passphrase;
the authentication server not obtaining the credentials of the user if an authentication of the authentication server by the user failed;
the authentication server obtaining the credentials of the user in response to a successful authentication of the authentication server by the user from the passphrase; and
the authentication server validating the credentials;
wherein the method is performed by one or more processors.
3 Assignments
0 Petitions
Accused Products
Abstract
Mutual authentication systems and methods are described that comprise an authenticating server that is available across a network and capable of authenticating a user based on credentials provided by the user. An embeddable object provided by the authenticating server and containing a passphrase that identifies the server to the user. A credentials entry mechanism identifies the user to the authenticating server. A user device displays an Outer Page that can request authentication. The authenticating server verifies the source of the request and provides the passphrase to the user device. The display of the passphrase confirms the identity of the authenticating server to the user. The source of the request can be verified using a secure cookie. The embeddable object can be provided in a second page and can prevent display of the passphrase if user input is not directed to the second page.
-
Citations
52 Claims
-
1. A method of mutual authentication between an authentication server and a user comprising the steps of:
-
an authentication server verifying a source of a request received at the authentication server from a first page displayed in a user device; responsive to the verified request, the authentication server presenting a secured object to a second page in the user device, wherein the secured object is secured with respect to the second page and includes a passphrase, known by a user, and a credentials input text field, wherein the second page is different from the first page, wherein the passphrase is displayed on the second page only when the second page has a keyboard focus, and wherein the credentials input text field, but not the passphrase, is displayed when the second page does not have the keyboard focus; wherein the presenting the passphrase to the user allows the user to authenticate the authentication server and allows the user to supply credentials of the user if the user successfully authenticates the authentication server from the passphrase; the authentication server not obtaining the credentials of the user if an authentication of the authentication server by the user failed; the authentication server obtaining the credentials of the user in response to a successful authentication of the authentication server by the user from the passphrase; and the authentication server validating the credentials; wherein the method is performed by one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus, comprising:
-
one or more processors; a non-transitory computer-readable storage medium storing one or more sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform; verifying a source of a request received at the authentication server from a first page displayed in a user device; responsive to the verified request, the authentication server presenting a secured object to a second page in the user device, wherein the secured object is secured with respect to the second page and includes a passphrase, known by a user, and a credentials input text field, wherein the second page is different from the first page, wherein the passphrase is displayed on the second page only when the second page has a keyboard focus, and wherein the credentials input text field, but not the passphrase, is displayed when the second page does not have the keyboard focus; wherein the presenting the passphrase to the user allows the user to authenticate the authentication server and allows the user to supply credentials of the user if the user successfully authenticates the authentication server from the passphrase; obtaining the credentials of the user in response to a successful authentication of the authentication server by the user from the passphrase. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A non-transitory computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
verifying a source of a request received at the authentication server from a first page displayed in a user device; responsive to the verified request, the authentication server presenting a secured object to a second page in the user device, wherein the secured object is secured with respect to the second page and includes a passphrase, known by a user, and a credentials input text field, wherein the second page is different from the first page, wherein the passphrase is displayed on the second page only when the second page has a keyboard focus, and wherein the credentials input text field, but not the passphrase, is displayed when the second page does not have the keyboard focus; wherein the presenting the passphrase to the user allows the user to authenticate the authentication server and allows the user to supply credentials of the user if the user successfully authenticates the authentication server from the passphrase; obtaining the credentials of the user in response to a successful authentication of the authentication server by the user from the passphrase. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
Specification