System and method for anti-phishing authentication
First Claim
1. A method for mutual authentication by a client and a server, the method including the steps of:
- receiving, by the server, a message from the client requesting a connection with the server;
sending, by the server, encrypted commitment information to the client, wherein the commitment information demonstrates that the server can determine a value of a dynamic credential;
receiving, by the server, the dynamic credential from the client;
validating, by the server, the dynamic credential;
sending, by the server, a commitment key to the client;
receiving, by the server, after the client authenticates the server using the commitment information and commitment key to confirm that the server determined the value of the dynamic credential prior to receipt of same, a static password from the client; and
authenticating, by the server, the static password.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention are directed to a method for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.
-
Citations
11 Claims
-
1. A method for mutual authentication by a client and a server, the method including the steps of:
-
receiving, by the server, a message from the client requesting a connection with the server; sending, by the server, encrypted commitment information to the client, wherein the commitment information demonstrates that the server can determine a value of a dynamic credential; receiving, by the server, the dynamic credential from the client; validating, by the server, the dynamic credential; sending, by the server, a commitment key to the client; receiving, by the server, after the client authenticates the server using the commitment information and commitment key to confirm that the server determined the value of the dynamic credential prior to receipt of same, a static password from the client; and authenticating, by the server, the static password. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for mutual authentication by a client and a server, the system comprising a server programmed and configured to perform the steps of:
-
receiving a message from the client requesting a connection with the server; sending an encrypted commitment to the client; receiving a dynamic credential from the client; validating the dynamic credential; sending a commitment key to the client; receiving, after the client authenticates the server using the commitment and commitment key, a static password from the client; and authenticating the static password. - View Dependent Claims (8, 9, 10, 11)
-
Specification