System and method for anti-phishing authentication
First Claim
1. A method for providing security against phishing attacks during client access of a server, the method comprising:
- providing from the server, upon initiation of a client-server session by the client, an encrypted commitment;
receiving at the server, a dynamic credential from the client, in response to receipt of the encrypted commitment;
validating the dynamic credential at the server;
upon successful validation, transmitting from the server, a commitment key to the client, the commitment key enabling the client to authenticate the server, wherein the client is prohibited from transmitting a static credential until the client authenticates the server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.
-
Citations
20 Claims
-
1. A method for providing security against phishing attacks during client access of a server, the method comprising:
-
providing from the server, upon initiation of a client-server session by the client, an encrypted commitment; receiving at the server, a dynamic credential from the client, in response to receipt of the encrypted commitment; validating the dynamic credential at the server; upon successful validation, transmitting from the server, a commitment key to the client, the commitment key enabling the client to authenticate the server, wherein the client is prohibited from transmitting a static credential until the client authenticates the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for providing security against phishing attacks during client access of a server, the system comprising:
a server including a processor programmed and configured to perform the steps of; providing from the server, upon initiation of a client-server session over a network by the client, an encrypted commitment; receiving at the server, a dynamic credential from the client, in response to receipt of the encrypted commitment; validating the dynamic credential at the server; upon successful validation, transmitting from the server, a commitment key to the client, the commitment key enabling the client to authenticate the server, wherein the client is prohibited from transmitting a static credential until the client authenticates the server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
Specification