Method for secure site and user authentication

US 9,674,167 B2
Filed: 04/15/2013
Issued: 06/06/2017
Est. Priority Date: 11/02/2010
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a site on a network, comprising:

receiving, by a security server from a web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device, an identifier of the user'"'"'s network device and an identifier of the network site, wherein the received network site identifier includes an address identifier associated with the web page;

transmitting, by the security server in response to the receipt of the identifiers, an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the web page and a personalized pop-up window displayed by the user'"'"'s network device, wherein the personalized pop-up window is made through selection by the user and wherein said transmitting further comprises;

transmitting the indication of legitimacy of the network site by the security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the personalized pop-up window;

displaying the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and

determining that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user'"'"'s PC that is in communication with a security server, and where this communication channel is separate from the communication between the user'"'"'s browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user'"'"'s desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user'"'"'s browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user.

85 Citations

18 Claims

1. A method of authenticating a site on a network, comprising:
- receiving, by a security server from a web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device, an identifier of the user'"'"'s network device and an identifier of the network site, wherein the received network site identifier includes an address identifier associated with the web page;
  
  transmitting, by the security server in response to the receipt of the identifiers, an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the web page and a personalized pop-up window displayed by the user'"'"'s network device, wherein the personalized pop-up window is made through selection by the user and wherein said transmitting further comprises;
  
  transmitting the indication of legitimacy of the network site by the security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the personalized pop-up window;
  
  displaying the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and
  
  determining that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - determining, by the security server, the legitimacy of the network site based on the received network site identifier.
  - 3. The method of claim 1, further comprising:
    - storing, by the security server on the user'"'"'s network device, a local session object;
      
      wherein the received user'"'"'s network device identifier includes the stored local session object.
  - 4. The method of claim 1, wherein:
    - if the transmitted indication indicates that the network site is legitimate, the corresponding legitimacy indicator includes a first type visual cue in a first state; and
      
      if the transmitted indication indicates that the network site is illegitimate, the corresponding legitimacy indicator includes the first type visual cue in a second state.
  - 5. The method of claim 4, further comprising:
    - if the transmitted indication indicates that the network site is legitimate, the corresponding legitimacy indicator also includes a second type visual cue for display on both the web page and the pop-up window.

6. An article of manufacture for authenticating a site on a network, comprising:
- non-transitory storage medium; and
  
  logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to;
  
  receive, by a security server from a web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device, an identifier of the user'"'"'s network device and an identifier of the network site, wherein the received network site identifier includes an address identifier associated with the web page;
  
  transmit, by the security server in response to the receipt of the identifiers, an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the web page and a personalized pop-up window displayed by the user'"'"'s network device, wherein the personalized pop-up window is made through selection by the user and wherein said transmitting further comprises;
  
  transmit the indication of legitimacy of the network site by the security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the pop-up window;
  
  display the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and
  
  determine that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The article of manufacture of claim 6, wherein the stored logic is further configured to cause the processor to operate so as to:
    - determine the legitimacy of the network site based on the received network site identifier.
  - 8. The article of manufacture of claim 6, wherein:
    - the stored logic is further configured to cause the processor to operate so as to store a local session object on the user'"'"'s network device; and
      
      the received user'"'"'s network device identifier includes the stored local session object.
  - 9. The article of manufacture of claim 6, wherein:
    - if the transmitted indication indicates that the network site is legitimate, the corresponding legitimacy indicator includes a first type visual cue in a first state; and
      
      if the transmitted indication indicates that the network site is illegitimate, the corresponding legitimacy indicator includes the first type visual cue in a second state.
  - 10. The article of manufacture of claim 9, wherein, if the transmitted indication indicates that the network site is legitimate, the corresponding legitimacy indicator also includes a second type visual cue for display on both the web page and the pop-up window.

11. A machine for authenticating a site on a network, comprising:
- a communications port configured to receive, from a web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device, an identifier of the user'"'"'s network device and an identifier of the network site wherein the received network site identifier includes an address identifier associated with the web page;
  
  a processor configured with logic to determine the legitimacy of the network site based on the received network site identifier and to direct transmission of an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the web page and a personalized pop-up window displayed by the user'"'"'s network device, wherein the personalized pop-up window is made through selection by the user and wherein the processor is further configured to;
  
  transmit the indication of legitimacy of the network site by a security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the pop-up window;
  
  display the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and
  
  determine that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image.
- View Dependent Claims (12, 13, 14)
- - 12. The machine of claim 11, wherein:
    - the processor is further configured to direct the storage of a local session object on the user'"'"'s network device; and
      
      the received user'"'"'s network device identifier includes the stored local session object.
  - 13. The machine of claim 11, wherein:
    - if the network site is determined to be legitimate, the corresponding legitimacy indicator includes a first type visual cue in a first state; and
      
      if the network site is determined to be illegitimate, the corresponding legitimacy indicator includes the first type visual cue in a second state.
  - 14. The machine of claim 13 wherein, if the network site is determined to be legitimate, the corresponding legitimacy indicator also includes a second type visual cue for display on both the web page and the pop-up window.

15. A method of authenticating a site on a network, comprising:
- displaying, at a user'"'"'s network device, a web page associated with a network site and a personalized pop up window associated with a security server;
  
  transmitting, from the web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device to the security server, an identifier of the user'"'"'s network device and an identifier of the network site;
  
  wherein the received network site identifier includes an address identifier associated with the web page;
  
  receiving, by the user'"'"'s network device from the security server in response to the transmission of the identifiers, an indication of legitimacy of the network site; and
  
  displaying, at the user'"'"'s network device, a legitimacy indicator corresponding to the received indication of legitimacy on both the web page and the personalized pop-up window, wherein the personalized pop-up window is made through selection by the user and wherein said transmitting further comprises;
  
  transmitting the indication of legitimacy of the network site by the security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the pop-up window;
  
  displaying the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and
  
  determining that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, further comprising:
    - executing code embedded in the we page;
      
      wherein the user'"'"'s network device identifier and the network site identifier are transmitted based on the execution of the embedded web page code; and
      
      wherein the legitimacy indicator corresponding to the received indication of legitimacy is displayed on both the web page and the pop-up other on a screen of the user'"'"'s network device.
  - 17. The method of claim 15, further comprising:
    - if the received indication of legitimacy indicates that the network site is legitimate, the corresponding legitimacy indicator includes a first type visual cue in a first state and a second type visual cue; and
      
      if the received indication of legitimacy indicates that the network site is illegitimate, the corresponding legitimacy indicator includes the first type visual cue in a second state.
  - 18. The method of claim 15, further comprising:
    - receiving;
      
      at the user'"'"'s network device, a user selection of a personalized image;
      
      storing the selected personalized image at the user'"'"'s network device; and
      
      displaying the stored personalized image on the pop-up window.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Payfone Incorporated
Original Assignee
Early Warning Services, LLC
Inventors
Ganesan, Ravi
Primary Examiner(s)
Shaw, Yin-Chen
Assistant Examiner(s)
DHRUV, DARSHAN I

Application Number

US13/862,640
Publication Number

US 20130232547A1
Time in Patent Office

1,513 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/42   using separate channels for...

G06F 21/51   at application loading time...

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 67/02   based on web technology, e....

Method for secure site and user authentication

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for secure site and user authentication

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links