Method for secure site and user authentication
First Claim
1. A method of authenticating a site on a network, comprising:
- receiving, by a security server from a web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device, an identifier of the user'"'"'s network device and an identifier of the network site, wherein the received network site identifier includes an address identifier associated with the web page;
transmitting, by the security server in response to the receipt of the identifiers, an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the web page and a personalized pop-up window displayed by the user'"'"'s network device, wherein the personalized pop-up window is made through selection by the user and wherein said transmitting further comprises;
transmitting the indication of legitimacy of the network site by the security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the personalized pop-up window;
displaying the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and
determining that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image.
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user'"'"'s PC that is in communication with a security server, and where this communication channel is separate from the communication between the user'"'"'s browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user'"'"'s desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user'"'"'s browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user.
85 Citations
18 Claims
-
1. A method of authenticating a site on a network, comprising:
-
receiving, by a security server from a web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device, an identifier of the user'"'"'s network device and an identifier of the network site, wherein the received network site identifier includes an address identifier associated with the web page; transmitting, by the security server in response to the receipt of the identifiers, an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the web page and a personalized pop-up window displayed by the user'"'"'s network device, wherein the personalized pop-up window is made through selection by the user and wherein said transmitting further comprises; transmitting the indication of legitimacy of the network site by the security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the personalized pop-up window; displaying the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and determining that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An article of manufacture for authenticating a site on a network, comprising:
- non-transitory storage medium; and
logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to;receive, by a security server from a web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device, an identifier of the user'"'"'s network device and an identifier of the network site, wherein the received network site identifier includes an address identifier associated with the web page; transmit, by the security server in response to the receipt of the identifiers, an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the web page and a personalized pop-up window displayed by the user'"'"'s network device, wherein the personalized pop-up window is made through selection by the user and wherein said transmitting further comprises; transmit the indication of legitimacy of the network site by the security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the pop-up window; display the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and determine that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image. - View Dependent Claims (7, 8, 9, 10)
- non-transitory storage medium; and
-
11. A machine for authenticating a site on a network, comprising:
-
a communications port configured to receive, from a web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device, an identifier of the user'"'"'s network device and an identifier of the network site wherein the received network site identifier includes an address identifier associated with the web page; a processor configured with logic to determine the legitimacy of the network site based on the received network site identifier and to direct transmission of an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the web page and a personalized pop-up window displayed by the user'"'"'s network device, wherein the personalized pop-up window is made through selection by the user and wherein the processor is further configured to; transmit the indication of legitimacy of the network site by a security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the pop-up window; display the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and
determine that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image. - View Dependent Claims (12, 13, 14)
-
-
15. A method of authenticating a site on a network, comprising:
- displaying, at a user'"'"'s network device, a web page associated with a network site and a personalized pop up window associated with a security server;
transmitting, from the web page that is (i) associated with a network site and (ii) displayed by a user'"'"'s network device to the security server, an identifier of the user'"'"'s network device and an identifier of the network site;
wherein the received network site identifier includes an address identifier associated with the web page;receiving, by the user'"'"'s network device from the security server in response to the transmission of the identifiers, an indication of legitimacy of the network site; and
displaying, at the user'"'"'s network device, a legitimacy indicator corresponding to the received indication of legitimacy on both the web page and the personalized pop-up window, wherein the personalized pop-up window is made through selection by the user and wherein said transmitting further comprises;transmitting the indication of legitimacy of the network site by the security server over one network communications channel to cause display of the corresponding legitimacy indicator on the web page and over another different network communications channel to cause display of the corresponding legitimacy indicator on the pop-up window; displaying the corresponding legitimacy indicator on both the web page and the personalized pop-up window at the user'"'"'s network device; and determining that the network site is legitimate when the displayed corresponding legitimacy indicator on both the web page and the personalized pop-up window includes a matching random image. - View Dependent Claims (16, 17, 18)
- displaying, at a user'"'"'s network device, a web page associated with a network site and a personalized pop up window associated with a security server;
Specification