Web site authentication
First Claim
Patent Images
1. A method for authenticating a web site to a user, including:
- receiving at a third party authentication server a request from a user computer, the request based upon a URL contained in a page sent from a web server to the customer computer, where the URL points to the authentication server and includes a digital signature created using a cryptographic key of the web server;
receiving a user identifier from the user computer;
authenticating the digital signature;
if the digital signature is successfully authenticated, then sending a copy of an authentication device to the user computer, the authentication device being a shared secret between the user and the authentication server.
6 Assignments
0 Petitions
Accused Products
Abstract
A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user'"'"'s browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.
170 Citations
16 Claims
-
1. A method for authenticating a web site to a user, including:
-
receiving at a third party authentication server a request from a user computer, the request based upon a URL contained in a page sent from a web server to the customer computer, where the URL points to the authentication server and includes a digital signature created using a cryptographic key of the web server; receiving a user identifier from the user computer; authenticating the digital signature; if the digital signature is successfully authenticated, then sending a copy of an authentication device to the user computer, the authentication device being a shared secret between the user and the authentication server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for authenticating a web site to a user, including:
-
a processor; a memory coupled to said processor, said memory storing instructions adapted to be executed by said processor to receive a URL from a user computer, where the URL includes a digital signature created using a cryptographic key at a web server, authenticate the digital signature, and if the signature is authenticated, send to the customer computer an authentication device based upon a user identifier received from the user computer, the authentication device being a shared secret between the user and the authentication server. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A medium storing instructions adapted to be executed by a processor to perform steps including:
-
receiving at a third party authentication server a request from a user computer, the request based upon a URL contained in a page sent from a web server to the customer computer, where the URL points to the authentication server and includes a digital signature created using a cryptographic key of the web server; receiving a user identifier from the user computer; authenticating the digital signature; if the digital signature is successfully authenticated, then sending a copy of an authentication device to the user computer, the authentication device being a shared secret between the user and the authentication server. - View Dependent Claims (14, 15, 16)
-
Specification