System and method for anti-phishing authentication

US 8,583,926 B1
Filed: 04/26/2006
Issued: 11/12/2013
Est. Priority Date: 09/19/2005
Status: Active Grant

First Claim

Patent Images

1. A method for mutual authentication by a client and a server, the method including the steps of:

receiving, by the server, a message from the client requesting a connection with the server;

sending, by the server, encrypted commitment information to the client, wherein the commitment information demonstrates that the server can determine a value of a dynamic credential;

receiving, by the server, the dynamic credential from the client;

validating, by the server, the dynamic credential;

sending, by the server, a commitment key to the client;

receiving, by the server, after the client authenticates the server using the commitment information and commitment key to confirm that the server determined the value of the dynamic credential prior to receipt of same, a static password from the client; and

authenticating, by the server, the static password.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to a method for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.

604 Citations

11 Claims

1. A method for mutual authentication by a client and a server, the method including the steps of:
- receiving, by the server, a message from the client requesting a connection with the server;
  
  sending, by the server, encrypted commitment information to the client, wherein the commitment information demonstrates that the server can determine a value of a dynamic credential;
  
  receiving, by the server, the dynamic credential from the client;
  
  validating, by the server, the dynamic credential;
  
  sending, by the server, a commitment key to the client;
  
  receiving, by the server, after the client authenticates the server using the commitment information and commitment key to confirm that the server determined the value of the dynamic credential prior to receipt of same, a static password from the client; and
  
  authenticating, by the server, the static password.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, comprising, prior to receiving a login ID from the client, sending, to the client, a communication containing a commitment which may be subsequently used to demonstrate knowledge of the value of the dynamic credential.
  - 3. The method of claim 2, further comprising a step of sending, to the client, a communication containing a server url.
  - 4. The method of claim 2, wherein the communication is an e-mail message.
  - 5. The method of claim 1, wherein the OTP is derived from at least the server'"'"'s name.
  - 6. The method of claim 1, wherein the dynamic credential is formed by at least a distinguished name of the server.

7. A system for mutual authentication by a client and a server, the system comprising a server programmed and configured to perform the steps of:
- receiving a message from the client requesting a connection with the server;
  
  sending an encrypted commitment to the client;
  
  receiving a dynamic credential from the client;
  
  validating the dynamic credential;
  
  sending a commitment key to the client;
  
  receiving, after the client authenticates the server using the commitment and commitment key, a static password from the client; and
  
  authenticating the static password.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, the server being further configured for receiving a login ID from the client and sending, to the client, a communication containing a commitment which may be subsequently used to demonstrate knowledge of a value of the dynamic credential.
  - 9. The system of claim 8, the server being further configured for, prior to receiving a login ID from the client, sending, to the client, a communication containing a server url.
  - 10. The system of claim 8, wherein the communication is an e-mail message.
  - 11. The system of claim 7, wherein the dynamic credential is derived from at least the server'"'"'s name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Benson, Glenn S.
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US11/411,576
Time in Patent Office

2,757 Days
Field of Search

None
US Class Current

713/169
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/1475   Passive attacks, e.g. eaves...

H04L 63/1483   service impersonation, e.g....

H04L 9/3228   One-time or temporary data,...

System and method for anti-phishing authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

604 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for anti-phishing authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

604 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links