System and method for anti-phishing authentication

Description

FIELD OF THE INVENTION

The present invention relates generally to computer security, and, more particularly, to systems and methods for providing security against phishing and other attacks.

BACKGROUND OF THE INVENTION

In computing, phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business. The objective is to lure a user to connect and present authentication credentials to an illegitimate party who masquerades as another. Sometimes, the phisher fools the user by sending an apparently official electronic communication, such as an email or an instant message. The term phishing arises, in part, from the use of increasingly sophisticated lures to “fish” for users' financial information and passwords.

More recent phishing attempts have started to target the customers of banks and online payment services. While the first such examples were sent indiscriminately in the hope of finding a customer of a given bank or service, recent research has shown that phishers may in principle be able to establish what bank a potential victim has a relationship with, and then send an appropriate spoofed email to this victim. In general, such targeted versions of phishing have been termed spear phishing.

The damage caused by phishing ranges from loss of access to email to substantial financial loss. This style of identity theft is becoming more popular, because of the ease with which unsuspecting people often divulge to phishers personal information, including credit card numbers and social security numbers. Once this information is acquired, the phishers may use a person's personal information to create fake accounts in a victim's name, ruin a victim's credit, or even prevent victims from accessing their own accounts.

In one type of phishing attack, known as a man-in-the-middle attack, an attacker tricks a client into pointing his or her browser at the attacker's login page. In such scenarios, the attacker sends an e-mail message to the client, asking the client to login to a Web site posing as a legitimate corporate site. Next, the client logs into the attacker's site, thus divulging the client's authentication credentials. The attacker then uses the client's authentication credentials to login to the legitimate corporate site.

Some phishing vulnerabilities can be mitigated by use of a One-Time Password (OTP). Unlike a conventional password, an OTP has only a limited usefulness to an attacker. In a common scenario, a time-based OTP is only valid for a few minutes, such as that provided by RSA's SecurID® system, as is known to those skilled in the art. A secure server executes security software which validates a particular OTP. If a phisher discovers the value of the OTP, then the phisher cannot store the value for later reuse, because the OTP's usefulness quickly expires. Rather, the phisher must exploit the OTP immediately and launch an attack. Some OTP systems increase the difficulty of an attack by providing additional security controls which limit the acceptance of an OTP to a single use even within the limited validity period. However, the use of a OTP does not completely solve the Phishing issue. For example, an attacker may obtain use of an OTP a single time.

In a common man-in-the-middle scenario, an attacker relays an entire session between the client and the legitimate server. While in the middle, the attacker views the entire session, harvesting account numbers and possibly other important information. Upon acquiring this information, the attacker can potentially interact with the legitimate server directly. With reference to FIG. 1, there is shown an exemplary man-in-the-middle attack. FIG. 1 illustrates that the client 100 attempts to connect to a server 110. Unfortunately, a phisher 11 (acting in the role of man-in-the-middle) captures the entire session and thereby discovers confidential information. The phisher 11 opens a channel to the server 110 and simply copies everything that it receives from either the client 100 or the server 110 into its own unauthorized log 19. First, the client 100 mistakenly connects to the phisher 11 and sends authentication credentials 10. The server copies the message that it receives into the unauthorized log 19, and forwards an exact copy of the message to the server 110 in message 12. The server 110 authenticates and responds 14. The phisher 11 copies the response into the unauthorized log 19, and returns the response 13 to the client 100. The client subsequently interacts 15, and the phisher 11 captures all information and copies into the unauthorized log 19, and forwards the interactions 16 to the server 110. The server 110 also sends interaction responses 16 which the phisher 11 copies to the unauthorized log 19 and returns the interactions 15 to the client 110. Eventually, the client 100 finishes the interaction and logs out 17, and the phisher copies the logout message to the unauthorized log 19 and sends the logout 18 to the server 110. The final result of the session is that the client performed all work as intended without detecting any attack. The phishers, however, has captured all information transmitted in the session and stored that information in an unauthorized log 19.

Thus, there is a need for an improved system and method for providing security against phishing attacks. Embodiments of the invention serve to protect against attacks such as that described above with respect to the description of FIG. 1.

Two-factor authentication is a means by which a peer may authenticate to another party by presenting two or more of the following: something the user knows, e.g., a password; something the user has, e.g., physical possession of an authentication device; and something the user is, e.g., a thumb print. Three-factor authentication is a means which requires an additional factor beyond two-factor authentication such as a biometric.

Two-factor authentication, however, typically employs a conventional password coupled with a stronger form of authentication, such as, for example, a OTP on a token. In such an arrangement, the purpose of the password is to protect the authentication mechanism in the case that the user loses the stronger authentication factor (e.g., if the user loses an OTP token), and then the password protects against the possibility of usage by the attacker.

The factors in a multiple-factor authentication may be either static or dynamic as follows: a static credential factor, otherwise called a static credential, remains constant until the owner of the static credential explicitly participates in an event which changes the credential in a meaningful way. For example, a password is a static credential. If the user wishes to change the password, the user must explicitly initiate the change password process.

A dynamic factor, otherwise called a dynamic credential, changes automatically. The following are examples of dynamic credentials:

OTP: a one-time-password automatically changes upon each use. An exemplary OTP is the password provided by an RSA SecurID® token (numbers or letters that appear on the token's screen). The value displayed by the token changes periodically, and the servers ensure that they do not accept a single token value more than once per period. Another example is a list of passwords. After the user submits one password from the list to the server, the servers are configured such that the user must submit a password that appears later in the list in a subsequent authentication event.

In a multiple-factor authentication mechanism, suppose an attacker were to discover the value of a dynamic credential without knowing the value of the corresponding static credential. In this case, the attacker could not successfully login because the attacker would not know the value of the static credential. Knowledge of the dynamic credential would become useless at the event in which the dynamic credential changes value. For example, suppose an OTP were accepted by the server for three minutes. Further suppose that the attacker were to discover the value of the dynamic credential. In this case, the attacker must discover the value of the static credential before the expiration of the three-minute time window in order to use the dynamic credential in a meaningful way. Otherwise, at the expiration of the three-minute time window, the attacker's knowledge of the expired dynamic credential value would become useless. Multiple-factor authentication requires at least two factors.

Mutual authentication is a means in which peers in a communication each authenticate the other. If a first peer communicates with a second peer, then the first peer requires that the second peer provide credentials. Once validated by the first peer, these credentials demonstrate the second peer's identity. Additionally, the second peer requires that the first peer provide credentials. Once validated by the second peer, these credentials demonstrate the first peer's identity.

SUMMARY OF THE INVENTION

Embodiments of the present invention provide improved systems and methods for anti-phishing authentication.

Embodiments provide security, even if an attacker may potentially discover the value of the dynamic credential, by ensuring that the client does not send the value of the static credential over any network until the client authenticates the server.

Some embodiments provide a sequence of OTPs that appear to be a random sequence.

Some embodiments protect a client from a phishing attack by way of a method wherein a server cannot provide information that could potentially aid an attacker until the server confirms the client's identity, and a client cannot provide information that can be used in a phishing attack until the client confirms the server's identify.

In some embodiments, the method includes the client providing a login ID to the server. Next, the server provides an encrypted commitment to the client. Next, the client provides an OTP to the server. Then, the server validates the OTP, and sends a commitment key to the client. Upon receiving the commitment key, the client authenticates the server, and provides a static password to the server. Upon receipt of the static password, the server authenticates the client.

Thus, by way of embodiments of the invention, additional security against phishing attacks can be provided.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be more readily understood from the detailed description of exemplary embodiments presented below considered in conjunction with the attached drawings, of which:

FIG. 1 is an exemplary flow diagram illustrating information related to a phishing attack;

FIG. 2 is an exemplary flow diagram illustrating a method for providing security against phishing attacks, in accordance with an embodiment of the present invention:

FIG. 3 illustrates an exemplary mechanism related to allowing a client to match a distinguished name in a SSL (TLS) certificate, to protect a connection with the a server; and

FIG. 4 illustrates an exemplary mechanism related to allowing use of an event-based token.

It is to be understood that the attached drawings are for purposes of illustrating the concepts of the invention.

DETAILED DESCRIPTION

Embodiments of the invention provide for security against phishing attacks. In one such embodiment, before attempting to authenticate, the client opens an SSL or TLS connection with the server. At this point, neither the client, nor the server have authenticated the remote peer. In the SSL or TLS connection, the server uses a certificate with a distinguished name.

This embodiment can include a time-based OTP in which the OTP value is generated as is described in further detail below. In some embodiments, assume that a tamper-resistant authentication token similar to SecurID generates the OTP value, or other known token as is known to those skilled in the art.

With embodiments of the invention, the client does not submit his or her static credential until the client discovers the identity of the server. Otherwise, the client would be providing sufficient information for an attacker to launch a man-in-the-middle phishing attack. On the other hand, the server needs to carefully control the information that it sends over networks to its peer (as described herein, the server and the client are considered to be peers), until the server authenticates the peer as the legitimate client. This issue is a problem because both peers must be extremely careful when they divulge information in any period that precedes authentication of the peer.

To provide security against phishing attacks, a system requires protection of a dynamic credential of multiple-factor authentication. With such protection, the user does not reveal the static credential until he or she authenticates the server.

Another beneficial aspect of some embodiments is that key entropy (e.g., number of bits of randomness that contribute to choosing the value of the key) is not restricted in the cryptographic calculations. Thus, in some embodiments, keys that are used to protect a static password are not limited by entropy. The server cannot provide information that could potentially aid an attacker until the server confirms the client's identity. Likewise, the client cannot provide information that can be used to successfully launch a phishing attack until the client confirms the server's identity.

The client 100 has access to the current value produced by a token which generates one-time passwords used as dynamic credentials. As used herein, the values of these one time passwords are designated as: t1, t2,t3, . . . , etc. In some embodiments, each OTP value appears on the token for a fixed amount of time. When the time period expires, the token displays the next token code. At the ith period, the token code displays ti. At the i+1th period, the token code displays t(i+1). For example, if the values displayed by the token during the first three periods are 381291, 583920 , and 393271 , respectively, then t2=583920.

In such embodiments, the server 110 and the token generate the sequence of token code values t1, t2,t3, . . . , using a method that references a secret key, k 401. Each token has a unique secret key, k 401, and the server 110 has access to a copy of the secret key, k 401. At each time period, i, both the token and the server 110 calculate an intermediary value, xi 402, using the following method

xi=h(AES(k,h(i|CONST))).

where:

CONST is a known constant value such as: 123456789.

i|CONST is the value i concatenated onto the constant value. For example, if i=3 , then i|CONST=3123456789.

h(z) is a one-way message digest algorithm computed over value z. An exemplary one-way message digest algorithm is SHA-256 , as is known to those skilled in the art.

AES(a,b) is a symmetric encryption algorithm such as the Advanced Encryption Standard, as is known to those of skill in the art, using (key a) for the purpose of producing encrypted value, given (plaintext value b).

A purpose of this method is to generate a sequence of random-appearing values xi, Each token uses the same method to generate the sequence x1, x2, x3, . . . ; however, each token has a different secret key. For example, another token may use secret key, k′, and this second token generates the following value xi in the ith time period: h(AES(k′,h(i|CONST)))

The token stores each value xi that it generates in its internal storage without revealing each xi to the client, or any other party. The token generates the token code value 113, (also known as ti or OTP) using the following method:

ti=f(h(S|xi),n)

where:

S is the distinguished name of the server 110.

S|xi is the distinguished name of the server 110 concatenated with the value xi (the vertical bar | denotes the concatenation operation)

f(z,n) is a function that extracts the high-order n digits of base-10 value z. For example, f(123456789,2)=12 and f(987654321,5)=98765.

Thus, in time period i, the token generates the current OTP value 113 (also known as ti) using the following method, where it is assumed that the client and server agree on a value of n through an out-of-band means, e.g., a fixed value of n is programmed into the token and the server's algorithm for generating token values.

ti=f(h(S|h(AES(k,h(i|CONST)))),n)

Since the server 110 can determine the same secret key, k 401, and the method for generating ti, the server 110 also can determine how to calculate each ti. Since, for this example, it is assumed that no other party knows the secret key, k 401, no other party can discern ti, except through random guesses.

With reference to FIG. 2, there is shown an exemplary flow diagram illustrating a method for providing security between a client 100 and a server 110 against phishing attacks. In any of the steps described herein, if a validation fails, then the party that notices the failure terminates the protocol immediately and does not proceed to the next step. By way of the method, in c1 the client initiates the protocol by opening an SSL (Secure Socket Layer)(TLS (Transport Layer Security)) session. In step 111, the client 100 provides a user identification code (id) without any accompanying authentication information. In this step, the server 110 can determine the identity of the client 100, but cannot yet authenticate the client 100. With this step, the client 100 does not divulge confidential authentication credential information that could be used by an attacker.

In s1, the server calculates the client's 100 current value of ti, and then computes a commitment value. As used herein, a commitment value is a value used for sending hidden information such that it is verifiable in spite of possible later bias from either the sender or the receiver. With step 112, a commitment value confirms that the server 110 has determined the value that is currently displayed on the client's 100 token. However, at the time of step 112, the commitment value appears to the client 100 as a sequence of random-appearing numbers: and the client 100 cannot understand the full meaning of the commitment value until a later step. In some embodiments, the commitment value can be calculated as follows:

Commitment value in time period i: yi=h(h(S|xi)).

At the time that the client 100 receives the commitment, the client 100 does not have enough information to validate the commitment value. The commitment value provides no information that could be used by an attacker to compromise either the server 110 or the client 100. In addition, an attacker cannot forge a correct commitment value because an attacker does not know k, and therefore cannot calculate xi. In c2, the client 100 stores the encrypted commitment 112.

In step 113, the client 100 sends the current OTP displayed on the token (also known as ti). In some embodiments, then token displays the OTP. The OTP can be calculated as follows:

OTP value=ti=f(h(S|xi),n),

In such a scenario, the OTP has little use to an attacker unless the attacker can determine the second factor associated with the token, i.e., the password (static credential). Although the client 100 reveals important authentication credential information, this information is not directly useful in the case of an attack. If the attacker does not discover the value of the static credential during time period i, then the attacker's discovery of ti has little use.

Upon receipt in s2, the server 110 then validates the OTP by calculating ti, and comparing against the value received in 113. This validation step serves to demonstrate evidence that the client 100 possesses the correct token, but it does not fully authenticate the client 100.

With further reference to FIG. 2, in step 114, the server 110 sends the commitment key (xi 114) to the client 100. By divulging xi, the server 110 provides the client 100 with the ability to generate a token code. Note that, at this step in the process, the server has already received ti and in order to ensure one-time semantics, the server refuses receipt of any other copies of ti, for this present value of i. Since the server already received ti, release of xi over the network yields little potential value to any possible attackers.

In c3, the client 100 uses xi in the following calculations:

z=h(h(S|xi)
w=f(h(S|xi),n)

If z is identical to the encrypted commitment 112, and

w is identical to the token code value ti=OTP 113, sent in step 113

Then the client 100 accepts the commitment key 114. Otherwise, validation fails. That is, if either the check of z, or the check of w, or both checks, fail, then the client 100 stops the authentication mechanism immediately, and does not send the value of step 115. In the calculations of w and z, the client uses the value S extracted from the server's certificate in the current SSL (TLS) session.

In c3, by validating the commitment, the client 100 determines the following:

The remote party knew the value of the OTP 113 before the client sent the OTP 113. Therefore, the remote party knew the unique symmetric key k,

The token produced an OTP 113 which is consistent with a value produced using a method that references distinguished name S.

The current SSL (TLS) session connects with a server which has a certificate with distinguished name S.

This evidence is sufficient for convincing the client to send its static password 115, By using the distinguished name the server's SSL (TLS) certificate, the client obtains evidence that its peer is correct, i.e., not an attacker, or man-in-the-middle.

By way of embodiments of the invention, because the client 100 does not divulge its static password in c4 until after it completely validates the server 110, the client 100 can determine that it is not divulging sensitive information to an attacker when the client sends the static password. Once the server 110 obtains both authentication factors, the server 110 can correctly authenticate the client 100. Therefore, at the conclusion of step 115 in s3 the server receives the static credential. In s4, the server uses this credential to complete the authentication. That is, s4 when coupled with s2 validates both the OTP and the static credential. Considering the fact that the client authenticated the server in c3, at the conclusion of s4, the client and server have mutually authenticated.

In some embodiments, the commitment value algorithm computes the message digest twice. Some embodiments use message digests that include a data hiding property. In some embodiments, a double message digest may be used to enhance security. Exemplary algorithms used can include, for example, Message Digest: SHA-1 , or SHA-256.

In some embodiments, the client 100 can be implemented with client-side code, such as an applet or an ActiveX control. The client-side code can perform the tasks of storing the token value between steps 113 and 115, discussed above. The client-side code can also perform client-side message digests and cryptographic steps, as described above.

In some embodiments, the client 100 obtains the client-side code once, and does not obtain further client-side code unless that code is signed by the correct peer.

In some embodiments, if the server 110 and client 100 are not identically synchronized, the server 110 can send multiple commitment values in the same message: yi−2 yi−1 yi yi+1 yi+2. The client validates successfully if it can validate any of the commitments using the value xi.

In some embodiments, the server 110 can enhance data hiding of the commitment by encrypting the commitment with a symmetric algorithm, such as, for example, 3DES. In such an embodiment, in step 114, as described above, the server 110 sends both xi and a 3DES (Triple Data Encryption Standard) key.

Thus embodiments of the invention provide for systems and methods for providing security against phishing attacks. Advantageously, embodiments of the invention do not limit the entropy of any information communicated over a network. Such a result is contrary to known cryptographic solutions to phishing, which typically limit the entropy of communicated information.

Embodiments of the invention beneficially provide for security by embedding the server's 110 name, or identification, into the algorithm for generating OTP values.

Embodiments of the invention cryptographically tie the SSL (TLS) session to the OTP token, thus comparing the token's embedded server name against the SSL (TLS) certificate's distinguished name.

Thus, embodiments provide security against phishing attacks inventively by splitting the authentication process into multiple steps. First, using a commitment in an OTP authentication, and then, second, sending an OTP value in a step before the password, thereby protecting the most vulnerable portion of the authentication credential (the static password) until the end of the authentication process.

In alternate embodiments, additional steps may be added, certain steps may be excluded, certain steps may be performed multiple times, and/or the steps may be performed in a different order and/or simultaneously.

In certain embodiments of the invention, all of the steps of the method can be performed by a computer, or computing system, as described above. In alternative embodiments, one or more of the steps can be performed manually, by a person.

An exemplary embodiment is presented in FIG. 3. In 610, the server 110 sends a dynamic credential, e.g., OTP 113, to the client 100 via a potentially out-of-band method. As used herein, out-of-band means a transmission method that differs from the remainder of the communications. Examples of out-of-band transmission methods are e-mail, physical mail, and telephone messages. Alternatively, an in-band method can be employed. After receiving the message 610, the client 100 wishes to initiate a connection with the server 110. The client executes the steps as described above with respect to FIG. 2 (albeit with modification 611 as described below), to complete the connection in a manner in which the client 100 knows that it is connecting to the right server, i.e., the client 100 obtains anti-phishing assurance in the connection to the server. The client opens the SSL (TLS) after receiving message 610, but before sending message 111. This assurance helps protect the client 100 from sending its authentication credential (including any static credential 115) to any party other than the authorized server 110.

The mechanism described in FIG. 3 ensures that the client 100 matches the distinguished name in the SSL (TLS) certificate that protects the connection with the server 110, against the distinguished name that cryptographically corresponds to the dynamic credential (OTP) 113. If these distinguished names do not match, then the client 100 terminates the connection before sending the static credential 115. In the case of the method shown in FIG. 1, the client trusts the validity of this particular distinguished name because it relates to an OTP obtained from a trusted source (the client's own token). However, in the case of the method shown in FIG. 3, the client receives the OTP in an e-mail or possibly other untrusted channel. Therefore, the client 100 must execute an extra step to ensure validity of the distinguished name. The information collected for the extra step may occur at any point in the mechanism before c3, or at c3 itself. The decision that uses the extra information occurs at c3 as part of the mechanism to authenticate the server. Examples of this extra step include, but are not limited to, any one or more of the following mechanisms: displaying the distinguished name to the user, and waiting for the user to press and acknowledgement button; comparing the distinguished name against a list of names that reside in a trusted location on the client's machine, outbound proxy, or other location trusted by the client; and executing an algorithm that takes a distinguished name and possibly other sources of input such as the server's SSL (TLS) certificate, and producing a binary validity result as output. This algorithm may include a step of validating the SSL (TLS) certificate to ensure that it has a trusted root. Input into this algorithm may potentially include additional information that the user inputs at a prompt or the machine obtains through an interface. Examples of this additional information include the distinguished name that the user types at a prompt or copies from a mobile data source such as a USB memory stick.

In some embodiments, both credentials can be dynamic. In such embodiments, one of the credentials is protected to a greater extent than the other.

With reference to FIG. 4, in some embodiments, the token may generate the token value through an event based token, as is described in the counter example below. In some embodiments, the static credentials may be encrypted. In some embodiments, the client enters the static credential (password) into a program that never releases the static credential in plaintext form. In 711, the value i represents a counter as opposed to a time period; however the formulas remain unchanged with respect to the formulas described above with reference to FIG. 2. The counter increases upon each use. In 711, the client sends the loginid and the current counter value after opening the SSL (TLS) session (c1). The server validates that the counter value is greater than any that had previously been seen by the server. The client increases the counter value by one in order to prepare for its next use, The server executes s1, and in 712 sends the encrypted commitment. The client executes c2, and then in 713 the client sends the dynamic credential. The server executes s2 and in 714 sends the commitment key. In c3, the client authenticates the server. In 715 c4, the client encrypts i|S concatenated with the static credential (password) using k with encryption algorithm AES. The server decrypts using AES with key, k, and executes s3 and s4. The server validates i, S, and the static credential are as expected.

It is to be understood that the exemplary embodiments are merely illustrative of the invention and that many variations of the above-described embodiments can be devised by one skilled in the art without departing from the scope of the invention. It is therefore intended that all such variations be included within the scope of the following claims and their equivalents.

Claims

1. A method for providing security against phishing attacks during client access of a server, the method comprising: providing from the server, upon initiation of a client-server session by the client, an encrypted commitment;receiving at the server, a dynamic credential from the client, in response to receipt of the encrypted commitment;validating the dynamic credential at the server;upon successful validation, transmitting from the server, a commitment key to the client, the commitment key enabling the client to authenticate the server, wherein the client is prohibited from transmitting a static credential until the client authenticates the server.
2. The method of claim 1, further comprising receiving, from the client, a login ID to initiate the client-server session.
3. The method of claim 2, wherein the login ID is a time-based one time use password accessible to both the server and the client.
4. The method of claim 1, further comprising receiving, at the server the static credential upon authentication of the server by the client and authenticating the client at the server.
5. The method of claim 1, wherein if validation of the dynamic credential is unsuccessful, the server terminates the client-server session.
6. The method of claim 1, wherein client-side code stores the received encrypted commitment and the commitment key.
7. The method of claim 1, wherein the client lacks the ability to check validity of the commitment information until the server receives the dynamic credential.
8. The method of claim 1, further comprising embedding a name of the server into an algorithm for generating the dynamic credential.
9. The method of claim 8, further comprising providing from the server an email to the client containing the dynamic credential prior to initiation of the client-server session.
10. The method of claim 9, further comprising validating the server at the client utilizing the embedded server name.
11. A system for providing security against phishing attacks during client access of a server, the system comprising: a server including a processor programmed and configured to perform the steps of: providing from the server, upon initiation of a client-server session over a network by the client, an encrypted commitment;receiving at the server, a dynamic credential from the client, in response to receipt of the encrypted commitment;validating the dynamic credential at the server;upon successful validation, transmitting from the server, a commitment key to the client, the commitment key enabling the client to authenticate the server, wherein the client is prohibited from transmitting a static credential until the client authenticates the server.
12. The system of claim 11, further comprising receiving, from the client, a login ID to initiate the client-server session.
13. The system of claim 12, wherein the login ID is a time-based one time use password accessible to both the server and the client.
14. The system of claim 11, further comprising receiving, at the server the static credential upon authentication of the server by the client and authenticating the client at the server.
15. The system of claim 11, wherein if validation of the dynamic credential is unsuccessful, the server terminates the client-server session.
16. The system of claim 11, wherein client-side code stores the received encrypted commitment and the commitment key.
17. The system of claim 11, wherein the client lacks the ability to check validity of the commitment information until the server receives the dynamic credential.
18. The system of claim 11, further comprising embedding a name of the server into an algorithm for generating the dynamic credential.
19. The system of claim 18, further comprising providing from the server an email to the client containing the dynamic credential prior to initiation of the client-server session.
20. The system of claim 19, further comprising validating the server at the client utilizing the embedded server name.

RELATED APPLICATIONS

This application is a continuation application of U.S. patent application Ser. No. 14/051,079 filed on Oct. 10, 2013, which is a continuation application of U.S. patent application Ser. No. 11/411,576 filed on Apr. 26, 2006, which in turn claims the benefit of priority under 35 U.S.C. §119(e) to U.S. Provisional Patent Application Serial No. 60/718,503 filed on Sep. 19, 2005, all of which are hereby incorporated in their entirety. This application is a continuation application of U.S. application Ser. No. 11/411,576 , filed Apr. 26, 2006 , which in turn claims the benefit of priority under 35 U.S.C, §119(e) to U.S. Provisional Patent Application No. 60/718,503 , filed Sep. 19, 2005. U.S. application Ser. No. 11/411,576 and U.S. Provisional Patent Application No. 60/718,503 are hereby incorporated by reference herein in their entireties.

US Referenced Citations (649)

Number	Name	Date	Kind
3705385	Batz	Dec 1972	A
3860870	Furuya	Jan 1975	A
3896266	Waterbury	Jul 1975	A
3938091	Atalla et al.	Feb 1976	A
4013962	Beseke et al.	Mar 1977	A
4321672	Braun et al.	Mar 1982	A
4567359	Lockwood	Jan 1986	A
4633397	Macco	Dec 1986	A
4695880	Johnson et al.	Sep 1987	A
4696491	Stenger	Sep 1987	A
4713761	Sharpe et al.	Dec 1987	A
4725719	Oncken et al.	Feb 1988	A
4745468	Von Kohorn	May 1988	A
4799156	Shavit	Jan 1989	A
4801787	Suzuki	Jan 1989	A
4823264	Deming	Apr 1989	A
4882675	Nichtberger et al.	Nov 1989	A
4926255	Von Kohorn	May 1990	A
4941090	McCarthy	Jul 1990	A
4964043	Galvin	Oct 1990	A
4992940	Dworkin	Feb 1991	A
5016270	Katz	May 1991	A
5050207	Hitchcock	Sep 1991	A
5084816	Boese	Jan 1992	A
5117355	McCarthy	May 1992	A
5157717	Hitchcock	Oct 1992	A
5189606	Burns et al.	Feb 1993	A
5202826	McCarthy	Apr 1993	A
5212792	Gerety et al.	May 1993	A
5233654	Harvey et al.	Aug 1993	A
5235509	Mueller et al.	Aug 1993	A
5241594	Kung	Aug 1993	A
5265033	Vajk	Nov 1993	A
5287268	McCarthy	Feb 1994	A
5297026	Hoffman	Mar 1994	A
5315504	Lembie	May 1994	A
5317683	Hager et al.	May 1994	A
5321841	East et al.	Jun 1994	A
5351186	Bullock	Sep 1994	A
5381332	Wood	Jan 1995	A
5412708	Katz	May 1995	A
5420405	Chasek	May 1995	A
5446740	Yien	Aug 1995	A
5450134	Legate	Sep 1995	A
5450537	Hirai et al.	Sep 1995	A
5465206	Hilt et al.	Nov 1995	A
5467269	Flaten	Nov 1995	A
5473143	Vak	Dec 1995	A
5473732	Change	Dec 1995	A
5479530	Nair et al.	Dec 1995	A
5511117	Zazzera	Apr 1996	A
5513102	Auriemma	Apr 1996	A
5532920	Hartrick	Jul 1996	A
5534855	Shockley et al.	Jul 1996	A
5537314	Kanter	Jul 1996	A
5537473	Saward	Jul 1996	A
5544086	Davies et al.	Aug 1996	A
5551021	Harada	Aug 1996	A
5557334	Legate	Sep 1996	A
5557518	Rosen	Sep 1996	A
5560008	Johnson et al.	Sep 1996	A
5568489	Yien	Oct 1996	A
5570295	Isenberg	Oct 1996	A
5570465	Tsakanikas	Oct 1996	A
5576951	Lockwood	Nov 1996	A
5583778	Wind	Dec 1996	A
5590199	Krajewski et al.	Dec 1996	A
5592378	Cameron	Jan 1997	A
5592553	Guski et al.	Jan 1997	A
5592560	Deaton et al.	Jan 1997	A
5594837	Noyes	Jan 1997	A
5598557	Doner	Jan 1997	A
5602936	Lynn	Feb 1997	A
5603025	Tabb	Feb 1997	A
5604490	Blakely et al.	Feb 1997	A
5606496	D'Agostino	Feb 1997	A
5611052	Dykstra	Mar 1997	A
5621201	Langhans	Apr 1997	A
5621789	McCalmont	Apr 1997	A
5621812	Deaton et al.	Apr 1997	A
5625767	Bartell	Apr 1997	A
5634101	Blau	May 1997	A
5638457	Deaton et al.	Jun 1997	A
5640577	Scarmer	Jun 1997	A
5642419	Rosen	Jun 1997	A
5644493	Motai	Jul 1997	A
5644778	Burks et al.	Jul 1997	A
5649118	Carlisle et al.	Jul 1997	A
5653914	Holmes et al.	Aug 1997	A
5657383	Gerber	Aug 1997	A
5659165	Jennings	Aug 1997	A
5661807	Guski et al.	Aug 1997	A
5664115	Fraser	Sep 1997	A
5666493	Wojcik et al.	Sep 1997	A
5671285	Newman	Sep 1997	A
5675637	Szlam et al.	Oct 1997	A
5675662	Deaton et al.	Oct 1997	A
5677955	Doggett et al.	Oct 1997	A
5678046	Cahill et al.	Oct 1997	A
5682524	Freund	Oct 1997	A
5684870	Maloney	Nov 1997	A
5687322	Deaton et al.	Nov 1997	A
5689100	Carrithers et al.	Nov 1997	A
5692132	Hogan	Nov 1997	A
5699528	Hogan	Dec 1997	A
5703344	Bezy et al.	Dec 1997	A
5706452	Ivanov	Jan 1998	A
5710886	Christensen et al.	Jan 1998	A
5710887	Chelliah	Jan 1998	A
5710889	Clark et al.	Jan 1998	A
5715298	Rogers	Feb 1998	A
5715314	Payne	Feb 1998	A
5715399	Bezos	Feb 1998	A
5715402	Popolo	Feb 1998	A
5715450	Ambrose	Feb 1998	A
5724424	Gifford	Mar 1998	A
5727163	Bezos	Mar 1998	A
5734838	Robinson	Mar 1998	A
5737414	Walker et al.	Apr 1998	A
5740231	Cohn et al.	Apr 1998	A
5754840	Rivette	May 1998	A
5758126	Daniels et al.	May 1998	A
5758328	Giovannoli	May 1998	A
5761288	Gray	Jun 1998	A
5761647	Boushy	Jun 1998	A
5761661	Coussenns	Jun 1998	A
5764789	Pare et al.	Jun 1998	A
5765141	Spector	Jun 1998	A
5765143	Sheldon	Jun 1998	A
5768382	Schnier et al.	Jun 1998	A
5774122	Kojima	Jun 1998	A
5778178	Arunachalam	Jul 1998	A
5781909	Logan et al.	Jul 1998	A
5784562	Diener	Jul 1998	A
5787403	Randle	Jul 1998	A
5787404	Fernandez-Holman	Jul 1998	A
5790650	Dunn	Aug 1998	A
5790785	Klug et al.	Aug 1998	A
5793861	Haigh	Aug 1998	A
5794178	Caid	Aug 1998	A
5794207	Walker	Aug 1998	A
5794259	Kikinis	Aug 1998	A
5796395	De Hond	Aug 1998	A
5797127	Walker et al.	Aug 1998	A
5798508	Walker et al.	Aug 1998	A
5802498	Comesanas	Sep 1998	A
5802502	Gell	Sep 1998	A
5805719	Pare et al.	Sep 1998	A
5815657	Williams et al.	Sep 1998	A
5815665	Teper et al.	Sep 1998	A
5815683	Vogler	Sep 1998	A
5818936	Moshayekhi	Oct 1998	A
5819092	Ferguson	Oct 1998	A
5819285	Damico	Oct 1998	A
5825863	Walker	Oct 1998	A
5825870	Miloslavsky	Oct 1998	A
5826023	Hall et al.	Oct 1998	A
5826241	Stein	Oct 1998	A
5826245	Sandberg-Diment	Oct 1998	A
5826250	Trefler	Oct 1998	A
5828734	Katz	Oct 1998	A
5828751	Walker et al.	Oct 1998	A
5828812	Khan et al.	Oct 1998	A
5828833	Belville et al.	Oct 1998	A
5832211	Blakley, III et al.	Nov 1998	A
5832460	Bednar	Nov 1998	A
5832476	Tada	Nov 1998	A
5835580	Fraser	Nov 1998	A
5835603	Coutts	Nov 1998	A
5838903	Blakely, III et al.	Nov 1998	A
5838906	Doyle	Nov 1998	A
5842178	Giovannoli	Nov 1998	A
5842211	Horadan	Nov 1998	A
5844553	Hao	Dec 1998	A
5845259	West et al.	Dec 1998	A
5845260	Nakano et al.	Dec 1998	A
5847709	Card	Dec 1998	A
5848190	Kleehammer et al.	Dec 1998	A
5848400	Change	Dec 1998	A
5848427	Hyodo	Dec 1998	A
5852812	Reeder	Dec 1998	A
5857079	Claus et al.	Jan 1999	A
5862223	Walker	Jan 1999	A
5862323	Blakely, III et al.	Jan 1999	A
5864830	Armetta et al.	Jan 1999	A
5864871	Kitain et al.	Jan 1999	A
RE36116	McCarthy	Feb 1999	E
5866889	Weiss et al.	Feb 1999	A
5870718	Spector	Feb 1999	A
5870725	Belinger et al.	Feb 1999	A
5871398	Schneier et al.	Feb 1999	A
5873072	Kight	Feb 1999	A
5873096	Lim	Feb 1999	A
5880769	Nemirofsky	Mar 1999	A
5884032	Bateman	Mar 1999	A
5884270	Walker et al.	Mar 1999	A
5884272	Walker et al.	Mar 1999	A
5884274	Walker et al.	Mar 1999	A
5884288	Change	Mar 1999	A
5889863	Weber	Mar 1999	A
5892900	Ginter et al.	Apr 1999	A
5898780	Liu et al.	Apr 1999	A
5899982	Randle	May 1999	A
5903881	Schrader	May 1999	A
5909486	Walker et al.	Jun 1999	A
5910988	Ballard	Jun 1999	A
5913202	Motoyama	Jun 1999	A
5914472	Foladare et al.	Jun 1999	A
5915244	Jack et al.	Jun 1999	A
5918214	Perkowski	Jun 1999	A
5918217	Maggioncalda	Jun 1999	A
5918239	Allen et al.	Jun 1999	A
5920847	Kolling et al.	Jul 1999	A
5921864	Walker et al.	Jul 1999	A
5923763	Walker et al.	Jul 1999	A
5926796	Walker et al.	Jul 1999	A
5926812	Hilsenrath	Jul 1999	A
5930764	Melchione	Jul 1999	A
5933816	Zeanah	Aug 1999	A
5933817	Hucal	Aug 1999	A
5933823	Cullen	Aug 1999	A
5933827	Cole	Aug 1999	A
5940812	Tengel et al.	Aug 1999	A
5943656	Crooks	Aug 1999	A
5944824	He	Aug 1999	A
5945653	Walker et al.	Aug 1999	A
5946388	Walker et al.	Aug 1999	A
5947747	Walker et al.	Sep 1999	A
5949044	Walker et al.	Sep 1999	A
5949875	Walker et al.	Sep 1999	A
5950173	Perkowski	Sep 1999	A
5950174	Brendzel	Sep 1999	A
5950206	Krause	Sep 1999	A
5952639	Ohki	Sep 1999	A
5952641	Korshun	Sep 1999	A
5953710	Fleming	Sep 1999	A
5956695	Carrithers et al.	Sep 1999	A
5958007	Lee et al.	Sep 1999	A
5960411	Hartman et al.	Sep 1999	A
5961593	Gabber et al.	Oct 1999	A
5963635	Szlam et al.	Oct 1999	A
5963925	Kolling et al.	Oct 1999	A
5963952	Smith	Oct 1999	A
5963953	Cram et al.	Oct 1999	A
5966695	Melchione et al.	Oct 1999	A
5966699	Zandi	Oct 1999	A
5967896	Jorasch et al.	Oct 1999	A
5969318	Mackenthun	Oct 1999	A
5970143	Schneier et al.	Oct 1999	A
5970470	Walker et al.	Oct 1999	A
5970478	Walker et al.	Oct 1999	A
5970482	Pham	Oct 1999	A
5970483	Evans	Oct 1999	A
5978467	Walker et al.	Nov 1999	A
5983196	Wendkos	Nov 1999	A
5987434	Libman	Nov 1999	A
5987454	Hobbs	Nov 1999	A
5987498	Athing et al.	Nov 1999	A
5991736	Ferguson et al.	Nov 1999	A
5991738	Ogram	Nov 1999	A
5991748	Taskett	Nov 1999	A
5991751	Rivette et al.	Nov 1999	A
5991780	Rivette	Nov 1999	A
5995948	Whitford	Nov 1999	A
5995976	Walker et al.	Nov 1999	A
5999596	Walker et al.	Dec 1999	A
5999907	Donner	Dec 1999	A
5999971	Buckland	Dec 1999	A
6000033	Kelly et al.	Dec 1999	A
6001016	Walker et al.	Dec 1999	A
6003762	Hayashida	Dec 1999	A
6005939	Fortenberry et al.	Dec 1999	A
6006205	Loeb et al.	Dec 1999	A
6006249	Leong	Dec 1999	A
6009415	Shurling et al.	Dec 1999	A
6009442	Chen et al.	Dec 1999	A
6010404	Walker et al.	Jan 2000	A
6012088	Li et al.	Jan 2000	A
6012983	Walker et al.	Jan 2000	A
6014439	Walker et al.	Jan 2000	A
6014635	Harris et al.	Jan 2000	A
6014636	Reeder	Jan 2000	A
6014638	Burge et al.	Jan 2000	A
6014641	Loeb et al.	Jan 2000	A
6014645	Cunningham	Jan 2000	A
6016476	Maes et al.	Jan 2000	A
6016810	Ravenscroft	Jan 2000	A
6018714	Risen, Jr.	Jan 2000	A
6018718	Walker et al.	Jan 2000	A
6024640	Walker et al.	Feb 2000	A
6026398	Brown et al.	Feb 2000	A
6026429	Jones et al.	Feb 2000	A
6032134	Weissman	Feb 2000	A
6032147	Williams et al.	Feb 2000	A
6038547	Casto	Mar 2000	A
6038552	Fleischl et al.	Mar 2000	A
6042006	Van Tilburg et al.	Mar 2000	A
6044362	Neely	Mar 2000	A
6045039	Stinson et al.	Apr 2000	A
6049778	Walker et al.	Apr 2000	A
6049782	Gottesman et al.	Apr 2000	A
6049835	Gagnon	Apr 2000	A
6055637	Hudson et al.	Apr 2000	A
6061665	Bahreman	May 2000	A
6064987	Walker et al.	May 2000	A
6065120	Laursen et al.	May 2000	A
6065675	Teicher	May 2000	A
6067531	Hoyt et al.	May 2000	A
6070147	Harms et al.	May 2000	A
6070153	Simpson	May 2000	A
6070244	Orchier et al.	May 2000	A
6073105	Sutcliffe et al.	Jun 2000	A
6073113	Guinan	Jun 2000	A
6075519	Okatani et al.	Jun 2000	A
6076072	Libman	Jun 2000	A
6081790	Rosen	Jun 2000	A
6081810	Rosenzweig et al.	Jun 2000	A
6081900	Subramaniam et al.	Jun 2000	A
6085168	Mori et al.	Jul 2000	A
6088444	Walker et al.	Jul 2000	A
6088451	He et al.	Jul 2000	A
6088683	Jalili	Jul 2000	A
6088686	Walker et al.	Jul 2000	A
6088700	Larsen et al.	Jul 2000	A
6091817	Bertina et al.	Jul 2000	A
6092192	Kanevsky et al.	Jul 2000	A
6092196	Reiche	Jul 2000	A
6095412	Bertina et al.	Aug 2000	A
6098070	Maxwell	Aug 2000	A
6101486	Roberts et al.	Aug 2000	A
6104716	Crichton et al.	Aug 2000	A
6105012	Chang et al.	Aug 2000	A
6105865	Hardesty	Aug 2000	A
6111858	Greaves et al.	Aug 2000	A
6112181	Shear et al.	Aug 2000	A
6115642	Brown et al.	Sep 2000	A
6115690	Wong	Sep 2000	A
6119093	Walker et al.	Sep 2000	A
6119099	Walker et al.	Sep 2000	A
6128599	Walker et al.	Oct 2000	A
6128602	Northington et al.	Oct 2000	A
6131810	Weiss et al.	Oct 2000	A
6134549	Regnier et al.	Oct 2000	A
6134592	Montulli	Oct 2000	A
6135349	Zirkel	Oct 2000	A
6138106	Walker et al.	Oct 2000	A
6138118	Koppstein et al.	Oct 2000	A
6141651	Riley et al.	Oct 2000	A
6141666	Tobin	Oct 2000	A
6144946	Iwamura	Nov 2000	A
6144948	Walker et al.	Nov 2000	A
6145086	Bellemore et al.	Nov 2000	A
6148293	King	Nov 2000	A
6151584	Papierniak et al.	Nov 2000	A
6154750	Roberge et al.	Nov 2000	A
6154879	Pare et al.	Nov 2000	A
6161113	Mora et al.	Dec 2000	A
6161182	Nadooshan	Dec 2000	A
6164533	Barton	Dec 2000	A
6170011	Macleod Beck et al.	Jan 2001	B1
6178511	Cohen et al.	Jan 2001	B1
6182052	Fulton et al.	Jan 2001	B1
6182142	Win et al.	Jan 2001	B1
6182220	Chen et al.	Jan 2001	B1
6182225	Hagiuda et al.	Jan 2001	B1
6185242	Arthur et al.	Feb 2001	B1
6189029	Fuerst	Feb 2001	B1
6195644	Bowie	Feb 2001	B1
6199077	Inala et al.	Mar 2001	B1
6201948	Cook et al.	Mar 2001	B1
6202005	Mahaffey	Mar 2001	B1
6202054	Lawlor et al.	Mar 2001	B1
6202066	Barkley	Mar 2001	B1
6202151	Musgrave et al.	Mar 2001	B1
6202158	Urano et al.	Mar 2001	B1
6208978	Walker et al.	Mar 2001	B1
6208984	Rosenthan	Mar 2001	B1
6216115	Barrameda et al.	Apr 2001	B1
6219639	Bakis et al.	Apr 2001	B1
6219706	Fan et al.	Apr 2001	B1
6222914	McMullin	Apr 2001	B1
6223168	McGurl et al.	Apr 2001	B1
6226623	Schein et al.	May 2001	B1
6226679	Gupta	May 2001	B1
6226752	Gupta et al.	May 2001	B1
6227447	Campisano	May 2001	B1
6230148	Pare et al.	May 2001	B1
6243688	Kalina	Jun 2001	B1
6243816	Fang et al.	Jun 2001	B1
6253327	Zhang et al.	Jun 2001	B1
6253328	Smith, Jr.	Jun 2001	B1
6256664	Donoho et al.	Jul 2001	B1
6260026	Tomida et al.	Jul 2001	B1
6266648	Baker, III	Jul 2001	B1
6266683	Yehuda et al.	Jul 2001	B1
6267292	Walker et al.	Jul 2001	B1
6269348	Pare et al.	Jul 2001	B1
6275944	Kao et al.	Aug 2001	B1
6289322	Kitchen et al.	Sep 2001	B1
6298330	Gardenswartz et al.	Oct 2001	B1
6298356	Jawahar et al.	Oct 2001	B1
6301567	Leong et al.	Oct 2001	B1
6308273	Goertzel et al.	Oct 2001	B1
6308274	Swift	Oct 2001	B1
6311275	Jin et al.	Oct 2001	B1
6317834	Gennaro et al.	Nov 2001	B1
6317838	Baize	Nov 2001	B1
6324524	Lent et al.	Nov 2001	B1
6327573	Walker et al.	Dec 2001	B1
6327578	Linehan	Dec 2001	B1
6330543	Kepecs	Dec 2001	B1
6332192	Boroditisky et al.	Dec 2001	B1
6336104	Walker et al.	Jan 2002	B1
6339423	Sampson et al.	Jan 2002	B1
6343279	Bissonette et al.	Jan 2002	B1
6343323	Kalpio et al.	Jan 2002	B1
6345261	Feidelson	Feb 2002	B1
6349242	Mahaffey	Feb 2002	B2
6349336	Sit et al.	Feb 2002	B1
6363381	Lee et al.	Mar 2002	B1
6366682	Hoffman et al.	Apr 2002	B1
6381587	Guzelsu	Apr 2002	B1
6385591	Mankoff	May 2002	B1
6385652	Brown et al.	May 2002	B1
6401125	Makarios et al.	Jun 2002	B1
6401211	Brezak, Jr. et al.	Jun 2002	B1
6408389	Grawrock et al.	Jun 2002	B2
6411933	Maes et al.	Jun 2002	B1
6418457	Schmidt et al.	Jul 2002	B1
6438594	Bowman-Amuah	Aug 2002	B1
6438666	Cassagnol et al.	Aug 2002	B2
6446053	Elliott	Sep 2002	B1
6449765	Ballard	Sep 2002	B1
6453353	Win et al.	Sep 2002	B1
6460141	Olden	Oct 2002	B1
6470357	Garcia, Jr. et al.	Oct 2002	B1
6484149	Jammes	Nov 2002	B1
6487641	Cusson et al.	Nov 2002	B1
6490601	Markus et al.	Dec 2002	B1
6493677	Von Rosen et al.	Dec 2002	B1
6493685	Ensel et al.	Dec 2002	B1
6496855	Hunt et al.	Dec 2002	B1
6496936	French et al.	Dec 2002	B1
6498657	Kuntz et al.	Dec 2002	B1
6507912	Matyas et al.	Jan 2003	B1
6510523	Perlman et al.	Jan 2003	B1
6519763	Kaufer et al.	Feb 2003	B1
6526404	Slater et al.	Feb 2003	B1
6532284	Walker et al.	Mar 2003	B2
6535855	Cahill et al.	Mar 2003	B1
6535917	Zamanzadeh et al.	Mar 2003	B1
6535980	Kumar et al.	Mar 2003	B1
6539424	Dutta	Mar 2003	B1
6557039	Leong et al.	Apr 2003	B1
6574348	Venkatesan et al.	Jun 2003	B1
6580814	Ittycheriah et al.	Jun 2003	B1
6581040	Wright et al.	Jun 2003	B1
6584505	Howard et al.	Jun 2003	B1
6584508	Epstein et al.	Jun 2003	B1
6589291	Boag et al.	Jul 2003	B1
6592044	Wong et al.	Jul 2003	B1
6609106	Robertson	Aug 2003	B1
6609113	O'Leary et al.	Aug 2003	B1
6609125	Layne et al.	Aug 2003	B1
6609198	Wood et al.	Aug 2003	B1
6609654	Anderson et al.	Aug 2003	B1
6618579	Smith et al.	Sep 2003	B1
6618806	Brown et al.	Sep 2003	B1
6623415	Gates et al.	Sep 2003	B2
6640302	Subramaniam et al.	Oct 2003	B1
6668322	Wood et al.	Dec 2003	B1
6671818	Mikurak	Dec 2003	B1
6675261	Shandony	Jan 2004	B2
6684248	Janacek et al.	Jan 2004	B1
6684384	Bickerton et al.	Jan 2004	B1
6687222	Albert et al.	Feb 2004	B1
6687245	Fangman et al.	Feb 2004	B2
6697947	Matyas, Jr. et al.	Feb 2004	B1
6714987	Amin et al.	Mar 2004	B1
6718482	Sato et al.	Apr 2004	B2
6718535	Underwood	Apr 2004	B1
6725269	Megiddo	Apr 2004	B1
6735695	Gopalakrishnan et al.	May 2004	B1
6738779	Shapira	May 2004	B1
6751654	Massarani et al.	Jun 2004	B2
6754833	Black et al.	Jun 2004	B1
6755341	Wong et al.	Jun 2004	B1
6763388	Tsimelzon	Jul 2004	B1
6766370	Glommen et al.	Jul 2004	B2
6769605	Magness	Aug 2004	B1
6772146	Khemlani et al.	Aug 2004	B2
6785810	Lirov et al.	Aug 2004	B1
6789115	Singer et al.	Sep 2004	B1
6792572	Frohlick	Sep 2004	B1
6805288	Routhenstein et al.	Oct 2004	B2
6810395	Bharat	Oct 2004	B1
6819219	Bolle et al.	Nov 2004	B1
6820202	Wheeler et al.	Nov 2004	B1
6826696	Chawla et al.	Nov 2004	B1
6832202	Schuyler et al.	Dec 2004	B1
6832587	Wampula et al.	Dec 2004	B2
6847991	Kurapati	Jan 2005	B1
6856970	Campbell et al.	Feb 2005	B1
6868391	Hultgren	Mar 2005	B1
6892231	Jager	May 2005	B2
6907566	McElfresh et al.	Jun 2005	B1
6925481	Singhal et al.	Aug 2005	B2
6934848	King et al.	Aug 2005	B1
6937976	Apte	Aug 2005	B2
6938158	Azuma	Aug 2005	B2
6950936	Subramaniam et al.	Sep 2005	B2
6954932	Nakamura et al.	Oct 2005	B2
6957337	Chainer et al.	Oct 2005	B1
6965939	Cuomo et al.	Nov 2005	B2
6976164	King et al.	Dec 2005	B1
6980962	Arganbright et al.	Dec 2005	B1
6983421	Lahti et al.	Jan 2006	B1
6992786	Breding et al.	Jan 2006	B1
7006983	Packes et al.	Feb 2006	B1
7010512	Gillin et al.	Mar 2006	B1
7020696	Perry et al.	Mar 2006	B1
7032110	Su et al.	Apr 2006	B1
7051199	Berson et al.	May 2006	B1
7051330	Kaler et al.	May 2006	B1
7058817	Ellmore	Jun 2006	B1
7069438	Balabine et al.	Jun 2006	B2
7076453	Jammes et al.	Jul 2006	B2
7080036	Drummond et al.	Jul 2006	B1
7089203	Crookshanks	Aug 2006	B1
7089208	Levchin et al.	Aug 2006	B1
7089503	Bloomquist et al.	Aug 2006	B1
7093020	McCarty et al.	Aug 2006	B1
7093282	Hillhouse	Aug 2006	B2
7103556	Del Rey et al.	Sep 2006	B2
7117239	Hansen	Oct 2006	B1
7124101	Mikurak	Oct 2006	B1
7134075	Hind	Nov 2006	B2
7137006	Grandcolas et al.	Nov 2006	B1
7139686	Critz	Nov 2006	B1
7185094	Marquette et al.	Feb 2007	B2
7188181	Squier et al.	Mar 2007	B1
7197470	Arnett	Mar 2007	B1
7203909	Horvitz et al.	Apr 2007	B1
7299201	Jammes	Nov 2007	B2
7321864	Gendler	Jan 2008	B1
7370011	Bennett	May 2008	B2
7370350	Salowey	May 2008	B1
7398550	Zick et al.	Jul 2008	B2
7475252	Jeffries et al.	Jan 2009	B2
8583926	Benson	Nov 2013	B1
20010011255	Asay et al.	Aug 2001	A1
20010012974	Mahaffey	Aug 2001	A1
20010016835	Hansmann et al.	Aug 2001	A1
20010027474	Nachman et al.	Oct 2001	A1
20010029464	Schweitzer	Oct 2001	A1
20010032184	Tenembaum	Oct 2001	A1
20010047295	Tenembaum	Nov 2001	A1
20010051917	Bissonette et al.	Dec 2001	A1
20010054003	Chien et al.	Dec 2001	A1
20010054059	Marks et al.	Dec 2001	A1
20020002479	Almog et al.	Jan 2002	A1
20020007313	Mai et al.	Jan 2002	A1
20020007460	Azuma	Jan 2002	A1
20020010599	Levison	Jan 2002	A1
20020010668	Travis et al.	Jan 2002	A1
20020018585	Kim	Feb 2002	A1
20020019938	Aarons	Feb 2002	A1
20020023108	Daswani et al.	Feb 2002	A1
20020029269	McCarty et al.	Mar 2002	A1
20020032613	Buettgenbach et al.	Mar 2002	A1
20020032650	Hauser et al.	Mar 2002	A1
20020059141	Davies et al.	May 2002	A1
20020069172	Omshehe et al.	Jun 2002	A1
20020077964	Brody et al.	Jun 2002	A1
20020077978	O'Leary et al.	Jun 2002	A1
20020087447	McDonald et al.	Jul 2002	A1
20020087471	Ganesan et al.	Jul 2002	A1
20020095443	Kovack	Jul 2002	A1
20020099826	Summers et al.	Jul 2002	A1
20020099936	Kou et al.	Jul 2002	A1
20020104006	Boate et al.	Aug 2002	A1
20020104017	Stefan	Aug 2002	A1
20020107788	Cunnhingham	Aug 2002	A1
20020143874	Marquette et al.	Oct 2002	A1
20020152163	Bezos et al.	Oct 2002	A1
20020156900	Marquette et al.	Oct 2002	A1
20020165949	Na	Nov 2002	A1
20020174010	Rice, III	Nov 2002	A1
20020178113	Clifford et al.	Nov 2002	A1
20020184507	Makower et al.	Dec 2002	A1
20020188869	Patrick	Dec 2002	A1
20020191548	Ylonen et al.	Dec 2002	A1
20020198806	Blagg et al.	Dec 2002	A1
20030001888	Power	Jan 2003	A1
20030018915	Stoll	Jan 2003	A1
20030023880	Edwards et al.	Jan 2003	A1
20030034388	Routhenstein et al.	Feb 2003	A1
20030037131	Verma	Feb 2003	A1
20030037142	Munger et al.	Feb 2003	A1
20030040995	Daddario et al.	Feb 2003	A1
20030041165	Spencer et al.	Feb 2003	A1
20030046587	Bheemarasetti et al.	Mar 2003	A1
20030046589	Gregg	Mar 2003	A1
20030051026	Carter et al.	Mar 2003	A1
20030055871	Roses	Mar 2003	A1
20030070069	Belapurkar et al.	Apr 2003	A1
20030070084	Satomaa et al.	Apr 2003	A1
20030074580	Knouse et al.	Apr 2003	A1
20030079147	Hsieh et al.	Apr 2003	A1
20030084345	Bjornestad et al.	May 2003	A1
20030084647	Smith et al.	May 2003	A1
20030088552	Bennett et al.	May 2003	A1
20030093678	Bowe et al.	May 2003	A1
20030105981	Miller et al.	Jun 2003	A1
20030110399	Rail	Jun 2003	A1
20030115160	Nowlin et al.	Jun 2003	A1
20030119642	Gates et al.	Jun 2003	A1
20030149594	Beazley et al.	Aug 2003	A1
20030149874	Balfanz et al.	Aug 2003	A1
20030154171	Karp et al.	Aug 2003	A1
20030154403	Keinsley et al.	Aug 2003	A1
20030159072	Bellinger et al.	Aug 2003	A1
20030163700	Paatero	Aug 2003	A1
20030163733	Barriga-Caceres et al.	Aug 2003	A1
20030163739	Armington et al.	Aug 2003	A1
20030167229	Ludwig et al.	Sep 2003	A1
20030177067	Cowell et al.	Sep 2003	A1
20030191549	Otsuka et al.	Oct 2003	A1
20030204460	Robinson et al.	Oct 2003	A1
20030225688	Dobbins	Dec 2003	A1
20040031856	Atsmon et al.	Feb 2004	A1
20040049702	Subramaniam et al.	Mar 2004	A1
20040117409	Scahill et al.	Jun 2004	A1
20040153378	Perkowski	Aug 2004	A1
20040215514	Quinlan	Oct 2004	A1
20040254991	Malik et al.	Dec 2004	A1
20050080747	Anderson et al.	Apr 2005	A1
20050082362	Anderson et al.	Apr 2005	A1
20050086160	Wong et al.	Apr 2005	A1
20050086177	Anderson et al.	Apr 2005	A1
20050091126	Junger	Apr 2005	A1
20050120180	Schornbach et al.	Jun 2005	A1
20050193056	Schaefer et al.	Sep 2005	A1
20050278641	Mansour et al.	Dec 2005	A1
20060029261	Hoffman et al.	Feb 2006	A1
20060116949	Wehunt et al.	Jun 2006	A1
20060274970	Seki et al.	Dec 2006	A1
20070067828	Bychkov	Mar 2007	A1
20110231650	Coulier	Sep 2011	A1

Foreign Referenced Citations (23)

Number	Date	Country
2439549	Jun 2002	CA
19731293	Jan 1999	DE
855659	Jul 1998	EP
884877	Dec 1998	EP
917119	May 1999	EP
1014318	Jun 2000	EP
1022664	Jul 2000	EP
1056043	Nov 2000	EP
1089516	Apr 2001	EP
10187467	Jul 1998	JP
2003-24329	Nov 2000	JP
2001-134672	May 2001	JP
2005-242976	Sep 2005	JP
9743736	Nov 1997	WO
9940507	Aug 1999	WO
9952051	Oct 1999	WO
0068858	Nov 2000	WO
0118656	Mar 2001	WO
0135355	May 2001	WO
0143084	Jun 2001	WO
0188659	Nov 2001	WO
0217082	Feb 2002	WO
2004079603	Sep 2004	WO

Non-Patent Literature Citations (87)

Entry
Philip Carden, The New Face of Single Sign-On, Network Computing (Mar. 22, 1999), http://www.networkcomputing.com/1006/1006f1.html.
Primavera Systems Delivers Expedition Express, Bus. Wire, Feb. 23, 1999.
Primavera Systems, Inc., Expedition Contract Control Software Version 6.0 User's Guide (1998).
Primavera Systems, Inc., http://www.primavera.com (1999).
Primavera Systems, Inc., Primavera and PurchasePro.com to Create E-Commerce Marketplace for Construction Industry, Sep. 21, 1999, available at http://web.archive.org/web/2000412175935/http://www.purchasepro.com (last visited Jun. 23, 2005).
Product Data Integration Technologies, Inc., http://www.pdit.com (last visited Apr. 26, 1999).
Richard Mitchell, Netlink Goes After an Unbanked Niche, Card Tech., Sep. 1999, at 22.
Robert Barnham, Network brings together producers and companies, Feb. 1, 1994, at 80.
Roberta Fusaro, Builders moving to Web tools, ComputerWorld, Nov. 16, 1998, at 51.
Robyn Meredith, Internet bank moves closer to virtual reality, USA Today, May 5, 1995, at B1.
Safe Single-Sign-On Protocol with Minimal Password Exposure No-Decryption, and Technology-Adaptivity, IBM Technical Disclosure Bulleting 38:3, pp. 245-248 (Mar. 1995).
Server/Applet/HTML Authentication Process with Single Sign-On, IBM Research Disclosure 429128, pp. 163-165 (Jan. 2000).
Shimon-Craig Van Collie, Construction Loan Tool from PriMerit, New Trend, Bank Mgmt., Apr. 1990, at 60.
Siebel Systems, Inc., http://www.siebel.com (last visited Nov. 17, 1999).
SmartAxis bv, http://www.smartaxis.co.uk/seller/howitworks.html (last visited Feb. 23, 2001).
Steven Marlin, Chasing document management, Inform, pp. 76-82 (Apr. 1999).
Stuart J. Johnston, Pondering Passport: Do you trust microsoft with you data?, PC World, Sep. 24, 2001.
Sun Microsystems, Applets, http://java.sun.com (last visited May 21, 1999).
Sun Microsystems, JAVA Remote Method Invocation Interface, http://java.sun.com (last visited May 21, 1999).
Sun Microsystems, JAVA Servlet API, http://java.sun.com (last visited May 21, 1999).
Sun Microsystems, JAVA Technology in the Real World, http://java.sun.com (last visited May 21, 1999).
Sun Microsystems, JNDI Overview, http://java.sun.com (last visited May 21, 1999).
Sun Microsystems, Staying in Touch with JNDI, http://java.sun.com (last visited May 21, 1999).
Sun Microsystems, The JDBC Data Access API, http://java.sun.com (last visited May 21, 1999).
Temporary Global Passwords, IBM Technical Disclosure Bulletin 26:3, pp. 451-453 (Mar. 1993).
The check is in the E-mail, Info. Today, Mar. 1, 1995, at 43.
ThomasNet, Inc., http://www.thomasnet.com (last visited Apr. 26, 1999).
ThomasNet, Inc., SoluSource for Engineers by Engineers, http://www.solusource.com (last visited Apr. 26, 1999).
Timothy M. Chester, Cross-Platform Integration with XML and SOAP, IP Pro, pp. 26-34 (Sep./Oct. 2001).
Tom Jepsen, SOAP Cleans up Interoperability Problems on the Web, IT Pro, pp. 52-55 (Jan./Feb. 2001).
Tomas Hernandez Jr., Software Solutions, Building Design & Construction, Nov. 1999, at 38.
U.S. Small Business Administration, PRO-Net, www.sba.gov (last visited Jun. 8, 1999).
V. Ryan et al, Internet Engineering Task Force, Schema for Representing CORBA Objects in an LDAP Directory (work in progress), http://tools.ietf.org/html/draft-ryan-corba-schema-00 (Apr. 15, 1999).
Vanessa Houlder, OFT gives the individual top priority, Fin. Times, Jun. 8, 1994.
VISA International, Consortium Created to Manage Common Electronic Purse Specifications, http://www.visa.com/av/news/PRmisc051199.vhtml (last visited Feb. 23, 2001).
W. Richard Mosig Jr., Software Review: The Construction Project Manager, Cost Engineering, Jan. 1996, at 7.
Wingspan Bank, At Your Request, http://www.wingspanbank.com (last visited Aug. 10, 1999).
ABC News Internet Ventures, Getting Smart with Java, http://abcnews.go.com/sections/DailyNews/amex—java000606.html (last visited Jun. 6, 2000).
Amy Cortese et al, Cyberspace: Crafting software that will let you build a business out there, Bus. Week, Feb. 27, 1995 at 78.
Amy K. Larsen, Internet Goes to Work for Builders, InternetWeek, Nov. 16, 1998, at 26.
Anne Knowles, Improved Internet security enabling on-line commerce, PC Week, Mar. 20, 1995.
Anne Thomas, Sun Microsystems, Enterprise Javabeans Technology, http://java.sun.com (last visited May 21, 1999).
Associates National Bank (Delaware), Our Cards, http://www.theassociates.com (last visited Apr. 6, 1999).
Aversion Therapy: Banks overcoming fear of the 'Net to develop safe Internet-based payment system with Netscape Communicator, Network World, Dec. 12, 1994.
Barry D. Bowen, Sun Microsystems, Banking on JAVA Technology, http://java.sun.com (last visited May 21, 1999).
Bechtel Construction Operations Incorporated Standardizes on Primavera's Expedition Contract Management Software, Bus. Wire, Jul. 27, 1999.
Calyx Software, POINT for Windows Version 3.x Interface Marketing Guide (Dec. 8, 1999).
David Bank, Cash, Check, Charge—what's next?, Seattle Times, Mar. 6, 1995, at D-1.
David D. Owen, Facilities Planning and Relocation 108, 110, 112-114, 117-127, 137-138, 199-217, 241, 359 (R.S. Means Company, Inc. 1993).
David G. Cotts, The Facility Management Handbook 135-40 (2d ed. 1998).
David P. Kormann et al, Risks of the Passport Single Signon Protocol, 33 Computer Networks 51-58 (2000).
David Post, E-Cash: Can't Live With It, Can't Live Without It, Am. Lawyer, Mar. 1995, at 116.
Dominique Deckmyn, San Francisco Manages $45M Project via Web-Based Service, ComputerWorld, Aug. 9, 1999, at 14.
Don Clark, Microsoft, Visa to Jointly Develop PC Electronic-Shopping Software, Wall St. J., Nov. 9, 1994, at B9.
eCharge Corporation, http://www.echarge.com/company/index.htm (last visited Dec. 3, 1999).
FreeMarkets Online, Inc., http://www.freemarkets.com (last visited Apr. 1999).
G&D America's Multi-application Smart Card Selected for Combined Payroll and ‘Virtual Banking’ Program in Mexico, Bus. Wire, Apr. 24, 1998.
GE TPN Post Service Use Guidelines, Getting Started (Apr. 26, 1999).
GE TPN Post Service Use Guidelines, Resource Center (Apr. 26, 1999).
Gerry Vandenengel, Cards on the Internet: Advertising on a $3 Bill, World Card Tech., Feb. 1995, at 46.
Harris InfoSource, http://www.harrisinfo.com (last visited Apr. 26, 1999).
Hewlett-Packard Co., Understanding Product Data Management (Apr. 26, 1999).
Jeffrey Kutler, A different drummer on the data highway, Am. Banker, May 12, 1995, at 14.
Jeffrey Kutler, Cash Card Creator Looking Beyond Mondex, Am. Banker, Feb. 9, 1995, at 16.
John N. Frank, Beyond direct mail, CreditCard Mgmt., Aug. 1996, at 54.
Jonathan Berry et al, Database: A Potent New Tool for Selling, Bus. Week, Sep. 5, 1994, at 56.
Karen Epper, A player goes after big bucks in cyberspace, Am. Banker, May 5, 1995, at 17.
Keith Brown, The Builder's Revolution, BuildNet Publishing (1996).
Kennedy Maiz, Fannie Mae on the Web, Newsbyte, May 8, 1995.
Kim A. Strassel, Dutch Software Concern Experiments with Electronic ‘Cash’ in Cyberspace, Wall St. J., Apr. 17, 1995, at B6.
Ko Fujimura et al, A World Wide Supermarket Scheme Using Trading Rights System, Proc. 7th Int'l Conf. on Parallel and Distributed Systems: Workshops, pp. 289-294 (Jul. 2000).
Ko Fujimura et al, XML Voucher: Generic Voucher Language, Internet Engineering Task Force, http://www.ietf.org/proceedings/03mar/I-D/draft-ietf-trade-voucher-lang-05.txt (Feb. 2003).
Lester D. Taylor, Telecommunications Demand Analysis in Transition, IEEE Proc. 31st Int'l Conf. on System Sciences, pp. 409-415 (1998).
Lynda Radosevich, Is workflow working?, CNN.com (Apr. 6, 1999), http://www.cnn.com/TECH/computing/9904/06/workflow.ent.idg.
M. Alshawi et al, An IFC Web-Based Collaborative Construction Computer Environment: Wisper, Proc. Int'l Conf. Construction IT (1999).
Markus Jakobsson et al, Secure and lightweight advertising on the Web, 31 Computer Networks 1101-1109 (1999).
Marvin Sirbu et al, NetBill: An Internet Commerce System Optimized for Network Delivered Services, IEEE Personal Comm., pp. 34-39 (Aug. 1995).
Mary C. Lacity et al, The Information Outsourcing Bandwagon, 35 Sloan Mgmt. Rev. 73 (1993).
Method of Protecting Data on a Personal Computer, IBM Technical Disclosure Bulletin 26:6, p. 2530 (Nov. 1985).
Muse Teohnologies, Inc., http://www.musetechnologies.com (last visited Apr. 26, 1999).
Nelson E. Hastings et al, A Case Study of Authenticated and Secure File Transfer: The Iowa Campaign Finance Reporting System (ICFRS), Performance, Computing and Comm. Conf., pp. 532-538 (Feb. 1997).
Object Management Group, CORBA for Beginners, http://www.omg.org (last visited May 25, 1999).
Object Management Group, CORBA Overview, http://pent21.infosys.tuwein.ac.at (last visited May 25, 1999).
Object Management Group, Library, http://www.omg.org (last visited May 25, 1999).
Object Management Group, What is CORBA?, http://www.omg.org (last visited May 25, 1999).
Omware, Inc., http://web.archive.org/web/20000226033405/www.omware.com/products.html (last visited Nov, 28, 2005).
Paul Seibert, Facilities Planning & Design for Financial Institutions 15, 272, 274-77 (1996).

Related Publications (1)

	Number	Date	Country
	20160261630 A1	Sep 2016	US

Provisional Applications (1)

	Number	Date	Country
	60718503	Sep 2005	US

Continuations (2)

	Number	Date	Country
Parent	14051079	Oct 2013	US
Child	15157515		US
Parent	11411576	Apr 2006	US
Child	14051079		US

System and method for anti-phishing authentication

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

International Classifications

Disclaimer

Abstract