Method and apparatus for the secure authentication of a web site

摘要

Methods for the authentication of a web site by a visitor to the web site. The visitor uses a device, such as a portable device like a cell phone to compute a dynamic identification string and a one-time password. The dynamic identification string is sent to a service provider, such as a certification service server associated with the web site. In response, the server computes a one-time password that is transmitted to the visitor's device. The device computed one-time password can then be compared to the server computed one-time password in order to authenticate the web site.

主权项

1. A method for authenticating a web site to a user, the method comprising:
(a) with a portable device:
(i) computing a one-time code,(ii) computing a first one-time password having a predetermined relationship to the one-time code,(iii) outputting the one-time code; and (b) with a computer connected to a communications medium and having a browser capable of accessing the web site through the communications medium:
(i) sending the one-time code received from the portable device but not the first one-time password via the communications medium for receipt by a certification server computer associated with the web site, which certification server computer is programmed to use the one-time code: (A) to authenticate the user of the computer, and (B) to compute a second one-time password in the predetermined relationship to the one-time code, and(ii) in response to sending the one-time code, receiving the second one-time password; (c) wherein whether the web site is verified, for access by the browser of the computer, depends on whether the second one-time password matches the first one-time password; and (d) wherein the communications medium includes at least one of the following: the Internet, a data line, or a telephone or telecommunications system.