摘要 |
A method of enabling a user to verify a plurality of web-sites using a single one-time information generating algorithm is described. The software comprising the one-time password generating algorithm is provided in a secure form such as part of a sealed authentication device. When the user wishes to authenticate a web-site, they activate the authentication device to trigger the generation of one-time information. The server hosting the web-site is issued with a challenge by authentication application running on the user's terminal and responds with one-time information generated using software issued by an authenticating body which is sent to the client terminal. If the one-time information returned by the server matches the one-time information generated at the client terminal end, the web-site is authenticated and is displayed in a browser application running on the client terminal 32.
|