WO2010070456A3 - Method and apparatus for authenticating online transactions using a browser - Google Patents

Method and apparatus for authenticating online transactions using a browser Download PDF

Info

Publication number
WO2010070456A3
WO2010070456A3 PCT/IB2009/007987 IB2009007987W WO2010070456A3 WO 2010070456 A3 WO2010070456 A3 WO 2010070456A3 IB 2009007987 W IB2009007987 W IB 2009007987W WO 2010070456 A3 WO2010070456 A3 WO 2010070456A3
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user browser
user
browser
authenticating
Prior art date
Application number
PCT/IB2009/007987
Other languages
French (fr)
Other versions
WO2010070456A2 (en
Inventor
Paul Lin
Original Assignee
F2Ware Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by F2Ware Inc. filed Critical F2Ware Inc.
Publication of WO2010070456A2 publication Critical patent/WO2010070456A2/en
Publication of WO2010070456A3 publication Critical patent/WO2010070456A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Abstract

A computer-implemented method for authenticating a user using a service provider server and an authentication server, the user communicating with at least one of the service provider server and the authentication server using a user browser. The method includes requesting, using the user browser, the authenticating with the service provider server. The method also includes authenticating, using the user browser, a secure communication channel with the authentication server. The method also includes receiving, using the user browser, a Next Pre- Authentication Anchor (NPAA) value from the authentication server. The method additionally includes temporarily storing the Next Pre- Authentication Anchor (NPAA) value in a user browser cookie associated with the user browser, wherein the Next Pre- Authentication Anchor (NPAA) value is protected by employing Same Origin Policy (SOP).
PCT/IB2009/007987 2008-12-19 2009-12-21 Method and apparatus for authenticating online transactions using a browser WO2010070456A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13852708P 2008-12-19 2008-12-19
US61/138,527 2008-12-19

Publications (2)

Publication Number Publication Date
WO2010070456A2 WO2010070456A2 (en) 2010-06-24
WO2010070456A3 true WO2010070456A3 (en) 2017-04-06

Family

ID=42269164

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2009/007987 WO2010070456A2 (en) 2008-12-19 2009-12-21 Method and apparatus for authenticating online transactions using a browser

Country Status (1)

Country Link
WO (1) WO2010070456A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102332977A (en) * 2010-07-13 2012-01-25 F2威尔股份有限公司 Use ISP's server and certificate server authentication user's method
EP3772832B1 (en) * 2019-08-05 2022-04-06 Mastercard International Incorporated Secure server client interaction

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020138561A1 (en) * 2001-02-16 2002-09-26 Gemini Networks, Inc. System, method, and computer program product for an end-user of an open access network to select a new service provider following a discontinuance of a business relationship between their current service provider and the operator of the open access network
US20040003287A1 (en) * 2002-06-28 2004-01-01 Zissimopoulos Vasileios Bill Method for authenticating kerberos users from common web browsers
US20080040802A1 (en) * 2004-06-14 2008-02-14 Iovation, Inc. Network security and fraud detection system and method
US20080166994A1 (en) * 2007-01-04 2008-07-10 Bernard Ku Methods and apparatus to implement an internet multimedia sub-system (IMS) terminal
US20100095208A1 (en) * 2008-04-15 2010-04-15 White Alexei R Systems and Methods for Remote Tracking and Replay of User Interaction with a Webpage
US7720997B1 (en) * 2001-12-19 2010-05-18 Cisco Technology, Inc. Path selection system
US20110202982A1 (en) * 2007-09-17 2011-08-18 Vidoop, Llc Methods And Systems For Management Of Image-Based Password Accounts
US8065417B1 (en) * 2008-11-17 2011-11-22 Amazon Technologies, Inc. Service provider registration by a content broker
US8074259B1 (en) * 2005-04-28 2011-12-06 Sonicwall, Inc. Authentication mark-up data of multiple local area networks

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020138561A1 (en) * 2001-02-16 2002-09-26 Gemini Networks, Inc. System, method, and computer program product for an end-user of an open access network to select a new service provider following a discontinuance of a business relationship between their current service provider and the operator of the open access network
US7720997B1 (en) * 2001-12-19 2010-05-18 Cisco Technology, Inc. Path selection system
US20040003287A1 (en) * 2002-06-28 2004-01-01 Zissimopoulos Vasileios Bill Method for authenticating kerberos users from common web browsers
US20080040802A1 (en) * 2004-06-14 2008-02-14 Iovation, Inc. Network security and fraud detection system and method
US8074259B1 (en) * 2005-04-28 2011-12-06 Sonicwall, Inc. Authentication mark-up data of multiple local area networks
US20080166994A1 (en) * 2007-01-04 2008-07-10 Bernard Ku Methods and apparatus to implement an internet multimedia sub-system (IMS) terminal
US20110202982A1 (en) * 2007-09-17 2011-08-18 Vidoop, Llc Methods And Systems For Management Of Image-Based Password Accounts
US20100095208A1 (en) * 2008-04-15 2010-04-15 White Alexei R Systems and Methods for Remote Tracking and Replay of User Interaction with a Webpage
US8065417B1 (en) * 2008-11-17 2011-11-22 Amazon Technologies, Inc. Service provider registration by a content broker

Also Published As

Publication number Publication date
WO2010070456A2 (en) 2010-06-24

Similar Documents

Publication Publication Date Title
WO2010060704A3 (en) Method and system for token-based authentication
WO2008016800A3 (en) Method and apparatus for selecting an appropriate authentication method on a client
WO2013067521A3 (en) System and method for increasing security in internet transactions
WO2011043903A3 (en) Network access control
WO2007092366A3 (en) Authentication and verification services for third party vendors using mobile devices
WO2012069263A3 (en) Method for authorizing access to protected content
WO2009115755A3 (en) Authentication method, authentication system, server terminal, client terminal and computer programs therefor
WO2009001197A3 (en) A method of preventing web browser extensions from hijacking user information
WO2009022869A3 (en) Method and apparatus for communication, and method and apparatus for controlling communication
WO2009031056A3 (en) Providing services to a guest device in a personal network
WO2008017015A3 (en) Systems and methods for policy based triggering of client- authentication at directory level granularity
WO2007149775A3 (en) Consumer authentication system and method
WO2009045317A3 (en) Method for authenticating mobile units attached to a femtocell in communication with a secure core network such as an ims
WO2008135848A3 (en) Network multimedia communication using multiple devices
WO2008042871A3 (en) Methods and apparatus for securely signing on to a website via a security website
MY149495A (en) Authenticating an application
WO2005086569A3 (en) System, method and apparatus for electronic authentication
NO20080532L (en) Distributed simple log-on service
WO2008082683A3 (en) Methods and apparatus for implementing a pluggable policy module within a session over internet protocol network
WO2006118829A3 (en) Preventing fraudulent internet account access
WO2007013904A3 (en) Single token multifactor authentication system and method
WO2009102915A3 (en) Systems and methods for secure handling of secure attention sequences
WO2010063091A3 (en) System and methods for online authentication
WO2007143312A8 (en) Proactive credential distribution
WO2009112693A3 (en) Method for authentication and signature of a user in an application service using a mobile telephone as a second factor in addition to and independently from a first factor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09833010

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09833010

Country of ref document: EP

Kind code of ref document: A2