METHOP FOR AUTHENTICATING A ¹ SVEBSITE

Field of the Invention

The present invention relates to the field of Internet authentication techniques. More particularly, the invention relates to a method by which a user can determine the authenticity of a website he accesses.

Background of the Invention

In the world of today many business transactions are done via the Internet, whether by shopping on-line in websites offering goods and merchandise or by paying bills through a designated website. Furthermore manj ⁷ banks allow their customers to perform money transactions via the bank website which is claimed to be secured. AJl websites involved in. money transactions need some kind of authentication from the customer before approving the transaction as to prevent an impostor to pose as a customer. An electronic request issued from one network unit to another for authentication will be referred to hereinafter as a challenge, while the authenticating or answer to the request will be referred to hereinafter as a response. Some of the authentication techniques involve using a password known by the user and authenticated by the website, which can be used alone or together with a username. Furthermore some of the authentication techniques use two passwords together with a username, or a password together with a credit card number or an ID number or even a key which is installed in a hardware device. The common factor of all the authentication techniques above is the use of input fields supplied by the user (response) on demand of the website (request) for authenticating the user. Therefore many ways have been devised by hackers and internet thieves to copy and steal these input fields, due to the fact that these input fields or passwords are the keys for authentication. Once acquiring the

ineans for authentication, a hacker is able to buy or transfer moaey using the account of the user.

One of the tricks used by computer hackers to copy passwords to bank websites, where the bank is interested in allowing its customers to utilize money transactions, involves impersonation. The computer hacker buys an internet domain name similar to a domain name of a bank, or changes the IP numbers corresponding to a certain domain name to mislead the user into a different website than the authentic website of the bank which he intends to access, where he sets a faked website similar to the real website of the bank. Once a user of the bank enters the faked site, he is led to think that he has entered the correct site of the bank. He is then requested to enter his password and personal details while the hacker system records his username and/or password inputs. Furthermore, the hacker might wait for the user to enter the correct website of the bank and then open another website page on the user's computer, hiding the open bank website, requesting the password while receding the input. At the critical moment, for example, after entering the password, the user is notified of a failure with the Internet connection misleading the user to believe that his password is still safe. After acquiring the password and username of a user, the hacker has the confidential details of the user, and he can log into the real website of the bank and can enter the stolen username and password of the private bank account. Once in a private bank account the hacker can do essentially everything the user is entitled to in the website, such as transfer money from the account or use the personal information for other uses.

US publication 2004/0139152 suggests a system in which a user issues a first request at a website and in response the website issues a challenge to the user. The challenge may be selected among a number of different types

of challenges, and the user must file an appropriate response. This publication solves some of the problems concerning the authentication of the user but does not offer a solution to the problem of authenticating the website for the user and determining that the website is truly what it claims to be.

Other publications which intend to provide authentication of a public website to the user are: PCT/US04/14379, PCT/US05/03686 and US 2004- 0168083 Al.

The use of security "certificates" in the Internet communication is common. A certificate is issued by a third and reliable authority assuring a receiving party that a data content which is associated with the certificate he received is authentic in the sense that it was indeed sent from the person supposedly sending it, and that it was not tampered with on the way from the authentic sending party to the receiving party. The use of a certificate involves the encryption of the data package, optionally attaching to it a public key (or providing the public key to the receiving party beforehand), and enclosing also a signature. The certification authority signature on a certificate allows any tampering with the content associated with the certificate to be easily detected. More particularly, the certification authority signature on a certificate is like a tamper-detection seal on a bottle of pills — any tampering with the content associated with the certificate is easily detected. As long as the certification authority signature on a certificate can be verified, the certificate has integrity. Otherwise, it can be concluded that the certificate and content are not authentic. Since the integrity of a certificate can be determined by verifying the certification authority signature, certificates are inherently secure and can be distributed in a completely public manner.

However, the common use of certificates cannot solve the problem as described above, i.e., enabling a user who accesses a public web site to verify the authenticity of said website before typing and submitting his confidential codes (e.g., usemame and password).

It is an object of the present invention to provide a system which is capable of authenticating a public website for the user.

It is another object of the present invention to provide a public website authentication system that is easy to use b}^ an average user.

It is still another object of the present invention to provide a public λvebsite authentication system that cannot be copied easily and automatically by a computer program.

Other objects and advantages of the invention will become apparent as the description proceeds.

Summary of the Invention

The present invention relates to a method for the authentication of a website to users which conrp rises the steps of: (a) Establishing an agreement between each user and a website owner where each user receives from the website owner at least a first personal client key and the website owner receives from each user at least one personal authenticating website code; (b) Conveying said personal website authenticating code of each user to a certification authority, and producing by said authority a personal certificate containing in an encrypted form said personal authenticating website code and the Domain name of said website; (c) Conveying each of said certificates back to said website, and

storing the certificates in a storage; (d) Upon accessing the website, submitting by the user the first personal client key, and saving the website Domain name as accessed at the user work station for later comparison; (e) Having received said first personal client key, extracting by the website the personal certificate that corresponds to said user, and sending same to the client together with the website home page; (f) Having received the personal certificate at the user station, decrypting the certificate by means of a decrypting key; (g) Comparing the- website Domain name as decπφted from the received certificate with the website Domain name as saved at the user station, and providing identity indication to the user; Qx) Verifying by the user that the personal authentication website code is indeed the one submitted by the user to the website owner at said agreement; (i) Concluding by the. user that the website is indeed authentic only if both (a) said comparison of Domain name indicates identity; and (b) said verification of personal authenticating website code shows identity.

Preferably, said personal authenticating website code is an image.

Preferabfy, said personal authenticating website code is an alphanumeric string.

Preferably, said personal authenticating website code is a combination of an image and an alphanumeric string. ^'

Preferably, said decrypting key is a public key specific to the certification authority.

Preferably, said decrypting kej? is a public key which is given to the user beforehand.

Preferably, said decrypting key is associated with the certificate as sent from the website.

Preferably, the website Domain name, as accessed, which is saved at the user work station is saved within the user browser.

Preferably, the decrypted personal authenticating website code is displayed to the user only upon finding identity in said comparison of Domain name at said user station. .

Preferably, the decrypted personal authenticating website code is displayed to the user in the toolbar portion of his browser.

Preferably, the decrypted personal authenticating website code that is displayed to the user in the toolbar portion of his browser can be enlarged bjr the user for better verification.

Preferably, the decrypted personal authenticating website code is displayed to the user in the content portion of his browser.

Preferably, said first personal client key is a usemame.

Preferably, the user receives a second personal client key from the website, which is submitted if and only if the website is found to be authentic.

Preferably, said second personal client key is a password.

Preferably, upon accessing the website, said first personal client key is submitted by the user to the website within a cookie.

Preferably, the method is embodied within a module which is an integral part of the user browser.

Brief Description of the Drawings

In the drawings:

- Fig. 1 is a block diagram, illustrating a first embodiment of the method of the present invention;

- Fig. 2 is a block diagram illustrating a second embodiment of the method of the present invention;

Figs. 3a and 3b demonstrate an access to a bank site, including a visual verification of the website authenticity, wherein the PAWC is shown in both the browser toolbar and within the body section of the page; and

- Fig. 3c shows the embodiment of Fig. 3b, in which the PAWC is enlarged for better verification.

Detailed Description of Preferred Embodiments

The present invention enables a user to verify that the website he accesses is indeed authentic. Fig. 1 schematically illustrates the essence of the present invention.

At a first preliminary stage 1, the user establishes a confidential agreement with the relevant website, for example; a specific bank website (hereinafter, a bank web-site is assumed), where the user receives 22 at least one personal client key 20 (such as a username, and optionally a password) and the website owner (or operator) receives 23 from the user at least one personal authenticating website code 21 (hereinafter, said personal authenticating website code will also be referred to briefly as PAWC). Such authenticating website code may be, for example, a specific image, preferably confidential, which is familiar to the user, a specific string of characters which is familiar to him, or any such combination of characters and an image familiar to the user.

Having the PAWC, at a second preliminary stage 2 the bank conveys 24 via a secured channel of any type the PAWC (which as said is specific to each user) to a certification authority, which is a third party being publicly known and accepted as reliable. Third party certification authorities ^• are well known in art, for example, Verisign, Digicert, etc.

The certification authority produces a certificate by encrypting 25 the PAWC and the authentic Domain name of the bank, and ^■ forming a certificate being a combined encrypted file 26 (the term "certificate" as used herein refers to a file which contains the PAWC and the website Domain name in an encrypted form). The encrypted file 26 can generally be decrypted by means of a public key specific to the certification authority, which the various users generally have, or can obtain within their browsers, or which may be associated with the said certificate. The certificate file 26 is then conveyed 27 back to the bank (as file 26a), and is stored 28 within storage 29. At this stage the system is ready for operation.

Later on, and during operational stage 3, when the user wishes to access 30 the bank website, he does so in a conventional manner using his browser. For example, in one conventional manner the user types the bank Domain name at his browser, and presses "go". When doing so, the Domain name of the bank as typed and accessed is saved 31 within the browser or at the user's station.

Responsive to accessing 30a to the bank website, the bank returns 32 the bank homepage 33 to the user in a conventional manner. Then, the user types his username and sends 34 to the bank. Responsive to the username 34a, in step 35 the bank site retrieves 36, 36a from said storage ^' 29 the encoded certificate that corresponds to the specific username 34a as typed, and sends 37a said specific certificate 37 to the user.

The certificate 37, (which as said carries the encoded user PAWC and the bank domain name) is decrypted 38 by the user browser in a conventional manner, using the public key of the certification authority (which as said may be within the user browser, or associated with the certificate itself. As previously said, a successful decryption of a certificate means that the certificate is authentic in the sense that it was sent by the entity supposedly sending it, and in the sense that its content is authentic. Said decryption 38 of the certificate 37 results in two separate elements: (a) the authentic user PAWC 39 (for example, said confidential image or string specific to the user as initially agreed); and (b) the authentic bank domain name 40 as decoded.

The decoded PAWC 39 is displayed 43 to the user for verification whether it is indeed the authentic PAWC 21 provided to the bank during the initial agreement. Simultaneously, the bank Domain name 31 as initially saved in the browser is compared 41 with the bank domain name 40 as decoded.

OnIy if both the result conditions of: (a) the user verification 43 of the PAWC and (b) identity between the two, saved bank domain name 31a, and decrypted bank domain name 40 of step 41 are found to be met, the bank site is declared as authentic, and the user can submit his confidential password in step 45. Otherwise, the site is determined to be not authentic, and the user knows that he should not provide his confidential password.

In one embodiment of the invention, the PAWC is displayed to the user in step 43 if and only if identity of domain names is found in step 41. Otherwise, the PAWC is not displayed, and the bank site is designated as faked.

In still another embodiment of the invention shown in Fig. 2, the initial access 30a of step 30 to the web site already includes submission 34 of the username within a cookie. The rest of the procedure is the same as before. The difference is that step 33 of the separate receiving at the user station of the homepage with the prompt for username submission is eliminated. The procedures of double verification, including the bank domain name comparison and the PAWC displajr for the user verification are performed, together with the prompt for password submission in a same stage at the user station.

Figs. 3a-3c demonstrate a secured access to a bank site according to an embodiment of the present invention. In response to the initial access by introducing the domain name (which, as previously said, may be authentic, or faked due to misleading of the user), the home page 202 of Bank-1 is displayed to the user as shown in Fig. 3a, including a request 201 for him to submit his ID, which may be, for example, his user name. After submission of the user ID to the Bank-1 site, another page 203 is

provided from the Bank-1 site to the user, including a PAWC 60 (as in step 43 of Figs. 1 or 2), together with a prompt 206 for the user confidential password submission. The display of PAWC 60 may be, by itself, an indication to the user that the Domain name comparison (i.e., the Bank-1 domain name as t3φed by the user and the Bank-1 domain name as decrypted from the certificate) have been successfully verified as being the same (otherwise, the visual display of the PAWC may not be issued, and an alert for a faked site may be displas^ed by the browser instead). Now, the user can visually verify the authenticity of PAWC 60 (i.e., whether this is indeed the PAWC that was initially given to Bank-1). The request 206 for password submission is associated with an alert 207 to the user to perform the password submission if and only if the displayed PAWC is indeed the same as originally submitted bs^ him to Bank-1. In the embodiment of Fig. 3b and 3c, the PAWC 60 is displayed within the browser toolbar area 61 and within the body section of the page, but this is an option, not a necessity. In still another option shown in Fig. 3c, the user may click on the PAWC image 60 of Fig. 3b, and enlarge it for a better visual verification.

As shown, the present invention provides a procedure which enables a user to reliably verify the authenticity of the website he accesses. The invention includes two means for verification:

(a) the first verification is generally a machine verification between the website Domain name as submitted to the browser, and between the website Domain name as included in the certificate; and

(b) the second verification is generally a visual verification of the PAWC by the user.

A hacker may be able to deceive the user to believe that a faked website is authentic only by succeeding in producing a faked certificate that contains in an encrypted manner: (1) the Domain name of the faked website which must be identical to a link given to the user for access (generally by the hacker, for example within an email sent to him); and (2) a PAWC known to the user which is identical to the confidential PAWC that was given to the website during an initial agreement. Such a task is considered to be extremely hard for performance by a hacker: Firstly because he has to produce a faked certificate which can be opened by the certification authority public key, a task which is known in the art to be extremely hard; and, secondly because the hacker has to obtain a copy the confidential PAWC that the user has initially given to the website owner or operator. Performing by a hacker even a single of said tasks is considered extremely hard, needless to say the performance of said two tasks.

Therefore, the present invention provides extremely secured means for a use]- to verify the authenticity of the website he accesses.

It should be noted that the invention as described above refers to comparison of a "domain, name". As is known in the art, each domain name corresponds to an IP address. Therefore, the invention as described may be similarly carried out bs^ means of comparing the IP address, the domain name, or a combination thereof.

The method of the present invention is preferably formed as an integral part of the user browser.

While some embodiments of the invention have been de ^' scribed by way of illustration, it will be apparent that the invention can be carried into

practice with many modifications, variations and adaptations, and with the use of numerous equivalents or alternative solutions that are within the scope of persons skilled in the art, without departing from the spirit of the invention or exceeding the scope of the claims.