The Internet and the World Wide Web allow users to communicate with software operating at various sites on the Web. The communication may be performed in real time, or via a messaging system such as e-mail. However, it may be helpful to allow one or both of these entities to ensure that the other entity with whom the entity is communicating really is that other entity.
If the web site believes it is communicating with one entity, but it is in fact communicating with a different entity, it may provide access to sensitive information of the entity with which it falsely believes it is communicating. It may cause the transfer of securities, the shipment of products or the delivery of services to the different entity in the name of the entity with which it believes it is communicating. For example, some operators of web sites lose significant amounts of money by shipping products or transferring cash or other securities to thieves who falsely identify themselves to the web site as a registered user.
Many of these thieves trick the users into providing confidential information that the thief can use to identify herself as a registered user, by appearing to the user as if a web site operated by the thief is in fact a web site with which the user has registered or by sending the user an e-mail message containing information or a link that can cause the user to provide confidential information to the thief, or both. For example, a thief may send out a batch of e-mails inviting the user to log on to paypal.com with a link to the web site paypai.com, hoping that the recipient of the e-mail is registered at the financial web site paypal.com. However, the thief capitalizes the last letter in her site to read paypaI.com, hoping the ‘I’ looks like the lower case last letter ‘l’ in “paypal”. The web pages provided by the web site paypai.com are then made to look like the web site paypal.com, and when the user attempts to log in, the user's username and password are captured by the thief's web site. The thief then logs into paypal.com using the user's username and password thus received and authorizes the transfer of money from the user's account into an account controlled by the thief.
In another variation of the scam, the thief provides to the user a link containing what appears to be a URL of the actual site, but in fact is a command to log into the thief's site. For example, a link that reads “http://” appended to “www.paypal.com/%sdafghdgk%fdsgsdhdsh . . . ” may appear to be a genuine link to paypal.com, with a long list of parameters that extend off the end of the URL window in the user's browser. Unknown to the user, the above link actually terminates with “ . . . @paypai.com”, which causes the user to be logged into the web site paypai.com using as a username, the set of characters to the left of the “@” sign. The web site paypai.com allows any such username to log into the web site, and then operates as described above, presenting a replica of the paypal.com user interface to the user that allows the user to log on to the application software at the thief's web site (even though the phony username has been provided via the link). The thief then uses the username and password thus received to log onto the real paypal.com web site and make the transfer.
To combat this problem, some web sites provide a certificate to allow the user to verify that the web site is authentic, but the procedures for performing such authentication are complex, cumbersome and unknown to most users. Thus, conventional methods that could be used to allow a user to authenticate the web site are ineffective because they are too difficult to use.
Not only can a dishonest operator of a web site mislead a user into believing that a web site is authentic, a dishonest user can mislead an authentic web site into believing that the user is authentic. As described above, confidential information from a user can be captured and then used to cause the web site to believe it is dealing with that user. Some web sites place cookies on the user's computer and these cookies could be used to attempt to verify the possibility that the person attempting to log in is in fact that person. However, a cookie can be faked by a thief to indicate that the thief's computer system is the computer system of a user the thief is attempting to impersonate.
The related application described an arrangement by which a signed, encrypted cookie was placed on the user's computer system during a registration process that could be used by software to authenticate a user, and recognizable customization information was provided or indicated by the user to software that could be provided to the user to allow the user to authenticate a communication from a computer system. This approach works well, but has certain limitations, all of which are being addressed in this application.
One such limitation is the lack of a verifiable ability of the user to authenticate himself during the registration process. The related application employed the provision of an out-of-session identifier that the user received through means other than the communications session the user was using to register himself. However, the method may not be secure if the out-of-session method (e.g. a telephone call via a telephone number or an e-mail address) was not known to belong to the user or was not secure. Another limitation is that, once registered, the user can only authenticate himself from then on using the client computer system on which the cookie has been stored. Another limitation is the potential for multiple users of the computer system to view one another's customization information or for an unauthorized user of the computer system to view a user's customization information.
It can also be desirable to allow a user to authenticate an e-mail message or other communication without a significant chance that the confidentiality of the user's customization information will be compromised. As described herein, cookies and other persistent files can solve this problem. However, some e-mail clients do not support the use of cookies. Furthermore, it can be desirable to allow a user to authenticate an e-mail message without being connected to a network.
What is needed is a system and method that can securely authenticate a user to a computer system, easily allow the user to authenticate communications from a computer system without requiring the user to use complex authentication procedures, or both, can authenticate a user even during the registration process, can allow a user to authenticate himself or herself to a computer system from various client computer systems or bypass the need for strict authentication, can protect the user's means of authenticating the computer system from others who have access to the user's client computer system, and can allow a user to authenticate e-mail messages or other communications without significant chance that the user's capability to authenticate the computer system will be compromised.