When communicating electronically, one challenge is to authenticate the parties on each side of the communication. It is common practice for the user (typically a customer, prospect, partner, employee or citizen) to authenticate himself to the entity (typically a financial institution, merchant, service provider, biller, payment network, corporation or government) by providing a shared secret, such as a password.
However, the authentication of a user to an entity only authenticates the user to the entity. In order to prevent the class of attacks in which a fraudulent party impersonates an entity, in can be desirable to provide a mechanism to authenticate the entity to the user.
The related applications describe, among other things, an arrangement whereby a user can register with an entity and authenticate communications from, and websites of, that entity. If the user repeatedly receives such communications or websites, it can be worth the overhead to perform such registration. However, the user may wish to authenticate web sites or communications from entities for which no such registration for each entity is required.
What is needed is a system and method to allow a user to authenticate web sites of, and communications from, one or more entities, without registering to each such entity.