1. Technical Field
The present invention relates to user authentication, more particularly to a user authentication method and system that can provide authentication by having a client terminal and a server verify each other through a one-time credential certification transferred between the client terminal and the server.
2. Description of the Related Art
The current web browser from Microsoft provides the SmartScreen filter that is capable of detecting phishing servers. This may involve the web browser comparing a particular server, which the user is accessing, with a list of previously reported phishing servers to search and check whether the server that the user is currently accessing is on the list.
This SmartScreen filter thus detects phishing servers that were previously registered and can therefore reduce cases of users falling victim to phishing scams. However, recent times have seen a rapid increase in phishing servers, and it can be very difficult to manage the phishing server list.
Moreover, the SmartScreen filter has the critical drawback of being unable to detect phishing if the URL of a new phishing server is not registered on the list of phishing servers. Also, since the phishing server list has to be searched every time the user accesses a server, it can take a long time to load the main page of a server, even when the user accesses a legitimate server. Because of these drawbacks, users may hesitate to use the SmartScreen filter.