A SYSTEM AND METHOD FOR PROTECTION OF USER AUTHENTICATION AGAINST CAPTURE-AND-REPLAY ATTACKS

摘要

The present invention relates to a system (100, 200) and method (300) for protection of user authentication against at least single instance of capture-and-replay attacks, by means of input and processing of user credentials on a client-side user interface (Ul), and subsequent transmission to a server undertaking credential authentication. The system (100, 200) and method (300) of the present invention utilizes credentials which are context dependent as inputs into ZK integration function which is additionally applicable as an interaction in two actions: firstly between user and trusted platform, and secondly between trusted platform and client terminal, as similarly protective of user authentication against capture-and-replay- attacks. The user submits credentials as an act of authentication based on context of interest (310) as deemed correct by user. Optional verification of the submitted context-dependent credential (320) on the client terminal or trusted platform follows. The method (300) involves ZK integration of the context-dependent credential (330) followed by verification of the authenticator (340), such that unauthorised interception of credentials as submitted does not necessarily result in capability of intercepting party to undertake fraudulent authentication. Verification of user-to-server authentication interaction as being correct is additionally dependent on independent determination by server of context of interest, which might include specification and stratification of time and/or location of the authentication interaction.