Method and apparatus for enabling a user to authenticate a system prior to providing any user-privileged information

摘要

In a transactional system, a user is allowed to authenticate the system prior to providing any user-privileged information to the system. By so doing, the theft of user-privileged information by a fraudulent system is prevented. In a host based system, this authentication is achieved by sending a set of user identification information to the host and then requiring the host to send back a unique message. Only if the host is able to return the appropriate unique message will the user provide to the host any user-privileged information. In a client-host system, this authentication is achieved by having the client perform an authentication check on the host. If the client determines that the host is authentic, then the client will send a unique message signifying to the user that the host is authentic. Only if the user receives this message will the user provide any user-privileged information to the host. In either type of system, theft of user-privileged information by a fraudulent system is prevented.