Abstract: The present invention relates to a method for enabling strong mutual authentication between two computers in a communication system. A user from a client attempts to gain access to a server. The server transmits a first key encrypted by a second key to the client and a second key encrypted by a user's private key to a verifier. The verifier uses the user's login information to obtain the user's private key, which the verifier uses to obtain the second key. The verifier transmits the second key to the client and the client decrypts the first key with the second key. The client then transmits the second key encrypted by the first key to the server. If the received second key is the same as the generated second key, the client is authenticated to the server.

Abstract: A method for enabling strong mutual authentication between two computers or devices in a communication system. A user attempting to gain access to a first computer transmits login information over a first communication channel to the first computer. The first computer transmits a first message, which in one embodiment includes a first key encrypted by a second key, to the second computer over the first communication channel. The first computer then transmits a second message to a third device over a second communication channel. The second message includes the second key needed by the second computer to decrypt the first message. The third device uses the user's login information to obtain the user's private key, which the third device uses to obtain the second key.

Abstract: The present invention reduces the risk of damage to data or programs in an end user computer system programmed to operate in response to an imported data stream containing one or more mobile program components from an external source. The incoming data stream is screened to identify mobile program components of that data stream. Some of the mobile program components are passed to a program execution location isolated from the end user system prior to being executed to operate in a desired manner. The execution location has an interface with the external source of the data stream and an interface with the end user system. The operation of the interface between the execution location and the end user system is programmed so that only data which has been interacted on by the program component within the execution location in a specified and controlled manner can be passed to and from the end user system.