US Patent 8019995 Method and apparatus for preventing internet phishing attacks

The invention provides secure access to a web page using a personal pass-phrase to prevent phishing attacks. Upon requesting a web page from a user device, a determination is made as to whether or not an encrypted cookie exists for the requested web page. An encrypted cookie includes the personal pass-phrase and at least one of an identifier of the user device, an identifier of a web browser from which the web page request is initiated, and information about the network path used to establish the personal pass-phrase. If an encrypted cookie does not exist, the user is provided a capability to create the encrypted cookie including a personal pass-phrase. If the encrypted cookie exists, the user device provides the encrypted cookie with the web page request for use by the web server to validate the web page request using information included in the encrypted cookie. If the web page request is valid, the web server propagates the web page toward the user device, otherwise the user device receives an indication that the web server is invalid.