EP1766848A1 - Procede, systeme et programme informatique destine a proteger des informations d'utilisateur contre des attaques de securite - Google Patents

Procede, systeme et programme informatique destine a proteger des informations d'utilisateur contre des attaques de securite

Info

Publication number
EP1766848A1
EP1766848A1 EP05759341A EP05759341A EP1766848A1 EP 1766848 A1 EP1766848 A1 EP 1766848A1 EP 05759341 A EP05759341 A EP 05759341A EP 05759341 A EP05759341 A EP 05759341A EP 1766848 A1 EP1766848 A1 EP 1766848A1
Authority
EP
European Patent Office
Prior art keywords
user
server computer
server
computer
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05759341A
Other languages
German (de)
English (en)
Inventor
Steven Myers
Murray James Brown
Donald Craig Waugh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Echoworx Corp
Original Assignee
Echoworx Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/870,990 external-priority patent/US20090055642A1/en
Priority claimed from CA 2471917 external-priority patent/CA2471917A1/fr
Application filed by Echoworx Corp filed Critical Echoworx Corp
Publication of EP1766848A1 publication Critical patent/EP1766848A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Definitions

  • This invention relates generally to the secure authentication of a user using
  • PKC Public Key Cryptography
  • Phishing describes generally a variety of different security attacks directed at obtaining user credentials on an unauthorized basis, which user credentials are used to access on-line resources, such as for example an online banking web site. Aided by weak email and client authentication methods, organized crime (“Phishers”) is taking control of customer credit card, bank and fund transfer accounts to their financial gain.
  • Phishing attacks involve the mass distribution of 'spoofed' e-mail messages with return addresses, links, and branding, which appear to come from reputable banks, insurance companies, retailers or credit card companies. These fraudulent messages direct recipients to fraudulent web sites or download malicious software, which are designed to fool the recipients into divulging personal authentication data such as account usernames and passwords, credit card numbers, social security numbers, etc. Because these emails and web sites look "official", recipients may respond to them providing their user credentials (typically username and password) resulting in financial losses, identity theft, and other fraudulent activity.
  • Phishing attacks involve an ever-expanding array of technical exploits. Phishing criminals are becoming increasingly sophisticated and are using software developed by virus writers and spammers for their exploits. The following outlines some of the methods currently deployed.
  • Phishers are able to steal web site content and images and create counterfeit web sites that have virtually the same appearance as a real web site, thereby fooling the reader into believing that they are on the actual web site.
  • Phishers register domain names that are a typical misspelling of a target domain name or are similar in sound or extension of the target name such as security, Citibank.com.
  • Phishers use a Java script to detect the browser and then send the appropriate command to the browser to close the URL display. Once closed down, the JavaScript replaces the closed display with an image that looks like the URL display, and which includes the correct domain name of the target institution.
  • JavaScript replaces Secure Sockets Layer (“SSL”) with JPEG or GIF image o
  • SSL Secure Sockets Layer
  • the same URL spoofing technique can be used to display the Secure Sockets Layer (“SSL”) lock or key which is supposed to authenticate the target web site and establish a secure channel. Replacing this with the an image offers the user a false sense of security that they have connected with the target institution
  • the victim actually is looking at the real website of the institution they may have an account on.
  • the "PROXY" site collects the information and the crackers use it at another time.
  • the victim can log on to their account and do anything they want, but all activity is logged.
  • Counterfeit Phishing web site opens target web site simultaneously o This technique opens two web pages simultaneously, one is the authentic web site and the second is the counterfeit web site.
  • the counterfeit web site does not display an URL, which is typical of pop-up windows and relies on the URL of the authentic web site to fool the user, o
  • the counterfeit web site also includes links to the authentic web site further fooling the user.
  • Phisher temporarily hosts open proxies for counterfeit web sites o Home users' "always on" broadband connected unprotected personal computer (no firewall) become open proxies facilitating IP hopping which allow Phishers to launch phishing attacks. They attack from multiple systems using IP hopping techniques to fool Phishing blocks or host shutdown attempts. Phishing exploits are able to hop at specified intervals matching temporary IP addresses to Phishing email links making it difficult for authorities to shutdown phishing exploits as they emanate from temporary and multiple sources.
  • Key logger downloaded captures user login credential o Users inadvertently download key logger SPYWARETM delivered by email, from a web site or via applications such as music sharing services such as KAZANTM or by p2 (person to person) software such as MS ⁇ MessengerTM or ICQTM. Once downloaded, key loggers capture the user's key strokes which can include usernames and password to capture user credentials
  • Trojan remotely reports user activities to capture user credentials o Applications such as the "BUGBEAR B" worm spread via e-mail as a file attachment that can be launched via the IFRAMETM breach in the INTERNET EXPLORERTM security system (which starts the worm upon message opening), or manually when a user opens the infected file attachment allowing the virus's creator to control infected machines and gain access to confidential information.
  • the ROYAL BANK OF CANADATM had funds stolen from customers via this mechanism, as was publicized.
  • Trojans have capabilities to allow remote control of user's desktop o W32/Mofei-A is a worm which spreads via network shares and contains a backdoor Trojan which allows remote access and control over the computer.
  • Hidden Browser frames present the bona-fide bank web site o With this exploit the Phisher opens the target web site within a browser frame.
  • the Phisher' s frame can be set to zero with no border such that the user cannot detect it.
  • the Phisher' s frame harvests the user credentials as they are being entered into the target web site.
  • SSL protocol allows mutual authentication between a client and server and the establishment of an authenticated and encrypted connection.
  • SSL runs above Transmission Control Protocol (“TCP") over Internet Protocol (“IP”) (“TCP/IP”) and below Hypertext Transfer Protocol (“HTTP”), Lightweight Directory Access Protocol (“LDAP”), Internet Message Access Protocol (“MAP”), Network News Transfer Protocol (“NNTP”), and other high-level network protocols.
  • TCP Transmission Control Protocol
  • IP Internet Protocol
  • HTTP Hypertext Transfer Protocol
  • LDAP Lightweight Directory Access Protocol
  • MAP Internet Message Access Protocol
  • NTP Network News Transfer Protocol
  • SSL 3.0 specification also called SSL v3 in plain text form, see http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt.
  • Transport Layer Security is a protocol from the Internet Engineering
  • SSL/TLS is used to authenticate the web site a user is connecting to. It is the dominant implementation of SSL/TLS used on the Internet today.
  • PKI Public Key Infrastructure
  • SSL/TLS Public Key Infrastructure
  • PKI Public Key Infrastructure
  • the browser displays a lock or key indicating that the session is secure.
  • experience has proven that users typically do not verify the web site certificate and therefore it is easy to fool the user to believe that they are secure as evidenced by the previously explained security attacks. Consequently, with either simple authentication or server based SSL authentication, generally all that is required is a username and password, which makes stealing client credentials easy to accomplish.
  • Client side SSL/TLS involves two-way authentication where both the web server and the browser client are issued Public Key Infrastructure (“PKI") certificates. These certificates are used to mutually authenticate each other.
  • PKI Public Key Infrastructure
  • Keyjacking The Surprising Insecurity of Client-side SSL http://www.cs.dartmouth.edu/ ⁇ sws/papers/keyjack2.pdf.
  • Phishing attacks can be solved by two-factor authentication.
  • Two-factor authentication consists of using two elements for authentication, such as a password and a token.
  • the more insidious and sophisticated attacks such as those that allow the Phisher to remotely control the user's applications or steal user credentials and private keys are not generally adequately addressed by two-factor authentication.
  • Phishing techniques utilize software that is designed to hook into or take control of the user's application software or operating system software.
  • a "hook" is a mechanism that allows for the interception and even a behavior modification of a function or section of code.
  • one of the exploits for capturing user private keys and credentials hooks function calls between the user browser and certificate store, on the one hand, and the Crypto Service Provider ("CSP") on the other, such that the hook is able to capture or control the user's credentials.
  • CSP Crypto Service Provider
  • Trojans as well as commercial software is available to remotely control a user's personal computer such that the Phisher can remotely log in to target web sites impersonating the user, by using the user's personal computer.
  • Anti-hook software that can identify such hooks or remote control through a number of techniques to prevent such actions is known. Such techniques include: • Anti-hook software preventing hooks from interfering with the input process by running an "Anti-Hook"/"Hook Blocker” daemon when the Authentication login dialog is active. • A Localized resource, which detects unauthorized use of the resource. • Checking fingerprints of files for matching to a Trojan database. • Checking fingerprints of a running process to match to a Trojan database. • Checking for programs automatically started on a system boot. • Checking for open virtual ports.
  • Another technique consists of using a "Progressive Trust Module".
  • a "Progressive Trust Module” In one particular implementation of this prior art solution, once a customer has upgraded to secure two factor authentication, customer usage patterns are monitored by the Progressive Trust Module that compares current activity to historical activity. With the Progressive Trust Module, trust is progressively established over a period of time. Activity that falls outside typical activity patterns allows the host institution to elevate monitoring and investigate the specific user activity and potentially catch a Phishing attack.
  • the disadvantage of this prior art solution is that the Progressive Trust Module trust is not immediate and Phishers will have to transact in typical user patterns for a period of time before being able to steal funds from a user account making this type of Phishing attack more difficult to accomplish, but still possible.
  • the system, method and computer program of the present invention enables users to enroll in and generate personal PKC credentials and use these credentials to authenticate to a web application or an on line service.
  • the system, method and computer program of the present invention further protects the user credentials such that they are protected from use by a malevolent third party attempting to impersonate the user.
  • the system, method and computer program of the present invention is designed to make the enrollment and authentication process work in a way which is simple, easy and very similar to present authentication mechanisms that they are familiar with, such that the user is not unduly burdened or challenged to enroll in or authenticate using PKI.
  • the present invention permits recipients to enroll in and generate private PKC keys and digital certificates for authenticating to a server securely in a hostile environment.
  • PKC keys and digital certificates for authenticating to an application or web server.
  • recipients are permitted to use temporary or unpredictable code words so as to access web applications from any network- connected device in a manner that eliminates the need for location specific private key and digital certificate storage.
  • Figure 1 is a schematic System Architectural Component Diagram of the secure enrollment and authentication system of the present invention.
  • Figure la is a program resource chart illustrating the resources of the application of the present invention, in one embodiment thereof.
  • Figure 2 is a flow chart that depicts the steps in enrolling in a PKI and generating and storing PKI keys and certificates using a client or a browser based in accordance with one aspect of the method of the present invention.
  • Figure 2a is a flow chart depicting an alternative to the steps in Figure 2.
  • Figure 3 a is a flow chart that depicts the steps for authenticating a user to an application server by digitally signing a message from a server and optionally using a credential presentation agent in accordance with one aspect of the method of the present invention.
  • Figure 3b is a flow chart that depicts the steps for authenticating a user to an application server using a cryptogram and optionally using a credential presentation agent in accordance with one aspect of the method of the present invention.
  • Figure 3 c is a flow chart that depicts the steps for authenticating a user to an application server using SSL/TLS and optionally using a credential presentation agent in accordance with one aspect of the method of the present invention.
  • Figure 3d is a flow chart that depicts the steps for authenticating a user to an application server using a trusted component, a secured session and password authentication and optionally using a credential presentation agent in accordance with one aspect of the method of the present invention.
  • Figure 3e is a flow chart that depicts the steps for authenticating a user to an application server using a temporary and unpredictable code word for authentication and optionally using a credential presentation agent in accordance with one aspect of the method of the present invention.
  • Figure 4 is a flow chart that depicts the steps for a user to cancel authentication credential(s) in accordance with aspects of the method of the present invention.
  • FIG. 5 is a schematic of a security system in accordance with another embodiment of the invention.
  • Figure 6 is a schematic of a prior art security system
  • Figure 7 shows the system of Figure 5 in greater detail
  • Figure 8 shows a flow-chart depicting a security method in accordance with another embodiment of the invention.
  • Figure 9 shows the system of Figure 5 during performance of the method in Figure 8;
  • Figure 10 shows the system of Figure 5 during performance of the method in Figure 8;
  • Figure 11 shows the system of Figure 5 during performance of the method in Figure 8; and, Figure 12 is a schematic of a security system in accordance with another embodiment of the invention.
  • Network-connected devices 10 may consist of a number of digital devices that provide connectivity to a network of computers.
  • the network-connected device 10 may consist of a known personal computer or a known Wireless Application Protocol ("WAP") device, cell phone, PDA or the like.
  • WAP Wireless Application Protocol
  • the network-connected device 10 is connected to the Internet 100 in a manner that is known. Specifically in relation to Figure 1, the connection of a network-connected device 10 that is a known WAP device to the Internet 100 is illustrated, whereby a known WAP-to- WEB gateway 101 is provided, in a manner that is also known.
  • each of the network-connected devices 10 may include a known computerized device, which includes the browser/client application 20.
  • the browser portion of browser/client application 20 can be a standard Internet based browser, such as Netscape's NAVIGATORTM or Microsoft's INTERNET EXPLORERTM or a known mini browser for wireless devices such as cell phones or PDAs.
  • the client application portion of browser/client application 20 can be a known client program such as a personal banking program or another known program for wireless devices such as cell phones or PDAs, including those commonly bundled in such devices as part of the devices' operating system or is distributed as a separate component.
  • the client application portion can also be a custom client or custom browser used for secure applications.
  • Each of the network-connected devices 10 also includes an application 22 in accordance with an embodiment of the present invention, which consists of a computer program in accordance with an embodiment of the present invention.
  • the application 22 is best understood as a PKC utility, as particularized in this disclosure. Certain attributes of application 22, in particular the manner in which it permits Public Key Cryptography (“PKC) enabled communications over wired and wireless networks is disclosed in United States Patent No. 6,678,821 issued to Echoworx Corporation and the Co-Pending Patent Application Nos.
  • PKC Public Key Cryptography
  • the application 22 includes a Crypto Library 201 or
  • the application 22 consists of a specialized extension 200 or plug-in.
  • the application 22 and the browser/client application 20 inter- operate by means of, for example, customized Hypertext Mark-up Language ("HTML") tags for a browser or for example, customized programming specific to the client application.
  • HTML Hypertext Mark-up Language
  • Application 22 preferably provides the necessary resources to enable the network-connected device 10, as particularized below, to function with any third party PKI system, including for example, ENTRUSTTM, MICROSOFTTM, BALTIMORETM, RSATM CERTICOM, D ⁇ VERSINET and so forth.
  • the functions of the application 22 described herein can also be provided as an "ACTIVE X OBJECT" in a manner that is known, or integrated directly into a browser/client application 20.
  • Application 22 functions as a cryptographic utility, provided in the manner described in the Patent and Co-Pending Patent Applications, such that the application 22 is adapted to perform at the network-connected device 10 one or more of a series of cryptographic operations, including but not limited to:
  • Digital signature of data such as Secure Hash Algorithm version (“SHA") SHA1 and Message Digest 5 (“MD5") Encryption of data; Advanced Encryption Standard (“AES”), Data Encryption Standard (“DES”); DES3 , Rivest-Shamir-Adleman (“RSA”), Elliptic Curve Cryptography (“ECC”) Decryption of data; AES; DES; DES3; RSA; ECC Verification of signature of data; SHA1 and 2 MD5 Creation of cryptograms; Extensible Markup Language (“XML”) or Hypertext Markup Language (“HTML”) documents Creation of certificates and PKC key pairs RSA, ECC Encryption or decryption of files Diffie Helman Key Exchange Augmentation of certificates with encrypted user data Management of certificates and certificate data
  • application 22 includes a Crypto Library 201, provided in a manner that is known.
  • the application 22 also includes a User Certificate and Private Key 202 which contains the cryptographic data required to encrypt and/or digitally sign data or decrypt and verify data and data communications to facilitate mutual authentication as contemplated by the present invention.
  • a User Certificate and Private Key 202 which contains the cryptographic data required to encrypt and/or digitally sign data or decrypt and verify data and data communications to facilitate mutual authentication as contemplated by the present invention.
  • MICROSOFTTM software provides the Security Services 400 (as shown in Figure 1), the .PFX ("Personal Information Exchange") or DER ASN.1 ("Distinguished Encoding Rules Abstract Syntax
  • Notation One encoded X509 certificate files required to authenticate the application server, or encrypt data for the recipient, are downloaded to the network-connected device 10 or are generated by the network-connected device 10.
  • the .PFX file is an encrypted file that is used to access the user credentials and private key required to process cryptographic operations.
  • the .PFX file is formatted based on the Public Key Cryptography Standards ("PKCS") number twelve (“PKCS 12") devised and published by RSA laboratories.
  • the DER encoded X509 certificate file provides the public key and certificates of the recipient and in one embodiment of the invention the X509 Certificate includes application account user and password information that is encrypted for the application and in another embodiment is further encrypted for the certificate owner with such encrypted information stored on the X509 certificate in the extension fields.
  • Security Services 400 should be understood as a general term describing a known PKI infrastructure.
  • PKI infrastructures can vary as to the particulars of their architecture, or their hardware or software components.
  • a PKI infrastructure consists of the components illustrated in Figure. 1 : a Certificate Authority for issuing and certifying certificates for enrolled users; a registration authority for enrolling users; a Lightweight Directory Access Protocol ("LDAP") directory for storing the public keys and certificates of enrolled users; and a Certificate Revocation List (“CRL”) for revoking certificates.
  • LDAP Lightweight Directory Access Protocol
  • CTL Certificate Revocation List
  • a Roaming Key Server or "RKS”
  • RKS user Credential Administration Module of Self-Administration Module 406 is provided for user self-service.
  • application 22 of the present invention includes a PKC extension 200 as described below.
  • the PKC extension permits 200 the encryption and decryption of data communications in a browser or client, as particularized herein.
  • This has the advantage of broad-based deployment as browser technology and client software is commonplace.
  • This also has the advantage of deployment across wireless and wired networks as the application 22 of the present invention, including the browser/client extension 20, can be associated with a web browser or a WAP browser, as shown in Figure la.
  • the invention disclosed herein requires only a browser or a client and the associated application 22 at each network-connected device 10 rather than developing a custom secure client at each network-connected device 10 which reduces the resources required at each such device 10 to provide PKI functionality.
  • application 22 is a plug-in in the browser, the development of a secure application for device 10 can be accomplished using standard web application tools and protocols.
  • the application 22, and its components, are generally reduced to code in a manner that is known.
  • these described features are not essential, so long as the browser/client extension 20 is provided in a manner that conforms to good security practice.
  • the attributes listed below provide an example of security features of a representative browser/client application 20 of the present invention.
  • the browser/client application 20 is also referred to as the browser/client extension 20, which is one implementation of the present invention, because the invention is often best understood by reference to an "extension" to an existing application, i.e. a browser program or a client program.
  • the browser/client extension 20 be able to enroll with certificate authorities and generate a certificate(s) and public key pair(s) for the user.
  • the browser/client extension 20 shall utilize a secret that is shared between the user and the web server 300 such that the secret is used to authenticate the user and to ensure that there is a direct connection between the extension 200 and the registration authority 403 during enrollment and key and certificate generation as this will help eliminate the potential for a man in the middle attack.
  • the web server 300 is one implementation of a server computer that authenticates the user, in accordance with the present invention. Expressed in other words, web server 300 can be viewed as a front-end web server to establish a user- account authentication.
  • the web server 300 generally includes a known web server, and provides access to a variety of system resources, directly or indirectly, where security is a concern. It should be understood that the present invention contemplates the use of varies client/server architectures, hardware configurations and software utilities.
  • the key generation, security, and the encryption and decryption of data described herein involve a potential security risk if browser/client application 20 is not designed properly. Specifically, it is necessary to ensure that browser memory is utilized in the course of the cryptographic operations such that security is not compromised. In one particular embodiment of the present invention, this is achieved by using the "TEMP" memory space of the browser/client application 20, in a manner known by a skilled programmer.
  • the extension 200 further includes a CLEANUP ROUTINE or equivalent provided in a manner that is known that eliminates any remnants from the memory associated with the browser, or client, or otherwise with the network-connected device 10, of either the transaction message, the user credential or private key that is part of the User Certificate and Private Key Store 202, in order to maintain confidentiality.
  • the extension 200 is configured such that it will not store a copy of the transaction message in the browser cache.
  • extension 200 will delete any copies of any attachments associated with the transaction message.
  • the browser/client extension 20 can optionally include Anti-hook and input authentication capabilities (as described above), in the form of an anti-hook and input authentication module 203, that would guard against such malicious applications.
  • the browser/client extension 20 protection can also include Browser IP reporting which would facilitate reverse IP lookup and geographic positioning further enabling system monitoring to identify or mitigate the potential for, such exploits and attacks.
  • the browser/client extension 20 can optionally include user authentication credentials such as username and password and store such credentials securely either in the browser/client extension 20, on the certificate or on a server side credential store.
  • the browser/client extension 20 will facilitate the creation of cryptograms and similar secure messaging standards for authentication and securing standards based transactions.
  • One aspect of the present invention enables the user to authenticate securely to an application from multiple locations.
  • the present invention contemplates providing the user the ability to cancel location specific authentication credentials. Normally, only single PKC keys pairs are issued to users.
  • An aspect of the present invention optionally allows multiple key pairs to be issued to users, one pair for each access location, thus allowing the user to cancel one location but continue to access the web server 300 from another location. This is particularly useful in situations where an employee is fired or otherwise terminates their employment.
  • This aspect of the invention will allow the user to remotely disable the cancelled location from authenticating to the web server 300 regardless of whether the user's password is correctly used from that location.
  • a Progressive Trust Module 407 (further detailed below) enables the monitoring of user transactions in order to create and maintain trust.
  • trust is established based on the integrity of the enrollment process and the user involvement. While the present invention provides a beneficial level of security, it does not guarantee that the system cannot be undermined.
  • the browser/client extension 20 is also linked, in a particular embodiment of the present invention, to a Progressive Trust Module 4-7.
  • the Progressive Trust Module 407 monitors user transaction activities against historical user activities and identifies user behavior which deviates from normal activity and escalates such deviations to heighten security monitoring and to potentially contact the client should the situation warrant investigation.
  • the present invention also contemplates that the browser/client extension 20 provides means to utilize a shared secret that will be used by the browser/client extension 20 to enroll a user to use the secure authentication system and to generate private and public key pairs and certificate for use by the user.
  • This particular aspect of the present invention is illustrated in Figures 2 and 2a.
  • the present invention contemplates that the browser/client extension
  • Application server 302 can be viewed as a back-end server for p'rocessing requests from device 10, once that device 10 has been authenticated through web server 300. More particularly, the browser/client extension 20 is adapted to permit the user authenticate in a variety of ways as detailed in figures 3a, 3b, 3c, 3d and 3e.
  • the browser/client user can authenticate to an application server 302 via web server 300 by operation of the following processes: the user authenticates using a message sent from the application server which can include the provisioning of: (a) user authentication credentials from the browser/client extension 20; and (b) user authentication credentials from a server side client credential authentication agent;
  • the user authenticates by creating a cryptogram for the web server 300 which can include the provisioning of: (a) user authentication credentials from the browser/client extension 20; and (b) user authentication credentials from a server side client credential authentication agent 405.
  • the user authenticates by creating a SSL/TLS session with the web server 300 which can include the provisioning of: (a) user authentication credentials from the browser/client extension 20; and (b) user authentication credentials from a server side client credential authentication agent 405.
  • the user authenticates by creating a secure session between the browser extension 22 and the web server 300 which can include the provisioning of: (a) user password credentials from the browser/client extension 20; and (b) user authentication credentials from a server side client credential authentication agent 405.
  • the user authenticates to an application server by using a temporary and unpredictable code word(s) for authentication and optionally using a credential presentation agent.
  • a web server 300 Also connected to the Internet 100, is a web server 300 that is provided using known hardware and software utilities so as to enable provisioning of the network-connected device 10, in a manner that is known.
  • the web server 300 connects to a banking or similar bank end application hosted on application server 302.
  • the web server 300 is adapted to execute the operations, including PKI operations, referenced below.
  • the system, computer program and method of the present invention are directed to: 1. Enrolling and generating user PKC credentials and key pairs using Security Services 400 2. Authenticating users to the web application using a client authentication agent 405 to authenticate to the Web Server Database 301 or directly to the web server 300 or to the web server 300. 3. Creating secure cryptograms and other documents such as XML documents authenticating the user and the transaction of the user Web Server Database 301 or directly to the web server 300 or to an application server connected to the web server 300, in a particular implementation of the present invention.
  • Figure 2 illustrates the functions of the enrollment utility of the present invention, which embodies the enrollment process of the invention.
  • the main function of the enrollment utility and the related enrollment process is to generate a key pair and a certificate for users to acquire the necessary PKC credentials to authenticate to the web server 300. It should be understood that one of the aspects of the present invention, is that the browser/client application 20 facilitates this enrollment process.
  • the browser/client application In one particular aspect of this enrollment process, the browser/client application
  • a challenge question and the secret answer, associated with the user, is embedded in the browser/client application 20 for the user. The user then downloads the browser/client application 20 from the web server 300.
  • the browser/client application 20 Upon the completion of the installation of the browser/client application 20, the browser/client application 20 establishes a mutually authenticated, secure session (possibly using SSL/TLS) between the browser/client application 20 and the web server 300 and the registration authority 403. Upon the establishment of the secure session the browser/client application 20 prompts the user to respond to the challenge question. If the user correctly answers the challenge question the browser/client application 20 allows the enrollment to proceed. It should be understood that the sub-process of presenting the challenge question and obtaining the correct answer can either occur as a function of the browser/client application 20, or as a client/server interaction as between the browser/client application 20 and the web server 300.
  • the PKC credentials are embedded in the browser/client extension 409, such that the user authenticates to the browser/client extension 409 (or effectively the browser/client application 20 as particularized below).
  • the web server 300 can optionally add user authentication information such as username and password to the certificate, with such information being optionally encrypted for the client authentication agent 405 to the browser/client extension 409. With embedding of the user information, the browser/client application 20 is then downloaded to the user network-connected device 10.
  • user authentication information such as username and password
  • the browser/client application 20 is then downloaded to the user network-connected device 10.
  • the challenge is used for enrollment so that the man in the middle would have no previous access to or knowledge of the response, in one particular implementation of the present invention. Consequently, to steal the credentials the man in the middle must sign into the server application posing as the recipient to conduct the upgrade and at the same time cause the recipient to participate in the upgrade process whereby the man in the middle relays the challenge question to the user causing the user to respond to the question and then the man in the middle physically types in the answer to the challenge question into the browser/client application 20. Therefore to develop the ability to invoke a security upgrade requires the user to participate in the credential capture process and for the man in the middle to manually enter the challenge response in real time. Because present Phishing systems use mass emailing techniques to lure users and automated techniques to capture user authentication data, the logistics of real time user participation, real time manual entry of data, anti hook and reverse IP geo-referencing would make phishing attacks extremely difficult and costly to deploy against this approach.
  • a PKC key pair and a user certificate are created in a manner which is well known.
  • the browser/client application 20 can optionally add user authentication data to the extension fields of the X509 certificate with such user authentication data being optionally encrypted using the user's public key.
  • the user authentication data (that is used to authenticate to the web server 300 and not to the key) is optionally encrypted with the key of the operator of the web server 300 and/or the key of the user.
  • the private key and certificate of the user is stored on the user's network-connected device 10, preferably in the certificate store of the browser or operating system, and optionally to the Roaming Key Server 404.
  • the public key and certificate are stored to the LDAP 401 or other suitable repository for the storage of public keys.
  • Figure 3a illustrates a user authentication process whereby the server initiates the authentication process and by the user responding to the server authentication request.
  • a user associated with a network-connected device 10 signs in to a web server
  • the web server 300 optionally establishes an SSL/TLS session and which web server 300 initiates a request to the user to authenticate.
  • the web server 300 generates a message, which in one embodiment of the invention is a random string that the web server 300 may optionally sign and send the message to the user's network-connected device 10 which includes the browser/client application 20.
  • the browser/client application 20 receives the message and verifies the digital signature optionally associated with the web server 300 message.
  • the user is then prompted by the browser/client application 20 to provide a password which if correct will release the user's private key and certificate from the browser or operating system key store on the user's network-connected device 10.
  • the browser/client application 20 Upon the release of the private key the browser/client application 20 signs and encrypts the message for the server and send the signed message back to the client authentication Agent 405 or directly to the web server 300.
  • the browser/client application 20 can optionally decrypt the encrypted user authentication credentials stored in the extension field on the user's certificate and send the user authentication information to the authentication agent 405 or the web server 300.
  • the authentication agent 405 or the web server 300 receives, decrypts the message and verifies the digital signature associated with the message. If the digital signature is verified by the authentication agent 405 or the web server 300, the user is verified arid authenticated to use the web server 300.
  • the authentication agent 405 or the web server 300 can optionally retrieve the user authentication credentials stored in the extension of the users certificate or receive the user authentication credentials sent by the browser/client application 20 and, if encrypted for the authentication agent 405 or the web server 300, decrypt the user credentials.
  • the user credentials are presented by the authentication agent 405 to the web server 300 or directly to the web server 300, and the user credentials are verified and authenticated to provide access to the web server 300.
  • the purpose of the separate user credentials is to facilitate the support of existing applications such that this approach eliminates any requirement for change to any existing authentication systems associated with the application server 302.
  • the authentication agent 405 operates between the web server 300 and the browser/client application 20, where the operator of the web server 300 desires to maintain its current processes or security infrastructure.
  • a bank card and password would be presented to the authentication agent 405; the user would authenticate to the browser/client application 20 in accordance with one or more of the methods described in this invention; and thereby the authentication agent 405 confirms user authentication to the web server 300.
  • the financial institution maintains its existing processes and security infrastructure but benefits from the added trust and customer security provided by the present invention.
  • Figures 3a, 3b, 3c, 3d, and 3e each illustrate variants of the method of the present invention. Specifically, each of these Figures illustrates ways in which trust is established between the browser/client application 20 and the web server 300. In addition, the client authentication agent 405 can be utilized in association with each of such variants.
  • Figure 3b illustrates a user authentication process whereby the server initiates the authentication process and by the user responding to the server authentication request by providing a cryptogram.
  • a user associated with a network connected device 10 signs in to a web server
  • the web server 300 optionally establishes optionally an SSL/TLS session and which web server 300 initiates a request for the user to authenticate.
  • the browser/client application 20 receives the request for authentication and optionally verifies the web server 300 based on establishing a secure session such as SSL/TLS with the web server 300.
  • the browser/client application 20 Upon the release of the private key the browser/client application 20 shall create a message, optionally based on a standard established for the application, or based on a simple random string, then sign and encrypt the message for the server 300 and send the signed message, what is called a cryptogram, back to the client authentication agent 405 or directly to the web server 300.
  • the browser/application 20 can optionally decrypt the encrypted user authentication credentials stored in the extension field on the user's certificate and send the user authentication information to the authentication agent 405 or the web server 300 as part of the cryptogram.
  • the authentication agent 405 or the web server 300 receives and decrypts the cryptogram and verifies the digital signature associated with the cryptogram. If the digital signature is verified by the authentication agent 405 or the web server 300 the user or the user's transaction is verified and authenticated for the web server 300.
  • the purpose of a cryptogram is to facilitate the support of existing applications such that this approach eliminates any requirement for change to existing web server 300 user or transaction authentication systems.
  • Such applications include SET and 3-D Secure standards based payment processing systems for example
  • the authentication agent 405 or the web server 300 can optionally retrieve the user authentication credentials stored in the extension of the user's certificate or receive the user authentication credentials sent by the browser/client application 22, and if encrypted for authentication agent or the web server 300, decrypt the user credentials.
  • the user credentials are presented by the authentication agent 405 to the web server 300 or directly to the web server 300, and the user credentials are verified and authenticated to provide access to the web server 300.
  • the purpose of separate user credentials is to facilitate the support of existing applications such that this approach eliminates any requirement for change to existing web server 300 user authentication systems.
  • Figure 3c illustrates a user authentication process whereby the server initiates the authentication process and by the user responding to the server authentication request by authenticating and then establishing a two way SSL/TLS session.
  • a user associated with a network connected device signs in to the web server
  • the web server 300 optionally establishes a two-way SSL/TLS session and which browser/client application 20 initiates a request for the user to authenticate. [0074] The browser/client application 20 receives the request to establish an SSL/TLS session and which verifies the web server 300 SSL/TLS certificate.
  • the user is then prompted by the browser/client application 20 to provide a password which if correct will release the user's private key and certificate from the browser or operating system key store and establish a two way SSL/TLS session after which the authentication agent 405 confirms user authentication to the web server 300 or is confirmed directly by the web server 300.
  • the authentication agent 405 or the web server 300 can optionally retrieve the user authentication credentials stored in the extension of the user's certificate or receive the user authentication credentials sent by the browser/client application 20 and if encrypted for authentication agent 405 or the web server 300 decrypt the user credentials.
  • the user credentials are presented by the authentication agent 405 to the web server 300 or directly by the web server 300 and the user credentials are verified and authenticated to provide access to the web server 300.
  • the purpose of separate user credentials is to facilitate the support of existing applications such that this approach eliminates any requirement for change to existing web server 300 user authentication systems.
  • Figure 3d illustrates a user authentication process whereby the user initiates the authentication process which causes the server to negotiate with the browser/client application 20 to establish a secure session which is used by the user to authenticate to the web server 300.
  • a user associated with a network-connected device 10 "signs in” to initiate an authentication process which causes the server to negotiate in a manner which is known with the browser extension 200 to establish a secure session between the browser extension 200 and the web server 300 or authentication agent 405.
  • the authentication agent 405 confirms user authentication to the web server 300 or is confirmed directly by the web server 300.
  • the authentication agent 405 or the web server 300 can optionally retrieve the user authentication credentials which can be stored in the extension of the user's certificate, or stored with the authentication agent 405 or receive the user authentication credentials sent by the browser/client application 20 and if encrypted for authentication agent 405 or the web server 300, decrypt the user credentials.
  • the user credentials are presented by the authentication agent 405 to the web server 300 or directly by the web server 300 and the user credentials are verified and authenticated to provide access to the web server 300.
  • the purpose of separate user credentials is to facilitate the support of existing applications such that this approach eliminates any requirement for change to existing web server 300 user authentication systems.
  • Figure 3e illustrates authenticating to the web server 300 using one or more temporary and unpredictable code words for authentication either by presentation thereof in a web page or in a Java Applet, and optionally using a credential presentation agent (authentication agent 405) to authenticate to the web server 300.
  • authentication agent 405 a credential presentation agent
  • a user associated with a network connected device "signs in” to initiate an authentication process, which causes the web server 300 to establish a secure SSL/TLS session between the browser and the web server 300 or authentication agent 405.
  • the user Upon the establishment of a secure session, the user is prompted by the web server 300 or the authentication agent 405 to answer a challenge question or to provide a temporary code word.
  • the presentation of the request to answer a challenge question or to provide a temporary code word can be presented directly in the web page or in a Java Applet.
  • the user inputs the answer or the code word to the browser extension 200, which in turn relays the answer or temporary code word via the secure session to the web server 300 or authentication agent 405.
  • the Java Applet can be used to access user
  • PKC credentials from the Roaming Key Server 404 for use in the authentication process.
  • the authentication agent 405 Upon the provision of the one time code word or the answer to the random question, the authentication agent 405 confirms user authentication based on the answer or the code word or by authentication consisting of providing the user's PKC keys in the Java applet, to the web server 300, or is confirmed directly by the web server 300.
  • the authentication agent 405 or the web server 300 can optionally retrieve the user authentication credentials stored with the authentication agent 405 or web server 300. Upon the successful retrieval and optional decryption, the user credentials are presented by the authentication agent 405 to the web server 300, or directly by the web server 300 and the user credentials are verified and authenticated to provide access to the web server 300.
  • the purpose of the separate user credentials is to facilitate the support of existing applications such that this approach substantially reduces or eliminates any requirement for change to existing authentication systems used at the web server 300.
  • Figure 3e is best understood as a further process of the present invention used in combination with one or more of the processes illustrated in Figures 3a, 3b, 3c, or 3d, whereby the process of Figure 3e enables sign on to the web server 300 from a mobile device.
  • Figure 4 illustrates user self-administration module where a user is able to perform credential administration functions.
  • the Self-Administration Module 406 is designed to perform a number of caretaking tasks such as password revisions, password recovery, private key recovery, one time code word creation, challenge question and answer administration, location and certificate cancellation etc. Password revisions and password recovery are conducted in a manner which is well known.
  • the significance of the Self- Administration Module 406 is that the user is empowered to administer important user authentication functions associated with the browser/client application 20, however, based on rules determined by the operator of the web server 300, as s/he defines the browser/client application 20, including the specific aspects of the method of the present invention incorporated into the browser/client application 20 provided to the user.
  • the Self-Administration Module 406, however, has the benefit of providing a degree of control to the user over its own security; and it reduces the administration costs of the operator of the web server 300.
  • the temporary code word can be generated by the user for mobility purposes such that the user can authenticate to the web server 300 or the authentication agent 405 and request a list of one time code words for remote access to the web server 300 or the authentication agent 405.
  • the application server When the application server generates the list, the user will print the list and carry it with them for remote access. Each time the user authenticates using a code word as illustrated in Figure 3e the code word used is cancelled.
  • FIG. 3e Another method illustrated in Figure 3e uses a series of challenge questions which would be created by the user at time of enrollment, through user self-service administration or such questions can be accessed from existing applications such as would be found in a telephone banking system for assisting customer service representatives to authenticate bank clients using a series of customer specific information. For mobile access the user will respond to a randomly chosen question, which if correctly answered, will grant access.
  • FIG. 4 Another aspect of the invention illustrated in Figure 4 allows a user to cancel the user's authentication credentials and optionally location specific user authentication credentials.
  • the nature of the invention as illustrated in Figure 3d enables the user to authenticate securely to an application from multiple locations.
  • the present invention contemplates providing the user the ability to cancel location specific authentication credentials. Normally only single PKC keys pairs are issued to users.
  • An aspect of the present invention will optionally allow multiple key pairs to be issued to users, one pair for each access location, thus allowing the user to cancel one location but continue to access the application server from another location.
  • This aspect of the invention will allow the user, through the Self-service Module 406, to remotely disable authentication locations from authenticating to the web server 300 regardless of whether the user's password is correctly used from that location. Such would be useful for situations such as when an employee is fired or otherwise terminates their employment.
  • the present invention enables the operator of the web server 300 to control a series of user credential authentication processes by defining the processes embodied in the browser/client application 20 provided to the user.
  • This social trust is consistent in any case with the expectations of users regarding the role of the operator of the web server 300 in regard to protection from security attacks.
  • This social trust also defeats a number of the Phishing techniques referred to above in that the key to a number of such techniques is that it is the user and not the web server 300 that controls the authentication processes, such that it is somewhat easier for the Phisher to impose himself/herself between the user and the operator of the web server 300.
  • System 50a includes various components that are similar to components in the system described in relation to Figures 1. Accordingly, like components include like reference characters followed by the suffix "a". However, certain differences exist between system 50a and the system in Figure 1 and such differences will become apparent to those skilled in the art according the context of the following description.
  • System 50a includes at least one client device 10a.
  • Device 10a can thus have any desired computing environment to allow a user to interact therewith, such as a personal computer, a thin-client, a personal digital assistant or the like.
  • Device 10a is operable to connect to the computing infrastructure of a financial institution 500a via a link 504a.
  • Link 504a can be based on any type of network connection infrastructure, including wired or wireless, or combinations thereof that can carry network communications.
  • Link 504a can, for example, be one or more components identified in Figure 1 as Internet 100, WAP to Web Gateway 101, and/or the like.
  • link 504a is the Internet whereby the user at device 10a is remotely accessing institution 500a.
  • Financial institution 500a thus includes a web server 300a and an application server 302a which are connected via a link 508a.
  • link 508a can be based on any type of network connection infrastructure. However, link 508a is typically (though need not be) a connection that is proprietary to institution 500a and/or otherwise under the control of institution 500a.
  • web server 300a can include any server connected directly or indirectly to the Internet, whether it publishes conventional web pages or specialized web pages, and is primarily utilized for front-end authentication of a user that wishes to access application server 302a.
  • web server 300a can be considered a front-end server, in contrast to application server 302a which can be considered a back-end server.
  • application server 302a encompasses any known (or future) back-end infrastructure, such as a computing banking infrastructure. More specifically, such a banking infrastructure enables a user at device 10a that is authenticated for access to application server 302a and perform on-line transactions associated with that user's account associated with financial institution 500a.
  • financial institution 500a is a bank, and assuming the account is a checking account, then the user, once authenticated, will be able to pay bills, transfer funds, view transaction history in the usual manner. Authentication of that user to use device 10a to access application server 302a will be discussed in greater detail below.
  • Prior art system 500aP includes substantially the same hardware components as system 500a, except that all components in system 500aP include the suffix "P". In operation, those hardware components operate differently and can subject the user at device lOaP to phishing and/or other security attacks. More specifically, when the user at device lOaP connects to institution 500aP, the user will supply credentials CP to application server 302aP via web server 300aP.
  • credentials CP include a userid IDP and a password PWP that are known to the user.
  • Such credentials CaP are typically supplied to web server 300aP over a secure connection 512aP running on link 504aP.
  • Secure connection 512aP can be effected in many ways, but is commonly secured via a secure socket layer ("SSL").
  • web server 300aP relays credentials Ca to application server 302aP via link 508aP over an internal secure connection 516aP.
  • application server 302aP Having supplied credentials CP to application server 302aP, application server 302aP then permits the user at device lOaP to conduct online banking transactions in the usual manner.
  • credentials CP are protected by secure connection 512aP, the fact remains that credentials CP are outside the control of institution 500aP.
  • a phishing attack can cause a user at device lOaP to unwittingly surrender those credentials CP to a Phisher and thereby allow the Phisher to gain illegal access to that user's account as maintained by server 302aP.
  • System 50a in Figure 7 shows a data-file DFa that is stored on a hard disc or other storage device of device 10a.
  • Data-file DFa includes a digital certificate DCa that itself includes at least user credentials Ca and a user public encryption key uPuKa.
  • Data-file DFa also include a user private encryption key uPrKa that is the second- half a key pair corresponding to user public encryption key uPuKa.
  • Credentials Ca include a userid IDa and an encrypted password PWea.
  • Encrypted password PWea is stored in digital certificate DCa as an encrypted representation of a password PWa.
  • Password PWa corresponds conceptually to prior art password PWP, the single- factor token needed for authentication to prior art application server 302aP.
  • password PWa can be used to access application server 302a.
  • the encryption used to encrypt password PWea to to obtain encrypted password PWea is based on any encryption method whereby the corresponding decryption method is known to web server 300a, and preferably, ONLY known to web server 300a. For example, when digital certificate DCa is created, the encrypted form of password PW, i.e.
  • password PWea can be generated from password PW using a standard encryption algorithm whereby the decryption key for decrypting encrypted password PWea in order to obtain password PWa is only known to web sever 300a.
  • user IDa and password PWa i.e. the decrypted version of password PWea
  • data-file DFa can be maintained on device 10a using known methods appropriate to the computing environment of device 10a, such as the certificate stores inherent to many of the current WindowsTM operating systems from MicrosoftTM of One Microsoft Way, Redmond, Washington.
  • digital certificate DC can be based on conventional PKI identity certificates.
  • Digital certificate DCa can then be customized by the addition of credentials Ca.
  • a suitably customized version of the methods provided in Figure 2 or Figure 2a can be used to generate data-file DF.
  • a method for conducting secure transactions is indicated generally at 800.
  • method 800 is operated using system 50a.
  • method 800 is shown in Figure 8 as having different steps associated with specific elements of system 50a.
  • system 50a and/or method 800 can be varied (e.g. method 800 need not be performed in the exact sequence shown), and need not work exactly as discussed herein in conjunction with each other, and that such variations are within the scope of the present invention.
  • step 800 the web server is accessed.
  • Step 800 can be performed in a variety of ways. One way of performing step 800 is simply whereby a user inputs a URL associated with web server 300a into a browser executing on device 10a. Connection 512a is typically secured, such as via a SSLv3/TLS, and established between device 10a and web server 300a in the usual manner.
  • a certificate is presented to the web server in a signed transaction.
  • digital certificate DC will be automatically transmitted from device 10a to web server 300a in the form of a signed transaction.
  • This step is also represented in Figure 9 as a signed transaction Ta is shown being carried along connection 512a.
  • Signed transaction Ta includes digital certificate DCa therein.
  • Signed transaction Ta is simply a message to web server 300a sent from device 10a that includes digital certificate DCa and any other desired information.
  • Digital certificate DCa (and the other desired information) are digitally-signed using user private key uPrKa, and this digital signature then becomes part of transaction Ta.
  • step 800 and step 810 occur substantially at the same time, as signed transaction Ta is actually communicated as part of the SSLv3/TLS session establishment protocol which is used to set up connection 512a.
  • existing SSLv3/TLS infrastructure can be utilized to facilitate implementation of the present embodiment.
  • steps 800 and 810 are presented separately to assist in explanation of the method.
  • step 820 a determination is made as to whether the transaction is valid. This step is performed by web server 300a, which receives transaction Ta and uses the user public key uPuKa embedded within digital certificate DCa stored within transaction Ta to verify the integrity of the digital signature that also arrived with transaction Ta and thereby make a determination as to the validity of the entire received transaction Ta. If the transaction is not valid, (e.g. the digital signature does not affirm the integrity of transaction Ta), then the method ends. However, if at step 820 the transaction is valid then a "yes" determination is made at step 820 and method 800 advances to step 830.
  • step 830 the user credentials are determined. This step is also performed by web server 300a, which examines digital certificate DCa within transaction Ta to extract the contents of credentials Ca, namely userid IDa and password PWea. As part of step 830, web server 300a also decrypts password PWea to obtain password PWa. As previously mentioned, the decryption key for obtaining password PWa from password PWea is only known to web server 300a. (And accordingly, a party (e.g. a phisher) that obtains credentials Ca is still unable to access the user's account on application server 302a.)
  • a party e.g. a phisher
  • step 840 the user's credentials are presented to the application server.
  • This step is represented in Figure 10, as web server 300a presents credentials C (namely, userid IDa and password PWa (i.e. the decrypted version of password PWea)) to application server 302a on behalf of the user at device 10a.
  • credentials C namely, userid IDa and password PWa (i.e. the decrypted version of password PWea)
  • step 850 a determination is made as to whether credentials C presented at step 840 are valid. This determination is made by application server 302a in the usual manner as currently employed in prior art application servers such as application server 302aP. Thus, if the determination is that credentials C are not valid, then the method ends without providing access to the user's account.
  • step 860 a session is opened with the user at device 10a.
  • This step is represented in Figure 11 as a session S is shown as open between application server 302a and device 10a.
  • a session is also the same as a session that would be opened by a prior art application server such as application server 302aP.
  • the user can conduct on-line banking transactions between device 10a and application server 302a in the usual manner.
  • Application server 302a and device 10a can be logically bound by session S via web server 300a in any desired manner to preserve the integrity and or security of session S until the user has completed its use of session S. Standard inactivity timeouts, and/or periodic requests for re-authentication, either from device 10a and/or web server 10a can be employed, as desired.
  • application server 302a and prior art application server 302aP can be substantially the same.
  • prior art financial institution 500aP can upgrade to the functionality of financial institution 500a (and thereby protect its user's from phishing attacks and various other potential security breaches) without change to its application server 302aP.
  • Financial institution 500aP need only update its web server 300a and cause users at devices such as device 10a to utilize a slightly modified version of existing public key infrastructure ("PKI").
  • PKI public key infrastructure
  • System 50b includes various components that are substantially similar to components in system 50a. Accordingly, like components include like reference characters followed by the suffix "b" in lieu of the suffix "a".
  • data-file DFb is different that data-file DFa, in that password PWea is not stored within credentials Cb. Instead, an encrypted pointer Pbe is stored within credentials Cb. However, pointer Pbe is otherwise created and saved in within credentials Cb in substantially the same manner as PWea.
  • web server 300b maintains a web server data file WSDFb in a hard disc or other storage device associated with web server 300b.
  • Data file WSDFb includes a look-up table which associates pointer Pbe with password PWb.
  • Data file WSDFb can be maintained using any desired means, such as LDAP.
  • method 800 when method 800 is performed on system 50b, it is performed in substantially the same manner as on system 50b, except that at step 830, the determination of user credentials involves web server 300b using web server data file WSDFb in order to look-up password PWb based on the contents of pointer Pbe.
  • the password PWb used to access the user's account on application server 302b never exists outside of financial institution 500b, even in encrypted form. Further, this also permits the updating of password PWb by financial institution 500b without needing to an update to digital certificate DCb.
  • web server 300a and application server 302a are represented in system 50a as two distinct pieces of physical computing hardware connected by link 508a.
  • web server 300a and application server 302a can be implemented in a variety of different computing environments, across a single or a plurality of different computers.
  • link 508a is simply a bus or a virtual link between the portions of that single computer that performs the respective functions of web server 300a and application server 302a.
  • web server 300a and/or application server 302a can be based on micro-computer, mini-computers, mainframe, and/or other type of computing environment.
  • web server 300a and/or application server 302a can be a Sun 480R server from Sun Microsystems, Inc.
  • system 50a is described in relation to a financial institution 500a, it should be understood that the teachings herein are applicable to other types of network access whereby it can be desired to protect from phishing attacks and/or otherwise secure that access.
  • web server 300a can be viewed simply as an authentication server that regulates access to application server 302a.
  • application server 302a is shown as single computing server, web server 300a can be an authentication server for a plurality of computing resources in addition to, or in lieu of, application server 302a.
  • step 810 of method 800 can be implemented is not particularly limited.
  • step 810 can be implemented by means of a PKI plug-in to a web-browser of a type the Patent and the Co- Pending Patent Applications, thereby providing greater security over link 504a and/or link 504b.
  • Step 810 can also be implemented by an applet or other script hosted by web server 300a or 300b that can be executed on device 10a or 10b respectively.
  • Password PWa can be dynamically generated from prior art password PWP using a cryptographically secure one-way hash function, such as Secure Hash Algorithm 1 ("SHA-1") or Message Digest 5 (“MD5"), or in other any manner well-known to those skilled in the art.
  • SHA-1 Secure Hash Algorithm 1
  • MD5 Message Digest 5
  • the new password PWa generated from password PWP will be much longer and more complex such that even the user at device 10a would have great difficulty in even remembering the resulting password PWa used for authentication with application server 302a (assuming that user was ever even shown password PWa).
  • this one-way hash method of generating password PWa can further reduce the risk of phishing.
  • CSR certificate-signing request
  • CA certification authority
  • the existing PKI infrastructure can be leveraged to generate and register digital certificate DCa, subject to appropriate modification of the at infrastructure in order to include credentials Ca within digital certificate DCa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé, un système et un programme informatique destinés à offrir une protection contre une ou plusieurs attaques de sécurité lancées par des tiers et visant à obtenir des informations d'utilisateur sur une base non autorisée, notamment entre un ordinateur client associé à un utilisateur et un ordinateur serveur. L'ordinateur serveur définit un utilitaire de cryptographie à clé publique de confiance utilisé sur l'ordinateur client. Cet utilitaire de cryptographie à clé publique permet de réaliser une ou plusieurs opérations cryptographiques destinées à chiffrer/déchiffrer des données, à authentifier des données et/ou à authentifier un expéditeur, et à déchiffrer et/ou à vérifier des données. L'utilisateur s'authentifie auprès de l'utilitaire de cryptographie à clé publique, d'où la sollicitation de l'accès à des informations d'utilisateur associées à l'utilisateur, comme défini par l'ordinateur serveur. L'utilitaire de cryptographie à clé publique facilite la communication des informations d'utilisateur à l'ordinateur client, que ce soit directement ou indirectement par l'intermédiaire d'un agent d'authentification, d'où l'authentification de l'utilisateur par l'ordinateur serveur. En réponse, l'ordinateur serveur fournit à l'utilisateur un accès à une ou plusieurs ressources système associées à l'ordinateur serveur. La présente invention concerne également une série de procédés permettant à l'ordinateur serveur d'authentifier l'utilisateur par mise en oeuvre de l'utilitaire de cryptographie à clé publique et/ou sur la base de l'enrôlement de l'utilisateur et de la fourniture de l'utilitaire de cryptographie à clé publique à l'utilisateur.
EP05759341A 2004-06-21 2005-06-20 Procede, systeme et programme informatique destine a proteger des informations d'utilisateur contre des attaques de securite Withdrawn EP1766848A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US10/870,990 US20090055642A1 (en) 2004-06-21 2004-06-21 Method, system and computer program for protecting user credentials against security attacks
CA 2471917 CA2471917A1 (fr) 2004-06-22 2004-06-22 Methode, systeme et programme informatiques de protection des elements d'identification de l'utilisateur contre des atteintes a la securite
PCT/CA2005/000955 WO2005125084A1 (fr) 2004-06-21 2005-06-20 Procede, systeme et programme informatique destine a proteger des informations d'utilisateur contre des attaques de securite

Publications (1)

Publication Number Publication Date
EP1766848A1 true EP1766848A1 (fr) 2007-03-28

Family

ID=35510092

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05759341A Withdrawn EP1766848A1 (fr) 2004-06-21 2005-06-20 Procede, systeme et programme informatique destine a proteger des informations d'utilisateur contre des attaques de securite

Country Status (3)

Country Link
EP (1) EP1766848A1 (fr)
AU (1) AU2005255513A1 (fr)
WO (1) WO2005125084A1 (fr)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8640231B2 (en) * 2006-02-23 2014-01-28 Microsoft Corporation Client side attack resistant phishing detection
US8225096B2 (en) 2006-10-27 2012-07-17 International Business Machines Corporation System, apparatus, method, and program product for authenticating communication partner using electronic certificate containing personal information
WO2009001855A1 (fr) * 2007-06-27 2008-12-31 Globalsign K.K. Système d'émission d'un certificat de serveur
JP4128610B1 (ja) * 2007-10-05 2008-07-30 グローバルサイン株式会社 サーバ証明書発行システム
US10129298B2 (en) 2016-06-30 2018-11-13 Microsoft Technology Licensing, Llc Detecting attacks using compromised credentials via internal network monitoring
US10826875B1 (en) 2016-07-22 2020-11-03 Servicenow, Inc. System and method for securely communicating requests
ZA201904570B (en) 2019-07-12 2020-03-25 Entersekt Pty Ltd System and method for validation of possession-based authentication response
US11736520B1 (en) 2021-06-24 2023-08-22 Airgap Networks Inc. Rapid incidence agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
US11757933B1 (en) 2021-06-24 2023-09-12 Airgap Networks Inc. System and method for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
US11722519B1 (en) 2021-06-24 2023-08-08 Airgap Networks Inc. System and method for dynamically avoiding double encryption of already encrypted traffic over point-to-point virtual private networks for lateral movement protection from ransomware
US11757934B1 (en) 2021-06-24 2023-09-12 Airgap Networks Inc. Extended browser monitoring inbound connection requests for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
US11695799B1 (en) 2021-06-24 2023-07-04 Airgap Networks Inc. System and method for secure user access and agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
US11916957B1 (en) 2021-06-24 2024-02-27 Airgap Networks Inc. System and method for utilizing DHCP relay to police DHCP address assignment in ransomware protected network
US11711396B1 (en) 2021-06-24 2023-07-25 Airgap Networks Inc. Extended enterprise browser blocking spread of ransomware from alternate browsers in a system providing agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
CN114063927B (zh) * 2021-11-23 2024-03-26 厦门市美亚柏科信息股份有限公司 一种用于电子数据的取证方法和系统

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7194764B2 (en) * 2000-07-10 2007-03-20 Oracle International Corporation User authentication
US7249369B2 (en) * 2000-07-10 2007-07-24 Oracle International Corporation Post data processing
US20020031230A1 (en) * 2000-08-15 2002-03-14 Sweet William B. Method and apparatus for a web-based application service model for security management
US20030131232A1 (en) * 2001-11-28 2003-07-10 Fraser John D. Directory-based secure communities

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005125084A1 *

Also Published As

Publication number Publication date
AU2005255513A1 (en) 2005-12-29
WO2005125084A1 (fr) 2005-12-29

Similar Documents

Publication Publication Date Title
US20090055642A1 (en) Method, system and computer program for protecting user credentials against security attacks
US9900163B2 (en) Facilitating secure online transactions
WO2005125084A1 (fr) Procede, systeme et programme informatique destine a proteger des informations d'utilisateur contre des attaques de securite
US8185942B2 (en) Client-server opaque token passing apparatus and method
Claessens et al. On the security of today’s online electronic banking systems
AU2005264830B2 (en) System and method for implementing digital signature using one time private keys
US20100217975A1 (en) Method and system for secure online transactions with message-level validation
US20090240936A1 (en) System and method for storing client-side certificate credentials
US20060294366A1 (en) Method and system for establishing a secure connection based on an attribute certificate having user credentials
US20080077791A1 (en) System and method for secured network access
US8583926B1 (en) System and method for anti-phishing authentication
US20080022085A1 (en) Server-client computer network system for carrying out cryptographic operations, and method of carrying out cryptographic operations in such a computer network system
JP2004527938A (ja) 認証通信
Badra et al. Phishing attacks and solutions
WO2018030289A1 (fr) Système de communication ssl, client, serveur, procédé de communication ssl et programme informatique
AU2009295193A1 (en) Method and system for user authentication
JP5186648B2 (ja) 安全なオンライン取引を容易にするシステム及び方法
Latze Stronger Authentication in E-Commerce-How to protect even naıve Users against Phishing, Pharming, and MITM attacks
US20210306306A1 (en) Method and system for secure communication
CA2471917A1 (fr) Methode, systeme et programme informatiques de protection des elements d'identification de l'utilisateur contre des atteintes a la securite
Gilchrist The Concise Guide to SSL/TLS for DevOps
Jeelani An insight of ssl security attacks
Desulme Public key infrastructure risk outlook: Testing the non-repudiation claim of the PKI

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070119

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100105