EP2850807A1 - Procédé et système de demande d'un objet en toute sécurité par le biais d'un réseau de communication - Google Patents
Procédé et système de demande d'un objet en toute sécurité par le biais d'un réseau de communicationInfo
- Publication number
- EP2850807A1 EP2850807A1 EP14729294.0A EP14729294A EP2850807A1 EP 2850807 A1 EP2850807 A1 EP 2850807A1 EP 14729294 A EP14729294 A EP 14729294A EP 2850807 A1 EP2850807 A1 EP 2850807A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- parameter
- request message
- client system
- combination
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000004891 communication Methods 0.000 title claims abstract description 20
- 238000011156 evaluation Methods 0.000 claims abstract description 15
- 230000005540 biological transmission Effects 0.000 claims abstract description 12
- 239000012634 fragment Substances 0.000 claims description 23
- 108010076504 Protein Sorting Signals Proteins 0.000 claims description 6
- 238000012790 confirmation Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 235000014510 cooky Nutrition 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 240000008042 Zea mays Species 0.000 description 1
- 235000005824 Zea mays ssp. parviglumis Nutrition 0.000 description 1
- 235000002017 Zea mays subsp mays Nutrition 0.000 description 1
- 235000005822 corn Nutrition 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Definitions
- the invention relates to a method for requesting an object with a client system, which is operatively coupled to a server system via a communication network. Furthermore, the invention relates to a system for requesting an object with a client system, which is operatively coupled to a server system via a communication network. Background of the invention
- the newsletters or e-mails may have so-called hyperlinks, with which the customer is forwarded to a specific land page prepared for the offer, where the customer can initiate an order process, as described above.
- the customer must go through the entire ordering process in order to order a product or information about the product.
- US 5,960,411 describes a method whereby a customer can request products over the Internet. It is mentioned there that the personal data to be transmitted, such as credit card numbers, can be secured against misuse by encrypting the data. However, there is also mentioned that even the encrypted transmission of data is not secure, as they may be tapped and decrypted by an attacker. To avoid this problem, US 5,960,411 suggests transmitting as little personal information as possible.
- the object of the present invention is therefore to provide solutions which enable a more efficient and safer ordering process.
- a server device of the server system receives a request message via the communication network from an electronic document displayed on the client system
- the request message comprises at least a first parameter identifying a user of the client system and a second parameter identifying the requested object
- the server device evaluates the parameters of the received request message, whereby data assigned to the user to the first parameter and data associated with the second parameter to the product are determined, the respective data being stored in a memory device of the server system and after a successful evaluation, the requested object is provided for transmission to the user.
- the server device can use the parameters transmitted with the request message to determine all data required for shipping (shipping address and product data) without requiring further input from the user.
- the server device may generate the electronic document and provide it for transmission to the client system, wherein when the electronic document is generated in the electronic document, a text fragment is inserted which, upon client-side execution, causes the request message to be transmitted from the client system to the server device ,
- the request message comprises a third parameter.
- the transmission of the first and second parameters can be saved even if the first and second parameters are unsecured, i. be transmitted unencrypted.
- the third parameter may include the value of the first parameter and the value of the second parameter in coded form. This advantageously makes it possible to carry out a validity check on the server side of the accepted first and second parameters. Thus, it is possible to prevent a user from unjustifiably requesting an object or even simply making joke questions by assembling and / or changing the values of the first and / or the second parameter.
- the text fragment inserted into the electronic document may include the first parameter and the second parameter.
- the text fragment may comprise at least the second parameter, wherein the value of the first parameter is transmitted from the server device to the client system, preferably before the electronic document is transmitted, and stored on the client device when transmitting the request message Client system is transmitted to the server device together with the request message as the first parameter of the request message.
- the second parameter needs to be transmitted to the client system, which increases the security, because at least on the transmission path from the server device to the client system, the value of the first parameter can no longer be manipulated.
- a hash value preferably a cryptographic hash value, which forms the third parameter is formed from a combination of the first parameter and the second parameter, the text fragment comprising the hash value as the third parameter. It is advantageous if the hash value is formed from a combination of the first parameter, the second parameter and a secret. The secret is not transmitted to the client system.
- the secret may comprise an alternating state value, preferably a time stamp.
- the hash value can be formed from a combination of the first parameter, the second parameter and an alternating state value, preferably a time stamp. Because the timestamp is generated on the server device and is used only for the generation of the hash value, it is effectively prevented that an attacker can calculate the hash value with the aid of the first parameter and the second parameter, because he is responsible for the hash value the calculation of the hash value required state value (eg timestamp) is missing or not known.
- the hash value or cryptographic hash value can be stored in the memory device, the stored hash value being assigned to the combination of the first parameter and the second parameter.
- the secret can be stored in the memory device, the stored secret being assigned to the combination of the first parameter and the second parameter.
- the evaluation of the request message may comprise a step of checking whether the hash value or cryptographic hash received with the request message is identical to the hash value assigned to the combination of the first parameter and the second parameter, or the combination of the first parameter, the second parameter and the secret is formed. As a result, it can be advantageously determined whether the first parameter, the second parameter and / or the hash value have been manipulated.
- the server device may generate a key, wherein the text fragment comprises the key as a third parameter, wherein the key is stored in the memory device, and wherein the stored key is associated with the combination of the first parameter and the second parameter.
- the key can be generated arbitrarily, for example the key can be a random value that is generated independently of the first and / or second parameter.
- the evaluation of the request message may in this case comprise a step in which it is checked whether the third parameter received with the request message is identical to the key associated with the combination of the first parameter and the second parameter.
- the hash value, the secret and / or the key can each be a one-time hash value, a one-time secret and a one-time key, wherein the evaluation of the request message comprises a step in which the combination of the first parameter and the second parameter associated hash value, secret and / or key and the assignment are deleted.
- One-time hash value, one-time secret or one-time key means that the hash value, the secret (or the hash value generated using the secret) or the key can only be used once as the third parameter of the request message.
- the evaluation of the request message comprises a step in which the hash value, secret and / or key assigned to the combination of the first parameter and the second parameter and the assignment are deleted.
- a time window is set, wherein the time window is stored in the memory device and wherein the stored time window is assigned to the combination of the first parameter and the second parameter.
- the evaluation of the request message comprises a step in which it is checked whether the request message was accepted within the time window. This makes it possible to check whether one and the same request message has been received several times by the server device within a specific time window or time interval. It is advantageous that, if the request message was received within the time window, the server device generates a confirmation message and transmits it to the client system, wherein the user of the client system is requested with the confirmation message to confirm the re-requesting of the object. This prevents a user from inadvertently requesting one and the same object, such as a specific product.
- the combination of the first parameter and the second parameter is assigned a validity interval, the validity interval and the assignment of the validity interval to the parameter combination being stored in the memory device. For example, this can be used to specify that a particular user can request a specific product only within a certain period of time specified by the validity interval.
- the abuse is further restricted as a result, because for certain otherwise valid combinations of the first parameter value and the second parameter value, they are only valid for a certain preferably short period of time. Inquiry messages that are received outside of the valid validity period for the parameters can be rejected or discarded, or the sender can be sent a corresponding error message.
- the text fragment inserted into the electronic document may comprise a hyperlink or a client-side executable code fragment.
- the object may include information about the object.
- the electronic document may include at least one of an internet page, an electronic newsletter, and an electronic message (e-mail). It is advantageous if, in the event of a failed evaluation, the server device generates an error message and transmits it to the client system for display on the client system.
- the invention further provides a system for requesting an object having a client system operably coupled to a server system via a communication network, the server system operatively coupled to a storage device and adapted to execute a method according to the invention.
- a computer program product which can be loaded into the internal memory of a computer and which comprises program sections with which the steps of the method according to the invention are carried out when the computer program product is executed on the computer.
- a signal sequence in particular computer-readable and suitable for transmission in a communication network signal sequence is provided, wherein the signal sequence represents data with which, when they are loaded in a processor of a computer, a method according to the invention for execution can be brought.
- FIG. 1 shows: a system comprising a client system and a server system according to the invention, which can be coupled or coupled to one another via a communication network; and 2 shows a flow chart of the method according to the invention for requesting an object with a client system which is coupled to a server system.
- FIG. 1 shows a system comprising a client system C and a server system S, which are coupled to one another or can be coupled to one another via a communication network 30, for example the Internet.
- the server system S in the embodiment shown in FIG. 1 comprises a server device 40 and a memory device 50, such as a database, operatively coupled to the server device 40.
- the server device 40 may be a web server, for example.
- the server device 40 may also be a computer system that is adapted to send messages to the client system C or to receive messages from the client system C.
- the client system C may be a conventional computer, a tablet PC, a smartphone or the like.
- the client system C is adapted to request and receive messages and / or electronic documents, such as web pages from server devices 40, and to display the received documents on a display device.
- the client system C is assigned to a user U who requests an object O via the client system C.
- the user U can also request information U about a specific object O via the client system C.
- the object may, for example, be a specific product or specific additional information about a product or service.
- the personal data associated with the user U, such as the shipping address, are stored on the server side in the storage device 50.
- the memory device 50 also stores the data associated with the objects O or the product information associated with a product.
- the user U can request information about particular products or specific products via the client system C, which are sent to the user U after completion of an order process, whereby the shipping for a requested product can be processed by mail or by a transport company.
- the dispatch of additional information on a specific product can also be handled via the communication network 30.
- the user U may request from the server device 40 a particular web page containing information about a particular product.
- the website (electronic document 10) is displayed on the client system C, the website 10 in the example shown here having a button 20, with which the user U can request the product or information about the product.
- a request message is transmitted from the client system C to the server device 40 and received by the server device 40.
- the server device 40 evaluates the received request message and initiates a shipping process by which the requested product or the requested product information is sent to the user U.
- no additional information needs to be requested from the user U, since all information necessary for the shipment is already contained in the request message or is determined from the data of the request message, as described in more detail below with reference to FIG is described.
- the user U therefore only has to press the button 20, whereby the entire ordering process is initiated and completed at the same time. Further actions of the user U are no longer necessary.
- the electronic document 10 may be a newsletter or an e-mail that the user U has received at the client system and is displayed there.
- the newsletter or e-mail 10 may also include a button 20 that allows the user to initiate and complete an order process for a product advertised in the newsletter or e-mail.
- a button may also be provided, wherein both an actuation of the button and an actuation of the hyperlink causes the transmission of the request message to the server device.
- the user U has to perform a single action to request a product or product information, namely the button 20 or press a corresponding hyperlink.
- the entire ordering process is thereby shortened and made more efficient. Further, the ordering process also becomes significantly more secure because only a single request message needs to be transmitted from the client system C to the server device 40 and because the request message is configured accordingly, making abuse or tampering almost impossible, as also described in the following is described on Fig. 2.
- a first step S1 the server device 40 generates an electronic document, such as a website or a newsletter.
- a text fragment is inserted in the electronic document that, upon client-side execution, causes a request message to be transmitted from the client system to the server device 40.
- the text fragment can be, for example, a hyperlink or a button.
- parameters are generated in step S1 and in inserted the electronic document.
- the inserted parameters are so-called URL parameters of the hyperlink or the button.
- a first URL parameter identifies the user of the client system.
- a second URL parameter identifies a product or service advertised in the electronic document.
- the first parameter "UserID” identifies the user of the client system and the second parameter "ProductID” identifies the product advertised with the website or with the newsletter.
- a request message is transmitted from the client system C to the server device 40, which includes the two aforementioned parameters.
- the first parameter that identifies user U does not necessarily have to be included as part of the hyperlink in the electronic document.
- This parameter can be transferred to an Internet page with the header of the website to the client system and stored there as a so-called cookie.
- the data of the cookie is then transmitted to the server device 40 along with the request message.
- a third parameter can be provided to increase the security, which is also inserted into the electronic document in the form of a URL parameter.
- the third parameter "Secret" may include the value of the first parameter and the value of the second parameter in coded form.
- the third parameter may be a hash value, preferably a cryptographic hash value formed from a combination of the values of the first parameter and the second parameter.
- the server device 40 is enabled to check whether the first and second parameters transmitted with the request message are valid or whether the two first parameters have been manipulated.
- the hash value or cryptographic hash value is generated or calculated by the server device 40 and stored in the memory device 50.
- the stored hash value is assigned to the combination of the first parameter and the second parameter.
- the hash value can be formed from a combination of the value of the first parameter, the value of the second parameter, and a secret.
- the secret may be, for example, an alternating state value.
- the changing status value can be, for example, a timestamp. The secret or timestamp is only used to calculate the hash value and then discarded again. Since both the values of the first two parameters and the time stamp are used to calculate the hash value, it is almost impossible for an attacker to calculate the hash value without knowing the time stamp.
- time stamp it is also possible to use any random number or any other value that preferably changes frequently.
- the time stamp used for the calculation of the hash value is no longer necessary, because the hash value is stored in the memory device 50 and assigned to the combination of the first parameter and the second parameter.
- the server device can generate a key, the text fragment comprising the key as the third parameter.
- the key is generated independently of the first two parameters, so that no conclusions can be drawn from the first two parameters on the third parameter.
- the key may, for example, be any random number or any number-letter combination.
- the key is also stored in the memory device associated with the combination of the first parameter and the second parameter.
- the document After the document has been completely created and the text fragment, i. the hyperlink or the button have been inserted into the document, the document is transferred to the client system C in step S2 and displayed there.
- the user U can now press the button or click the hyperlink, whereby a request message comprising the parameters described above is transmitted from the client system C to the server device 40.
- step S3 the server device 40 receives the request message from the client system C.
- the server device 40 In the subsequent step S4, the parameters of the received request message are evaluated by the server device 40. If the first parameter has been stored in the form of a cookie in the client system C, the server device 40 also accepts the data of the cookie together with the request message and also evaluates these in the step S4. In the simplest case, when evaluating the request message, the server device 40 checks whether the values of the first parameter and the second parameter valid. If the values of the first two parameters are valid, the server device determines the data associated with the first two parameters, which are likewise stored in the memory device 50. This data may include, for example, the delivery address of the user identified with the first parameter.
- the server device 40 also receives the third parameter, which represents the hash value to the first two parameters or the key, and checks whether the hash matches the first parameter and second parameter combination. For this purpose, the hash value stored in memory device 50 for this parameter combination is read out and compared with the hash value received by the third parameter. If both hash values are identical and the values of the first two parameters are valid, which is checked in each case in step S5, the requested object or the requested product information can be sent in step SE. The received key is handled analogously.
- the check as to whether the received hash value is identical to the hash value stored for the parameter combination can be made independently of whether the hash value has been formed with the aid of an alternating state value, for example a time stamp.
- the hash value or key assigned to the combination of the first and second parameters for example to delete it or to mark it as invalid.
- the hash values or keys are so-called one-time hash values or one-time keys.
- a time window can be defined after the parameters have been generated or after the parameters have been inserted into the electronic document for the generated or inserted parameter combination.
- the time window is likewise stored in the memory device 50 and assigned to the combination of the first parameter and the second parameter.
- the server device 40 may generate a confirmation message and transmit it to the client system to prompt the user U to confirm re-requesting the object. This avoids the user U erroneously requesting one and the same product multiple times.
- a validity interval can be assigned to the combination of the first parameter and the second parameter.
- the validity interval and the assignment of the validity interval to the parameter combination are likewise stored in the memory device 50.
- the validity interval can be used to specify within which period of time corresponding request messages are valid at all. On the one hand, this can result in a time restriction within which a particular product or specific information is even requested can. On the other hand, the possibility of misuse of the request message can be further reduced because a request message received outside the validity interval for a specific combination of first and second parameters can be discarded by the server device 40 without the third parameter having to be evaluated. In one embodiment of the invention, the user U can be informed that the received request message was invalid.
- a validity interval may include multiple timeslots.
- a time window can be as long as the validity interval.
- the aforementioned validity interval and the aforementioned time window have nothing to do with a validity period or a timeout of an Internet or HTTP session. Both the validity interval and the time window can span multiple Internet or HTTP sessions. Conversely, an Internet or HTTP session may also include multiple validity intervals or timeslots. For example, the validity interval for a particular combination of parameters may be one week, while an Internet or HTTP session within which request messages may be received by a particular client device may have a maximum validity of one day and, upon expiration of the validity period, e.g. automatically ended. Furthermore, after a timeout of the Internet or HTTP session, the validity interval and / or the time window may continue to be valid.
- step S4 If the evaluation of the parameters or the request message carried out in step S4 results in an error, the method branches in step S5 to step S6, in which an error message is generated by the server device 40 and sent to the client system for display on the client system Client system is transmitted. Otherwise, the requested object or the requested information can be sent to the user U.
- the text fragment inserted into the electronic document has a hyperlink or a button.
- the text fragment may include a client-side executable code fragment, such as JavaScript code.
- client-side executable code fragment such as JavaScript code.
- the values of the parameters can be defined as variables or constants.
- the client-side executable code fragment is adapted to generate a corresponding request message upon a click on the button or by clicking on the hyperlink and to transmit it to the server device 40.
- the invention described above can be used both in Internet pages or electronic newsletters or e-mails. Due to the parameterization according to the invention of the hyperlink or the client-side executable code fragment, the user or the recipient of the newsletter or the e-mail only has to perform a single action, ie actuate the hyperlink or the button in order to create a product or a Request product information. With the aid of the parameters, the server device 40 is able to determine all data required for the shipment of the product or the product information from the storage device 50 and to initiate the shipping process.
- the ordering process is thus considerably shorter, less time-consuming and thus more efficient.
- the security is considerably increased and manipulation of the parameters is made considerably more difficult or can be reliably detected by the server device 40.
- buttons in the electronic document for example button or link
- communication network e.g., Internet
- storage device e.g., database
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
L'invention concerne un procédé permettant de demander un objet (O) au moyen d'un système client (C) couplé de manière opérationnelle à un système serveur (S) par le biais d'un réseau de communication (30). Un équipement serveur (40) du système serveur reçoit (S3) par le biais du réseau de communication un message de demande d'un document électronique (10) déposé sur le système client pour être visualisé, le message de demande comprenant au moins deux paramètres. L'équipement serveur évalue les paramètres du message de demande reçu en déterminant pour le premier paramètre des données associées à l'utilisateur et pour le second paramètre des données associées à l'objet. Les données sont stockées dans un système de mémoire (50) et préparées en vue de la transmission (SE) à l'utilisateur (U) lorsque l'évaluation de l'objet (O) demandé a réussi. L'invention concerne en outre un système, en particulier un système serveur, adapté pour mettre en œuvre un procédé selon l'invention.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102013105793.4A DE102013105793A1 (de) | 2013-06-05 | 2013-06-05 | Verfahren und System zum sicheren Anfordern eines Objektes über ein Kommunikationsnetzwerk |
PCT/EP2014/061768 WO2014195437A1 (fr) | 2013-06-05 | 2014-06-05 | Procédé et système de demande d'un objet en toute sécurité par le biais d'un réseau de communication |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2850807A1 true EP2850807A1 (fr) | 2015-03-25 |
Family
ID=50928100
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP14729294.0A Withdrawn EP2850807A1 (fr) | 2013-06-05 | 2014-06-05 | Procédé et système de demande d'un objet en toute sécurité par le biais d'un réseau de communication |
Country Status (4)
Country | Link |
---|---|
US (1) | US9973477B2 (fr) |
EP (1) | EP2850807A1 (fr) |
DE (1) | DE102013105793A1 (fr) |
WO (1) | WO2014195437A1 (fr) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11303726B2 (en) * | 2018-08-24 | 2022-04-12 | Yahoo Assets Llc | Method and system for detecting and preventing abuse of an application interface |
TWI733340B (zh) * | 2020-02-19 | 2021-07-11 | 網聯科技股份有限公司 | 合法性驗證方法 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5960411A (en) * | 1997-09-12 | 1999-09-28 | Amazon.Com, Inc. | Method and system for placing a purchase order via a communications network |
US20040030598A1 (en) | 1999-11-30 | 2004-02-12 | Boal Steven R. | Electronic coupon distribution system |
US7188080B1 (en) | 2000-05-12 | 2007-03-06 | Walker Digital, Llc | Systems and methods wherin a buyer purchases products in a plurality of product categories |
US20030233329A1 (en) * | 2001-12-06 | 2003-12-18 | Access Systems America, Inc. | System and method for providing subscription content services to mobile devices |
US8190893B2 (en) * | 2003-10-27 | 2012-05-29 | Jp Morgan Chase Bank | Portable security transaction protocol |
US7698269B2 (en) * | 2005-11-29 | 2010-04-13 | Yahoo! Inc. | URL shortening and authentication with reverse hash lookup |
CN101695164A (zh) * | 2009-09-28 | 2010-04-14 | 华为技术有限公司 | 一种控制资源访问的校验方法、装置和系统 |
CN103141054B (zh) * | 2010-09-28 | 2016-04-27 | Lg电子株式会社 | 在融合网络中分配用户密钥的方法 |
US20120317028A1 (en) * | 2011-06-13 | 2012-12-13 | Blackhawk Network, Inc. | System, Method, and Apparatus for Creating and Distributing a Transaction Credit |
US10013692B2 (en) * | 2011-11-10 | 2018-07-03 | Cryptocode, Inc. | Systems and methods for authorizing transactions via a digital device |
US9424433B2 (en) * | 2012-02-13 | 2016-08-23 | Synchronoss Technologies, Inc. | Data storage management |
-
2013
- 2013-06-05 DE DE102013105793.4A patent/DE102013105793A1/de not_active Ceased
-
2014
- 2014-06-05 EP EP14729294.0A patent/EP2850807A1/fr not_active Withdrawn
- 2014-06-05 WO PCT/EP2014/061768 patent/WO2014195437A1/fr active Application Filing
-
2015
- 2015-01-22 US US14/602,795 patent/US9973477B2/en not_active Expired - Fee Related
Non-Patent Citations (1)
Title |
---|
WRIGHT M: "Cookie Counter", INTERNET CITATION, 4 December 1997 (1997-12-04), XP002158934, Retrieved from the Internet <URL:http://www.webreference.com/js/column8/counter.html> [retrieved on 20010131] * |
Also Published As
Publication number | Publication date |
---|---|
DE102013105793A1 (de) | 2014-12-11 |
US20150135330A1 (en) | 2015-05-14 |
US9973477B2 (en) | 2018-05-15 |
WO2014195437A1 (fr) | 2014-12-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2417550B1 (fr) | Procéde d'execution d'une application à l'aide d'un support de données portable | |
DE60129951T2 (de) | Verfahren zur transaktionensermächtigung | |
WO2006108831A1 (fr) | Procede de confirmation d'une demande de prestation de service | |
EP1710981B1 (fr) | Procédé et appareil pour mettre à disposition les services Internet sur les marchés d'Internet | |
WO2011069492A1 (fr) | Procédé et produits-programmes informatiques pour accès authentifié à des comptes en ligne | |
EP2850807A1 (fr) | Procédé et système de demande d'un objet en toute sécurité par le biais d'un réseau de communication | |
DE112012007196T5 (de) | Parametereinstellungssystem, Programmverwaltungsvorrichtung, und Informationsverarbeitungsvorrichtung | |
EP2380330B1 (fr) | Procédé et dispositif d'authentification d'utilisateurs d'un terminal hybride | |
EP2634652A1 (fr) | Installation de configuration d'au moins un appareil de technique du bâtiment ou de communication de porte | |
DE102017127280A1 (de) | Schutz vor realtime phishing und anderen attacken während eines login-prozesses an einem server | |
EP3734478A1 (fr) | Procédé d'attribution des certificats, système de guidage, utilisation d'un tel système de guidage, installation technique, composants d'installation et utilisation d'un fournisseur d'identité | |
DE10020562C1 (de) | Verfahren zum Beheben eines in einer Datenverarbeitungseinheit auftretenden Fehlers | |
EP2378422A1 (fr) | Système et procédé pour la transmission des dates | |
EP3945702A1 (fr) | Communication basée sur les canaux dans un réseau iot | |
DE102005061999B4 (de) | Online-Banking-Verfahren zum sicheren, elektronischen Übertragen von Daten von einer ersten Datenverarbeitungseinrichtung an eine zweite Datenverarbeitungseinrichtung | |
EP2456157B1 (fr) | Protection de la sphère privée lors de l'inscription d'un utilisateur à un service Web sécurisé à l'aide d'un téléphone mobile | |
WO2020043430A1 (fr) | Dispositif et procédé de fourniture d'une transaction oracle dans un système de base de données réparties | |
EP1241644A2 (fr) | Méthode pour la preuve de transactions | |
WO2012007322A1 (fr) | Procédé pour envoyer un courriel | |
DE102014201846A1 (de) | Verfahren zur sicheren Übertragung von Zeichen | |
WO2010128122A1 (fr) | Procédé et serveur pour la vérification de la réception et du contenu d'un courriel | |
DE102014100225B4 (de) | System und Verfahren zum Ausliefern von Werbeinhalten | |
WO2005098565A1 (fr) | Procede permettant de liberer un service et/ou de lire des contenus d'un serveur d'applications d'un prestataire de contenus/services par un reseau de telecommunication | |
EP4322471A1 (fr) | Procédé de rapprochement d'identité des données transmises au sein d'un réseau de communication basé sur la publication et l'abonnement | |
DE202014100092U1 (de) | Servereinrichtung und Clienteinrichtung zum Ausliefern und Anzeigen von Werbeinhalten |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20141125 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
17Q | First examination report despatched |
Effective date: 20160805 |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20190430 |