GB2401445A - Web site security model - Google Patents

Web site security model Download PDF

Info

Publication number
GB2401445A
GB2401445A GB0310600A GB0310600A GB2401445A GB 2401445 A GB2401445 A GB 2401445A GB 0310600 A GB0310600 A GB 0310600A GB 0310600 A GB0310600 A GB 0310600A GB 2401445 A GB2401445 A GB 2401445A
Authority
GB
United Kingdom
Prior art keywords
site
browser
web
web site
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0310600A
Other versions
GB0310600D0 (en
Inventor
Simon Freeman
Original Assignee
Simon Freeman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Simon Freeman filed Critical Simon Freeman
Priority to GB0310600A priority Critical patent/GB2401445A/en
Publication of GB0310600D0 publication Critical patent/GB0310600D0/en
Publication of GB2401445A publication Critical patent/GB2401445A/en
Application status is Withdrawn legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Abstract

A system model for overcoming problems arising due to fraudulent Internet web site copying, otherwise known as "site spoofing", by providing a method of connecting a first terminal to another terminal hosting a web site over a network using a web browser. The method including the step of causing the web browser to consult with a storage system, known as a trusted third party system, to check the security status of a required site. The browser determines whether the site is registered with the storage system as a secure site. This determination is made by obtaining a cryptographic key from the trusted third party site and encrypting a number sent to the website. A fraudulent site will be unable to read the message.

Description

Web Site Security Model The present invention relates to network security.

More particularly, the present invention relates to a system model for overcoming problems arising due to fraudulent Internet web site copying, otherwise known as "spoofing".

Network security is one of the main issues that has slowed the rate of success for many e-businesses. In particular, a big problem currently faced by companies involved in e-business is one of perception of security over the Internet. One such way in which the security of an e- business can be affected is through site spoofing.

A possible way of reducing the effects of site spoofing may be to provide a private encryption system between the host web site and the individual users of the website. However, such a system would not be administrable due to its complicated and costly nature.

IS The object of the present invention is to provide a simple method of improving network security so as to overcome the problem of site spoofing of a web site by storing data on whether a site is genuine and providing a browser with a module to check the data to determine whether the web site is genuine prior to connecting to the web site.

Accordingly, the present invention provides a method of connecting a first terminal to another terminal hosting a web site over a network using a web browser, the method including the step of causing the web browser to consult with a storage system to check the security status of a required site and determining whether the site is registered with the storage system as a secure site.

Preferably, the storage system will provide a user with cryptographic information which will be used to encode user request and/or data prior to transmission in such a way that only the genuine web site will be able to decode the received encoded information.

In order that the present invention be more readily understood, an embodiment thereof will be described by way of example only by referring to the accompanying figure in which: Fig l shows a schematic diagram of a preferred embodiment of the present invention.

Fig 2 shows a flow chart for the browser utilised in the preferred embodiment of Fig 1.

Site spoofing is a fraudulent copying of a web site and may be achieved in a number of ways. The following is an example of a typical method of spoofing a web site. It will be appreciated that any other method my be utilised to spoof a web site and the following description is given by way of example only.

Site spoofing occurs due to underlying protocols on the Internet and the need for a user of any given site to understand Internet security principles to prevent attacks. One example of a business that may be prone to an attack is an online bank. There are a number of ways that a hacker may steal money from an online bank. Firstly, the hacker may directly attack the bank site. However, most banks are fairly resilient to this form of attack. Alternatively, a hacker can get hold of a user's login credentials and access the bank legitimately. This can be achieved by spoofing the bank site.

A spoof site is site which looks identical in everyway to a real site but is hosted on a hackers web server. A hacker can create an identical site by using a conventional browser to go to the real site which in this example is a bank's homepage, and extract the source code html and java script from the real site.

The source code html and java script can then be utilised by the hacker to create an identical site to the bank's homepage on the hacker's web server.

Consequently, when a user accesses the hacker's website they would be presented with an identical site to the bank's homepage.

The website domain name of the hacker's web site may be chosen by the hacker to be similar to the bank's home page. Hence, many users would be unlikely to realise that they are visiting the hacker's site if they were directed there through a web site link for example. Many Internet users are unaware of security measures on the Internet such as digital site certificates which are used to prove the genuine nature of a website and this may be exploited by a potential hacker through site spoofing.

Once a user is directed to a hacker's site, the user will prompted to enter their login details as they would do on the bank's real site. However, the hacker's site will capture the user's username and password and return a login failure. One way of capturing the username and password by a hacker would be to return a logic failure screen which has also been copied from the bank's real site. The user may assume that they have made a typing mistake and re-enter their login details.

At this stage, the username and password is sent to the real bank login page and the user is transferred to the real bank secure site having logged in successfully.

The user will be unaware that their login details have been captured and the hacker will then be able to do what they please with the user's bank account.

A preferred embodiment according to the present invention provides a method of overcoming the problem of site spoofing which has been identified above.

A first terminal 10 is typically a client terminal which uses any known browser technology such as Internet Explorer or Netscape. A second terminal 20 may be a web server terminal which hosts a web site. The present invention provides a storage system 30 which is hereinafter known as a trusted third party (TTP). The TTP 30 may be an independent person, body, organisation or company that runs a system to validate a given Universal Resource Locator (URL) or other site addressing method such as an IP address of a website. A web site host would register their domain name and IP address, if necessary, with the TTP 30 and provide the TTP with a cryptographic key to be utilised by a browser accessing the TTP. Hence, the web site terminal 20 may be in communication with the TTP 30 as shown by the dotted line in Fig. 1.

It will be appreciated that the terminal 10 may be a computer or any such device capable of connecting to the internet such as a mobile phone or personal digital assistant.

The user at the client terminal 10 may wish to access a web site and the preferred embodiment of the present invention takes the following steps to connect to a secure site. The example described hereinafter relates to a user wishing to login to a bank web site and is shown in Fig 1. However, the present invention is not limited to function with this type of site only.

Referring to Fig l, a user wishes to log in to a bank web site from the client terminal 10 which uses a browser 11. To attempt this operation, the user requests the site through the browser 11. Initially, the browser 11 communicates with the TTP 30 to judge whether the domain name which has been requested by the user is marked as a registered secure site by the TTP. If the web site has been registered as a secure site, the TTP 30 provides the browser I 1 with a cryptographic key 31, which in this case is a public key, of the registered secure site which is stored by the TTP once the secure site has registered with the TTP.

Once provided with the key 31, the browser preferably generates a number and encrypts it and a request for a page message using the key 31. Additionally, the user may sign using a private key (not shown) if the user wishes to identify themselves to the site, useful when requiring instant logins. If this is the case, the user signs the number before having it encrypted.

After encryption, the request for page message and the generated number is sent to the registered site 21 which is hosted on the bank server terminal 20. If the registered site is genuine then the site should be able to decrypt the request and the number and send the page to the browser I 1 on the client terminal 10.

The browser l l on the client terminal 10 receives the website 21 with the decrypted number from the bank terminal 20 and compares it to the number which was sent by it. A match between the two numbers indicates that the web site 21 is genuine and the user can connect by preferably using the standard security sockets layer (SSL) approach which is known in the art. However, if there is no match between the two numbers, then the site is not genuine and the page is not rendered.

When using the standard SSL mode, the browser would compare the digital certificate of the SSL session with that of the TTP certificate to ensure that there is a match.

The use of the TTP 30 differs from the conventional trust models as conventional models rely on the user to check the connection each time rather than the browser 11. The browser 11 according to a preferred embodiment of the present invention checks all connections with the TTP 30 to determine whether the requested site has been registered as secure and any that are not registered as secure are prevented from submitting any information. The browser in the preferred embodiment will now be described with reference to the flow chart of Fig 2A and 2B.

The user of the first terminal 10 initially inputs a request for a web site into the browser l0 (100) which causes the browser 11 to consult the TTP 30 (101). It will be appreciated that the any method of requesting a web site from the first terminal may be used to cause the browser 11 to consult the TTP. For example, instead of entering the website's address, the user may request for a web site by clicking on a URL in any form in any application such as a URL link embedded in an e-mail. Furthermore, an application may automatically require to access a website. This may be a result of user actions such as clicking on the help button in an application which requires the application to access a web site through a browser 11. If the requested site name is registered as a secure site with the TTP (102) then the browser is given a cryptographic key (104). Otherwise the browser is not given a key and an error is displayed (103).

Once the browser receives the key, it generates a number and encrypts the number using the key (105). Furthermore, it encrypts a request for page message using the key (106). The browser then arranges for the encrypted data to be sent to the registered site server (107). Once necessary decryption is performed on the data at the site server end, the browser receives the decrypted data from the site server (108). The data includes the decrypted number and the browser compares the received decrypted number with the number originally generated by the browser before it was encrypted and sent to the site server (109). If the numbers are the same (1 10) the site is genuine and requested page is rendered on the user's screen (112). Otherwise, the site is not genuine and the page is not rendered so no further information is submitted (111). Once rendered, the browser drops down to the normal SSL mode (113) as described hereinbefore with reference to Fig 1.

It will be appreciated that various modifications may be made to the preferred embodiment. The key 31 is not restricted to being a public key and may be any type of cryptographic means which is capable of encoding data.

Furthermore, it may be necessary for the requested site, which is a bank site in the above example, to change the cryptographic key 31 periodically for security reasons. If this is the case, the site would provide the TTP 30 with the new key whenever it is changed.

Additionally, Fig 1 shows a direct connection between the first terminal 10 and the TTP 30. However, the connection may be such that the TTP 30 is connected to via the Internet. This also applies to the second terminal 20 which may connect to the TTP 30 via the Internet instead of the direct connection shown in Fig. 1.

It will be apparent that an advantage of the present invention is the capability of the second terminal 20 to change the cryptographic key 31 provided by the TTP 30 without requiring the knowledge of the user of the web site. The TTP 30 and the second terminal 20 are in constant or periodic communication with each other to allow for updates of the cryptographic key to be communicated to the TTP 30 from the second terminal when it is necessary.

Claims (4)

1. A method of connecting a first terminal to another terminal hosting a web site over a network using a web browser, the method including the step of causing the web browser to consult with a storage system to check the security status of a required site and determining whether the site is registered with the storage system as a secure site.
2. A method according to claim 1 wherein the storage system provides the browser with a cryptographic key for encoding data which is to be sent to the required site if the site is registered as a secure site.
3. A method according to claim 2 wherein the data includes a number which is generated by the browser.
4. A method according to claim 3 wherein the number is signed using a private cryptographic key so as to identify a particular user to the other terminal hosting the web site.
GB0310600A 2003-05-08 2003-05-08 Web site security model Withdrawn GB2401445A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0310600A GB2401445A (en) 2003-05-08 2003-05-08 Web site security model

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0310600A GB2401445A (en) 2003-05-08 2003-05-08 Web site security model
PCT/GB2004/001679 WO2004099949A1 (en) 2003-05-08 2004-04-21 Web site security model

Publications (2)

Publication Number Publication Date
GB0310600D0 GB0310600D0 (en) 2003-06-11
GB2401445A true GB2401445A (en) 2004-11-10

Family

ID=9957690

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0310600A Withdrawn GB2401445A (en) 2003-05-08 2003-05-08 Web site security model

Country Status (2)

Country Link
GB (1) GB2401445A (en)
WO (1) WO2004099949A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7831915B2 (en) 2005-11-10 2010-11-09 Microsoft Corporation Dynamically protecting against web resources associated with undesirable activities
US8353029B2 (en) 2005-11-10 2013-01-08 Microsoft Corporation On demand protection against web resources associated with undesirable activities

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8849968B2 (en) 2005-06-20 2014-09-30 Microsoft Corporation Secure and stable hosting of third-party extensions to web services
US8074231B2 (en) 2005-10-26 2011-12-06 Microsoft Corporation Configuration of isolated extensions and device drivers
US8156559B2 (en) 2006-11-30 2012-04-10 Microsoft Corporation Systematic approach to uncover GUI logic flaws
US8789063B2 (en) 2007-03-30 2014-07-22 Microsoft Corporation Master and subordinate operating system kernels for heterogeneous multiprocessor systems

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1130491A2 (en) * 2000-01-14 2001-09-05 Hewlett-Packard Company, A Delaware Corporation Digital certificate including authorization data
WO2003014999A1 (en) * 2001-08-07 2003-02-20 United States Postal Service System and method for providing secured electronic transactions

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2138302C (en) * 1994-12-15 1999-05-25 Michael S. Fortinsky Provision of secure access to external resources from a distributed computing environment
US6049820A (en) * 1996-06-03 2000-04-11 International Business Machines Corporation Multiplexing of clients and applications among multiple servers

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1130491A2 (en) * 2000-01-14 2001-09-05 Hewlett-Packard Company, A Delaware Corporation Digital certificate including authorization data
WO2003014999A1 (en) * 2001-08-07 2003-02-20 United States Postal Service System and method for providing secured electronic transactions

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Digital Certificate' www.webopedia.com/TERM/D/digital_certificate.html *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7831915B2 (en) 2005-11-10 2010-11-09 Microsoft Corporation Dynamically protecting against web resources associated with undesirable activities
US8353029B2 (en) 2005-11-10 2013-01-08 Microsoft Corporation On demand protection against web resources associated with undesirable activities

Also Published As

Publication number Publication date
WO2004099949A1 (en) 2004-11-18
GB0310600D0 (en) 2003-06-11

Similar Documents

Publication Publication Date Title
US9619632B2 (en) System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
US10425405B2 (en) Secure authentication systems and methods
US9900163B2 (en) Facilitating secure online transactions
US10033701B2 (en) Enhanced 2CHK authentication security with information conversion based on user-selected persona
US10313335B2 (en) Server and/or client device authentication
US8532620B2 (en) Trusted mobile device based security
AU2013272182B2 (en) Enterprise triggered 2CHK association
US8528076B2 (en) Method and apparatus for authenticating online transactions using a browser and a secure channel with an authentication server
US8261089B2 (en) Method and system for authenticating a user by means of a mobile device
US7752443B2 (en) Method and system for a single-sign-on operation providing grid access and network access
US8832807B1 (en) Method and apparatus for asynchronous dynamic password
CN101507233B (en) Method and apparatus for providing trusted single sign-on access to applications and internet-based services
US8499339B2 (en) Authenticating and communicating verifiable authorization between disparate network domains
CA2689847C (en) Network transaction verification and authentication
KR100986441B1 (en) Session key security protocol
CN100534092C (en) Method and system for stepping up to certificate-based authentication without breaking an existing ssl session
AU2002235149B2 (en) System and method for securing a non-secure communication channel
US7100049B2 (en) Method and apparatus for authentication of users and web sites
US6499108B1 (en) Secure electronic mail system
US6629246B1 (en) Single sign-on for a network system that includes multiple separately-controlled restricted access resources
US7484012B2 (en) User enrollment in an e-community
US9143502B2 (en) Method and system for secure binding register name identifier profile
DE60121517T2 (en) A method for generating a logon certificate from a foreign PKI system using an existing strong PKI authentication system
US8468582B2 (en) Method and system for securing electronic transactions
KR101459802B1 (en) Authentication delegation based on re-verification of cryptographic evidence

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)