IE86609B1 - Web application protection system with second device based authentication - Google Patents
Web application protection system with second device based authenticationInfo
- Publication number
- IE86609B1 IE86609B1 IE20130333A IE20130333A IE86609B1 IE 86609 B1 IE86609 B1 IE 86609B1 IE 20130333 A IE20130333 A IE 20130333A IE 20130333 A IE20130333 A IE 20130333A IE 86609 B1 IE86609 B1 IE 86609B1
- Authority
- IE
- Ireland
- Prior art keywords
- web
- request
- user
- client
- mobile device
- Prior art date
Links
Abstract
System and methods for dynamically changing content into a response and verifying for the valid content in the request to avoid fraud, known as man-in-the-browser attack, happening on the client-side. the system includes a content modifying and verifying service external to network edges of at least one system and providing ability to supply notification and onetime codes via second device other than the device the client currently using. The receives a request from a client and the system tracks the requests form a particular client and keeps track of modified content such as form names, form ids, form fields, form field ids, css classes, ids, cookie names, cookie values etc. The service modifies the response from the back end (real) server and keeps track of the original names versus dynamically modified names. The System and methods focuses on preventing unauthorized web site access (both nan-in-the browser, man-in-the network, Trojan data logging, spying on the user, manipulating user session on fly etc) and/or attacks. Safe guarding, the web user from any data tampering, sending/receiving data on-behalf of the use, remote operations. Providing two factor authentication and data signing capabilities with affecting back end functionality.
Description
Web application Protection System with Second Device based Authentication
Field of Invention
The present invention relates to the web application security in World Wide Web based applications.
Background to the invention
Work Wide Web (\N\N\N) based application which work on internet provide wide range of functionality and facilities to users all over the world. The nature of internet allows any user with a suitable application such as web browser, can access application which delivers useful functionality such as email, online banking, information storage and retrieval, content delivery, just to name few. However this same open nature of the internet also crated opportunities for hacker, fraudsters and other types of criminals, who advantage of open nature of the internet based applications. The invention provides method to add additional layer of security to positively identify the end user to the web based internet application.
Summary of the invention
The invention provides a means to means to provide second device based authentication for existing web applications. The invention composed of a system for improving web based application security by introducing second device such as mobile device based approval.
Brief description of drawings
The invention is described in details using the drawings provide in the following section. The embodiment includes examples to show few ways of interfacing and representing the authentication process in detail.
1. Fig. 1 is a schematic representation of the web application and client architecture.
2. Fig. 2 is a schematic representation of the web application and client architecture with second device based authentication.
3. Fig. 3 is a schematic representation of the flow chat of the web page authorisation request to the second device like mobile device.
4. Fig. 4 is a schematic representation of the flow chat of the web page one time code sent to the second device like mobile device.
. Fig. 5 is a schematic representation of the flow chat of the web page challenge response sent to the second device like mobile device.
Description of Embodiment
The invention is baed on current web application access between a client, typically a web browser or another computer system and a web application that is proving the functionality to the user. Figure 1, shows the typical architecture of the current web application. The client 101, connects to the web application 103, internet and request for a resource, such as log in page, account page etc.The web application 103, hosted at a secure site of customer’s choice, may contain network equipment such as firewalls, routers, application servers, web serves, mail severs, etc. The web application 103, upon receiving the request from client 101, will fetch or generate HTML content and sends to the client via internet 102. In this example any one with appropriate browser can access the web page hosted by the web application 103.
The invention shown in Fig 2 in high level architecture block diagram, the component or client system such as client computer or web browser 201, connects to the web application 204 via internet 202 and web application security system 203. The mobile device 205, is a registered customer device which uniquely identifies. The web application security system 203, processes each request and parses responses from the web application. Each request data and response content to identify tags inserted by the web application to get authorisation from mobile device, 205. The web application security system, 203, also provides facility to the web application, 204, without inserting custom tags, configure the which request requires mobile device, 205, authorisation.
The sequence diagram shown in Fig 3, describes the mobile device,302, authentication for a web request. 305, to be successful. The client system such as web browser, 301, requests for web resource such as log in page. The web application security system, 303, handles the web resource request from the client system, such as web browser, 10 301, and sends the request, 306, to the web application, 304. The web application, 304, processes the request, 306, and sends the response, 307. The web application security system, 303, handles the response, 307 and processes. If the response content contains a predefined tag or client configuration defines the request requires the mobile device, 302, authentication, the web application security system, 303, sends the 15 authorisation request to the mobile device, 302, using machoism like push notification or
SMS. If the client mobile device, 302, approves the web resource request, 305, the web application security system, 303, handles the approval, 310, from the mobile device, 302, and sends the response content, 311, from web application, 306, to the client system, such as web browser, 301. A complete example using html tags is shown here, 20
Keep me logged in
Login
In this example, the meta tag name ’authorisation’ is read the web application security system, 303, and send the authorisation request to the mobile device, 302, in this case +3530000001. If the mobile device, 302, approves the request by either replying to ‘yes’ to the push notification or sending ‘yes’ as SMS reply to the approval request.
A complete example using html input tags is shown here,
Keep me logged in
Login
In this example, the input tag data-name ‘authorisation’ is read the web application security system, 303, and send the authorisation request to the mobile device, 302, in this case +3530000001. If the mobile device, 302, approves the request by either replying to 'yes’ to the push notification or sending ‘yes’ as SMS reply to the approval request.
The sequence diagram shown in Fig 4, describes the mobile device,402, authentication for a web request, 405, to be successful. The client system such as web browser, 401, requests for web resource such as log in page. The web application security system, 403, handles the web resource request,405, from the client system, such as web browser, 301, and sends the request, 406, to the web application, 404. The web application, 404, processes the request, and sends the response, 407. The web application security system, 403, handles the response, 407 and processes. If the response content contains a predefined tag or client configuration defines the request requires the mobile device, 402, one time code authentication, the web application security system, 403, sends the one time code to the mobile device, 402, using machoism like push notification or SMS. The web application security system, 403, sends the response content, 411, from web application, 406, to the client system, such as web browser, 401. A complete example using html tags is shown here,
Keep me logged in
Login
In this example, the meta tag name ‘onetimecode’ is read the web application security system, 403, and send the authorisation request to the mobile device, 402, in this case +3530000001.
A complete example using html input tags is shown here,
Keep me logged in
Login
In this example, the input tag data-name 'onetimecode' is read the web application security system, 403, and send the authorisation request to the mobile device, 402, in this case +3530000001.
The web application security,403, handles the following request,412 from the client system, such as web browser, 401, and examines the request,412, content. The request, 412, content must match the one time code sent to the mobile device 402, with the ‘password’ field sent in the request, 412. If the ‘password’ field sent int the request, 412, matches the one time code stored on the web application security system, 403, the request, 412, is forwarded to the web application, 404.
The sequence diagram shown in Fig 5, describes challenge-response with the mobile device,502, for a web request, 505. The client system such as web browser, 501, requests for web resource such as log in page. The web application security system, 503, handles the web resource request,505, from the client system, such as web browser, 501, and sends the request, 506, to the web application, 504. The web application, 504, processes the request, 506, and sends the response, 507. The web application security system, 503, handles the response, 507 and processes. If the response content contains a predefined tag or client configuration defines the request requires the mobile device, 502, challenge-response, the web application security system, 503, sends the challenge, 509, to the mobile device, 502, using machoism like push notification or SMS. If the client mobile device, 502, send back valid response, 510, for the challenge, 509, the web application security system, 503, handles the response, 510, from the mobile device, 502, and matches with the response data the web application expects via api call or locally stored challenge-response pair, the HTML content, 511, is sent to the, from web application, 506, to the client system, such as web browser, 501. A complete example using html tags is shown here,
Keep me logged in
Login
In this example, the meta tag name ‘authorisation’ is read the web application security system, 503, and send the challenge request to the mobile device, 502, in this case +3530000001. If the mobile device, 502, sends the matching response, which is defined but the client, using push notification or sending response as SMS reply to the challenge request.
A complete example using html input tags is shown here,
Keep me logged in
Claims (7)
1. A system for improving web based application security by introducing second device such as mobile device based approval.
2. The system of claim 1, which interfaces in between a web based application and the end user, examines the content from the web server and if authorisation tag exists in the web page, requests authorisation from the second user device, such as mobile device
3. The system of claim 2, examines the request data from the client and forwards it to the web application only when the approval comes from the user second device.
4. The system of claim 1, which interfaces in between a web based application and the end user, examines the content from the web server and if a transaction token tag exists in the web page, sends unique transaction token to the second user device, such as mobile device.
5. The system of claim 1, which interfaces in between web based application and the end user, examines the content from the web server and if two factor authentication tag exists in the web page, sends two factor authentication request the second user device, such as mobile device.
6. The system of claim 1, which interfaces in between web based application and the end user, examines the content from the web server and if challenge response tag exists in the web page, sends challenge to the second user device, such as mobile device, and expects the answer for challenge that only user could answer.
7. The system of claim 1, which interfaces in between web based application and the end user, examines the request data from the user and replaces the request data with second device based data from the user, thereby providing secure data to the web server from two sources.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IE20130333A IE86609B1 (en) | 2013-11-01 | 2013-11-01 | Web application protection system with second device based authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IE20130333A IE86609B1 (en) | 2013-11-01 | 2013-11-01 | Web application protection system with second device based authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
IE20130333A1 IE20130333A1 (en) | 2015-05-06 |
IE86609B1 true IE86609B1 (en) | 2016-01-13 |
Family
ID=53274311
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
IE20130333A IE86609B1 (en) | 2013-11-01 | 2013-11-01 | Web application protection system with second device based authentication |
Country Status (1)
Country | Link |
---|---|
IE (1) | IE86609B1 (en) |
-
2013
- 2013-11-01 IE IE20130333A patent/IE86609B1/en not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
IE20130333A1 (en) | 2015-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8381276B2 (en) | Safe URL shortening | |
CN106063219B (en) | System and method for bio-identification consensus standard | |
US9590973B2 (en) | Methods for fraud detection | |
KR101019458B1 (en) | Extended onetime password method and apparatus | |
AU2009294201B2 (en) | Authorization of server operations | |
Van Delft et al. | A security analysis of OpenID | |
CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
US20210288940A1 (en) | Computer Security System and Method Based on User-Intended Final Destination | |
Kraft et al. | Security research of a social payment app | |
CN102624687A (en) | Networking program user authentication method based on mobile terminal | |
US20130160132A1 (en) | Cross-site request forgery protection | |
KR20070093214A (en) | Real time early warning system and method for cyber threats | |
US9197591B2 (en) | Method and system for validating email from an internet application or website | |
US20130133038A1 (en) | Authentication for social networking messages | |
Gagneja | Global perspective of security breaches in facebook | |
Lehrman | The weakest link: The risks associated with social networking websites | |
Vishal et al. | SOAiCE: simulation of attacks in cloud computing environment | |
US20160366172A1 (en) | Prevention of cross site request forgery attacks | |
Waziri et al. | A Secure Maturity Model for Protecting e-Government Services: A Case of Tanzania | |
US10701105B2 (en) | Method for website authentication and for securing access to a website | |
Naser et al. | Social Engineering Attacks: A Phishing Case Simulation | |
IE86609B1 (en) | Web application protection system with second device based authentication | |
Jones | The identity metasystem: A user-centric, inclusive web authentication solution | |
CN109684818A (en) | A kind of server log method for the cross-terminal formula for preventing owner's login password from revealing | |
KR20150104667A (en) | Authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Patent lapsed |