IE86609B1 - Web application protection system with second device based authentication - Google Patents

Web application protection system with second device based authentication

Info

Publication number
IE86609B1
IE86609B1 IE20130333A IE20130333A IE86609B1 IE 86609 B1 IE86609 B1 IE 86609B1 IE 20130333 A IE20130333 A IE 20130333A IE 20130333 A IE20130333 A IE 20130333A IE 86609 B1 IE86609 B1 IE 86609B1
Authority
IE
Ireland
Prior art keywords
web
request
user
client
mobile device
Prior art date
Application number
IE20130333A
Other versions
IE20130333A1 (en
Inventor
Guru Prasad Mandyam
Original Assignee
Guru Prasad Mandyam
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guru Prasad Mandyam filed Critical Guru Prasad Mandyam
Priority to IE20130333A priority Critical patent/IE86609B1/en
Publication of IE20130333A1 publication Critical patent/IE20130333A1/en
Publication of IE86609B1 publication Critical patent/IE86609B1/en

Links

Abstract

System and methods for dynamically changing content into a response and verifying for the valid content in the request to avoid fraud, known as man-in-the-browser attack, happening on the client-side. the system includes a content modifying and verifying service external to network edges of at least one system and providing ability to supply notification and onetime codes via second device other than the device the client currently using. The receives a request from a client and the system tracks the requests form a particular client and keeps track of modified content such as form names, form ids, form fields, form field ids, css classes, ids, cookie names, cookie values etc. The service modifies the response from the back end (real) server and keeps track of the original names versus dynamically modified names. The System and methods focuses on preventing unauthorized web site access (both nan-in-the browser, man-in-the network, Trojan data logging, spying on the user, manipulating user session on fly etc) and/or attacks. Safe guarding, the web user from any data tampering, sending/receiving data on-behalf of the use, remote operations. Providing two factor authentication and data signing capabilities with affecting back end functionality.

Description

Web application Protection System with Second Device based Authentication Field of Invention The present invention relates to the web application security in World Wide Web based applications.
Background to the invention Work Wide Web (\N\N\N) based application which work on internet provide wide range of functionality and facilities to users all over the world. The nature of internet allows any user with a suitable application such as web browser, can access application which delivers useful functionality such as email, online banking, information storage and retrieval, content delivery, just to name few. However this same open nature of the internet also crated opportunities for hacker, fraudsters and other types of criminals, who advantage of open nature of the internet based applications. The invention provides method to add additional layer of security to positively identify the end user to the web based internet application.
Summary of the invention The invention provides a means to means to provide second device based authentication for existing web applications. The invention composed of a system for improving web based application security by introducing second device such as mobile device based approval.
Brief description of drawings The invention is described in details using the drawings provide in the following section. The embodiment includes examples to show few ways of interfacing and representing the authentication process in detail. 1. Fig. 1 is a schematic representation of the web application and client architecture. 2. Fig. 2 is a schematic representation of the web application and client architecture with second device based authentication. 3. Fig. 3 is a schematic representation of the flow chat of the web page authorisation request to the second device like mobile device. 4. Fig. 4 is a schematic representation of the flow chat of the web page one time code sent to the second device like mobile device.
. Fig. 5 is a schematic representation of the flow chat of the web page challenge response sent to the second device like mobile device.
Description of Embodiment The invention is baed on current web application access between a client, typically a web browser or another computer system and a web application that is proving the functionality to the user. Figure 1, shows the typical architecture of the current web application. The client 101, connects to the web application 103, internet and request for a resource, such as log in page, account page etc.The web application 103, hosted at a secure site of customer’s choice, may contain network equipment such as firewalls, routers, application servers, web serves, mail severs, etc. The web application 103, upon receiving the request from client 101, will fetch or generate HTML content and sends to the client via internet 102. In this example any one with appropriate browser can access the web page hosted by the web application 103.
The invention shown in Fig 2 in high level architecture block diagram, the component or client system such as client computer or web browser 201, connects to the web application 204 via internet 202 and web application security system 203. The mobile device 205, is a registered customer device which uniquely identifies. The web application security system 203, processes each request and parses responses from the web application. Each request data and response content to identify tags inserted by the web application to get authorisation from mobile device, 205. The web application security system, 203, also provides facility to the web application, 204, without inserting custom tags, configure the which request requires mobile device, 205, authorisation.
The sequence diagram shown in Fig 3, describes the mobile device,302, authentication for a web request. 305, to be successful. The client system such as web browser, 301, requests for web resource such as log in page. The web application security system, 303, handles the web resource request from the client system, such as web browser, 10 301, and sends the request, 306, to the web application, 304. The web application, 304, processes the request, 306, and sends the response, 307. The web application security system, 303, handles the response, 307 and processes. If the response content contains a predefined tag or client configuration defines the request requires the mobile device, 302, authentication, the web application security system, 303, sends the 15 authorisation request to the mobile device, 302, using machoism like push notification or SMS. If the client mobile device, 302, approves the web resource request, 305, the web application security system, 303, handles the approval, 310, from the mobile device, 302, and sends the response content, 311, from web application, 306, to the client system, such as web browser, 301. A complete example using html tags is shown here, 20 Keep me logged in Login In this example, the meta tag name ’authorisation’ is read the web application security system, 303, and send the authorisation request to the mobile device, 302, in this case +3530000001. If the mobile device, 302, approves the request by either replying to ‘yes’ to the push notification or sending ‘yes’ as SMS reply to the approval request.
A complete example using html input tags is shown here, Keep me logged in Login In this example, the input tag data-name ‘authorisation’ is read the web application security system, 303, and send the authorisation request to the mobile device, 302, in this case +3530000001. If the mobile device, 302, approves the request by either replying to 'yes’ to the push notification or sending ‘yes’ as SMS reply to the approval request.
The sequence diagram shown in Fig 4, describes the mobile device,402, authentication for a web request, 405, to be successful. The client system such as web browser, 401, requests for web resource such as log in page. The web application security system, 403, handles the web resource request,405, from the client system, such as web browser, 301, and sends the request, 406, to the web application, 404. The web application, 404, processes the request, and sends the response, 407. The web application security system, 403, handles the response, 407 and processes. If the response content contains a predefined tag or client configuration defines the request requires the mobile device, 402, one time code authentication, the web application security system, 403, sends the one time code to the mobile device, 402, using machoism like push notification or SMS. The web application security system, 403, sends the response content, 411, from web application, 406, to the client system, such as web browser, 401. A complete example using html tags is shown here, Keep me logged in Login In this example, the meta tag name ‘onetimecode’ is read the web application security system, 403, and send the authorisation request to the mobile device, 402, in this case +3530000001.
A complete example using html input tags is shown here, Keep me logged in Login In this example, the input tag data-name 'onetimecode' is read the web application security system, 403, and send the authorisation request to the mobile device, 402, in this case +3530000001.
The web application security,403, handles the following request,412 from the client system, such as web browser, 401, and examines the request,412, content. The request, 412, content must match the one time code sent to the mobile device 402, with the ‘password’ field sent in the request, 412. If the ‘password’ field sent int the request, 412, matches the one time code stored on the web application security system, 403, the request, 412, is forwarded to the web application, 404.
The sequence diagram shown in Fig 5, describes challenge-response with the mobile device,502, for a web request, 505. The client system such as web browser, 501, requests for web resource such as log in page. The web application security system, 503, handles the web resource request,505, from the client system, such as web browser, 501, and sends the request, 506, to the web application, 504. The web application, 504, processes the request, 506, and sends the response, 507. The web application security system, 503, handles the response, 507 and processes. If the response content contains a predefined tag or client configuration defines the request requires the mobile device, 502, challenge-response, the web application security system, 503, sends the challenge, 509, to the mobile device, 502, using machoism like push notification or SMS. If the client mobile device, 502, send back valid response, 510, for the challenge, 509, the web application security system, 503, handles the response, 510, from the mobile device, 502, and matches with the response data the web application expects via api call or locally stored challenge-response pair, the HTML content, 511, is sent to the, from web application, 506, to the client system, such as web browser, 501. A complete example using html tags is shown here, Keep me logged in Login In this example, the meta tag name ‘authorisation’ is read the web application security system, 503, and send the challenge request to the mobile device, 502, in this case +3530000001. If the mobile device, 502, sends the matching response, which is defined but the client, using push notification or sending response as SMS reply to the challenge request.
A complete example using html input tags is shown here, Keep me logged in

Claims (7)

Claims
1. A system for improving web based application security by introducing second device such as mobile device based approval.
2. The system of claim 1, which interfaces in between a web based application and the end user, examines the content from the web server and if authorisation tag exists in the web page, requests authorisation from the second user device, such as mobile device
3. The system of claim 2, examines the request data from the client and forwards it to the web application only when the approval comes from the user second device.
4. The system of claim 1, which interfaces in between a web based application and the end user, examines the content from the web server and if a transaction token tag exists in the web page, sends unique transaction token to the second user device, such as mobile device.
5. The system of claim 1, which interfaces in between web based application and the end user, examines the content from the web server and if two factor authentication tag exists in the web page, sends two factor authentication request the second user device, such as mobile device.
6. The system of claim 1, which interfaces in between web based application and the end user, examines the content from the web server and if challenge response tag exists in the web page, sends challenge to the second user device, such as mobile device, and expects the answer for challenge that only user could answer.
7. The system of claim 1, which interfaces in between web based application and the end user, examines the request data from the user and replaces the request data with second device based data from the user, thereby providing secure data to the web server from two sources.
IE20130333A 2013-11-01 2013-11-01 Web application protection system with second device based authentication IE86609B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
IE20130333A IE86609B1 (en) 2013-11-01 2013-11-01 Web application protection system with second device based authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
IE20130333A IE86609B1 (en) 2013-11-01 2013-11-01 Web application protection system with second device based authentication

Publications (2)

Publication Number Publication Date
IE20130333A1 IE20130333A1 (en) 2015-05-06
IE86609B1 true IE86609B1 (en) 2016-01-13

Family

ID=53274311

Family Applications (1)

Application Number Title Priority Date Filing Date
IE20130333A IE86609B1 (en) 2013-11-01 2013-11-01 Web application protection system with second device based authentication

Country Status (1)

Country Link
IE (1) IE86609B1 (en)

Also Published As

Publication number Publication date
IE20130333A1 (en) 2015-05-06

Similar Documents

Publication Publication Date Title
US8381276B2 (en) Safe URL shortening
CN106063219B (en) System and method for bio-identification consensus standard
US9590973B2 (en) Methods for fraud detection
KR101019458B1 (en) Extended one­time password method and apparatus
AU2009294201B2 (en) Authorization of server operations
Van Delft et al. A security analysis of OpenID
CN103986584A (en) Double-factor identity verification method based on intelligent equipment
US20210288940A1 (en) Computer Security System and Method Based on User-Intended Final Destination
Kraft et al. Security research of a social payment app
CN102624687A (en) Networking program user authentication method based on mobile terminal
US20130160132A1 (en) Cross-site request forgery protection
KR20070093214A (en) Real time early warning system and method for cyber threats
US9197591B2 (en) Method and system for validating email from an internet application or website
US20130133038A1 (en) Authentication for social networking messages
Gagneja Global perspective of security breaches in facebook
Lehrman The weakest link: The risks associated with social networking websites
Vishal et al. SOAiCE: simulation of attacks in cloud computing environment
US20160366172A1 (en) Prevention of cross site request forgery attacks
Waziri et al. A Secure Maturity Model for Protecting e-Government Services: A Case of Tanzania
US10701105B2 (en) Method for website authentication and for securing access to a website
Naser et al. Social Engineering Attacks: A Phishing Case Simulation
IE86609B1 (en) Web application protection system with second device based authentication
Jones The identity metasystem: A user-centric, inclusive web authentication solution
CN109684818A (en) A kind of server log method for the cross-terminal formula for preventing owner's login password from revealing
KR20150104667A (en) Authentication method

Legal Events

Date Code Title Description
MM4A Patent lapsed