KR101811121B1 - Method for Protecting Server using Authenticated Relay Server - Google Patents

Method for Protecting Server using Authenticated Relay Server Download PDF

Info

Publication number
KR101811121B1
KR101811121B1 KR1020160004015A KR20160004015A KR101811121B1 KR 101811121 B1 KR101811121 B1 KR 101811121B1 KR 1020160004015 A KR1020160004015 A KR 1020160004015A KR 20160004015 A KR20160004015 A KR 20160004015A KR 101811121 B1 KR101811121 B1 KR 101811121B1
Authority
KR
South Korea
Prior art keywords
server
client
uuid
step
relay
Prior art date
Application number
KR1020160004015A
Other languages
Korean (ko)
Other versions
KR20170084778A (en
Inventor
민정곤
Original Assignee
민정곤
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 민정곤 filed Critical 민정곤
Priority to KR1020160004015A priority Critical patent/KR101811121B1/en
Publication of KR20170084778A publication Critical patent/KR20170084778A/en
Application granted granted Critical
Publication of KR101811121B1 publication Critical patent/KR101811121B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0876Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Abstract

The present invention relates to a server protection system and method via an authenticated relay server. A first step of the server 300 to log in to the relay server 100 through the network 200 and transmit a server UUID (Unique User Identifier); A second step in which the client 500 logs in to the relay server 100 through the network 200 and transmits a client UUID; When the client 500 needs data communication with the server 300, it sends a "token of the server UUID" corresponding to a parameter for approval for access to the server 300 of the client 500 to the relay server 100); The relay server 100 determines whether there is a server UUID through a search from the token nonce of the server UUID received from the client 500 in the server list on the DB 110 to see if the server UUID of the server 300 exists A fourth step of judging whether or not it is possible If there is a matching server UUID as a result of the determination, the relay server 100 generates a nonce and encrypts and transmits the generated nonce to the client 500. The relay server 100 encrypts the nonce transmitted to the client 500 with the server's pre-shared key (PSK) and transmits the same to the server 300 to transmit the token (nonce) A user authentication method by the server 300 that prevents the packet from being decrypted if it is not owned or a session key is generated using a Public Key Infrastructure (PKI) (pre-shared key: PSK), or using a pre-shared key (PSK) that has been exchanged, and protects the server by exchanging data with each other through an authenticated relay server Step 6; As a result of the fourth step, if the relay server 100 does not have a matching server UUID, the relay server 100 waits for a preset time, checks the server UUID once before timeout and discards the message Step 7; And if the relay server 100 has a server UUID, it performs the above-mentioned fifth to sixth steps of transmission, and if there is no server UUID, it closes a session with the client 500, Server scan); Wherein the server 300 receives the encrypted nonce from the relay server 100 using a pre-shared key (PSK) in the sixth step, 6-1) checking whether there is a client UUID of the client 500 for data transmission / reception in the client list. When there is a client UUID, the server 300 decrypts the token received from the client 500 in the PSK and decrypts the token received from the relay server 100 to perform user authentication in the same manner as the client 500 Step 6-2; If the server 300 fails to authenticate the user, it transmits an error. If the server 300 continuously fails, it performs block registration for the client UUID. If the server 300 succeeds in user authentication according to the user authentication, port of the relay server 100 and adds a policy for allowing connection to the server 300 with respect to the public IP of the client 500 received from the relay server 100. The data transmission and reception uses a token initial vector PSK (CBC); And the client 500 decrypts the token initial vector with the PSK to obtain the IP and the open port information of the server 300 and then transmits the open A sixth step of transmitting data requested by a user to a port; If the server 300 can not pass through the firewall 200 or the router at the previous stage, the server 300 switches roles between the server 300 and the client 500, The server 300 transmits data to the client 500 when the server 500 requests the server 300 to transmit the data after opening the port, If it is determined that there is no client UUID, the server 300 transmits an error message to the relay server 100. If the user authentication is successful in step 6-3, the server 300 transmits an error message between the network 400 and the server 300 The firewall 200 in step 6-3 decodes the data transmission / reception information in step 6-3 and blocks the data transmission if there is an error in data or a session ends. The UUID is unique in the system, And the token (nonce) has a value to prevent a reply attack It characterized in that it is used.
As a result, a firewall can be used to protect the server, but the server can be protected by performing a pre-shared key (PSK) between the server and the client and mutual authentication through mutual authentication through the authenticated relay server Effect.
In addition, the present invention provides an effect of effectively blocking an external attack on a client / server system by protecting a server constituting a client / server system running on a network.
In addition, the present invention protects a server from various hacks and malicious codes by executing a server in a protected space, verifies the integrity of packets transmitted and received between the client and the server through user authentication, and transmits malicious or abnormal packets Thereby making the transmission itself impossible.

Description

Method for Protecting Server with Authenticated Relay Server

The present invention relates to a system and method for protecting a server through an authenticated relay server, and more particularly, to a system and method for protecting a server through an authenticated relay server. More particularly, A method for maintaining and authenticating the server, and a server protection system and method using an authenticated relay server for protecting the server.

Network firewalls, application firewalls, and vulnerability scanners were used to block external hacking attacks on traditional server systems.

Network firewalls block external hackers from exploiting vulnerabilities in the network layer or the transport layer, which are three layers of OSI (Open Systems Interconnection) 7 layers.

If a network firewall is used, it decides whether to allow or block based on the IP address and port. Therefore, if an attacker hacked the authorized machine and then attacked via the authorized machine or if the authorized user tried to attack with a malicious mind no method.

In addition, a server exposed to the outside world, such as a web service, can attack a vulnerability in a web application, so that a network firewall can not prevent an external hacker from attacking the vulnerability. That is, a network firewall can control which services to grant and which services to not allow, but can not prevent attacks against vulnerabilities of authorized services.

Korean Patent Registration No. 10-0958250 "Web Server Security Method and Web Firewall for the Same & Korean Patent Laid-Open Publication No. 10-2014-0129713 "Content security system and method of cloud server in a cloud computing environment"

DISCLOSURE OF THE INVENTION The present invention has been made to solve the above-mentioned problems, and it is an object of the present invention to provide a system and method for protecting a server by using a firewall, and using a public key infrastructure (PKI) (PSK), or using a pre-shared key (PSK) that has been exchanged in advance, it is possible to send and receive data through mutual authentication through an authorized relay server And to provide a system and method for protecting a server through an authenticated relay server for protecting the server by performing the method.

It is another object of the present invention to provide a server protection system and method using an authenticated relay server for effectively preventing an external attack on a client / server system by protecting a server constituting a client / server system running on a network .

However, the objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

In order to achieve the above object, a method of protecting a server through an authenticated relay server according to an embodiment of the present invention is a method for protecting a server through an authenticated relay server, in which a server 300 logs in (login) to a relay server 100 through a network 200, Unique User Identifier); A second step in which the client 500 logs in to the relay server 100 through the network 200 and transmits a client UUID; When the client 500 needs data communication with the server 300, it sends a "token of the server UUID" corresponding to a parameter for approval for access to the server 300 of the client 500 to the relay server 100); The relay server 100 determines whether there is a server UUID through a search from the token nonce of the server UUID received from the client 500 in the server list on the DB 110 to see if the server UUID of the server 300 exists A fourth step of judging whether or not it is possible If there is a matching server UUID as a result of the determination, the relay server 100 generates a nonce and encrypts and transmits the generated nonce to the client 500. The relay server 100 encrypts the nonce transmitted to the client 500 with the server's pre-shared key (PSK) and transmits the same to the server 300 to transmit the token (nonce) A user authentication method by the server 300 that prevents the packet from being decrypted if it is not owned or a session key is generated using a Public Key Infrastructure (PKI) (pre-shared key: PSK), or using a pre-shared key (PSK) that has been exchanged, and protects the server by exchanging data with each other through an authenticated relay server Step 6; As a result of the fourth step, if the relay server 100 does not have a matching server UUID, the relay server 100 waits for a preset time, checks the server UUID once before timeout and discards the message Step 7; And if the relay server 100 has a server UUID, it performs the above-mentioned fifth to sixth steps of transmission, and if there is no server UUID, it closes a session with the client 500, Server scan); Wherein the server 300 receives the encrypted nonce from the relay server 100 using a pre-shared key (PSK) in the sixth step, 6-1) checking whether there is a client UUID of the client 500 for data transmission / reception in the client list. When there is a client UUID, the server 300 decrypts the token received from the client 500 in the PSK and decrypts the token received from the relay server 100 to perform user authentication in the same manner as the client 500 Step 6-2; If the server 300 fails to authenticate the user, it transmits an error. If the server 300 continuously fails, it performs block registration for the client UUID. If the server 300 succeeds in user authentication according to the user authentication, port of the relay server 100 and adds a policy for allowing connection to the server 300 with respect to the public IP of the client 500 received from the relay server 100. The data transmission and reception uses a token initial vector PSK (CBC); And the client 500 decrypts the token initial vector with the PSK to obtain the IP and the open port information of the server 300 and then transmits the open A sixth step of transmitting data requested by a user to a port; If the server 300 can not pass through the firewall 200 or the router at the previous stage, the server 300 switches roles between the server 300 and the client 500, The server 300 transmits data to the client 500 when the server 500 requests the server 300 to transmit the data after opening the port, If it is determined that there is no client UUID, the server 300 transmits an error message to the relay server 100. If the user authentication is successful in step 6-3, the server 300 transmits an error message between the network 400 and the server 300 The firewall 200 in step 6-3 decodes the data transmission / reception information in step 6-3 and blocks the data transmission if there is an error in data or a session ends. The UUID is unique in the system, And the token (nonce) has a value to prevent a reply attack It characterized in that it is used.

delete

delete

delete

delete

delete

delete

A system and method for protecting a server using an authenticated relay server according to an exemplary embodiment of the present invention uses a firewall to protect a server and uses a public key infrastructure (PKI) key is generated and used as a pre-shared key (PSK), or a pre-shared key (PSK) that has been exchanged in advance is used and data mutually authenticated through an authenticated relay server Thereby providing an effect of protecting the server by performing transmission and reception.

In addition, according to another embodiment of the present invention, a server protection system and method using an authenticated relay server can effectively prevent an external attack on a client / server system by protecting a server constituting a client / server system running on a network Provides an effect.

In addition, a server protection system and method using an authenticated relay server according to another embodiment of the present invention protects a server from various hacks or malicious codes by executing the server in a protection space, Is authenticated through the user authentication, thereby providing an effect of making it impossible to transmit a malicious or abnormal packet to the server side.

1 illustrates a server protection system via an authenticated relay server according to an embodiment of the present invention.
FIG. 2 and FIG. 3 are flowcharts showing a preparation process for a server protection method through an authenticated relay server according to an embodiment of the present invention; FIG.
FIG. 4 and FIG. 5 are flowcharts illustrating a process of performing a server protection method using an authenticated relay server according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, a detailed description of preferred embodiments of the present invention will be given with reference to the accompanying drawings. In the following description of the present invention, detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

In the present specification, when any one element 'transmits' data or signals to another element, the element can transmit the data or signal directly to the other element, and through at least one other element Data or signal can be transmitted to another component.

1 is a diagram illustrating a server protection system through an authenticated relay server according to an embodiment of the present invention. 1, a server protection system through an authenticated relay server includes a relay server 100, a firewall 200, a server 300, a network 400, and a client 500 do.

Here, the server 300 blocks all connection requests from the outside through the network 400 through the firewall 200 or the router.

The server 100, which blocks the session connection through the firewall 200, permits connection only through the network 400 to the authenticated relay server 100.

The server 200 and the client 400 can exchange data with each other through authentication. At this time, a session key can be generated using a PKI for authentication and a PSK can be generated and used.

That is, a session key is generated using a public key infrastructure (PKI) and used as a pre-shared key (PSK), or a pre-shared key key: PSK), and it is possible to protect the server by mutually authenticating and transmitting / receiving data through an authorized relay server.

FIG. 2 and FIG. 3 are flowcharts showing a preparation process for a server protection method using an authenticated relay server according to an embodiment of the present invention. 2 and 3, the server 300 logs in to the relay server 100 through the network 200 and transmits a server UUID (Unique User Identifier) (S11).

Also, the client 500 logs in to the relay server 100 through the network 200 and transmits the client UUID (S12).

When data communication with the server 300 is required, the client 500 requests a token (nonce) of the server UUID to the relay server 100 (S13). Where the token nonce corresponds to a parameter for the client 500 to authorize for access to the server 300.

The relay server 100 determines whether there is a server UUID through a search from the token nonce of the server UUID received from the client 500 in the server list on the DB 110 to determine whether the server UUID of the server 300 exists (S14).

If there is a matching server UUID as a result of the determination in step S14, the relay server 100 generates a token (Nonce), encrypts the nonce, and delivers it to the client 500 (S15).

After step S15, the relay server 100 encrypts the token (nonce) transmitted to the client 500 as a pre-shared key (PSK) of the server and transmits it to the server 300 (S16 And provides a user authentication method by the server 300 that makes it impossible to decrypt the packet if it does not own a token (nonce) that is the same key. In another embodiment of the present invention, a session key may be generated using a Public Key Infrastructure (PKI) and used as a pre-shared key (PSK) A pre-shared key (PSK) is used, and the server can be protected by mutually authenticating and transmitting / receiving data through the authenticated relay server.

On the other hand, if it is determined in step S14 that the corresponding server UUID does not exist, the relay server 100 checks the server UUID again before discarding the message after timeout (S17 ).

The relay server 100 performs the transmission (S15 to S16) if the server UUID is present and closes the session with the client 500 if the server UUID does not exist, Thereby preventing a server scan (S18).

Here, the UUID has a unique value in the proposed system. The token (nonce) is used to prevent a reply attack.

FIG. 4 and FIG. 5 are flowcharts illustrating a procedure for performing a server protection method using an authenticated relay server according to an embodiment of the present invention. 4 and 5, the server 300 receives an encrypted token (nonce) using a pre-shared key (PSK) from the relay server 100, The client UUID of the client 500 for data transmission / reception is present (S21).

After the step S21, if there is a client UUID, the server 300 decrypts the token received from the client 500 in the PSK, decrypts the token received from the relay server 100, The user authentication is performed (S22).

After step S22, the server 300 performs an error transmission if the user authentication fails and a block registration for the client UUID in case of continuous failure (S23).

In response to the user authentication in step S22, the server 300 opens any port that the client 500 can access if the user authentication is successful, (CBC) using the PSK as a token initial vector (S24). In addition, the policy for allowing connection to the server 300 with respect to the public IP of the client 500 is added.

On the other hand, in step S24, the firewall 200 may decrypt the information in step S24 and block data transmission if the data is erroneous or the session ends.

After step S24, the client 500 decrypts the token initial vector with the PSK to obtain the IP and the open port information of the server 300, And transmits the data requested by the user to the opened port (S25).

Unlike the step S25, when the server 300 can not pass through the firewall 200 or the router at the previous stage, the client 500 switches roles between the server 300 and the client 500, The server 300 transmits the data to the client 500 and then transmits the data to the server 500 in step S26.

On the other hand, if it is determined in step S21 that there is no client UUID, the server 300 transmits an error message to the relay server 100 (S27). On the other hand, the addition of the client UUID can be added by the administrator registered in the server 300.

The present invention can also be embodied as computer-readable codes on a computer-readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.

Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device and the like, and also implemented in the form of a carrier wave (for example, transmission over the Internet) .

The computer readable recording medium may also be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner. And functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers skilled in the art to which the present invention pertains.

As described above, preferred embodiments of the present invention have been disclosed in the present specification and drawings, and although specific terms have been used, they have been used only in a general sense to easily describe the technical contents of the present invention and to facilitate understanding of the invention , And are not intended to limit the scope of the present invention. It is to be understood by those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein.

100: Relay Server
200: Firewall 200
300: Server
400: Network
500: Client

Claims (7)

  1. A first step in which the server 300 logs in to the relay server 100 through the network 200 and transmits a server UUID (Unique User Identifier);
    A second step in which the client 500 logs in to the relay server 100 through the network 200 and transmits a client UUID;
    When the client 500 needs data communication with the server 300, it sends a "token of the server UUID" corresponding to a parameter for approval for access to the server 300 of the client 500 to the relay server 100);
    The relay server 100 determines whether there is a server UUID through a search from the token nonce of the server UUID received from the client 500 in the server list on the DB 110 to see if the server UUID of the server 300 exists A fourth step of judging whether or not it is possible
    If there is a matching server UUID as a result of the determination, the relay server 100 generates a nonce and encrypts and transmits the generated nonce to the client 500.
    The relay server 100 encrypts the nonce transmitted to the client 500 with the server's pre-shared key (PSK) and transmits the same to the server 300 to transmit the token (nonce) A user authentication method by the server 300 that prevents the packet from being decrypted if it is not owned or a session key is generated using a Public Key Infrastructure (PKI) (pre-shared key: PSK), or using a pre-shared key (PSK) that has been exchanged, and protects the server by exchanging data with each other through an authenticated relay server Step 6; / RTI >
    If it is determined in step 4 that the relay server 100 does not have a matching server UUID, the relay server 100 waits for a predetermined time and confirms the server UUID again before discarding the message after timeout. And
    If the relay server 100 has a server UUID, it performs the above-described fifth to sixth steps of transmission, and if there is no server UUID, it closes a session with the client 500, scan; Further comprising:
    In the sixth step, after the server 300 receives the encrypted token (nonce) from the relay server 100 using the pre-shared key (PSK), the server 300 transmits data (6-1) checking whether there is a client UUID of the client (500) for transmission / reception;
    When there is a client UUID, the server 300 decrypts the token received from the client 500 in the PSK and decrypts the token received from the relay server 100 to perform user authentication in the same manner as the client 500 Step 6-2;
    If the server 300 fails to authenticate the user, it transmits an error. If the server 300 continuously fails, it performs block registration for the client UUID. If the server 300 succeeds in user authentication according to the user authentication, port of the relay server 100 and adds a policy for allowing connection to the server 300 with respect to the public IP of the client 500 received from the relay server 100. The data transmission and reception uses a token initial vector PSK (CBC); And
    The client 500 decrypts the token initial vector with the PSK to obtain the IP and the open port information of the server 300 and then transmits the open port of the server 300 (6) transmitting data requested by the user to the port; Further comprising:
    If the server 300 can not pass through the firewall 200 or the router in the previous stage, the server 500 may switch roles between the server 300 and the client 500, the server 300 transmits data to the client 500 when the server 300 requests the server 300 to transmit the data after opening the port,
    If it is determined in step 6-1 that there is no client UUID, the server 300 transmits an error message to the relay server 100,
    If the user authentication is successful in step 6-3, the firewall 200 between the network 400 and the server 300 decrypts the information related to the data transmission / reception in step 6-3, If there is an error, or if the session is terminated,
    Wherein the UUID has a unique value in the system and the token is used to prevent a reply attack.
  2. delete
  3. delete
  4. delete
  5. delete
  6. delete
  7. delete
KR1020160004015A 2016-01-13 2016-01-13 Method for Protecting Server using Authenticated Relay Server KR101811121B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160004015A KR101811121B1 (en) 2016-01-13 2016-01-13 Method for Protecting Server using Authenticated Relay Server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160004015A KR101811121B1 (en) 2016-01-13 2016-01-13 Method for Protecting Server using Authenticated Relay Server

Publications (2)

Publication Number Publication Date
KR20170084778A KR20170084778A (en) 2017-07-21
KR101811121B1 true KR101811121B1 (en) 2018-01-25

Family

ID=59462684

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160004015A KR101811121B1 (en) 2016-01-13 2016-01-13 Method for Protecting Server using Authenticated Relay Server

Country Status (1)

Country Link
KR (1) KR101811121B1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138362A1 (en) * 2003-12-23 2005-06-23 Wachovia Corporation Authentication system for networked computer applications
JP2006020291A (en) * 2004-06-02 2006-01-19 Canon Inc Encrypted communication method and system
JP2007081971A (en) * 2005-09-15 2007-03-29 Matsushita Electric Ind Co Ltd Ip communication apparatus and ip phone

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138362A1 (en) * 2003-12-23 2005-06-23 Wachovia Corporation Authentication system for networked computer applications
JP2006020291A (en) * 2004-06-02 2006-01-19 Canon Inc Encrypted communication method and system
JP2007081971A (en) * 2005-09-15 2007-03-29 Matsushita Electric Ind Co Ltd Ip communication apparatus and ip phone

Also Published As

Publication number Publication date
KR20170084778A (en) 2017-07-21

Similar Documents

Publication Publication Date Title
Vollbrecht et al. Extensible authentication protocol (EAP)
Clark et al. SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements
Karlof et al. Dynamic pharming attacks and locked same-origin policies for web browsers
Welch et al. Wireless security threat taxonomy
Patel et al. Securing L2TP using IPsec
KR101414312B1 (en) Policy driven, credntial delegat10n for single sign on and secure access to network resources
Oppliger Security technologies for the world wide web
US7827602B2 (en) Network firewall host application identification and authentication
US7231526B2 (en) System and method for validating a network session
EP1706956B1 (en) Methods, apparatuses and computer program for enabling stateless server-based pre-shared secrets
Bhargavan et al. Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS
KR101585936B1 (en) System for managing virtual private network and and method thereof
CN100568800C (en) System and method for secure remote access
JP5714078B2 (en) Authentication for distributed secure content management systems
EP1498801A1 (en) Security link management in dynamic networks
US20040088409A1 (en) Network architecture using firewalls
US8302170B2 (en) Method for enhancing network application security
US7752320B2 (en) Method and apparatus for content based authentication for network access
US20090328186A1 (en) Computer security system
US20020159601A1 (en) Computer network security system employing portable storage device
US20020162026A1 (en) Apparatus and method for providing secure network communication
US7039713B1 (en) System and method of user authentication for network communication through a policy agent
US7320143B2 (en) Method of gaining secure access to intranet resources
EP1359491B1 (en) Methods for remotely changing a communications password
US8904558B2 (en) Detecting web browser based attacks using browser digest compute tests using digest code provided by a remote source

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right