WO2001044902A3 - System and method for extensible positive client identification - Google Patents

System and method for extensible positive client identification Download PDF

Info

Publication number
WO2001044902A3
WO2001044902A3 PCT/GB2000/003856 GB0003856W WO0144902A3 WO 2001044902 A3 WO2001044902 A3 WO 2001044902A3 GB 0003856 W GB0003856 W GB 0003856W WO 0144902 A3 WO0144902 A3 WO 0144902A3
Authority
WO
WIPO (PCT)
Prior art keywords
positive
extensible
urls
virtual page
client identifier
Prior art date
Application number
PCT/GB2000/003856
Other languages
French (fr)
Other versions
WO2001044902A2 (en
Inventor
David Robert Wray
David John Blanchfield
Original Assignee
Authoriszor Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0020380A external-priority patent/GB2355322A/en
Application filed by Authoriszor Ltd filed Critical Authoriszor Ltd
Priority to AU2000276737A priority Critical patent/AU2000276737A1/en
Publication of WO2001044902A2 publication Critical patent/WO2001044902A2/en
Publication of WO2001044902A3 publication Critical patent/WO2001044902A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

This is a system and method for electronic security over a network which provides positive identification of clients through an extensible positive client identifier (EPCI), and provides data integrity and availability through the use of pseudo-URLs (called PURLs) in conjunction with a virtual page publication system (VPPS), a positive information profiling system (PIPS) and an active security responder, (ASR) at the host. The extensible positive client identifier examines a number of factors associated with a potential requesting user's system and relationships to create a client identification key. The extensible positive client identifier re-evaluates itself on every access of every object requested. It silently indicates when a self-check has failed. If a theft or impersonation is detected, it is dealt with by the invention as defined by the entity's security policy. Pseudo URLs - PURLs, appear the same as ordinary URLs, but instead of addresses, define tasks to be performed in response to this request and profile. The invention includes a positive information profiling system (PIPS) which implements account profiles for all content and clients so that pages can be generated and matched to both the data and the requestors. The virtual page publication system VPPS of the invention does not store pages permanently in the root directory of the site but instead creates temporary web pages dynamically containing the level of information resulting from the client identification and PURL evaluation. A virtual page is sent to the requestor and exists only for the time necessary to send it.
PCT/GB2000/003856 2000-08-21 2000-10-06 System and method for extensible positive client identification WO2001044902A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2000276737A AU2000276737A1 (en) 2000-08-21 2000-10-06 System and method for extensible positive client identification

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0020380A GB2355322A (en) 1999-10-05 2000-08-21 System and method for positive client identification
GB0020380.2 2000-08-21

Publications (2)

Publication Number Publication Date
WO2001044902A2 WO2001044902A2 (en) 2001-06-21
WO2001044902A3 true WO2001044902A3 (en) 2001-11-15

Family

ID=9897868

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2000/003856 WO2001044902A2 (en) 2000-08-21 2000-10-06 System and method for extensible positive client identification

Country Status (2)

Country Link
AU (1) AU2000276737A1 (en)
WO (1) WO2001044902A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108923910B (en) * 2018-07-12 2021-06-25 南方电网科学研究院有限责任公司 Mobile application APK tamper-proofing method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5636280A (en) * 1994-10-31 1997-06-03 Kelly; Tadhg Dual key reflexive encryption security system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5636280A (en) * 1994-10-31 1997-06-03 Kelly; Tadhg Dual key reflexive encryption security system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NEUMAN B C ET AL: "KERBEROS: AN AUTHENTICATION SERVICE FOR COMPUTER NETWORKS", IEEE COMMUNICATIONS MAGAZINE,IEEE SERVICE CENTER. PISCATAWAY, N.J,US, vol. 32, no. 9, 1 September 1994 (1994-09-01), pages 33 - 38, XP000476553, ISSN: 0163-6804 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108923910B (en) * 2018-07-12 2021-06-25 南方电网科学研究院有限责任公司 Mobile application APK tamper-proofing method

Also Published As

Publication number Publication date
AU2000276737A1 (en) 2001-06-25
WO2001044902A2 (en) 2001-06-21

Similar Documents

Publication Publication Date Title
US7065784B2 (en) Systems and methods for integrating access control with a namespace
GB2360107A (en) Maintaining security in a distributed computer network
EP1244263A3 (en) Access control method
GB2325999B (en) Workload management in a client/server network with distributed objects
WO2005054973A3 (en) Method and system for improving computer network security
GB2320344B (en) Virtual environment manager for network computers
WO2001059673A3 (en) Method and system for accessing a remote storage area
DE60100680D1 (en) Safe and public access device and method
WO2007002595A3 (en) Distributed virtual machine architecture
US20080034438A1 (en) Multiple hierarchy access control method
CA2287871A1 (en) Secure document management system
EP1701286A3 (en) Delegating right to access resource or the like in access management system or the like
WO2005048029A3 (en) System and method for controlling access to digital content, including streaming media
MXPA02004026A (en) Method and system for directing requests for content to a content server based on network performance.
WO2003102731A3 (en) Distributed network storage system with virtualization
EP0886212A3 (en) System and method for remote object invocation
BR0111802A (en) Network Based Software Extensions
WO2002069196A3 (en) System for logging on to servers through a portal computer
ATE305155T1 (en) MULTIPOINT FILE BANK SYNCHRONIZATION PROTOCOL TO AVOID DATA CORRUPTION.
EP0918283A3 (en) Server and client
EP1329812A3 (en) Architecture for creating and maintaining virtual servers on a server
EP1427160A3 (en) Methods and systems for authentication of a user for sub-locations of a network location
EP1253502A3 (en) Trusted computer system
AU2003273824A1 (en) Methods and systems for data moving using locks
WO2004084003A3 (en) System for accessing patient information

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP