WO2004099949A1 - Web site security model - Google Patents

Web site security model Download PDF

Info

Publication number
WO2004099949A1
WO2004099949A1 PCT/GB2004/001679 GB2004001679W WO2004099949A1 WO 2004099949 A1 WO2004099949 A1 WO 2004099949A1 GB 2004001679 W GB2004001679 W GB 2004001679W WO 2004099949 A1 WO2004099949 A1 WO 2004099949A1
Authority
WO
WIPO (PCT)
Prior art keywords
site
browser
user
web site
ttp
Prior art date
Application number
PCT/GB2004/001679
Other languages
French (fr)
Inventor
Simon Freeman
Original Assignee
Simon Freeman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Simon Freeman filed Critical Simon Freeman
Publication of WO2004099949A1 publication Critical patent/WO2004099949A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Definitions

  • the present invention relates to network security. More particularly, the present invention relates to a system model for overcoming problems arising due to fraudulent Internet web site copying, otherwise known as "spoofing".
  • Network security is one of the main issues that has slowed the rate of success for many e-businesses.
  • a big problem currently faced by companies involved in e-business is one of perception of security over the Internet.
  • One such way in which the security of an e-business can be affected is through site spoofing.
  • a possible way of reducing the effects of site spoofing may be to provide a private encryption system between the host web site and the individual users of the website.
  • a system would not be administrable due to its complicated and costly nature.
  • the object of the present invention is to provide a simple method of improving network security so as to overcome the problem of site spoofing of a web site by storing data on whether a site is genuine and providing a browser with a module to check the data to determine whether the web site is genuine prior to connecting to the web site.
  • the present invention provides a method of connecting a user system to a host system over a network using an application program residing on the user system, the method including the step of causing the application program to consult with verification system prior to making a connection with the host system.
  • the consultation step includes the step of determining whether the verification system contains information particular to the host system.
  • the verification system will provide a user with cryptographic information which will be used to encode a user request and/or data prior to transmission in such a way that only the genuine web site will be able to decode the received encoded information.
  • the application program is a web browser and the information particular to the host system is a web site address.
  • Fig 1 shows a schematic diagram of a preferred embodiment of the present invention.
  • Fig 2 shows a flow chart for the browser utilised in the preferred embodiment of Fig 1.
  • Site spoofing is a fraudulent copying of a web site and may be achieved in a number of ways. The following is an example of a typical method of spoofing a web site. It will be appreciated that any other method my be utilised to spoof a web site and the following description is given by way of example only.
  • Site spoofing occurs due to underlying protocols on the Internet and the need for a user of any given site to understand Internet security principles to prevent attacks.
  • One example of a business that may be prone to an attack is an online bank.
  • the hacker may directly attack the bank site.
  • most banks are fairly resilient to this form of attack.
  • a hacker can get hold of a user's login credentials and access the bank legitimately. This can be achieved by spoofing the bank site.
  • a spoof site is site which looks identical in everyway to a real site but is hosted on a hackers web server.
  • a hacker can create an identical site by using a conventional browser to go to the real site which in this example is a bank's homepage, and extract the source code html and Java script from the real site.
  • the source code html and Java script can then be utilised by the hacker to create an identical site to the bank's homepage on the hacker's web server. Consequently, when a user accesses the hacker's website they would be presented with an identical site to the bank's homepage.
  • the website domain name of the hacker's web site may be chosen by the hacker to be similar to the bank's home page. Hence, many users would be unlikely to realise that they are visiting the hacker's site if they were directed there through a web site link for example. Many Internet users are unaware of security measures on the Internet such as digital site certificates which are used to prove the genuine nature of a website and this may be exploited by a potential hacker through site spoofing.
  • the user will prompted to enter their login details as they would do on the bank's real site.
  • the hacker's site will capture the user's username and password and return a login failure.
  • One way of capturing the username and password by a hacker would be to return a login failure screen which has also been copied from the bank's real site. The user may assume that they have made a typing mistake and re-enter their login details.
  • the username and password is sent to the real bank login page and the user is transferred to the real bank secure site having logged in successfully.
  • the user will be unaware that their login details have been captured and the hacker will then be able to do what they please with the user's bank account.
  • a preferred embodiment according to the present invention provides a method of overcoming the problem of site spoofing which has been identified above.
  • a user system includes a first terminal 10 which is typically a client terminal which uses any known browser technology such as Internet Explorer or Netscape.
  • a host system includes a second terminal 20 which may be a web server terminal which hosts a web site.
  • the present invention provides a verification system 30 which is hereinafter known as a trusted third party (TTP).
  • the TTP 30 may be an independent person, body, organisation or company that runs a system to validate a given Universal Resource Locator (URL) or other site addressing method such as an IP address of a website.
  • URL Universal Resource Locator
  • a web site host would register their domain name and IP address, if necessary, with the TTP 30 and provide the TTP with a cryptographic key to be utilised by a browser accessing the TTP.
  • the web site terminal 20 may be in communication with the TTP 30 as shown by the dotted line in Fig. 1.
  • the terminal 10 may be a computer or any such device capable of connecting to the internet such as a mobile phone or personal digital assistant.
  • the user at the client terminal 10 may wish to access a web site and the preferred embodiment of the present invention takes the following steps to connect to a secure site.
  • the example described hereinafter relates to a user wishing to login to a bank web site and is shown in Fig 1.
  • the present invention is not limited to function with this type of site only.
  • a user wishes to log in to a bank web site from the client terminal 10 which uses a browser 11.
  • the user requests the site through the browser 11.
  • the browser 11 communicates with the TTP 30 to judge whether the domain name which has been requested by the user is marked as a registered secure site by the TTP. It is important to note that the web browser 11 consults with the TTP30 prior to making a connection with the bank server terminal 20. If the web site has been registered as a secure site, the TTP 30 provides the browser 11 with a cryptographic key 31, which in this case is a public key of the registered secure site which is stored by the TTP once the secure site has registered with the TTP.
  • the browser preferably generates a number and encrypts it and a request for a page message using the key 31. Additionally, the user may sign using a private key (not shown) if the user wishes to identify themselves to the site, useful when requiring instant logins. If this is the case, the user signs the number before having it encrypted.
  • the request for page message and the generated number is sent to the registered site 21 which is hosted on the bank server terminal 20. If the registered site is genuine then the site should be able to decrypt the request and the number and send the page to the browser 11 on the client terminal 10.
  • the browser 11 on the client terminal 10 receives the website 21 with the decrypted number from the bank terminal 20 and compares it to the number which was sent by it. A match between the two numbers indicates that the web site 21 is genuine and the user can connect by preferably using the standard security sockets layer (SSL) approach which is known in the art. However, if there is no match between the two numbers, then the site is not genuine and the page is not rendered.
  • SSL standard security sockets layer
  • the browser When using the standard SSL mode, the browser would compare the digital certificate of the SSL session with that of the TTP certificate to ensure that there is a match.
  • the use of the TTP 30 differs from the conventional trust models as conventional models rely on the user to check the connection each time rather than the browser 11.
  • the browser 11 according to a preferred embodiment of the present invention checks all connections with the TTP 30 to determine whether the requested site has been registered as secure and any that are not registered as secure are prevented from submitting any information.
  • the browser in the preferred embodiment will now be described with reference to the flow chart of Fig 2A and 2B.
  • the user of the first terminal 10 initially inputs a request for a web site into the browser 10 (100) which causes the browser 11 to consult the TTP 30 (101).
  • the any method of requesting a web site from the first terminal may be used to cause the browser 11 to consult the TTP.
  • the user may request for a web site by clicking on a URL in any form in any application such as a URL link embedded in an e-mail.
  • an application may automatically require to access a website. This may be a result of user actions such as clicking on the help button in an application which requires the application to access a web site through a browser 11.
  • the browser is given a cryptographic key (104). Otherwise the browser is not given a key and an error is displayed (103).
  • the browser receives the key, it generates a number and encrypts the number using the key (105). Furthermore, it encrypts a request for page message using the key (106).
  • the browser then arranges for the encrypted data to be sent to the registered site server (107). Once necessary decryption is performed on the data at the site server end, the browser receives the decrypted data from the site server (108). The data includes the decrypted number and the browser compares the received decrypted number with the number originally generated by the browser before it was encrypted and sent to the site server (109).
  • the key 31 is not restricted to being a public key and may be any type of cryptographic means which is capable of encoding data.
  • the site which is a bank site in the above example, to change the cryptographic key 31 periodically for security reasons. If this is the case, the site would provide the TTP 30 with the new key whenever it is changed.
  • Fig 1 shows a direct connection between the first terminal 10 and the TTP 30.
  • the connection may be such that the TTP 30 is connected to via the Internet.
  • the second terminal 20 which may connect to the TTP 30 via the Internet instead of the direct connection shown in Fig. 1.
  • an advantage of the present invention is the capability of the second terminal 20 to change the cryptographic key 31 provided by the TTP 30 without requiring the knowledge of the user of the web site.
  • the TTP 30 and the second terminal 20 are in constant or periodic communication with each other to allow for updates of the cryptographic key to be communicated to the TTP 30 from the second terminal when it is necessary.
  • the second terminal 20 is not limited to hosting a web site and it may host any type of application or application interface which is capable of communicating with other terminals.

Abstract

A system model for overcoming problems arising due to fraudulent Internet web site copying, otherwise known as 'site spoofing', by providing a method of connecting a first terminal to another terminal hosting a web site over a network using a web browser. The method including the step of causing the web browser to consult with a storage system, known as a trusted third party system, to check the security status of a required site. The browser determines whether the site is registered with the storage system as a secure site.

Description

WEB SITE SECURITY MODEL
The present invention relates to network security. More particularly, the present invention relates to a system model for overcoming problems arising due to fraudulent Internet web site copying, otherwise known as "spoofing".
Network security is one of the main issues that has slowed the rate of success for many e-businesses. In particular, a big problem currently faced by companies involved in e-business is one of perception of security over the Internet. One such way in which the security of an e-business can be affected is through site spoofing.
A possible way of reducing the effects of site spoofing may be to provide a private encryption system between the host web site and the individual users of the website. However, such a system would not be administrable due to its complicated and costly nature. The object of the present invention is to provide a simple method of improving network security so as to overcome the problem of site spoofing of a web site by storing data on whether a site is genuine and providing a browser with a module to check the data to determine whether the web site is genuine prior to connecting to the web site. Accordingly, the present invention provides a method of connecting a user system to a host system over a network using an application program residing on the user system, the method including the step of causing the application program to consult with verification system prior to making a connection with the host system. Preferably, the consultation step includes the step of determining whether the verification system contains information particular to the host system. Preferably, the verification system will provide a user with cryptographic information which will be used to encode a user request and/or data prior to transmission in such a way that only the genuine web site will be able to decode the received encoded information. In a preferred embodiment, the application program is a web browser and the information particular to the host system is a web site address.
In order that the present invention be more readily understood, an embodiment thereof will be described by way of example only by referring to the accompanying figures in which: Fig 1 shows a schematic diagram of a preferred embodiment of the present invention.
Fig 2 shows a flow chart for the browser utilised in the preferred embodiment of Fig 1.
Site spoofing is a fraudulent copying of a web site and may be achieved in a number of ways. The following is an example of a typical method of spoofing a web site. It will be appreciated that any other method my be utilised to spoof a web site and the following description is given by way of example only.
Site spoofing occurs due to underlying protocols on the Internet and the need for a user of any given site to understand Internet security principles to prevent attacks. One example of a business that may be prone to an attack is an online bank. There are a number of ways that a hacker may steal money from an online bank. Firstly, the hacker may directly attack the bank site. However, most banks are fairly resilient to this form of attack. Alternatively, a hacker can get hold of a user's login credentials and access the bank legitimately. This can be achieved by spoofing the bank site.
A spoof site is site which looks identical in everyway to a real site but is hosted on a hackers web server. A hacker can create an identical site by using a conventional browser to go to the real site which in this example is a bank's homepage, and extract the source code html and Java script from the real site.
The source code html and Java script can then be utilised by the hacker to create an identical site to the bank's homepage on the hacker's web server. Consequently, when a user accesses the hacker's website they would be presented with an identical site to the bank's homepage.
The website domain name of the hacker's web site may be chosen by the hacker to be similar to the bank's home page. Hence, many users would be unlikely to realise that they are visiting the hacker's site if they were directed there through a web site link for example. Many Internet users are unaware of security measures on the Internet such as digital site certificates which are used to prove the genuine nature of a website and this may be exploited by a potential hacker through site spoofing.
Once a user is directed to a hacker's site, the user will prompted to enter their login details as they would do on the bank's real site. However, the hacker's site will capture the user's username and password and return a login failure. One way of capturing the username and password by a hacker would be to return a login failure screen which has also been copied from the bank's real site. The user may assume that they have made a typing mistake and re-enter their login details. At this stage, the username and password is sent to the real bank login page and the user is transferred to the real bank secure site having logged in successfully. The user will be unaware that their login details have been captured and the hacker will then be able to do what they please with the user's bank account.
A preferred embodiment according to the present invention provides a method of overcoming the problem of site spoofing which has been identified above. A user system includes a first terminal 10 which is typically a client terminal which uses any known browser technology such as Internet Explorer or Netscape. A host system includes a second terminal 20 which may be a web server terminal which hosts a web site. The present invention provides a verification system 30 which is hereinafter known as a trusted third party (TTP). The TTP 30 may be an independent person, body, organisation or company that runs a system to validate a given Universal Resource Locator (URL) or other site addressing method such as an IP address of a website. A web site host would register their domain name and IP address, if necessary, with the TTP 30 and provide the TTP with a cryptographic key to be utilised by a browser accessing the TTP. Hence, the web site terminal 20 may be in communication with the TTP 30 as shown by the dotted line in Fig. 1.
It will be appreciated that the terminal 10 may be a computer or any such device capable of connecting to the internet such as a mobile phone or personal digital assistant.
The user at the client terminal 10 may wish to access a web site and the preferred embodiment of the present invention takes the following steps to connect to a secure site. The example described hereinafter relates to a user wishing to login to a bank web site and is shown in Fig 1. However, the present invention is not limited to function with this type of site only.
Referring to Fig 1, a user wishes to log in to a bank web site from the client terminal 10 which uses a browser 11. To attempt this operation, the user requests the site through the browser 11. Initially, the browser 11 communicates with the TTP 30 to judge whether the domain name which has been requested by the user is marked as a registered secure site by the TTP. It is important to note that the web browser 11 consults with the TTP30 prior to making a connection with the bank server terminal 20. If the web site has been registered as a secure site, the TTP 30 provides the browser 11 with a cryptographic key 31, which in this case is a public key of the registered secure site which is stored by the TTP once the secure site has registered with the TTP.
Once provided with the key 31, the browser preferably generates a number and encrypts it and a request for a page message using the key 31. Additionally, the user may sign using a private key (not shown) if the user wishes to identify themselves to the site, useful when requiring instant logins. If this is the case, the user signs the number before having it encrypted.
After encryption, the request for page message and the generated number is sent to the registered site 21 which is hosted on the bank server terminal 20. If the registered site is genuine then the site should be able to decrypt the request and the number and send the page to the browser 11 on the client terminal 10.
The browser 11 on the client terminal 10 receives the website 21 with the decrypted number from the bank terminal 20 and compares it to the number which was sent by it. A match between the two numbers indicates that the web site 21 is genuine and the user can connect by preferably using the standard security sockets layer (SSL) approach which is known in the art. However, if there is no match between the two numbers, then the site is not genuine and the page is not rendered.
When using the standard SSL mode, the browser would compare the digital certificate of the SSL session with that of the TTP certificate to ensure that there is a match.
The use of the TTP 30 differs from the conventional trust models as conventional models rely on the user to check the connection each time rather than the browser 11. The browser 11 according to a preferred embodiment of the present invention checks all connections with the TTP 30 to determine whether the requested site has been registered as secure and any that are not registered as secure are prevented from submitting any information. The browser in the preferred embodiment will now be described with reference to the flow chart of Fig 2A and 2B.
The user of the first terminal 10 initially inputs a request for a web site into the browser 10 (100) which causes the browser 11 to consult the TTP 30 (101). It will be appreciated that the any method of requesting a web site from the first terminal may be used to cause the browser 11 to consult the TTP. For example, instead of entering the website's address, the user may request for a web site by clicking on a URL in any form in any application such as a URL link embedded in an e-mail. Furthermore, an application may automatically require to access a website. This may be a result of user actions such as clicking on the help button in an application which requires the application to access a web site through a browser 11. If the requested site name is registered as a secure site with the TTP (102) then the browser is given a cryptographic key (104). Otherwise the browser is not given a key and an error is displayed (103). Once the browser receives the key, it generates a number and encrypts the number using the key (105). Furthermore, it encrypts a request for page message using the key (106). The browser then arranges for the encrypted data to be sent to the registered site server (107). Once necessary decryption is performed on the data at the site server end, the browser receives the decrypted data from the site server (108). The data includes the decrypted number and the browser compares the received decrypted number with the number originally generated by the browser before it was encrypted and sent to the site server (109). If the numbers are the same (110) the site is genuine and requested page is rendered on the user's screen (112). Otherwise, the site is not genuine and the page is not rendered so no further information is submitted (111). Once rendered, the browser drops down to the normal SSL mode (113) as described hereinbefore with reference to Fig 1. It will be appreciated that various modifications may be made to the preferred embodiment. The key 31 is not restricted to being a public key and may be any type of cryptographic means which is capable of encoding data.
Furthermore, it may be necessary for the requested site, which is a bank site in the above example, to change the cryptographic key 31 periodically for security reasons. If this is the case, the site would provide the TTP 30 with the new key whenever it is changed.
Additionally, Fig 1 shows a direct connection between the first terminal 10 and the TTP 30. However, the connection may be such that the TTP 30 is connected to via the Internet. This also applies to the second terminal 20 which may connect to the TTP 30 via the Internet instead of the direct connection shown in Fig. 1.
It will be apparent that an advantage of the present invention is the capability of the second terminal 20 to change the cryptographic key 31 provided by the TTP 30 without requiring the knowledge of the user of the web site. The TTP 30 and the second terminal 20 are in constant or periodic communication with each other to allow for updates of the cryptographic key to be communicated to the TTP 30 from the second terminal when it is necessary.
It will be appreciated that the second terminal 20 is not limited to hosting a web site and it may host any type of application or application interface which is capable of communicating with other terminals.

Claims

CLAIMS:
1. A method of connecting a user system to a host system over a network using an application program residing on the user system, the method including the step of causing the application program to consult with a verification system prior to making a connection with the host system.
2. The method according to claim 1 wherein the consultation step includes the step of determining whether the verification system contains information particular to the host system.
3. The method according to claim 1 or 2, wherein the verification system provides the application program with a cryptographic key for encoding data which is to be sent to the host system if the verification system contains information particular to the host system.
4. The method according to claim 3, wherein the data includes a number which is generated by the application program.
5. The method according to claim 4, wherein the number is signed using a private cryptographic key so as to identify a particular user system to the host system.
6. The method according to any one of the preceding claims wherein the verification system and host system each form part of a single system.
7. The method according to any one of the preceding claims wherein the application program is a web browser.
8. The method according to any one of the preceding claims wherein the information particular to the host system is a website address.
PCT/GB2004/001679 2003-05-08 2004-04-21 Web site security model WO2004099949A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0310600A GB2401445A (en) 2003-05-08 2003-05-08 Web site security model
GB0310600.2 2003-05-08

Publications (1)

Publication Number Publication Date
WO2004099949A1 true WO2004099949A1 (en) 2004-11-18

Family

ID=9957690

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2004/001679 WO2004099949A1 (en) 2003-05-08 2004-04-21 Web site security model

Country Status (2)

Country Link
GB (1) GB2401445A (en)
WO (1) WO2004099949A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8074231B2 (en) 2005-10-26 2011-12-06 Microsoft Corporation Configuration of isolated extensions and device drivers
US8125669B2 (en) 2006-11-30 2012-02-28 Microsoft Corporation Systematic approach to uncover GUI logic flaws
US8789063B2 (en) 2007-03-30 2014-07-22 Microsoft Corporation Master and subordinate operating system kernels for heterogeneous multiprocessor systems
US8849968B2 (en) 2005-06-20 2014-09-30 Microsoft Corporation Secure and stable hosting of third-party extensions to web services
CN112817789A (en) * 2021-02-23 2021-05-18 浙江大华技术股份有限公司 Modeling method and device based on browser transmission

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7831915B2 (en) 2005-11-10 2010-11-09 Microsoft Corporation Dynamically protecting against web resources associated with undesirable activities
US8353029B2 (en) 2005-11-10 2013-01-08 Microsoft Corporation On demand protection against web resources associated with undesirable activities

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5815574A (en) * 1994-12-15 1998-09-29 International Business Machines Corporation Provision of secure access to external resources from a distributed computing environment
US6351772B1 (en) * 1996-06-03 2002-02-26 International Business Machines Corporation Multiplexing of clients and applications among multiple servers

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6802002B1 (en) * 2000-01-14 2004-10-05 Hewlett-Packard Development Company, L.P. Method and apparatus for providing field confidentiality in digital certificates
WO2003014999A1 (en) * 2001-08-07 2003-02-20 United States Postal Service System and method for providing secured electronic transactions

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5815574A (en) * 1994-12-15 1998-09-29 International Business Machines Corporation Provision of secure access to external resources from a distributed computing environment
US6351772B1 (en) * 1996-06-03 2002-02-26 International Business Machines Corporation Multiplexing of clients and applications among multiple servers

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Windows 2000 Kerberos Authentication", July 1999, MICROSOFT CORPORATION, REDMOND, WA USA, XP002291163 *
KEITH BROWN: "Web security: Putting a secure front end on your COM+ distributed applications", MDSN MAGAZINE, June 2000 (2000-06-01), pages 1 - 13, XP002291162, Retrieved from the Internet <URL:http://msdn.microsoft.com/msdnmag/issues/0600/websecure/> [retrieved on 20040804] *
SIRBU M A ET AL: "Distributed authentication in Kerberos using public key cryptography", NETWORK AND DISTRIBUTED SYSTEM SECURITY, 1997. PROCEEDINGS., 1997 SYMPOSIUM ON SAN DIEGO, CA, USA 10-11 FEB. 1997, LOS ALAMITOS, CA, USA,IEEE COMPUTER. SOC, US, 10 February 1997 (1997-02-10), pages 134 - 141, XP010216170, ISBN: 0-8186-7767-8 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8849968B2 (en) 2005-06-20 2014-09-30 Microsoft Corporation Secure and stable hosting of third-party extensions to web services
US8074231B2 (en) 2005-10-26 2011-12-06 Microsoft Corporation Configuration of isolated extensions and device drivers
US8125669B2 (en) 2006-11-30 2012-02-28 Microsoft Corporation Systematic approach to uncover GUI logic flaws
US8156559B2 (en) 2006-11-30 2012-04-10 Microsoft Corporation Systematic approach to uncover GUI logic flaws
US8539585B2 (en) 2006-11-30 2013-09-17 Microsoft Corporation Systematic approach to uncover visual ambiguity vulnerabilities
US8789063B2 (en) 2007-03-30 2014-07-22 Microsoft Corporation Master and subordinate operating system kernels for heterogeneous multiprocessor systems
CN112817789A (en) * 2021-02-23 2021-05-18 浙江大华技术股份有限公司 Modeling method and device based on browser transmission
CN112817789B (en) * 2021-02-23 2023-01-31 浙江大华技术股份有限公司 Modeling method and device based on browser transmission

Also Published As

Publication number Publication date
GB2401445A (en) 2004-11-10
GB0310600D0 (en) 2003-06-11

Similar Documents

Publication Publication Date Title
US9871791B2 (en) Multi factor user authentication on multiple devices
US9537861B2 (en) Method of mutual verification between a client and a server
JP6105721B2 (en) Start of corporate trigger type 2CHK association
JP6012125B2 (en) Enhanced 2CHK authentication security through inquiry-type transactions
RU2279186C2 (en) System and method for using safety, appropriate for protected communication channel, for providing safety for unprotected communication channel
JP4886508B2 (en) Method and system for stepping up to certificate-based authentication without interrupting existing SSL sessions
US8468582B2 (en) Method and system for securing electronic transactions
US7774612B1 (en) Method and system for single signon for multiple remote sites of a computer network
US8266434B2 (en) System and method for providing an user&#39;s security when setting-up a connection over insecure networks
US20100217975A1 (en) Method and system for secure online transactions with message-level validation
US20100199086A1 (en) Network transaction verification and authentication
US20090025080A1 (en) System and method for authenticating a client to a server via an ipsec vpn and facilitating a secure migration to ssl vpn remote access
CN101897166A (en) Systems and methods for establishing a secure communication channel using a browser component
KR20050013559A (en) Method and system for user-determined authentication and single-sign-on in a federated environment
US8973111B2 (en) Method and system for securing electronic transactions
WO2007139944A2 (en) Policy driven, credential delegation for single sign on and secure access to network resources
JP4698751B2 (en) Access control system, authentication server system, and access control program
US8387126B2 (en) Systems and methods for authenticating a server by combining image recognition with codes
JP5186648B2 (en) System and method for facilitating secure online transactions
WO2004099949A1 (en) Web site security model
EP1713230A1 (en) System and method for providing user&#39;s security when setting-up a connection over insecure networks
KR100406292B1 (en) Password Transmission system and method in Terminal Communications
CN117097472A (en) Identity authentication method of collaborative signature
JP2007279775A (en) Web server authentication system capable of performing web access point authentication (wapa)
WO2015027298A1 (en) Proxy system with integrated identity management

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase