WO2007092525A2 - Systèmes, procédés et supports pouvant inhiber les attaques contre des données - Google Patents

Systèmes, procédés et supports pouvant inhiber les attaques contre des données Download PDF

Info

Publication number
WO2007092525A2
WO2007092525A2 PCT/US2007/003309 US2007003309W WO2007092525A2 WO 2007092525 A2 WO2007092525 A2 WO 2007092525A2 US 2007003309 W US2007003309 W US 2007003309W WO 2007092525 A2 WO2007092525 A2 WO 2007092525A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
encrypted
protected environment
indication
environment
Prior art date
Application number
PCT/US2007/003309
Other languages
English (en)
Other versions
WO2007092525A3 (fr
Inventor
Angelos Stavrou
Angelos D. Keromytis
Michael E. Locasto
Original Assignee
The Trustees Of Columbia University In The City Of New York
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Trustees Of Columbia University In The City Of New York filed Critical The Trustees Of Columbia University In The City Of New York
Publication of WO2007092525A2 publication Critical patent/WO2007092525A2/fr
Publication of WO2007092525A3 publication Critical patent/WO2007092525A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies

Definitions

  • the disclosed subject matter relates to systems, methods, and media for inhibiting attacks on data.
  • a customer purchasing items from an online merchant may have to divulge sensitive personal information (e.g., account numbers, addresses, etc.) to the merchant. Revealing such information to the merchant may be an unacceptable security risk, especially when the merchant may not guarantee the security of its systems against electronic or physical theft.
  • sensitive personal information e.g., account numbers, addresses, etc.
  • Revealing such information to the merchant may be an unacceptable security risk, especially when the merchant may not guarantee the security of its systems against electronic or physical theft.
  • users of webmail services such as MSN Hotmail, Yahoo
  • a user may employ Pretty Good Privacy (PGP) or Secure / Multipurpose Internet Mail Extensions (S/MIME) for e-mail messages, when a trusted mail client is available from a webmail service.
  • PGP Pretty Good Privacy
  • S/MIME Secure / Multipurpose Internet Mail Extensions
  • a trusted mail client may not be always available.
  • client-side PGP operations e.g., via ActiveX, Flash or a Java applet
  • the user may not trust these components with, for example, the user's private key or pass phrase.
  • methods for inhibiting attacks on data include receiving data and at least one indication indicating that the data is encrypted in an unprotected environment in a web browser; determining whether the at least one indication indicates that the portion of the data is encrypted; creating a protected environment in the web browser; automatically making the data available to the protected environment; decrypting the data to form decrypted data in the protected environment; and displaying the decrypted data in the protected environment.
  • methods for inhibiting attacks on data are provided.
  • the methods include creating a protected environment in a web browser; receiving data in the protected environment; encrypting the data to form encrypted data in the protected environment; associating the encrypted data with an indication that the encrypted data is encrypted; and automatically making the encrypted data and the indication accessible to an unprotected environment in the web browser.
  • computer-readable media containing computer- executable instructions that, when executed by a processor, cause the processor to perform methods for inhibiting attacks on data.
  • the methods include receiving data and at least one indication indicating that the data is encrypted in an unprotected environment in a web browser; determining whether the at least one indication indicates that the portion of the data is encrypted; creating a protected environment in the web browser; automatically making the data available to the protected environment; decrypting the data to form decrypted data in the protected environment; and displaying the decrypted data in the protected environment.
  • computer-readable media containing computer- executable instructions that, when executed by a processor, cause the processor to perform methods for inhibiting attacks on data.
  • the methods include creating a protected environment in a web browser; receiving data in the protected environment; encrypting the data to form encrypted data in the protected environment; associating the encrypted data with an indication that the encrypted data is encrypted; and automatically making the encrypted data and the indication accessible to an unprotected environment in the web browser.
  • systems for inhibiting attacks on data including an interface in communication with a network; a memory; and a processor in communication with the memory and the interface are provided, wherein the processor receives data and at least one indication indicating that the data is encrypted in an unprotected environment in a web browser; determines whether the at least one indication indicates that the portion of the data is encrypted; creates a protected environment in the web browser; automatically makes the data available to the protected environment; decrypts the data to form decrypted data in the protected environment; and displays the decrypted data in the protected environment.
  • systems for inhibiting attacks on data including an interface in communication with a network; a memory; and a processor in communication with the memory and the interface are provided, wherein the processor creates a protected environment in a web browser; receives data in the protected environment; encrypts the data to form encrypted data in the protected environment; associates the encrypted data with an indication that the encrypted data is encrypted; and automatically makes the encrypted data and the indication accessible to an unprotected environment in the web browser.
  • methods for inhibiting attacks on data are provided.
  • the methods include receiving data from a first entity comprising at least a message and an encrypted account number; determining, based on the message, whether the encrypted account number needs to be authorized; if the encrypted account number needs to be authorized, making the encrypted account number available to a second entity; receiving authorization from the second entity; and sending a response to the first entity based on the message and the authorization.
  • FIG. 1 is a schematic diagram of a system suitable for inhibiting attacks on data in accordance with some embodiments of the disclosed subject matter.
  • FIG. 2 is an illustration of nodes that can be used in FIG. 1 in accordance with some embodiments of the disclosed subject matter.
  • FIG. 3 is a simplified illustration of a method for inhibiting attacks on data by a party that needs information related to the data in accordance with some embodiments of the disclosed subject matter.
  • FIG. 4 is simplified illustration of a method for inhibiting attacks on data from a party through which the data is sent in accordance with some embodiments of the disclosed subject matter.
  • FIG. 5 is simplified illustration of a method for inhibiting attacks using a protected frame in accordance with some embodiments of the disclosed subject matter.
  • FIG. 6 is a "div" tag and associated data that can be used in accordance with some embodiments of the disclosed subject matter.
  • FIG. 7 is a screen shot of a pull down menu that can be used to select a cryptographic operation in accordance with some embodiments of the disclosed subject matter.
  • FIG. 8 is a screen shot of data signed and encrypted in accordance with some embodiments of the disclosed subject matter.
  • FIG. 9 is a simplified illustration of a method for inhibiting attacks on parts of a document which is shared among various entities in accordance with some embodiments of the disclosed subject matter. Detailed Description
  • end-to-end (E2E) confidentiality and integrity between a producer of content and a recipient of that content are provided.
  • This confidentiality and integrity can be provided, for example, by a mechanism in which content can be encrypted in one client's web browser and then decrypted in another client's web browser without being subject to review and/or modification by an intervening server.
  • Public-key cryptography e.g., PGP
  • PGP public-key cryptography
  • Some embodiments can transform HTML content into, for example, PGP encrypted, ASCII-armored blocks of data when transferring data to a web browser.
  • Sections of a document can be identified for encryption and/or decryption by using, for example, tags or markers, such as the "div tag" (an HTML tag that defines a division/section in a document).
  • div tag an HTML tag that defines a division/section in a document.
  • encryption can be provided using a style-sheet applied to web- content in a browser by marking div tags with a Cascading Style Sheet (CSS) identifier.
  • CSS Cascading Style Sheet
  • text can be manually selected in objects, such as, for example, "text- areas" and "text-boxes," and a context menu can access PGP to, for example, encrypt, sign, encrypt and sign, decrypt, verify, and decrypt and verify, the selected text.
  • Some embodiments can provide cryptographic processing when displaying and/or rendering content. For example, in addition to rendering content for placement, size, and coloring, the content can be decoded into a form that the user is authorized to view. Sections of a document that were identified and encrypted, as discussed above, can be automatically decrypted when received by a user having an appropriate key, for example.
  • Some embodiments can provide these functions through an extension to a web browser, such as, for example, Microsoft Internet Explorer (from Microsoft Corporation), Firefox (available from the Mozilla Foundation), Safari (available from Apple Inc.), Opera (available from Opera Software), lynx (available from, for example, http://lynx.browser.org), and wget (available from the Free Software Foundation).
  • the extension can include, for example, extra functionality for a layout engine, additions to the user interface (UI) (e.g., to the selected-text context menu), and/or the addition of key handling (e.g., PGP key handling).
  • Extensions to web browsers can offer, for example, easy deployment and can allow a user to easily enable, disable, or update the extension while requiring only small or no modifications to the browser.
  • functions of the disclosed subject can be provided as an integrated part of a web browser.
  • new tags can be added to the HTML grammar to identify sections of a document for encryption and/or decription.
  • FIG. 1 is a schematic diagram of an illustrative system 100 that may be used for protecting communications between a first entity (e.g., an originator, such as, a customer, a content publisher, a web logger, an e-mail user, etc.) and a second entity (e.g., an intermediary, such as, a banking system, a credit card authorization service, a shipping company, a content reader, an e-mail user, etc.) through a third entity (e.g., an intended recipient, such as, a service provider, a merchant, a web hosting service, etc.) in accordance with some embodiments of the disclosed subject matter.
  • a first entity e.g., an originator, such as, a customer, a content publisher, a web logger, an e-mail user, etc.
  • a second entity e.g., an intermediary, such as, a banking system, a credit card authorization service, a shipping company, a content reader, an e-
  • system 100 can include one or more clients 102.
  • Clients 102 can be connected by one or more communications links 104 to a communications network 106 or connected directly to each other.
  • Communications network 106 can also be linked through a communications link 108 to a server 1 10.
  • Various embodiments of the disclosed subject matter can be implemented on at least one of the server and the clients. It is also possible that a client and a server can be connected through communication links 108 or 104 directly and not through a communication network 106.
  • server 110 can be a server or digital processing device for executing an application, such as, for example, a processor, a computer, a data processing device, or a combination of such devices.
  • Communications network 106 can be a data transfer network including the Internet, an intranet, a wide-area network (WAN), a local-area network (LAN), a wireless network, a digital subscriber line (DSL) network, a frame relay network, an asynchronous transfer mode (ATM) network, a virtual private network (VPN), a mobile ad-hoc network (MANET), or a combination of one or more of the same.
  • WAN wide-area network
  • LAN local-area network
  • DSL digital subscriber line
  • ATM asynchronous transfer mode
  • VPN virtual private network
  • MANET mobile ad-hoc network
  • Communications links 104 and 108 can be communications links suitable for communicating data between clients 102 and server 110, such as network links, dial-up links, wireless links, hard-wired links, etc.
  • Clients 102 can be digital processing devices, such as, for example, personal computers, laptop computers, mainframe computers, data displays, Internet browsers, personal digital assistants (PDAs), two-way pagers, wireless terminals, portable telephones, etc., or a combination of the same.
  • Clients 102 and server 110 can be located at various locations. In some embodiments, clients 102 and server 110 can be located within an organization. Alternatively, clients 102 and server 110 can be distributed between multiple organizations.
  • client 102 and server 110 can include respectively, among other things, processors 202 and 220, displays 204 and 222, input/output devices 206 and 224, and memory 208 and 226, which can be interconnected.
  • the input/output devices can receive input such as, for example, text from a keyboard, mouse clicks, images from a camera, images from a scanner, audio recordings, voice-to-text translations, etc.
  • the input/output devices can produce output such as, for example, text-to- voice, audio recordings, etc.
  • memory 208 and 226 contain a storage device for storing a program for controlling processors 202 and 220. Memory 208 and 226 can also contain applications for inhibiting attacks on data. In some embodiments, various applications can be resident in the memory of client 102 or server 110.
  • System 100 can be modified to include additional components or omit components in accordance with various embodiments of the disclosed subject matter.
  • some embodiments are described herein as being implemented on a client and/or a server, this is only illustrative. Various components of some embodiments of the disclosed subject matter can be implemented on various platforms.
  • some embodiments provide protection from an untrustworthy service provider. If, for example, the user is a customer of an online merchant, the merchant can attack by misusing information the user disclosed to the merchant. If, for example, a user is a user of a web-mail service, the web-mail service can attack by examining e-mails sent to other users. In some cases, the attacker (e.g., service provider) may be merely curious, however, in other cases the attacker may be compromised, or actively malicious.
  • the attacker e.g., service provider
  • a client 102 may send a message to another client 102 through, for example, a server 110.
  • a server 110 can be, for example, a host for a webmail service, a merchant, and/or a web host for content, such as, blogs.
  • the message may contain personal information, such as, for example, credit card information. Despite not needing the personal information, for example, to satisfy an order, the server 110 may nevertheless examine and/or store the personal information.
  • FIG. 3 illustrates a method for addressing this situation in accordance with some embodiments.
  • a customer e.g., a client
  • a message e.g., a product request
  • encrypted information e.g., an account number, a credit card number, etc.
  • the encrypted information can be formed using various techniques.
  • the merchant can determine whether it needs information related to the encrypted information, at 330. If it does not need information, the merchant can for example, send a response and/or the product to the customer, at 390. If it does need information, the merchant can send, at 340, the encrypted account number to an authorizer.
  • the authorizer e.g., a client or a server
  • the authorizer can decrypt and authorize the account number, at 350, and send, at 360, an authorization message to the merchant.
  • the merchant can then receive the authorization, at 370, and proceed, at 380, by, for example, responding to the customer and/or sending the customer the product.
  • the account number can be protected from the merchant, but the merchant can still acquire what it needs (i.e., the authorization) to perform the sale.
  • a publisher can create a plain text file
  • the publisher can encrypt portions of the plaintext file, at 420, and submit and/or upload the encrypted file, at 430, to a server (e.g., a web server).
  • the server can make the encrypted file 435 available as a webpage, at 440.
  • a viewer can access the webpage, at 450, using, for example, a web browser.
  • the file can be rendered for viewing, including decrypting the encrypted portions of the file, at 460.
  • some embodiments can subvert and/or inhibit a communication channel. This subversion and/or inhibition can protect content from a provider of the channel and can include using the channel in a way that the provider did not envision or intend. For example, because some content may be vulnerable when merely entered into a field on a webpage, some embodiments can receive input and/or issue output operations in a, protected area, such as a secure overlay frame.
  • the overlay frame can protect input and output by, for example, not allowing any scripts (e.g., "external" Javascripts) or other code to read or otherwise access data in the frame. In this way, these embodiments can inhibit an attack from accessing data either before or after encryption.
  • a webmail provider can include Javascript (as part of its webmail client) that can log a user's plaintext keystrokes while the user is drafting an e-mail. If the user encrypts the e-mail, the webmail provider may still have the log of the plaintext that it obtained by keystroke monitoring.
  • input operations e.g., key strokes, pasted images, etc.
  • the encrypted content can be provided to a target in encrypted form.
  • unencrypted data can be received in an overlay frame, at 510.
  • the data can be encrypted in the overlay frame, at 520.
  • the encrypted data can be copied or otherwise entered into a, communications channel, such as a web browser window, at 530, and sent or made available to a viewer, at 540, through network 100.
  • a communications channel, such as a web browser, at the receiver can receive the encrypted data, at 550.
  • the web browser can determine, at 560, whether the received data includes encrypted data. If not, web browser can display the data, at 590. If so, the encrypted data can be moved to an overlay frame, at 570.
  • the data then can be decrypted, at 580, and displayed, at 590.
  • data may be moved to a frame, at 570, from 550 regardless of whether it contains encrypted data.
  • Various types of data can be protected from various communication channels.
  • a protected frame can be used to protect a text message (e.g., on a cellular phone) from a service provider.
  • some embodiments can perform encryption and/or decryption based on an indication in the document.
  • the indication can be, for example, a location of data in a document and can be designated or determined based on, for example, an offset from another location in the document (e.g., the beginning or end), the context of data or surrounding data (e.g., the presence of plain text or the presence of an account number), a string (e.g., "encrypt starting here"), a tag, and/or an element.
  • a markup language such as HyperText Markup Language (HTML)
  • HTML HyperText Markup Language
  • Various elements and/or tags can be used, such as, for example, a "p” (paragraph), "body,” “table,” “div,” and/or “span.” These elements can be marked, for example, with the class attribute set to "w3bcrypt,” or any other appropriate value, as illustrated in FIG. 6.
  • the class attribute value can be designated by, for example, users, administrators, or a standards committee.
  • the data 610 associated with, for example, the div or span element can then be automatically decrypted.
  • a web browser can finish loading an object module for a page and can request a list of all div or span elements marked with "w3bcrypt” and decrypt them.
  • the object module can be, for example, the HTML Document Object Model (DOM) (i.e., a collection of objects that represent a page in a web browser and can be used by script programs to examine and dynamically change the page).
  • DOM HTML Document Object Model
  • the user can be prompted for a pass phrase and/or key to use for decryption.
  • some embodiments can add randomness to the encrypted data. For example, a timestamp, sequence number, and/or randomly generated ticket can be appended to information that will be encrypted (e.g., an account number) and can serve, for example, to identify duplicate transactions.
  • the use of random data can protect against replay attacks, where, for example, an attacking merchant or service provider sends a user's message multiple times. For example, an attacking merchant may attempt to submit a user's encrypted credit card account number multiple times.
  • a customer can include, for example, an encrypted ticket with the credit card number for authorization (at 340 and 350 of FIG. 3). When the authorization service decrypts the account number and the ticket, it can determine that it has already authorized a transaction for this account number and ticket combination. As such, the charge can be denied.
  • Some embodiments can provide key management and cryptographic processing, using various key management and cryptographic mechanisms.
  • GnuPG an implementation of the OpenPGP standard as defined by RFC2440
  • Some embodiments can probe the host at installation time for any already-installed PGP packages, a user can manually select or download a PGP package from a list, or a PGP package can be automatically selected by the system.
  • a user can enter a key to be used in encryption in a browser window.
  • content can be published under an "audience" key (or series of keys).
  • PGP cryptographic operations can be presented as choices in a context menu 701 as show in FIG. 7. As illustrated, these choices can be gathered into a submenu to avoid crowding the regular context menu.
  • a plain text message 702 can be highlighted, at 710.
  • Sign and Encrypt 720 can be selected to both encrypt and digitally sign the message 702. The result can be an encrypted and signed message 801 as illustrated in FIG. 8.
  • Some embodiments of the disclosed subject matter can be used to encrypt, decrypt, and/or control access to portions of a document and/or communication. Some embodiments can function with, for example, an integrated development environment (IDE) and/or a revision control system. For example, assume multiple entities are working on software project.
  • IDE integrated development environment
  • a first entity does not wish a second entity to have access to certain portions of the source code, those portions can be encrypted with, for example, encryption keys.
  • An entity with access to the encrypted source code can be provided with access to encrypted portions of the actual source code by providing the entity with the appropriate decryption key or keys.
  • a compiler may have access to all the keys so that, for example, an entity with keys to only some portions of the code, but with access to such a compiler, can compile and run the software.
  • the compiler can be available to various of the multiple entities. Such embodiments can allow, for example, multiple entities to work together and still retain control over information that may otherwise need to be shared.
  • the various entities can be, for example, users in the same system, users across multiple systems, companies, authors, programmers, and/or software applications.
  • a first entity may create a first portion 991 of a document 990, at 910.
  • Portion 991 can be encrypted, at 920, and document 990 can be sent, at 930, to a second entity that can create and encrypt a second portion 992 of the document 990, at 940, but not have a key to decrypt portion 991 created by the first entity.
  • the document can then be sent, at 950, to a third entity that has keys to decrypt portions 991 and 992.
  • the third entity can decrypt the document, at 960, and possibly perform an action on the document, such as, for example, compiling or reading the document.
  • Some embodiments can insert tags (e.g., div tags) into a document to separate the document into various portions that can be encrypted and decrypted using various keys.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne des systèmes, des procédés et des supports pouvant inhiber les attaques contre des données. Dans quelques modes de réalisation, les procédés de l'invention consistent à: recevoir des données et au moins une indication selon laquelle les données sont cryptées dans un environnement non protégé dans un navigateur web; déterminer si, d'après au moins ladite ou lesdites indications, cette partie des données est cryptée; créer un environnement protégé dans le navigateur web; rendre automatiquement les données disponibles pour ledit environnement protégé; déccrypter les données pour former des données décryptées dans l'environnement protégé; et présenter les données décryptées dans l'environnement protégé.
PCT/US2007/003309 2006-02-07 2007-02-07 Systèmes, procédés et supports pouvant inhiber les attaques contre des données WO2007092525A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US76599806P 2006-02-07 2006-02-07
US60/765,998 2006-02-07

Publications (2)

Publication Number Publication Date
WO2007092525A2 true WO2007092525A2 (fr) 2007-08-16
WO2007092525A3 WO2007092525A3 (fr) 2008-11-06

Family

ID=38345787

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/003309 WO2007092525A2 (fr) 2006-02-07 2007-02-07 Systèmes, procédés et supports pouvant inhiber les attaques contre des données

Country Status (1)

Country Link
WO (1) WO2007092525A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140310185A1 (en) * 2011-10-26 2014-10-16 Mopper Ab Method and arrangement for authorizing a user

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6253326B1 (en) * 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications
US20030065929A1 (en) * 2001-09-28 2003-04-03 Milliken Walter Clark Method and program for inhibiting attack upon a computer

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6253326B1 (en) * 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications
US20030065929A1 (en) * 2001-09-28 2003-04-03 Milliken Walter Clark Method and program for inhibiting attack upon a computer

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140310185A1 (en) * 2011-10-26 2014-10-16 Mopper Ab Method and arrangement for authorizing a user
US10423950B2 (en) * 2011-10-26 2019-09-24 Mopper Ab Method and arrangement for authorizing a user

Also Published As

Publication number Publication date
WO2007092525A3 (fr) 2008-11-06

Similar Documents

Publication Publication Date Title
US11012447B2 (en) Method, system, and storage medium for secure communication utilizing social networking sites
JP6545136B2 (ja) ウェブページの暗号化送信のためのシステム及び方法
US10025940B2 (en) Method and system for secure use of services by untrusted storage providers
Luo et al. Facecloak: An architecture for user privacy on social networking sites
US8542823B1 (en) Partial file encryption
US8726369B1 (en) Trusted path, authentication and data security
US8924724B2 (en) Document encryption and decryption
AU2007262600B2 (en) Method and apparatus for encryption and pass-through handling of confidential information in software applications
US20100037050A1 (en) Method and apparatus for an encrypted message exchange
US20100306537A1 (en) Secure messaging
US20150312217A1 (en) Client-side encryption of form data
US20140059341A1 (en) Creating and accessing encrypted web based content in hybrid applications
JP2006216002A (ja) Urlセキュリティーシステム
CN111831978A (zh) 一种对配置文件进行保护的方法及装置
WO2007092525A2 (fr) Systèmes, procédés et supports pouvant inhiber les attaques contre des données
US20120158870A1 (en) Anti-Phishing Electronic Message Verification
KR101006720B1 (ko) 웹 페이지에서의 비밀번호 보안방법 및 이를 실행하기 위한프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체
CA2603253C (fr) Methode et dispositif de chiffrement et de traitement passerelle de renseignements confidentiels d'applications logicielles
Bu-Suhaila et al. A Comprehensive Model Driven ‘Secure Mobile Application for KFU Email System’(SMAKE)
KR102047547B1 (ko) 자기보호 자바스크립트에서 암호화 모드를 이용한 보안 시스템 및 그 방법
KR102109864B1 (ko) 문서객체모델 레벨의 키 입력 암호화 장치 및 방법
Brehm The Future of Encryption
JP2024009256A (ja) 認証要素ファイル、サーバ、漏洩検知方法、及びプログラム
CN117896153A (zh) 数据处理方法、装置、设备、介质和程序产品
Stavrou et al. W3bcrypt: Encryption as a stylesheet

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07763374

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 07763374

Country of ref document: EP

Kind code of ref document: A2