WO2010014386A1 - Procédé et système de sécurisation des sessions de communication - Google Patents

Procédé et système de sécurisation des sessions de communication Download PDF

Info

Publication number
WO2010014386A1
WO2010014386A1 PCT/US2009/050444 US2009050444W WO2010014386A1 WO 2010014386 A1 WO2010014386 A1 WO 2010014386A1 US 2009050444 W US2009050444 W US 2009050444W WO 2010014386 A1 WO2010014386 A1 WO 2010014386A1
Authority
WO
WIPO (PCT)
Prior art keywords
website
user
key
public
image object
Prior art date
Application number
PCT/US2009/050444
Other languages
English (en)
Inventor
Samir Dilipkumar Saklikar
Subir Saha
Original Assignee
Motorola, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola, Inc. filed Critical Motorola, Inc.
Priority to EP09803357.4A priority Critical patent/EP2311020A4/fr
Priority to CN2009801293346A priority patent/CN102105920A/zh
Priority to CA2762706A priority patent/CA2762706A1/fr
Publication of WO2010014386A1 publication Critical patent/WO2010014386A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Definitions

  • the present invention relates to communication sessions, more particularly to securing communication sessions through authentication of web-site and remote user interactivity.
  • Phishing attacks on email and internet communications have become rampant.
  • phishing is a serious problem that must be countered. Phishing often involves fooling an internet user into clicking on a fake website, which appears to be authentic but takes the user to a phishing website.
  • the phisher can capture the username/password as well as sensitive user information.
  • the user login information can be used as well by the phishing site to impersonate the user in communication with an authentic website.
  • the phishing site can then perform a "man-in-the-middle" attack on all data passing between the user and the authentic website. User is fooled into believing that the session is secure.
  • Phishing targets users, rather than automated systems. Any secure solution may be proposed at the transport layer, but if users can be fooled, then Phishing succeeds. Hence, any phishing solution must cover the path between the users and computers.
  • Such a mechanism should address the weakness of the human-computer interface. Data transmissions that are effectively un-decipherable to an automated attacker should be developed to ensure the presence of a human user.
  • Such a mechanism can augment username/password-based authentication schemes by requiring a response from the user, wherein only the human user recipient can decipher the website data transmission and generate an appropriate response. Increased human involvement should thus provide a more secure and easier option.
  • Various embodiments of the invention provide a method for securing a communication session.
  • a client Upon establishing a communication session with a website, a client receives a challenge from the website.
  • the challenge includes image object information embedded with a pattern of a secure channel invariant.
  • the data in the received challenge is linked specifically to a user associated with the client.
  • the website is authenticated by comparing the received data pattern with an identified portion of a website public -key.
  • the website public-key refers to a public -key of the website received during secure session establishment.
  • the identified portion of the website public key is identified as follows. A database list at the client is searched for an image object that matches the image object information in the challenge.
  • a set of bit positions that is mapped to the matched image object in the database list is determined and a substring i.e. a portion of the website public key corresponding to the determined bit positions is identified. If the received data pattern does not match the identified portion of the website public-key, the communication session is automatically terminated.
  • the communication session can be made secure by ensuring that the user is also verified.
  • the client Upon authenticating the website, the client transmits a response to the web site.
  • the response includes data representing a different image object and a pattern linked thereto. This linked pattern, for example, can correspond to different bit positions of the website public -key.
  • the response may be generated by accessing a database at the client to identify an appropriate image object and pattern data linked to the image object.
  • the database at the client is synchronized with the website database.
  • the website can authenticate the response by accessing the website database to compare the received response data with the data accessed.
  • FIG. 1 is a block diagram of a communication system in accordance with some embodiments. ItHH X] Fig. 2 is a block diagram of the support functionality for securing a communication session between a client site and a website in accordance with some embodiments.
  • ⁇ I ⁇ i Fig. 3a is an illustration, in accordance with the invention, that exemplifies captchas encoded with public -key information.
  • ⁇ I ⁇ I Fig. 3b is an illustration, in accordance with the invention, that exemplifies captchas encoded with public -key information.
  • Fig. 4 is a protocol execution flowchart for an authentication process at a client's site.
  • FIG. 6 is a flowchart of a method for an authentication process at a client's site in accordance with an embodiment.
  • FIG. 7 is a flowchart of a method for authentication of a user at a website in accordance with another embodiment.
  • a phisher is forced to prove knowledge of some user-specific information, for example to verify user/password, then it is effectively forced to contact the authentic website. Now the control is in the hands of the authentic website to take the next step to somehow detect and prevent the user from being subject to a phishing attack. Information must be conveyed in a manner that is somehow hidden from the phishing website, which can be in a position to pick up all information that goes through to the user.
  • the authentic website can use a captcha as a carrier for information needed to be conveyed to the human user at the other end of the channel. Suitable characteristics of the captcha can be chosen to ensure easy solvability for users, but of sufficient difficulty for the automated phishing site. However, the phisher may simply pass on the captcha to the user and pass the user's solved results back to the authentic website.
  • the authentic website can avoid this scenario in accordance with the present invention by encoding sufficient information within the captcha to enable the user to detect if it is under a phishing attack. This information should not be easily duplicated or falsified by the phishing website.
  • Secure HTTP-based sessions take place over a secure communication channel, established by mechanisms such as TLS. The advantage of such an underlying secure technology is that it is based on certain invariants which cannot be falsified once the session is setup. For example, in TLS sessions, an invariant could be the session keys which are generated.
  • the captcha is embedded with the session keys, which are generated by the authentic website, then the user could detect a mismatch between the captcha embedded keys and the session keys which were exposed by the phishing website at the time of establishing the secure connection.
  • the user can identify information embedded within a captcha generated at the authentic web-site that is not only invariant (i.e. neither duplicated nor falsified) but also associated with the identity of the web-site to determine whether or not a phishing attack has occurred.
  • the public -key associated with a website is tightly coupled with the web-site's identity, as exposed within the server certificate message within a TLS handshake protocol. Though the actual identity itself might be dubious in case of a phishing website, it is still coupled with the certificate as well as the corresponding public/private keys, which would be used for secure session establishment.
  • the website public -key cannot be falsified once it has been exposed and used at the time of secure channel establishment. At the same time, it cannot be simply duplicated from the authentic website by the phisher, as it is tightly coupled with the corresponding private key which is required for successful decryption. Thus, the website public-key can qualify as a man-in-the-middle resistant invariant of the secure channel.
  • FIG. 1 is a block diagram of a communication system in accordance with some embodiments.
  • the communication system 100 includes a client 102, an authentic website 104 and a phishing site 106.
  • a communication session is intended to be implemented by the client with authentic website.
  • Such clients comprise one or more computers and workstations. It should be understood, nevertheless, that other clients such as Web-enabled hand-held devices which use the wireless access protocol, and Internet appliances fall within the scope of the present invention.
  • the client 102 can also refer to a network browser or any other application which is capable of accessing and/or communicating with a network accessible website. Clients of all types suitably intend to access the authentic website 104 by way of the Internet 108.
  • a website is a collection of webpages, images, videos, or other digital assets that is hosted on one or more web servers, usually accessible via the internet.
  • Internet By use of the term "Internet”, it should be understood that the foregoing is not intended to limit the present invention to a network also known as the World Wide Web. For example, it includes intranets, extranets, Virtual Private Networks (VPNs), and the like.
  • the phishing site 106 is an authentic looking website capable of perform a "man-in-the-middle" attack on all data passing between the client 102 and the authentic website 104.
  • FIG. 2 is a block diagram of the support functionality for secure communication between a client and an authentic website in accordance with the present invention.
  • Client station 110 includes processor 112 coupled with a client database 114.
  • Client processor 112 provides the user support functions, represented by high level components like captcha rendering function 116, validation function 118, sync function 120 and session management function 122.
  • the website station 130 includes processor 132 coupled with website database 134 and image repository 136.
  • Website processor 132 provides website support functions, represented by captcha generating function 138, sync function 140 and session management function 142. Session management functions 122 and 142 provide secure channel communication based on TLS or the like.
  • Image repository 136 is populated with a varied number of image objects, with appropriate tags, that are used for generating captchas.
  • a captcha is a challenge-response test used to ensure that the response is not generated by an automaton.
  • the image repository may be accessed or maintained by the website support function.
  • the object images from this repository are used in generating lists for storage in the website database 134 and client database 114.
  • the objects of the website database image list are linked to a bit position map on a per user name basis in database 134.
  • the objects of the image list are linked to a bit position map on a per website basis if communication with a plurality of websites is contemplated.
  • a synchronization functionality performed by sync function 140 at the website in conjunction with the sync function 120 at the client site, provides an updated image list and bit position map 124 to the user on every successful wth login. This updating function ensures that new and different challenges would be presented to potential phishers. This information would be bootstrapped when a user registers for the website.
  • the captcha generating function 138 generates an appropriate captcha based on the website's public -key, the username, and the user- specific image list and bit position map in database 134.
  • the captcha rendering function 116 at the client is mapped to user browser's rendering engine.
  • the rendered captcha is displayed and a request is generated for the human user to identify the image object within the captcha as well as enter a corresponding tag data e.g. a text string.
  • the validation function 118 performs, via access to the client database 114, various checks on the user's response.
  • FIG. 3a is an illustration, in accordance with the invention, that exemplifies captchas created by an authentic website by encoding it's own public -key information to be rendered at the client site.
  • the captchas each contain two parts, i.e., an object image and a sub-part of the public-key of the authentic website.
  • the exemplified house image contains therein the alphanumeric string "6d e8 73," which corresponds to bits x . . . y of the public -key.
  • the exemplified car image contains therein the alphanumeric string "by 8d al,” which corresponds to bits p . . . q of the public-key.
  • the validation function 118 may request the user to enter the text rendered in the captcha and to select an image from a list of objects that corresponds to the displayed image.
  • Source validation occurs if the user's entries match a correlation in the client database 114. For example, for a user's entry of "house,” bit positions x . . .
  • Fig. 4 is a protocol execution flowchart for the authentication process at the client's site.
  • the user requests for a session with a server of a website by initiating a link to enter the website domain.
  • the client processor 112 stores the public-key as well as the identity exposed by the website session server in the server certificate messages. Later, if the webpage turns out to be a login page, then the client processor 112 reads the username and password entered by the user and sends the username towards the website server.
  • a TLS connection is established with the website server and the website transmits a public-key to the browser plugin for secure session establishment at step 52.
  • a login page is provided to the browser plugin at step 54.
  • the login page is rendered at the user display and the user provides user identity information and password at step 56. At this time, only the username is transmitted by the browser plugin to the website.
  • a captcha is generated by the website at step 58 and transmitted to the client site.
  • the website searches in the database 134 to find the corresponding image list and bit position map for the username.
  • the captcha generation is based on a suitable image from the image list for the user and a sub-part of the public -key at the corresponding bit position indices for the image object.
  • the captcha is rendered to the user at step 60, who solves it by identifying the object as well as entering the encoded substring of the website public -key.
  • the client processor 112 validates that the object belongs to the list of objects, which are currently associated with the particular website.
  • the processor uses the bit position map to index into the public-key (exposed at the time of TLS session establishment) and extracts the sub-part. It further checks that the string entered by the user (viz. the one contained in the captcha) matches this sub- part. If the browser plugin is assured of these checks, then it can safely assume that it is securely connected with the correct website. The secure connection is thus verified at the client site at step 61.
  • the client processor 112 If the client processor 112 is assured of the authenticity of the web-site in step 61, it can safely send the user's password over the TLS connection towards the authentic website at step 63.
  • the website can verify the user password to authenticate the user and provide a login success page at step 64. It may also send a new image list and bit position map, which would be used for the next login attempt.
  • the implicit challenge can be defined to mean "return the type of the image object, which corresponds to the xth sub-part after the sub-part of the public -key, which was encoded within the captcha.” This would require the human-assisted phisher to guess the image list for the user as well as the bit position map. On the other hand, an authentic user's system can easily look up the image list and bit position map to respond to the challenge.
  • Fig. 5 is a protocol execution flowchart for authentication of the user at the authentic website in the process described with respect to Fig. 4.
  • the second protocol execution flow describes a two-way authentication mechanism, wherein the user password is not required.
  • additional steps are provided between the points marked "A" and "B" in Fig. 4.
  • the client processor 112 uses it's knowledge about the image list and bit position map to indicate that indeed it is representative of an authentic user. The client processor 112 does so by identifying and returning an image object tag, which corresponds to the exemplified xth sub-part before or after the sub-part that was embedded within the captcha, at step 70.
  • this information would be returned over the secure TLS connection towards the authentic website, as verified by the one-way authentication protocol flow of Fig. 4.
  • the website confirms the match between the received object tag and sub-part string with its image list in database 134 and informs the client of a successful login.
  • the website can send to the user a new image list and bit position map, which would be used for the next login attempt.
  • the USF needs to be implemented within the User's Browser, so that it has access to the Public Key, exposed by the website at the time of TLS session establishment. Additionally, it also needs to have easy CAPTCHA rendering capability and User Input capability which are available within any standard browser. Thus, it is most effectively implemented as a Browser Plugin. Additionally, it needs to implement a local security mechanism (for e.g. a global Username/Password or linked to Biometric Authentication offered by newer personal computers) to ensure secure access to the Image List and Bit Position Map database. Otherwise, anyone using the User's Browser would be able to authenticate themselves as the User to the website.
  • a local security mechanism for e.g. a global Username/Password or linked to Biometric Authentication offered by newer personal computers
  • Fig. 6 is a flowchart of a method for an authentication process at a client's site in accordance with an embodiment.
  • a challenge including an image object information embedded with a pattern of a secure channel invariant is received at a client from a website.
  • the secure channel invariant refers to a public -key of the website received during establishment of the communication session.
  • the received data is linked specifically to a user associated with the client.
  • the website is authenticated by comparing the received data pattern with an identified portion of a website public-key.
  • the portion of the website public -key is identified by searching the database at the client for an image object that matches the image object information in the challenge.
  • Examples of image object information include an image of a house, car, tree etc. If an image object match is found, a set of bit positions that is mapped to the matched image object is determined and a substring of the website public-key corresponding to the determined bit positions is identified. If the received pattern matches the identified portion of the website public -key at step 630, then a password indication is sent to the website at step 640.
  • the password indication is a response that includes tag data representing an image object and a data pattern linked to the image object.
  • the image object in the transmitted response is different from the image object information in the received challenge.
  • the image object is identified from the database at the client and a data pattern is correlated with the identified object image.
  • the data pattern is a substring of the website public key which is different from the substring of the public -key identified at step 620. If the received pattern does not match an identified portion of the website public key at step 630, the communication session is terminated at step 650.
  • Fig. 7 is a flowchart of a method for authentication of a user at a website in accordance with another embodiment.
  • a communication is received by a website from a client.
  • the communication includes a request for a session with the website along with a information identifying the user.
  • a user solvable challenge including an image object representation embedded with a pattern of a secure channel invariant is generated.
  • the generated challenge is linked specifically to the user based on the received user identity information.
  • the generated challenge is transmitted to the client for solving by the user.
  • a response comprising tag data representing an image object and a data pattern linked thereto is received from the client.
  • the image object of the received response is different from the image object of the transmitted challenge.
  • the user is authenticated by comparing the data pattern in the received response with an identified portion of the secure channel invariant. If the data pattern matches the identified portion of the secure channel invariant at step 760, then a response authenticating the user is transmitted to the client at step 770. If the data pattern does not match the identified portion of the secure channel invariant at step 760, then the user is invalidated at step 780.
  • a local security mechanism for example a global username/password or link to biometric authentication offered by newer personal computers, can be implemented to ensure secure access to the image list and bit position map database. This provision would prevent anyone other than the user from using the user's browser would to authenticate himself as the user to the website.
  • the invention is also applicable to communications in which users login to their accounts from a public computer.
  • the browser plugin could be appropriately modified to read the database from a removable storage device such as a pen-drive.
  • the browser on the public computer could be compromised to make a local copy of the user- specific image list and bit position map, which would enable a human- assisted attack, this security risk is not any different nor more severe than a similarly compromised browser which logs the user key presses to extract the username/password for existing authentication mechanisms. In either case, it is important that the user's browser is trustworthy.
  • tHM 4 Typically, when users register for the first time with a website, they are sent a confirmation email to one of their existing email addresses.
  • the websites use this as a rudimentary check against automata-triggered login.
  • the initial image list and bit position map can be suitably formatted in a XML format and sent within this email.
  • the users would be required to copy this XML into their browser's plugin.
  • the XML version of the image list and bit position map could be sent as a hidden parameter using inline XML within the HTML page which is rendered to the user.
  • the browser plugin would implement the additional parsing logic to read and store it. This mechanism also has the advantage that it can be used uniformly after initial user registration at the website, as well as after every successful login.
  • the website could also offer a hyperlink to enable the user to trigger creation of and receive a new image list and bit position map.
  • a user controlled remapping enables the user to have the flexibility in choosing the right time for renewing the database. For example, when a user has accessed the website from a public computer, the user can later trigger a remap when accessing from the user's personal computer. As a result, if any public -key-embedded captcha related data were compromised at the public computer, it is essentially nullified via the generation of a new image list and bit position map.
  • the user support function within the user's trusted system e.g., personal computer, would need to collect and store the various captcha-based challenges that it receives over a period of time.
  • the user could present all of the stored challenges to the authentic website to stake it's claim to a particular username/password.
  • the website would check whether the captchas are indeed valid by determining whether they contained the correct image and corresponding sub-part of the public -key, at those respective time-instances, as per its history of various image lists and bit position maps for the username. If sufficiently satisfied, the website can consider the proposing user support function to be a valid representative of the user and generate a new and valid image list and bit position map for the user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un mécanisme de sécurisation des communications, qui permet à un utilisateur de s'authentifier en résolvant un captcha sur un système sécurisé. Le navigateur de l'utilisateur connaît une combinaison unique entre différents objets images possibles dans le captcha et sa correspondance avec différentes sous-parties d'une clé publique authentique de site Web. L'utilisateur résout le captcha, et le module d'extension du navigateur se charge du reste de la partie qui consiste à valider l'identité authentique du site Web, ainsi qu'à relever le défi de renvoyer l'objet suivant.
PCT/US2009/050444 2008-07-29 2009-07-14 Procédé et système de sécurisation des sessions de communication WO2010014386A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP09803357.4A EP2311020A4 (fr) 2008-07-29 2009-07-14 Procédé et système de sécurisation des sessions de communication
CN2009801293346A CN102105920A (zh) 2008-07-29 2009-07-14 用于确保通信会话的方法和系统
CA2762706A CA2762706A1 (fr) 2008-07-29 2009-07-14 Procede et systeme de securisation des sessions de communication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN1789/DEL/2008 2008-07-29
IN1789DE2008 2008-07-29

Publications (1)

Publication Number Publication Date
WO2010014386A1 true WO2010014386A1 (fr) 2010-02-04

Family

ID=41610673

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2009/050444 WO2010014386A1 (fr) 2008-07-29 2009-07-14 Procédé et système de sécurisation des sessions de communication

Country Status (4)

Country Link
EP (1) EP2311020A4 (fr)
CN (1) CN102105920A (fr)
CA (1) CA2762706A1 (fr)
WO (1) WO2010014386A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102136964A (zh) * 2010-11-25 2011-07-27 中国移动(深圳)有限公司 一种网站测试方法和系统
CN102480486A (zh) * 2010-11-24 2012-05-30 阿尔卡特朗讯公司 验证通信会话的方法、设备及系统
CN102946314A (zh) * 2012-11-08 2013-02-27 成都卫士通信息产业股份有限公司 一种基于浏览器插件的客户端用户身份认证方法
EP2747366A1 (fr) * 2012-12-24 2014-06-25 British Telecommunications public limited company Authentification d'accès client/serveur
TWI448921B (zh) * 2010-11-30 2014-08-11 F2Ware Inc 全自動區分計算機和人類的測試資料管理方法與相關資料管理系統及其電腦程式產品
WO2014201861A1 (fr) * 2013-06-18 2014-12-24 Tencent Technology (Shenzhen) Company Limited Procédé, dispositif et terminal de vérification de sécurité
CN105103524A (zh) * 2013-01-10 2015-11-25 微软技术许可有限责任公司 Swan:实现网络中的高利用率
US9705752B2 (en) 2015-01-29 2017-07-11 Blackrock Financial Management, Inc. Reliably updating a messaging system
EP2614476A4 (fr) * 2010-09-07 2017-10-11 Samsung Electronics Co., Ltd Procédé et appareil pour la connexion à un service en ligne
US10356073B2 (en) 2016-08-29 2019-07-16 Cisco Technology, Inc. Secure captcha test

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9104854B2 (en) * 2011-08-17 2015-08-11 Qualcomm Incorporated Method and apparatus using a CAPTCHA having visual information related to the CAPTCHA's source
CN102611707B (zh) * 2012-03-21 2015-10-21 北龙中网(北京)科技有限责任公司 一种网站可信标识安装及识别方法
US10482255B2 (en) * 2016-02-16 2019-11-19 Atmel Corporation Controlled secure code authentication

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005500A1 (en) * 2005-06-20 2007-01-04 Microsoft Corporation Secure online transactions using a captcha image as a watermark
US20070250920A1 (en) * 2006-04-24 2007-10-25 Jeffrey Dean Lindsay Security Systems for Protecting an Asset
US20080109657A1 (en) * 2006-11-06 2008-05-08 Siddharth Bajaj Web site authentication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7266693B1 (en) * 2007-02-13 2007-09-04 U.S. Bancorp Licensing, Inc. Validated mutual authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005500A1 (en) * 2005-06-20 2007-01-04 Microsoft Corporation Secure online transactions using a captcha image as a watermark
US20070250920A1 (en) * 2006-04-24 2007-10-25 Jeffrey Dean Lindsay Security Systems for Protecting an Asset
US20080109657A1 (en) * 2006-11-06 2008-05-08 Siddharth Bajaj Web site authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2311020A4 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2614476A4 (fr) * 2010-09-07 2017-10-11 Samsung Electronics Co., Ltd Procédé et appareil pour la connexion à un service en ligne
CN102480486A (zh) * 2010-11-24 2012-05-30 阿尔卡特朗讯公司 验证通信会话的方法、设备及系统
WO2012069919A1 (fr) * 2010-11-24 2012-05-31 Alcatel Lucent Procédé, dispositif et système de vérification de sessions de communication
KR20130122644A (ko) * 2010-11-24 2013-11-07 알까뗄 루슨트 통신 세션을 검증하기 위한 방법, 디바이스 및 시스템
JP2014504069A (ja) * 2010-11-24 2014-02-13 アルカテル−ルーセント 通信セッションを検証する方法、装置、およびシステム
US9444801B2 (en) 2010-11-24 2016-09-13 Alcatel Lucent Method, device and system for verifying communication sessions
KR101630913B1 (ko) * 2010-11-24 2016-06-15 알까뗄 루슨트 통신 세션을 검증하기 위한 방법, 디바이스 및 시스템
CN102136964A (zh) * 2010-11-25 2011-07-27 中国移动(深圳)有限公司 一种网站测试方法和系统
TWI448921B (zh) * 2010-11-30 2014-08-11 F2Ware Inc 全自動區分計算機和人類的測試資料管理方法與相關資料管理系統及其電腦程式產品
CN102946314B (zh) * 2012-11-08 2016-04-20 成都卫士通信息产业股份有限公司 一种基于浏览器插件的客户端用户身份认证方法
CN102946314A (zh) * 2012-11-08 2013-02-27 成都卫士通信息产业股份有限公司 一种基于浏览器插件的客户端用户身份认证方法
EP2747366A1 (fr) * 2012-12-24 2014-06-25 British Telecommunications public limited company Authentification d'accès client/serveur
WO2014102522A1 (fr) * 2012-12-24 2014-07-03 British Telecommunications Public Limited Company Authentification d'accès client/serveur
CN105103524A (zh) * 2013-01-10 2015-11-25 微软技术许可有限责任公司 Swan:实现网络中的高利用率
CN105103524B (zh) * 2013-01-10 2019-04-09 微软技术许可有限责任公司 用于实现网络中的高利用率的方法和系统
US20160105436A1 (en) * 2013-06-18 2016-04-14 Tencent Technology (Shenzhen) Company Limited Security verification method, apparatus and terminal
WO2014201861A1 (fr) * 2013-06-18 2014-12-24 Tencent Technology (Shenzhen) Company Limited Procédé, dispositif et terminal de vérification de sécurité
US10097547B2 (en) 2013-06-18 2018-10-09 Tencent Technology (Shenzhen) Company Limited Security verification method, apparatus and terminal
US9705752B2 (en) 2015-01-29 2017-07-11 Blackrock Financial Management, Inc. Reliably updating a messaging system
US9712398B2 (en) 2015-01-29 2017-07-18 Blackrock Financial Management, Inc. Authenticating connections and program identity in a messaging system
US10263855B2 (en) 2015-01-29 2019-04-16 Blackrock Financial Management, Inc. Authenticating connections and program identity in a messaging system
US10341196B2 (en) 2015-01-29 2019-07-02 Blackrock Financial Management, Inc. Reliably updating a messaging system
US10623272B2 (en) 2015-01-29 2020-04-14 Blackrock Financial Management, Inc. Authenticating connections and program identity in a messaging system
US10356073B2 (en) 2016-08-29 2019-07-16 Cisco Technology, Inc. Secure captcha test

Also Published As

Publication number Publication date
CA2762706A1 (fr) 2010-02-04
EP2311020A4 (fr) 2014-12-31
EP2311020A1 (fr) 2011-04-20
CN102105920A (zh) 2011-06-22

Similar Documents

Publication Publication Date Title
EP2311020A1 (fr) Procédé et système de sécurisation des sessions de communication
CN101495956B (zh) 扩展一次性密码方法和装置
US7769820B1 (en) Universal resource locator verification services using web site attributes
CN101360102B (zh) 通过远程验证并使用凭证管理器和已记录的证书属性来检测网址转接/钓鱼方案中对ssl站点的dns重定向或欺骗性本地证书的方法
US8286225B2 (en) Method and apparatus for detecting cyber threats
US8230489B2 (en) Secure authentication systems and methods
US20120254935A1 (en) Authentication collaboration system and authentication collaboration method
US20090158033A1 (en) Method and apparatus for performing secure communication using one time password
US9088561B2 (en) Method and system for authentication in a computer network
EP2684330A1 (fr) Procédé et système pour autoriser l'accès à un site web sécurisé
US10348701B2 (en) Protecting clients from open redirect security vulnerabilities in web applications
JP4960738B2 (ja) 認証システム、認証方法および認証プログラム
CN101699820A (zh) 动态口令的认证方法和装置
JP4698751B2 (ja) アクセス制御システム、認証サーバシステムおよびアクセス制御プログラム
US9954853B2 (en) Network security
US20150328119A1 (en) Method of treating hair
CN112131564A (zh) 加密数据通信方法、装置、设备以及介质
CN107548542B (zh) 经强化完整性及安全性的用户认证方法
CN109495458A (zh) 一种数据传输的方法、系统及相关组件
CN105071993B (zh) 加密状态检测方法和系统
KR101061255B1 (ko) 웹 서버와 클라이언트 간의 통신을 감시하는 웹 보안 관리 장치 및 방법
CN109145543B (zh) 一种身份认证方法
KR100877593B1 (ko) 랜덤하게 맵핑되는 가변 패스워드에 의한 인증 보안 방법
KR20110014177A (ko) 맨 인 더 미들 컴퓨터 해킹 기술을 무력화하는 방법 및 시스템
WO2004099949A1 (fr) Modele de securite de site web

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200980129334.6

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09803357

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2762706

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2009803357

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE