WO2009147049A3 - Method and system for defeating the man in the middle computer hacking technique - Google Patents
Method and system for defeating the man in the middle computer hacking technique Download PDFInfo
- Publication number
- WO2009147049A3 WO2009147049A3 PCT/EP2009/056500 EP2009056500W WO2009147049A3 WO 2009147049 A3 WO2009147049 A3 WO 2009147049A3 EP 2009056500 W EP2009056500 W EP 2009056500W WO 2009147049 A3 WO2009147049 A3 WO 2009147049A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- ippw
- password
- secure
- web site
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009801174366A CN102027728B (en) | 2008-06-03 | 2009-05-28 | Method and system for defeating the man in the middle computer hacking technique |
CA2706582A CA2706582C (en) | 2008-06-03 | 2009-05-28 | Method and system for defeating the man in the middle computer hacking technique |
EP09757431A EP2232811B1 (en) | 2008-06-03 | 2009-05-28 | Method and system for defeating the man in the middle computer hacking technique |
JP2011512071A JP4921614B2 (en) | 2008-06-03 | 2009-05-28 | Method and system for preventing man-in-the-middle computer hacking techniques |
AT09757431T ATE536591T1 (en) | 2008-06-03 | 2009-05-28 | METHOD AND SYSTEM FOR DEFUTTING ßMAN IN THE MIDDLESS HACKING TECHNIQUES |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/132,203 US8055587B2 (en) | 2008-06-03 | 2008-06-03 | Man in the middle computer technique |
US12/132,203 | 2008-06-03 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2009147049A2 WO2009147049A2 (en) | 2009-12-10 |
WO2009147049A3 true WO2009147049A3 (en) | 2010-02-25 |
Family
ID=41380876
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2009/056500 WO2009147049A2 (en) | 2008-06-03 | 2009-05-28 | Method and system for defeating the man in the middle computer hacking technique |
Country Status (8)
Country | Link |
---|---|
US (1) | US8055587B2 (en) |
EP (1) | EP2232811B1 (en) |
JP (1) | JP4921614B2 (en) |
KR (1) | KR20110014177A (en) |
CN (1) | CN102027728B (en) |
AT (1) | ATE536591T1 (en) |
CA (1) | CA2706582C (en) |
WO (1) | WO2009147049A2 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102377572B (en) * | 2011-11-23 | 2014-01-29 | 广东南方信息安全产业基地有限公司 | Mutual authentication method based on linear shift |
US8800004B2 (en) | 2012-03-21 | 2014-08-05 | Gary Martin SHANNON | Computerized authorization system and method |
US8954004B1 (en) | 2012-09-20 | 2015-02-10 | Trend Micro Incorporated | Systems and methods for accessing websites using smartphones |
US10693893B2 (en) | 2018-01-16 | 2020-06-23 | International Business Machines Corporation | Detection of man-in-the-middle in HTTPS transactions independent of certificate trust chain |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188012A1 (en) * | 2002-03-29 | 2003-10-02 | Ford Daniel E. | Access control system and method for a networked computer system |
US20040044896A1 (en) * | 2002-08-29 | 2004-03-04 | International Business Machines Corporation | Universal password generation method |
Family Cites Families (50)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5875296A (en) * | 1997-01-28 | 1999-02-23 | International Business Machines Corporation | Distributed file system web server user authentication with cookies |
US6085224A (en) * | 1997-03-11 | 2000-07-04 | Intracept, Inc. | Method and system for responding to hidden data and programs in a datastream |
US6112240A (en) * | 1997-09-03 | 2000-08-29 | International Business Machines Corporation | Web site client information tracker |
US6092196A (en) * | 1997-11-25 | 2000-07-18 | Nortel Networks Limited | HTTP distributed remote user authentication system |
US6304906B1 (en) * | 1998-08-06 | 2001-10-16 | Hewlett-Packard Company | Method and systems for allowing data service system to provide class-based services to its users |
US6205480B1 (en) * | 1998-08-19 | 2001-03-20 | Computer Associates Think, Inc. | System and method for web server user authentication |
US6374359B1 (en) * | 1998-11-19 | 2002-04-16 | International Business Machines Corporation | Dynamic use and validation of HTTP cookies for authentication |
US6985953B1 (en) * | 1998-11-30 | 2006-01-10 | George Mason University | System and apparatus for storage and transfer of secure data on web |
US6714926B1 (en) * | 1999-02-02 | 2004-03-30 | Amazon.Com, Inc. | Use of browser cookies to store structured data |
US6751654B2 (en) * | 1999-03-31 | 2004-06-15 | International Business Machines Corporation | Simulating web cookies for non-cookie capable browsers |
US7155605B1 (en) * | 1999-03-31 | 2006-12-26 | Lenovo (Singapore) Pte. Ltd. | Data processing system and method for maintaining secure data blocks |
US6226752B1 (en) * | 1999-05-11 | 2001-05-01 | Sun Microsystems, Inc. | Method and apparatus for authenticating users |
US7188181B1 (en) * | 1999-06-30 | 2007-03-06 | Sun Microsystems, Inc. | Universal session sharing |
US6976077B1 (en) * | 1999-07-06 | 2005-12-13 | Microsoft Corporation | Automatic and transparent synchronization of server-side state information with a client application |
US6789115B1 (en) * | 1999-07-09 | 2004-09-07 | Merrill Lynch & Company | System for collecting, analyzing, and reporting high volume multi-web server usage |
US6851060B1 (en) * | 1999-07-15 | 2005-02-01 | International Business Machines Corporation | User control of web browser user data |
US6970933B1 (en) * | 1999-07-15 | 2005-11-29 | F5 Networks, Inc. | Enabling application level persistence between a server and another resource over a network |
US7287084B1 (en) * | 1999-07-15 | 2007-10-23 | F5 Networks, Inc. | Enabling encryption of application level persistence between a server and a client |
US20010027439A1 (en) * | 1999-07-16 | 2001-10-04 | Holtzman Henry N. | Method and system for computerized form completion |
US6651217B1 (en) * | 1999-09-01 | 2003-11-18 | Microsoft Corporation | System and method for populating forms with previously used data values |
US6909785B1 (en) * | 1999-11-11 | 2005-06-21 | Qualcomm, Inc. | Method and apparatus for efficient irregular synchronization of a stream cipher |
US6725269B1 (en) * | 1999-12-02 | 2004-04-20 | International Business Machines Corporation | System and method for maintaining multiple identities and reputations for internet interactions |
JP2001274786A (en) * | 2000-01-21 | 2001-10-05 | Victor Co Of Japan Ltd | Contents information transmission method, contents information recording method, contents information transmitter, contents information recorder, transmission medium and recording medium |
US6751736B1 (en) * | 2000-03-14 | 2004-06-15 | International Business Machines Corporation | Method and apparatus for E-commerce by using optional fields for virtual bar codes |
US7200863B2 (en) * | 2000-05-16 | 2007-04-03 | Hoshiko Llc | System and method for serving content over a wide area network |
US6714930B1 (en) * | 2000-05-31 | 2004-03-30 | International Business Machines Corporation | Lightweight directory access protocol, (LDAP) trusted processing of unique identifiers |
US6836845B1 (en) * | 2000-06-30 | 2004-12-28 | Palm Source, Inc. | Method and apparatus for generating queries for secure authentication and authorization of transactions |
US7194764B2 (en) * | 2000-07-10 | 2007-03-20 | Oracle International Corporation | User authentication |
US7249369B2 (en) * | 2000-07-10 | 2007-07-24 | Oracle International Corporation | Post data processing |
US7124203B2 (en) * | 2000-07-10 | 2006-10-17 | Oracle International Corporation | Selective cache flushing in identity and access management systems |
US6973580B1 (en) * | 2000-07-13 | 2005-12-06 | International Business Machines Corporation | System and method for alerting computer users of digital security intrusions |
US7010605B1 (en) * | 2000-08-29 | 2006-03-07 | Microsoft Corporation | Method and apparatus for encoding and storing session data |
JP2002091828A (en) * | 2000-09-18 | 2002-03-29 | Sharp Corp | Data processor, storage device and data transfer system using the same |
US7085744B2 (en) * | 2000-12-08 | 2006-08-01 | International Business Machines Corporation | Method and system for conducting a transaction over a network |
US7185364B2 (en) * | 2001-03-21 | 2007-02-27 | Oracle International Corporation | Access system interface |
US7020705B2 (en) * | 2001-04-26 | 2006-03-28 | Intel Corporation | De-authenticating in security environments only providing authentication |
US7231661B1 (en) * | 2001-06-21 | 2007-06-12 | Oracle International Corporation | Authorization services with external authentication |
US7225256B2 (en) * | 2001-11-30 | 2007-05-29 | Oracle International Corporation | Impersonation in an access system |
US6665634B2 (en) * | 2001-12-21 | 2003-12-16 | Hewlett-Packard Development Company, L.P. | Test system for testing dynamic information returned by a web server |
ATE322790T1 (en) * | 2002-01-18 | 2006-04-15 | Stonesoft Corp | MONITORING DATA FLOW TO IMPROVE NETWORK SECURITY PROTECTION |
US7100049B2 (en) * | 2002-05-10 | 2006-08-29 | Rsa Security Inc. | Method and apparatus for authentication of users and web sites |
US7334013B1 (en) * | 2002-12-20 | 2008-02-19 | Microsoft Corporation | Shared services management |
US20040158746A1 (en) * | 2003-02-07 | 2004-08-12 | Limin Hu | Automatic log-in processing and password management system for multiple target web sites |
US7281130B2 (en) * | 2003-07-30 | 2007-10-09 | Hewlett-Packard Development Company, L.P. | Storing authentication sequences for expedited login to secure applications |
US7340496B2 (en) * | 2003-12-17 | 2008-03-04 | International Business Machines Corporation | System and method for determining the Nth state of linear feedback shift registers |
US8935416B2 (en) * | 2006-04-21 | 2015-01-13 | Fortinet, Inc. | Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer |
FR2905488B1 (en) * | 2006-09-04 | 2011-04-01 | Baracoda | ARCHITECTURE FOR ACCESSING A DATA STREAM USING A USER TERMINAL |
US20080104672A1 (en) * | 2006-10-25 | 2008-05-01 | Iovation, Inc. | Detecting and preventing man-in-the-middle phishing attacks |
US8745151B2 (en) * | 2006-11-09 | 2014-06-03 | Red Hat, Inc. | Web page protection against phishing |
US8356345B2 (en) * | 2008-06-03 | 2013-01-15 | International Business Machines Corporation | Constructing a secure internet transaction |
-
2008
- 2008-06-03 US US12/132,203 patent/US8055587B2/en not_active Expired - Fee Related
-
2009
- 2009-05-28 WO PCT/EP2009/056500 patent/WO2009147049A2/en active Application Filing
- 2009-05-28 KR KR1020107027123A patent/KR20110014177A/en not_active Application Discontinuation
- 2009-05-28 AT AT09757431T patent/ATE536591T1/en active
- 2009-05-28 CA CA2706582A patent/CA2706582C/en active Active
- 2009-05-28 CN CN2009801174366A patent/CN102027728B/en active Active
- 2009-05-28 EP EP09757431A patent/EP2232811B1/en active Active
- 2009-05-28 JP JP2011512071A patent/JP4921614B2/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188012A1 (en) * | 2002-03-29 | 2003-10-02 | Ford Daniel E. | Access control system and method for a networked computer system |
US20040044896A1 (en) * | 2002-08-29 | 2004-03-04 | International Business Machines Corporation | Universal password generation method |
Also Published As
Publication number | Publication date |
---|---|
KR20110014177A (en) | 2011-02-10 |
ATE536591T1 (en) | 2011-12-15 |
JP4921614B2 (en) | 2012-04-25 |
JP2011525011A (en) | 2011-09-08 |
WO2009147049A2 (en) | 2009-12-10 |
CA2706582A1 (en) | 2009-12-10 |
US8055587B2 (en) | 2011-11-08 |
CA2706582C (en) | 2017-04-11 |
CN102027728A (en) | 2011-04-20 |
CN102027728B (en) | 2013-10-02 |
US20090299759A1 (en) | 2009-12-03 |
EP2232811B1 (en) | 2011-12-07 |
EP2232811A2 (en) | 2010-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101064595B (en) | Computer network safe input authentication system and method | |
JP2009500913A5 (en) | ||
WO2007137166A3 (en) | Dynamic web services system and method for use of personal trusted devices and identity tokens | |
WO2002093824A3 (en) | Authentication method | |
WO2008054375A3 (en) | Constrained cryptographic keys | |
WO2007115982A3 (en) | Identity protection method, devices and corresponding computer programme product | |
WO2004046849A3 (en) | Cryptographic methods and apparatus for secure authentication | |
WO2008099756A1 (en) | Client device, key device, service providing device, user authentication system, user authentication method, program, and recording medium | |
WO2007038896A3 (en) | Method and devices for user authentication | |
WO2009022560A1 (en) | Client device, server device, and program | |
CN101834840A (en) | Efficient key derivation for end-to-end network security with traffic visibility | |
WO2008039582A3 (en) | System and method for securing software applications | |
WO2007120215A3 (en) | Secure electronic commerce using mutating identifiers | |
TW200943898A (en) | Method and apparatus for providing trusted single sing-on access to applications and internet-based services | |
PL2166697T3 (en) | Method and system for authenticating a user by means of a mobile device | |
WO2007027290A3 (en) | Method and apparatus for user authentication | |
WO2009031140A3 (en) | Information protection device | |
JP2013509840A (en) | User authentication method and system | |
WO2007092401A3 (en) | Utilizing a token for authentication with multiple secure online sites | |
CN102833244A (en) | Communication method for authentication by fingerprint information | |
CN104394172A (en) | Single sign-on device and method | |
BRPI0811643A2 (en) | SECURE LOGIN PROTOCOL | |
CN103281193A (en) | Identity authentication method and system and data transmission method and device based on same | |
WO2007067839A3 (en) | Method and system for managing secure access to data in a network | |
CN108040048A (en) | A kind of mobile client end subscriber dynamic secret key encryption communication method based on http protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200980117436.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09757431 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2706582 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009757431 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20107027123 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011512071 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |