WO2009147049A3 - Method and system for defeating the man in the middle computer hacking technique - Google Patents
Method and system for defeating the man in the middle computer hacking technique Download PDFInfo
- Publication number
- WO2009147049A3 WO2009147049A3 PCT/EP2009/056500 EP2009056500W WO2009147049A3 WO 2009147049 A3 WO2009147049 A3 WO 2009147049A3 EP 2009056500 W EP2009056500 W EP 2009056500W WO 2009147049 A3 WO2009147049 A3 WO 2009147049A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- ippw
- password
- secure
- web site
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
A method for constructing a secure Internet transaction, the method includes: receiving a user identification (userid) and user password on a client device for filling out a form generated by a secure web site; concatenating the user's Internet Protocol (IP) address with a separate password that is maintained on the secure web site that the user is authenticating to; encrypting the concatenated user IP and separate password to form an Internet Protocol password (IPPW); wherein the encrypting is carried out with a client device linear feedback shift register (LFSR) with a defined cycle count; building a transaction consisting of the IPPW, defined cycle count, and userid; transmitting the transaction and form via a network towards the secure web site; wherein in response the secure website performs the following: decrypts the IPPW, and determines if the IP portion of the decrypted IPPW is equal to the user's IP address.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009801174366A CN102027728B (en) | 2008-06-03 | 2009-05-28 | Method and system for defeating the man in the middle computer hacking technique |
| CA2706582A CA2706582C (en) | 2008-06-03 | 2009-05-28 | Method and system for defeating the man in the middle computer hacking technique |
| EP09757431A EP2232811B1 (en) | 2008-06-03 | 2009-05-28 | Method and system for defeating the man in the middle computer hacking technique |
| JP2011512071A JP4921614B2 (en) | 2008-06-03 | 2009-05-28 | Method and system for preventing man-in-the-middle computer hacking techniques |
| AT09757431T ATE536591T1 (en) | 2008-06-03 | 2009-05-28 | METHOD AND SYSTEM FOR DEFUTTING ßMAN IN THE MIDDLESS HACKING TECHNIQUES |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US12/132,203 US8055587B2 (en) | 2008-06-03 | 2008-06-03 | Man in the middle computer technique |
| US12/132,203 | 2008-06-03 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| WO2009147049A2 WO2009147049A2 (en) | 2009-12-10 |
| WO2009147049A3 true WO2009147049A3 (en) | 2010-02-25 |
Family
ID=41380876
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/EP2009/056500 WO2009147049A2 (en) | 2008-06-03 | 2009-05-28 | Method and system for defeating the man in the middle computer hacking technique |
Country Status (8)
| Country | Link |
|---|---|
| US (1) | US8055587B2 (en) |
| EP (1) | EP2232811B1 (en) |
| JP (1) | JP4921614B2 (en) |
| KR (1) | KR20110014177A (en) |
| CN (1) | CN102027728B (en) |
| AT (1) | ATE536591T1 (en) |
| CA (1) | CA2706582C (en) |
| WO (1) | WO2009147049A2 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377572B (en) * | 2011-11-23 | 2014-01-29 | 广东南方信息安全产业基地有限公司 | Mutual authentication method based on linear shift |
| US8800004B2 (en) | 2012-03-21 | 2014-08-05 | Gary Martin SHANNON | Computerized authorization system and method |
| US8954004B1 (en) | 2012-09-20 | 2015-02-10 | Trend Micro Incorporated | Systems and methods for accessing websites using smartphones |
| US10693893B2 (en) | 2018-01-16 | 2020-06-23 | International Business Machines Corporation | Detection of man-in-the-middle in HTTPS transactions independent of certificate trust chain |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030188012A1 (en) * | 2002-03-29 | 2003-10-02 | Ford Daniel E. | Access control system and method for a networked computer system |
| US20040044896A1 (en) * | 2002-08-29 | 2004-03-04 | International Business Machines Corporation | Universal password generation method |
Family Cites Families (50)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5875296A (en) * | 1997-01-28 | 1999-02-23 | International Business Machines Corporation | Distributed file system web server user authentication with cookies |
| US6085224A (en) * | 1997-03-11 | 2000-07-04 | Intracept, Inc. | Method and system for responding to hidden data and programs in a datastream |
| US6112240A (en) * | 1997-09-03 | 2000-08-29 | International Business Machines Corporation | Web site client information tracker |
| US6092196A (en) * | 1997-11-25 | 2000-07-18 | Nortel Networks Limited | HTTP distributed remote user authentication system |
| US6304906B1 (en) * | 1998-08-06 | 2001-10-16 | Hewlett-Packard Company | Method and systems for allowing data service system to provide class-based services to its users |
| US6205480B1 (en) * | 1998-08-19 | 2001-03-20 | Computer Associates Think, Inc. | System and method for web server user authentication |
| US6374359B1 (en) * | 1998-11-19 | 2002-04-16 | International Business Machines Corporation | Dynamic use and validation of HTTP cookies for authentication |
| US6985953B1 (en) * | 1998-11-30 | 2006-01-10 | George Mason University | System and apparatus for storage and transfer of secure data on web |
| US6714926B1 (en) * | 1999-02-02 | 2004-03-30 | Amazon.Com, Inc. | Use of browser cookies to store structured data |
| US6751654B2 (en) * | 1999-03-31 | 2004-06-15 | International Business Machines Corporation | Simulating web cookies for non-cookie capable browsers |
| US7155605B1 (en) * | 1999-03-31 | 2006-12-26 | Lenovo (Singapore) Pte. Ltd. | Data processing system and method for maintaining secure data blocks |
| US6226752B1 (en) * | 1999-05-11 | 2001-05-01 | Sun Microsystems, Inc. | Method and apparatus for authenticating users |
| US7188181B1 (en) * | 1999-06-30 | 2007-03-06 | Sun Microsystems, Inc. | Universal session sharing |
| US6976077B1 (en) * | 1999-07-06 | 2005-12-13 | Microsoft Corporation | Automatic and transparent synchronization of server-side state information with a client application |
| US6789115B1 (en) * | 1999-07-09 | 2004-09-07 | Merrill Lynch & Company | System for collecting, analyzing, and reporting high volume multi-web server usage |
| US6851060B1 (en) * | 1999-07-15 | 2005-02-01 | International Business Machines Corporation | User control of web browser user data |
| US6970933B1 (en) * | 1999-07-15 | 2005-11-29 | F5 Networks, Inc. | Enabling application level persistence between a server and another resource over a network |
| US7287084B1 (en) * | 1999-07-15 | 2007-10-23 | F5 Networks, Inc. | Enabling encryption of application level persistence between a server and a client |
| US20010027439A1 (en) * | 1999-07-16 | 2001-10-04 | Holtzman Henry N. | Method and system for computerized form completion |
| US6651217B1 (en) * | 1999-09-01 | 2003-11-18 | Microsoft Corporation | System and method for populating forms with previously used data values |
| US6909785B1 (en) * | 1999-11-11 | 2005-06-21 | Qualcomm, Inc. | Method and apparatus for efficient irregular synchronization of a stream cipher |
| US6725269B1 (en) * | 1999-12-02 | 2004-04-20 | International Business Machines Corporation | System and method for maintaining multiple identities and reputations for internet interactions |
| JP2001274786A (en) * | 2000-01-21 | 2001-10-05 | Victor Co Of Japan Ltd | Contents information transmission method, contents information recording method, contents information transmitter, contents information recorder, transmission medium and recording medium |
| US6751736B1 (en) * | 2000-03-14 | 2004-06-15 | International Business Machines Corporation | Method and apparatus for E-commerce by using optional fields for virtual bar codes |
| US7200863B2 (en) * | 2000-05-16 | 2007-04-03 | Hoshiko Llc | System and method for serving content over a wide area network |
| US6714930B1 (en) * | 2000-05-31 | 2004-03-30 | International Business Machines Corporation | Lightweight directory access protocol, (LDAP) trusted processing of unique identifiers |
| US6836845B1 (en) * | 2000-06-30 | 2004-12-28 | Palm Source, Inc. | Method and apparatus for generating queries for secure authentication and authorization of transactions |
| US7194764B2 (en) * | 2000-07-10 | 2007-03-20 | Oracle International Corporation | User authentication |
| US7249369B2 (en) * | 2000-07-10 | 2007-07-24 | Oracle International Corporation | Post data processing |
| US7124203B2 (en) * | 2000-07-10 | 2006-10-17 | Oracle International Corporation | Selective cache flushing in identity and access management systems |
| US6973580B1 (en) * | 2000-07-13 | 2005-12-06 | International Business Machines Corporation | System and method for alerting computer users of digital security intrusions |
| US7010605B1 (en) * | 2000-08-29 | 2006-03-07 | Microsoft Corporation | Method and apparatus for encoding and storing session data |
| JP2002091828A (en) * | 2000-09-18 | 2002-03-29 | Sharp Corp | Data processor, storage device and data transfer system using the same |
| US7085744B2 (en) * | 2000-12-08 | 2006-08-01 | International Business Machines Corporation | Method and system for conducting a transaction over a network |
| US7185364B2 (en) * | 2001-03-21 | 2007-02-27 | Oracle International Corporation | Access system interface |
| US7020705B2 (en) * | 2001-04-26 | 2006-03-28 | Intel Corporation | De-authenticating in security environments only providing authentication |
| US7231661B1 (en) * | 2001-06-21 | 2007-06-12 | Oracle International Corporation | Authorization services with external authentication |
| US7225256B2 (en) * | 2001-11-30 | 2007-05-29 | Oracle International Corporation | Impersonation in an access system |
| US6665634B2 (en) * | 2001-12-21 | 2003-12-16 | Hewlett-Packard Development Company, L.P. | Test system for testing dynamic information returned by a web server |
| ATE322790T1 (en) * | 2002-01-18 | 2006-04-15 | Stonesoft Corp | MONITORING DATA FLOW TO IMPROVE NETWORK SECURITY PROTECTION |
| US7100049B2 (en) * | 2002-05-10 | 2006-08-29 | Rsa Security Inc. | Method and apparatus for authentication of users and web sites |
| US7334013B1 (en) * | 2002-12-20 | 2008-02-19 | Microsoft Corporation | Shared services management |
| US20040158746A1 (en) * | 2003-02-07 | 2004-08-12 | Limin Hu | Automatic log-in processing and password management system for multiple target web sites |
| US7281130B2 (en) * | 2003-07-30 | 2007-10-09 | Hewlett-Packard Development Company, L.P. | Storing authentication sequences for expedited login to secure applications |
| US7340496B2 (en) * | 2003-12-17 | 2008-03-04 | International Business Machines Corporation | System and method for determining the Nth state of linear feedback shift registers |
| US8935416B2 (en) * | 2006-04-21 | 2015-01-13 | Fortinet, Inc. | Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer |
| FR2905488B1 (en) * | 2006-09-04 | 2011-04-01 | Baracoda | ARCHITECTURE FOR ACCESSING A DATA STREAM USING A USER TERMINAL |
| US20080104672A1 (en) * | 2006-10-25 | 2008-05-01 | Iovation, Inc. | Detecting and preventing man-in-the-middle phishing attacks |
| US8745151B2 (en) * | 2006-11-09 | 2014-06-03 | Red Hat, Inc. | Web page protection against phishing |
| US8356345B2 (en) * | 2008-06-03 | 2013-01-15 | International Business Machines Corporation | Constructing a secure internet transaction |
-
2008
- 2008-06-03 US US12/132,203 patent/US8055587B2/en not_active Expired - Fee Related
-
2009
- 2009-05-28 WO PCT/EP2009/056500 patent/WO2009147049A2/en active Application Filing
- 2009-05-28 KR KR1020107027123A patent/KR20110014177A/en not_active Application Discontinuation
- 2009-05-28 AT AT09757431T patent/ATE536591T1/en active
- 2009-05-28 CA CA2706582A patent/CA2706582C/en active Active
- 2009-05-28 CN CN2009801174366A patent/CN102027728B/en active Active
- 2009-05-28 EP EP09757431A patent/EP2232811B1/en active Active
- 2009-05-28 JP JP2011512071A patent/JP4921614B2/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030188012A1 (en) * | 2002-03-29 | 2003-10-02 | Ford Daniel E. | Access control system and method for a networked computer system |
| US20040044896A1 (en) * | 2002-08-29 | 2004-03-04 | International Business Machines Corporation | Universal password generation method |
Also Published As
| Publication number | Publication date |
|---|---|
| KR20110014177A (en) | 2011-02-10 |
| ATE536591T1 (en) | 2011-12-15 |
| JP4921614B2 (en) | 2012-04-25 |
| JP2011525011A (en) | 2011-09-08 |
| WO2009147049A2 (en) | 2009-12-10 |
| CA2706582A1 (en) | 2009-12-10 |
| US8055587B2 (en) | 2011-11-08 |
| CA2706582C (en) | 2017-04-11 |
| CN102027728A (en) | 2011-04-20 |
| CN102027728B (en) | 2013-10-02 |
| US20090299759A1 (en) | 2009-12-03 |
| EP2232811B1 (en) | 2011-12-07 |
| EP2232811A2 (en) | 2010-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101064595B (en) | Computer network safe input authentication system and method | |
| JP2009500913A5 (en) | ||
| WO2007137166A3 (en) | Dynamic web services system and method for use of personal trusted devices and identity tokens | |
| WO2002093824A3 (en) | Authentication method | |
| WO2008054375A3 (en) | Constrained cryptographic keys | |
| WO2007115982A3 (en) | Identity protection method, devices and corresponding computer programme product | |
| WO2004046849A3 (en) | Cryptographic methods and apparatus for secure authentication | |
| WO2008099756A1 (en) | Client device, key device, service providing device, user authentication system, user authentication method, program, and recording medium | |
| WO2007038896A3 (en) | Method and devices for user authentication | |
| WO2009022560A1 (en) | Client device, server device, and program | |
| CN101834840A (en) | Efficient key derivation for end-to-end network security with traffic visibility | |
| WO2008039582A3 (en) | System and method for securing software applications | |
| WO2007120215A3 (en) | Secure electronic commerce using mutating identifiers | |
| TW200943898A (en) | Method and apparatus for providing trusted single sing-on access to applications and internet-based services | |
| PL2166697T3 (en) | Method and system for authenticating a user by means of a mobile device | |
| WO2007027290A3 (en) | Method and apparatus for user authentication | |
| WO2009031140A3 (en) | Information protection device | |
| JP2013509840A (en) | User authentication method and system | |
| WO2007092401A3 (en) | Utilizing a token for authentication with multiple secure online sites | |
| CN102833244A (en) | Communication method for authentication by fingerprint information | |
| CN104394172A (en) | Single sign-on device and method | |
| BRPI0811643A2 (en) | SECURE LOGIN PROTOCOL | |
| CN103281193A (en) | Identity authentication method and system and data transmission method and device based on same | |
| WO2007067839A3 (en) | Method and system for managing secure access to data in a network | |
| CN108040048A (en) | A kind of mobile client end subscriber dynamic secret key encryption communication method based on http protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| WWE | Wipo information: entry into national phase |
Ref document number: 200980117436.6 Country of ref document: CN |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09757431 Country of ref document: EP Kind code of ref document: A2 |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 2706582 Country of ref document: CA |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 2009757431 Country of ref document: EP |
|
| ENP | Entry into the national phase |
Ref document number: 20107027123 Country of ref document: KR Kind code of ref document: A |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 2011512071 Country of ref document: JP |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |