WO2002099608A2 - Method for secure individual authentication for connection to an internet server by stealthy remote access - Google Patents
Method for secure individual authentication for connection to an internet server by stealthy remote access Download PDFInfo
- Publication number
- WO2002099608A2 WO2002099608A2 PCT/FR2002/001839 FR0201839W WO02099608A2 WO 2002099608 A2 WO2002099608 A2 WO 2002099608A2 FR 0201839 W FR0201839 W FR 0201839W WO 02099608 A2 WO02099608 A2 WO 02099608A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- connection
- resident
- session
- operating system
- internet
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Definitions
- the present invention relates to an individual, secure, nomadic electronic identification method intended to authenticate the author of a connection to an INTERNET site from any PC xx86 4 machine having a level of security and confidentiality. not achieved to date by any other process.
- the user is identified by the presence, on the hard drive of the machine he is using, of a qualified authentication certificate assigned by an authorized trusted third party authority, generally claiming the use of a "pass phrase" (long password).
- the certificate consists of one or more elements, files and / or records, especially in the Windows registry. These elements, like any element present on a hard disk, are liable to be fraudulently copied to (Unbeknownst to the user, by direct manipulation on the machine or remotely by the introduction of "trojans", then to be installed on another machine for fraudulent use.
- Such devices consisting of a plug applied to one of the output connectors of the machine, parallel or serial connector, USB connector, etc. support specific information sent to the machine at your request from an application resident on the disk. hard (eg certificate type).
- Such devices using a burned CD, interrogated during a connection session by the connection application or a JAVA "applet” originating from the server, can be an improvement to type 1 / devices, and present in particular the advantage of nomadism, because they work on any machine with a conventional CD player.
- the behavior of such devices is either limited to the response to a request from the machine, and does not allow the control and monitoring of the salubrity of the machine used, or claims direct launch of an application without installation on hard disk, with possible deletion at the end of the session of Internet consultation files (Internet temporary files in particular).
- Internet consultation files Internet temporary files in particular.
- nothing in this case is provided in case the session ends abnormally, and the files consulted generally remain intact.
- the word processing work possibly carried out during the protected session is not deleted.
- the “passphrases” used are subject to the same vulnerabilities as seen above, namely: possibility of fraudulent recovery by “keyioggers”.
- the access point to the INTERNET network generally depends on the remote access configuration previously carried out on the machine used. In the case where a connection is created by subscription or prepaid card, this connection is not deleted after the session and disturbs the operation of the subscriptions previously installed on the host machine.
- the method according to the invention is supported by a CD, removable, non-rewritable medium, usable on any machine of the PC xx86 type having a current CD player.
- the only insertion of the CD into the drive automatically triggers, according to the means offered by the BIOS and the commonly implemented operating systems, a series of software operations whose purpose is either to prepare a use of the operating system (OS) present to a confidential session, or to close your session of the operating system in service on the machine used, to then launch an operating system, specific to the CD and resident there, which will not be installed on the hard disk.
- OS operating system
- This O.S. owner burned on the CD cannot be subject to any fraudulent alteration insofar as the support used is not rewritable. It is not installed on the hard disk, and can be used directly from the CD.
- O.S. resident or O.S. external owner is made according to the nature of the resident operating system: - If. the resident system is unmanaged (of the Windows 95/98, Millenium or XP home type - Microsoft registered trademarks) application prepares the session by temporary installation on the hard disk (the time of the session) of a mini program intended to be executed automatically with the restarting of your host machine to complete the erasures of the passage, then to neutralize itself.
- the application identifies the connection characteristics of the host machine in the registry and the specific files, then creates a temporary text file on the hard drive. After which, a loadlin.exe routine is launched in order to stop the O.S. resident and launch the proprietary operating system directly from the CD.
- the opening of the confidential session is subject to a particular password entry device, described below. This password is completely unrelated to any passwords for accessing the various sites accessed.
- the entry point on the INTERNET network can be created specifically automatically on the machine used to obtain a specific temporary entry, which will be deleted from the machine used at the end of the session.
- This entry point can be created in particular from the characteristics of a standard type prepaid code card.
- the creation of this temporary remote access connection is carried out in such a way that it circumvents the barriers posed by any binding subscriptions present on the host machine (a good binding subscription-free is given by AOL - registered trademark - in the measure or it is usually not possible to install a competitor subscription after this one ...), and that, once the session ended, it does not disturb the proper functioning of said subscriptions. To do this, all the characteristics of the present subscription (s) are memorized before the creation and configuration of the temporary connection, with a view to being reinstalled at the end of your session.
- the software operations launched include a verification of the integrity of the RAM as well as a verification that the TCP / IP ports of the machine are not under abnormal control.
- the application runs under O.S. resident
- the resident system registry is set to prevent viewing of the CD from a network machine other than the host machine.
- the identification of the user is determined from a specific file, unique, of several thousand characters, protected against comparative analysis, in such a way that your possible possession of several of these unique files does not allow to identify any repetitive algorithm, resemblance or difference.
- This unique strong identification file is, of course, neither installed nor resident on the hard drive.
- the strong identification of the user can be constituted in various ways, qualified certificate, identifier of indefinite length, graphic file, or others ...
- Password input device according to the invention:
- the input device does not use the keyboard, but only the mouse pointer.
- the application developed for the needs of the device successively displays on the screen a number of panels equal to the number of characters in the password.
- Each of its panels is positioned randomly on the screen, waiting for a click-mouse, then disappears to make room for the next.
- each of the characters thus entered graphically is included in a control loop of several thousand characters, provided with a non-countable delay of several seconds.
- Stealth Remote Access In a particular application of the method according to the invention, called Stealth Remote Access:
- the support CD is in business card format, not rewritable, and can be used in any CD or platter CD player.
- An O.S. designed specifically for the application, is resident on the CD and works directly from the CD, if there is a managed operating system on the machine.
- the password entry device includes the randomly positioned display of 5 successive tables of alphanumeric characters (upper case, lower case and numbers).
- the password entry device selects the characters sent by the user by mouse click, without taking the keyboard into account.
- the password control device has a time delay of 5 seconds before confirming or invalidating your entry.
- the password control device manages a loop of 10,000 successive checks, among which are embedded the checks of the 5 characters entered.
- the INTERNET session launching application creates, on the machine used, the configuration of a remote access point thanks to the characteristics of a prepaid INTERNET access card on a specific call number.
- the INTERNET session launching application includes integrity checking functionalities aimed at ensuring that the machine memory is not corrupted, and that the TCP / IP access ports are not abnormally used. Part of the functionality on the CD is obtained, in particular, by automatic secure connection to one or more sites specializing in anti-virus treatment.
- the application for launching your Internet session directly opens the home page of a publisher / advertiser site.
- the INTERNET session closure causes the deletion of the configuration of the remote access connection possibly installed during the session opening and the reinstatement of the parameters of the priority connection previously present on the host machine.
- the erasure of the traces of passage are selective: only Internet files, history, etc., consulted during the session are deleted, to the exclusion of all other files consulted previously during the session.
- operations outside the Internet copy and paste, clipboard, word processing
- the utility initially installed in order to correct an abnormal interruption of the session is erased .
- the method according to the invention in addition to its obvious advantage in the field of personalizing the use of collective machines, such as the creation of constant personalized environments on public machines of the cyber cafe type and the direct addressing (direct marketing) of Prospects new to the Internet provides unmatched security in the area of authenticating users of INTERNET services, and naturally finds many applications in sectors requiring strong identification and easy to use.
- online services from banks, tax administration (VAT declarations, among others), information providers, newsletters, administrative services, online, etc.
- A. particularly interesting application concerns the signature, eiefctr ⁇ ique, including the. legal definition states that it must be able to be protected by the signatory against any use by third parties. Indeed, qualified electronic certificates, devices currently admitted as capable of fulfilling the functions of electronic signature cannot be validly protected against any use by third parties, since they reside on the user's hard drive and can be " and the exponential development of the number of people connected to the INTERNET creates every day additional and new risks of amateur, mercenary, and even institutional hacking from all nations.
Abstract
Description
Claims
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0107329A FR2825488A1 (en) | 2001-06-05 | 2001-06-05 | Method for secure individual authentification of internet server connection, comprises non-rewritable CD carrying operating program and mouse and screen based password procedure bypassing keyboard |
FR01/07329 | 2001-06-05 | ||
FR02/02820 | 2002-03-06 | ||
FR0202820A FR2825489B1 (en) | 2001-06-05 | 2002-03-06 | SECURE INDIVIDUAL AUTHENTICATION METHOD FOR CONNECTION TO AN INTERNET / INTRANET SERVER BY REMOTE FURENT ACCESS |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002099608A2 true WO2002099608A2 (en) | 2002-12-12 |
WO2002099608A3 WO2002099608A3 (en) | 2003-02-20 |
Family
ID=26213036
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2002/001839 WO2002099608A2 (en) | 2001-06-05 | 2002-05-31 | Method for secure individual authentication for connection to an internet server by stealthy remote access |
Country Status (2)
Country | Link |
---|---|
FR (1) | FR2825489B1 (en) |
WO (1) | WO2002099608A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100454325C (en) * | 2004-11-19 | 2009-01-21 | 株式会社日立制作所 | Safety system, identifying server, identifying method and program |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2878047B1 (en) * | 2004-11-17 | 2007-03-09 | David Fauthoux | PERSONAL PORTABLE MASS MEMORY MEDIUM AND SECURED ACCESS TO A USER SPACE VIA A NETWORK |
EP1836636A1 (en) * | 2004-11-17 | 2007-09-26 | David Fauthoux | Portable personal mass storage medium and computer system with secure access to a user space via a network |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2313460A (en) * | 1996-05-21 | 1997-11-26 | Bosch Gmbh Robert | Graphical password entry |
US5960085A (en) * | 1997-04-14 | 1999-09-28 | De La Huerga; Carlos | Security badge for automated access control and secure data gathering |
US5960170A (en) * | 1997-03-18 | 1999-09-28 | Trend Micro, Inc. | Event triggered iterative virus detection |
EP0952715A2 (en) * | 1998-03-24 | 1999-10-27 | Lucent Technologies Inc. | Firewall security method and apparatus |
WO2000062249A2 (en) * | 1999-04-07 | 2000-10-19 | Gms-Softmed Sc | Dual smart/optical card |
WO2001001259A1 (en) * | 1999-06-30 | 2001-01-04 | Sun Microsystems, Inc. | Self-contained and secured access to remote servers |
WO2001006342A1 (en) * | 1999-07-15 | 2001-01-25 | Creative Media Design At Integrated Systems Scandinavia Group Ab | Information carrier |
-
2002
- 2002-03-06 FR FR0202820A patent/FR2825489B1/en not_active Expired - Fee Related
- 2002-05-31 WO PCT/FR2002/001839 patent/WO2002099608A2/en not_active Application Discontinuation
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2313460A (en) * | 1996-05-21 | 1997-11-26 | Bosch Gmbh Robert | Graphical password entry |
US5960170A (en) * | 1997-03-18 | 1999-09-28 | Trend Micro, Inc. | Event triggered iterative virus detection |
US5960085A (en) * | 1997-04-14 | 1999-09-28 | De La Huerga; Carlos | Security badge for automated access control and secure data gathering |
EP0952715A2 (en) * | 1998-03-24 | 1999-10-27 | Lucent Technologies Inc. | Firewall security method and apparatus |
WO2000062249A2 (en) * | 1999-04-07 | 2000-10-19 | Gms-Softmed Sc | Dual smart/optical card |
WO2001001259A1 (en) * | 1999-06-30 | 2001-01-04 | Sun Microsystems, Inc. | Self-contained and secured access to remote servers |
WO2001006342A1 (en) * | 1999-07-15 | 2001-01-25 | Creative Media Design At Integrated Systems Scandinavia Group Ab | Information carrier |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100454325C (en) * | 2004-11-19 | 2009-01-21 | 株式会社日立制作所 | Safety system, identifying server, identifying method and program |
Also Published As
Publication number | Publication date |
---|---|
FR2825489A1 (en) | 2002-12-06 |
FR2825489B1 (en) | 2003-09-05 |
WO2002099608A3 (en) | 2003-02-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200404019A1 (en) | Mutual authentication security system with detection and mitigation of active man-in-the-middle browser attacks, phishing, and malware and other security improvements | |
US7302698B1 (en) | Operation of trusted state in computing platform | |
US8782404B2 (en) | System and method of providing trusted, secure, and verifiable operating environment | |
CN101478530B (en) | Method and system for providing security access to insecure network | |
EP1055990A1 (en) | Event logging in a computing platform | |
WO2011138558A2 (en) | Method for authenticating a user requesting a transaction with a service provider | |
Marforio et al. | Evaluation of personalized security indicators as an anti-phishing mechanism for smartphone applications | |
Grimes | Hacking multifactor authentication | |
JP2006293804A (en) | Input of password and authentication system | |
Hoffman et al. | Ajax security | |
Shepherd et al. | Towards trusted execution of multi-modal continuous authentication schemes | |
Watters et al. | This would work perfectly if it weren’t for all the humans: Two factor authentication in late modern societies | |
Burrough | Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments | |
WO2002099608A2 (en) | Method for secure individual authentication for connection to an internet server by stealthy remote access | |
Messaggi Kaya | Trust and security risks in mobile banking | |
EP3350745B1 (en) | Management of a display of a view of an application on a screen of an electronic data input device, corresponding method, device and computer program product | |
Donaldson et al. | Understanding security issues | |
Li | A contingency framework to assure the user-centered quality and to support the design of anti-phishing software | |
Torres et al. | User Behavioral Biometrics and Machine Learning Towards Improving User Authentication in Smartphones | |
Adams et al. | Guide to Securing Scientific Software | |
Alhathally et al. | Cyber security Attacks: Exploiting weaknesses | |
Kausar et al. | An effective technique for detection and prevention of SQLIA by utilizing CHECKSUM based string matching | |
Køien et al. | A Call for Mandatory Input Validation and Fuzz Testing | |
FR2825488A1 (en) | Method for secure individual authentification of internet server connection, comprises non-rewritable CD carrying operating program and mouse and screen based password procedure bypassing keyboard | |
Pedersen | Development of an Account Management Dashboard with a Focus on Account Recovery |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002743343 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2002743343 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |