Browse Prior Art Database

Protection against Connection to Faked Network Service Provider via Question-Answer Pre-Login Check

IP.com Disclosure Number: IPCOM000188129D
Original Publication Date: 2009-Oct-14
Included in the Prior Art Database: 2009-Oct-14
Document File: 1 page(s) / 74K

Publishing Venue

Siemens

Related People

Juergen Carstens: CONTACT

Abstract

Many business companies provide their services via network. Prominent examples are online banking, payment services, trading platforms and others where users connect via internet having web interface to their accounts. Normally, users type their usernames and passwords in order to login and use provided services and resources. According to the same idea, any software that has a web access allows users to connect to proprietary systems remotely. Control center software installed on control center sites also provides remote web access to a control center. Remote network connection has one serious security hole where the remote service provider can be hacked and faked. Such a faked network service provider can pretend exactly the same way like original one. Users cannot even notice that they are connected to the faked network service provider. Typical scenario might look like one of the following:

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 1

Protection against Connection to Faked Network Service Provider via

Question-Answer Pre-Login Check

Idea: Dr. Oleksandr Pochayevets, DE-Nuremberg

Many business companies provide their services via network. Prominent examples are online banking, payment services, trading platforms and others where users connect via internet having web interface to their accounts. Normally, users type their usernames and passwords in order to login and use provided services and resources.

According to the same idea, any software that has a web access allows users to connect to proprietary systems remotely. Control center software installed on control center sites also provides remote web access to a control center.

Remote network connection has one serious security hole where the remote service provider can be hacked and faked. Such a faked network service provider can pretend exactly the same way like original one. Users cannot even notice that they are connected to the faked network service provider. Typical scenario might look like one of the following:

• A dedicated network line physically connects remote users to a power station control center. A hacker connects this line to his/her server and provides faked but similar login interface to the remote user. Users type their usernames and passwords that become immediately available to the hacker. Now, the hacker having legal usernames and passwords may connect remotely to the real power station control center.

• A hacker changes DNS (Domain Name System) record of a payment services web site on a local DNS server. Users, who...