According to the current state of the art there are nowadays two widespread methods for addressing computer systems on the internet, namely DNS service or the addressing of permanently assigned IP addresses. Dynamic IP addresses, such as are assigned by the majority of internet service providers to the client devices, can only be used via internet services (e.g. DynDNS.org, NoIP.com, Selfhost.de, TZODNS.com or dynamic DNS services of the internet service provider) for addressing a specific computer system. In this case a computer system should be understood for example to be an internet router, smartphone, server, personal computer, laptop, notebook, tablet PC etc.
The aforementioned methods enable potential attackers from the internet to attack the computer systems via DNS or the IP address. In this case monitoring can potentially be obtained via the computer systems or so-called DOS (denial of service) attacks on these computer systems can be carried out. In the case of dynamic DNS services it is also possible for the access data for the dynamic DNS service to be stolen. As a result it would be possible for an attacker to divert the dynamic DNS address to another computer system, in order then to capture the accesses by the users to this address.
It is known to transmit the IP address via a telephone connection. In this connection, however, it is not possible to rule out the use of a falsified caller ID (telephone number). However, this abuse is not discernible, and thus the transmission of the IP address is not secure. Nowadays a user name and password are generally used for authentication. Furthermore, in banking businesses chip cards and one-time passwords, so-called TANs or smsTANs, are used. The disadvantage in the authentication by means of a user name and password is that for different target systems the user must in each case create his own user name and passwords. Often for reduction of the number of passwords a common password is created for different target systems.
In this connection the problem arises that through the theft of this common password an attacker can attack a plurality of the user's target systems in order for example to manipulate or to capture data or in order to make purchases in the name of and for the account of the user. Furthermore, the user generally also has no possibility of verifying how securely the access data are stored in the respective target system.
Smart cards and one-time passwords (TAN/smsTAN) for banking business can be misused by technical processes. Thus there are already known cases in which smsTANs have been collected and misused. With wireless connections such as for example NFC, Bluetooth, WLAN etc. there is a risk that the connection set-up and the wireless transmission of data are intercepted by attackers. This results in a large number of possibilities for attack in order to obtain access to the computer systems or in order to misuse the data.
According to the current state of the art, user data are frequently stored on a plurality of extraneous computer systems. Thus for purchases via the internet it is generally necessary to store the user name, password and the account or credit card data on the website of the respective online retailer. In the case of social networks personal and private data are to a large extent transmitted to an extraneous computer system, sometimes even with the proviso that these data may be used by the provider of the social network. However, cases are continually becoming known in which user data have been stolen and wrongfully used by hackers. Thus in May 2011 millions of personal data, also including passwords and credit card numbers were stolen in an attack by hackers on data processing systems belonging to Sony.
In payment processes via the internet, account data or credit card data must generally be communicated to the vendor or the online shop. In most cases these data are stored in the vendor's computer systems. Here too, the user generally has no possibility of verifying how securely the data are stored in the vendor's computer systems. There are a large number of cases in to which these data have been stolen and wrongfully used. In such cases the data have been stolen by attackers both outside and inside these firms.