The same protocol could be employed in many computer networks in which two computers, hand-held communication devices or network nodes need to simultaneously verify the identity of each other.
The protocol - called "delayed password disclosure" - was created by Markus Jakobsson and Steve Myers of Indiana University. It may have application in any environment where "mutual identity authentication" is required, the researchers say.
This new security protocol could help to prevent consumers from getting tricked into connecting to a fake wireless hub at an airport, for example. Or the protocol could notify you that the link included in a legitimate-looking e-mail points to a fake website set up to steal your sensitive information, such as passwords and PINs to bank accounts, credit cards numbers and account numbers for online fund-transfer services.
The safety measures also might help stop organized crime and terrorist-funding groups from collecting large numbers of fund-transfer account numbers that could be used for money laundering, the researchers say.
In one possible application, the security protocol could be used to verify that two wireless devices trying to connect to each other don't mistakenly connect to another device. This is useful to safeguard communications between mobile units, such as between members of emergency crews who are connected through wireless networks built "on the fly."
These so-called "ad hoc" networks hold great potential for military and emergency response applications where network infrastructures have been destroyed or are nonexistent. The flexibility of ad hoc networks, however, open