"METHOD FOR DEVELOPMENT OF APPLICATIONS TO INTERACT WITH

INTERNET"

Field Of The Invention The present patent of invention privilege entitled,

"METHOD FOR DEVELOPMENT OF APPLICATIONS TO INTERACT WITH INTERNET", has for object a process that defines a new architecture for development of applications, that makes possible to interact with current internet, belonging to the field of the science of information, more precisely become pregnant for construction of operating systems and construction of applications for the "Web", which was developed, with views to cure conectividade problems and safety in the Internet, allowing a safe communication between the "web pages" and their way users to minimize swindles them electronics, the "intruders" and the common virtual curses in the daily of the computation. It is had, therefore, in the patent request in subject, a method especially projected and developed to obtain enormous praticidade and brings great advantages, in its use, so much in the construction of operating systems as in constructions for applications in the "Web."

Historical Of The Invention As it is of the versed technicians' knowledge in the science of the computation, in its beginning, the computation was defined as a mechanism that turned possible to automate certain tasks in great companies and in the government ways. With the technological progress, the "gigantic equipments" began to give up space for small equipments and more powerful. The evolution of the telecommunications allowed that, little by little, .the computers passed communicating amongst themselves. As consequence, such machines left of simply to automate tasks and they started to work with Information.

The information is a patrimony, of great value. It is not simply treated of a heap of agglomerated bytes, but of a group of classified data and organized so that an user or a company can take advantage. The information is, besides, a factor that can determine the survival or the discontinuity of the activities of a company.

Such fact is not difficult of being understood. It is simply enough to imagine what would happen if a financial institution lost all information of their customers.

In spite of possible, rarely a company of great load loses their information, mainly when it is banks, exchange houses, among others. However, the most frequent occurrence is the inadequate use of the acquired information, the under use of these information, or still, the negligence with the safety of the same ones.

1.1 technology of the Information The Technology of the Information (Tl) it can be defined as a group of all the activities and solutions provided by computation resources. The applications for Tl are extremely diversified (they are linked to the most several areas) that several definitions exist and none gets to determine satisfactorily. As the information is an property it adds value to a company or an individual, it is necessary use of resources of "Tl" in an appropriate way, in other words, it is necessary to use tools, systems or other means that do of the information a differential one competitive. Besides, it is necessary to look for solutions to bring good results, but that have the smallest possible cost. The subject is that "magic formula" doesn't exist to determine as using, in the best way the information. Everything depends on the culture, of the market, of the segment and of other aspects of a company. The choices need to be well done, otherwise, they can happen unnecessary expenses or, still, loss performance.

It is possible to notice how much is complicated to generalize what is "Tl". There is still, several other aspects to be considered that

were not mentioned. For instance, the company should know how to work also with safety, with readiness, with the use of systems, with technologies, with qualified human resources.

To "Tl" is something more and more common in the people's day by day and of the companies. And everything rotates around the information, therefore, who knows to recognize the importance of that, certainly if it will turn a professional with qualification for the needs of the market. In the same way, the company that best to get work with the information, certainly it will has competitive advantages in relation to the contestants. 1.2 Internet

It is a net of computers that communicates from a transparent way to the user through a protocol IP (Internet Protocol).

The growth of the Internet use can be evaluated with base in the expansion of the available resources and of the users in the last years. In 1984 the "hosts" number (servants of resources) it rotated around 1.000, jumping for 100.000 in 1989, reaching 1.000.000 in 1992 and giving up to 3.200.000 in 1994. In 1997 they existed about 10.000.000 of "hosts" and more than 30 million users. Already in the beginning of 2001 , they were more than 110.000.000 of "hosts" and more than 400 million users. The last data of two great analyzers of the Internet show that in May of 2003 there were 580 million users, according to the NUDE, while Telcordia NetSizer, in September of 2003 told more than 840 million users.

Advantages of the Internet

^• to Consult the largest source of information of the world.

The Internet is as the largest base of data of the world, the amount of information that we can find is surprising. To research a theme in the Internet is to be impressed with the number of people that already wrote of it, and on different perspectives. ^• Access a biggest library of the planet

In the Internet exist all the themes curricular and dozens of encyclopedias for researches.

^■ Access an informations no available in other places. One of the great advantages of the Internet is the easy access to the information that it would be difficult to find in the world real or high I cost out of the Internet.

^• Comunicacao among users independent of the distance.

To supply the users' need to share experiences amongst themselves, for instance: sending of pictures, important documents, jokes of the day etc.

^■ To Find individuals with common interests.

In the Internet exist thousands of groups that interest on almost all the themes. Discussion forums, thematic "chats", thematic "newsletters" etc.

^• Diversion and leisure.

The Internet is best place of the world for amusement.

To play alone or accompanied, all of the types of games, to read news, to hear music, to paint, to smile etc. - To Learn and to increase our qualifications.

There are thousands ways of learning through Internet: it researches at libraries, learning distance, selection of courses and teaching institutions, registration in interchanges among others.

^■ To Save time. Bank operations, to remove a birth certificate, a property certificate, to change the residence, to give income tax, they are some services that can be made through the Internet.

^■ Buy at reduced price.

In the Internet exists a great number of stores. Any can be bought product through the Internet: books, disks, goods of supermarkets etc.

even the user opting to go to the store can be compared before, the prices of the several existent offers, and to save time and money.

^■ to Improve the capacity and the aspect of the computer. Now it is not necessary to go to the computer science store to buy programs and accessories to install in the computer, because now it is possible to acquire any product without leaving of house and with low cost.

^• Opportunity of businesses

The Internet is a powerful propaganda tool and marketing being now the media that more it grows all over the world. It is accessible of any place of the world that has a microcomputer and a phone line; its possesses low implantation cost and maintenance; its allows to reach to the white public's needs; it allows a direct interaction between the company and their customers; and its allows to assist the public, 24 hours a day, seven days a week. ^• Given Statistical

One of the largest advantages of the internet is the possibility to monitor practically everything that an user or potential customer executes. It is possible to monitor "clicks" in "banners", number of "download", visitors of his "site", the pages through where they passed from where came and all that that we can imagine.

Deficient Points Of The State Of The Technique

In spite of the great number of services offered by the

"Internet" and the accelerated growth in the number of users, some exist inconveniences that bring great damages in its use, which will be striped below: - It lacks of censorship

A false information published in the by the internet will reach the same number of people that will be reached by true information.

- Lack of safety

It exists a great number of defrauders and several types of applied blows in the internet.

- Lack of privacy

Due to safety's lack, the defrauders known as "hackers", "crackers", "phreackers", etc, they can access easily any type of data, of the circle of friendships, courtships etc., could bring problems to the users of the remote net that you have their accessed data.

- Address for "IP"

One of the disadvantages of the outline of address of the Internet is that, as an address "IP" refers the a net connection, when a certain machine changes of a net for other, she should change of address "IP". That brings a great barrier to the connection of movable "hosts" that you need fixed "Ips" to the Internet.

- Virus transmission The virus destroys the content of the microcomputer, it can be installed without it is noticed, could come enclosed in e-mail or to be received innocently by programs of communication of the type "chats".

- Inappropriate content

There are "rooms" of it chats with themes on sex, erotic pictures and pedofilia. They also exist "sites" with the same content could be accessed by a child.

- Public programming

All of the lines of code of systems of safety for internet use public keys, in other words, the thieves known as "hackers", "crackers", "phreackers", etc, they have access, being like this the safety cannot be guaranteed by a long period.

Bank Service ("Banking")

One of the most important services made available in the Internet is the service of the banking system, known popularly as "banking."

The term "banking" wouldn't need explanation, but they seem already ace first references in the media to the neologism "banckcalization". Defined as easiness, praticidade and agility in tasks that before were costly, stressful or tiresome regarding the bank activities. Home Banking

With the rises of the informatic places the spread of bank operations began, being spared the terminals bank, such service is denominated "home banking" or "office banking", which it allows the accomplishment of operations of businesses through systems offered by the bank institution to their customers' computers equipped with devices as the modem, to access the deprived net of the bank.

Of the technical point of view the "home banking" or

"office banking" doesn't get confused with "internet banking", in the measure in that in this last one, the access to the banking system (that happens for the Internet) it spares the previous installation of own systems of the banks in their customers' computers.

Internet Banking

The known service like "Internet Banking" represents a new modality of electronic trade, for the which the customer, being been worth of the internet has access to several bank services for the accomplishment of businesses and electronic contracts, the ones which, for its time, they are defined as contracts been celebrated through computer programs or apparels with such programs, being spared the codified signature or password.

"Internet Banking" Reality Researches reveal the growth of the use of "Internet

Banking" services for the consumers and the one that the banks still need to do to improve services for the Internet.

An example is the Brazilian bank section; it is one of the most modern of the world and that collaborated for "Internet Banking" development in the country.

Besides, "Internet Banking" users' great part, they use this service with a lot of frequency. Among the users, 32% access the bank everyday for the Internet, while 30% access, on average, from 3 to 5 times a week. In relation to the functions more accessed and used, the balance/extract consultation comes in first place. Today, 79% of "Internet Banking" users reveal to use that service frequently. In second place they are the payments, used by 60%, and the transfers and "DOCs", used by 44%.

More than 10% of the interviewees revealed their intentions of using more the service, if they were well educated in the use operations. Besides, 46% revealed that feel service lack in time real or "on-line" and 42% would also like a channel of direct contact with manager for electronic mail or "e-mail."

That can also indicate that, if the navigation of the bank "sites" was easier and intuitive, the customers would not have difficulties.

Another point that should be observed by the banks is the safety, or lack. For 28% of the interviewees, that is still the main problem in the hour of accessing the "site" of the bank.

Below it will be related an abbreviation compilation of the advantages and disadvantages of the bank services made through the net global internet.

Advantages Of The Bank Operations In The Internet - Decrease of fixed costs of maintenance of a bank agency, specifically in the expenses of personal.

- No bureaucratization of services, sparing the customer's physical presence in the establishment, avoiding lines and waste of time accomplishing bank operations.

- The geographical reach, for the fact of the Internet to reach the whole world, the services can be offered in great scale.

- Decrease of risks of assaults, due to the smallest movement of people, coin and services in the bank agencies. Disadvantages Of The Bank Operations In The Internet

The great disadvantage in the bank operations in the internet is the several types of frauds, below they are mentioned the main frauds applied in the global net.

Situation 1 - the user receives a "e-mail" or call phone, of an assumption employee of the institution that maintains the "site" of electronic trade or of a bank. In this "e-mail" or phone call the user is persuaded to supply confidential information, as access passwords or number of credit cards.

Situation 2 - the user receives a "e-mail", whose sender can be a supposed employee, manager, or even a known person, and this "e-mail" contains an enclosed program. The message, then, requests that the user executes the program, for instance, to obtain faster access to a "site" of electronic trade or to have access to more detailed information of bank account. After the malicious program to be installed in the user's computer, the confidential information can be obtained in the following ways: - For the capture of typed keys: a malicious program can capture and to store all the keys typed by the user, in matter, those typed soon after the entrance in a "site" of electronic trade or of "Internet Banking". This way, the program can store and sends confidential information (as access passwords to the bank or numbers of credit cards) for an attacker. - For the localization the position of the cursor and storage of the presented graph: some "sites" of "Internet Banking" have been supplying a virtual keyboard, to avoid that their users use the conventional keyboard and like this, to increase safety's level in the accomplishment of bank transactions saw "Web". The fact is that a program can store the position of the cursor and the screen presented in the monitor, in the moments in that the button

of the mouse was pressed. These information allow that an attacker, for instance, know which was the access password to the bank, used by the user.

-The video camera control of the type "Webcam": a program can control the user's "Webcam", addressing keyboard, when the user is accessing a "site" of electronic trade or of "Internet Banking". This way, the collected images (including those, that it contains the fingering of passwords or number of credit cards) they can be sent for an attacker.

Situation 3 - an attacker commits the servant of the user's provider's names, so that all of the accesses to a "site" of electronic trade or "Internet Banking" are redirected for a page falsified "Web", similar to the true "site." In this case, an attacker can monitor all of the user's actions, including, for instance, the fingering of bank password or the number of credit card. It is important to stand out that in this situation the user should usually accept a new certificate (that doesn't correspond to the true site) and the address shown in the navigator (browser) of the user it can be different from the address corresponding to the true "site."

Situation 4 - the user can be persuaded to access a

"site" of electronic trade or "Internet Banking", through a link received by "e-mail" or in a page of third. This link can address the user for a page falsified "Web", similar to the "site" that the user really wants to access. Since then, an attacker can monitor all of the user's actions, including, for instance, the fingering bank password or the number of credit card. It is also important to stand out that in this situation the user should usually accept a new certificate (that doesn't correspond to the true "site") and the address shown in the navigator (browser) of the user it will be different from the address corresponding to the true "site."

Situation 5 - the user, when using computers of third parties to access "sites" of electronic trade or "Internet Banking", it can have all their monitored actions (including the fingering of passwords or number of credit cards), through programs specifically projected for this end (as described in the situation 2). In spite of all these risk situations they exist, also some exist cares,

2007/000105

11

relatively simple, that they can and they should be following for the users to the they access "sites" of electronic trade and "Internet Banking", in way to avoid that defrauders use their data (mainly the confidential ones).

Below they are related some methods of attacks to the files of the users' of the global net computers:

- Attacks for "NetBIOS": In this technique we showed in practice as thousands of computers in the Internet are exposed and as it is easy to have access to the files of the same ones without being detected.

- Attacks for "Footprinting": Technique used by the "hackers" to obtain every type of personal information contained in a computer, to facilitate a future invasion.

- Attacks for "Brute Force": use of "Worlist"; standard password and no "crackers."

- Use of "Scanners": Programs used to seek open doors, services turning, installed Operating system. It is flaws of safety to allow the invasion.

- Invasion for "Sniffer": to Intercept the traffic with "sniffer"; to capture passwords; "sniffers" in "Trojans"; Gateways; "Anti-Sniffers."

- Use of "Binders": Technique used to disguise malicious programs and virus for the user not to notice the real danger.

- "Trojans" and "Back Doors": Invasion for "TCP" and

"UDP"; "Trojan" of information and of gateway; Detection for doors, files, "string" and manual.

- "Visual Spoof: A new way that the "hackers" found to get users' passwords with little knowledge in safety of Technology of Information.

The own user supplies the data for knowledge lack.

Negligent provider opens doors for frauds.

Thieves intercept and providers' users' connections that are not in force invasions deviate.

The "hackers" insist to get to invade systems of great safety. But they are not the great "hackers" that accomplish them swindle virtual that, most of the time, they use resources not very sophisticated. Usually the virtual criminals look for the easiest road. They take advantage of users' negligences, instead of trying to break the system of the bank, that it is very safe. In agreement with the specialists in the subject for now on the agenda, it is frequent that the criminals get the passwords and numbers of credit card in conventional ways, far away from the computers, for later to do deviations of money for the internet.

While the virtual thieves in Brazil are free, in the United States the law will be firmer against the crimes in internet. Recently the Camera of the Deputies of the USA approved a bill that will turn the heaviest sentences for the digital pirates. In the current law, the punishment bases on the caused economical damage. With the change, the intentions of the attack will be considered. Like this, if the "hacker" puts lives in risk he can be sentenced to life imprisonment. Vulnerabilities - "hackers'" Depositions heard by a specialized American magazine in the subject show that some cares would avoid a lot of virtual frauds. It is known that 90% of the attacks happen because the configuration in the servants is badly elaborated and the softwares are not updated properly.

Besides seeking a provider with good safety and always to update the operating system and softwares, the specialists recommend care in the hour of accomplishing purchases in the internet. There are "companies that don't store the customers' information properly", affirms the director of services of the "Internet Security System" (ISS).

To verify the connection with the site it is safe for a transaction, the user should be observed "URL" counts with the "https" or a padlock icon in the inferior portion of the page.

The customers' of virtual stores data should be criptographies so that they are not stolen, precaution taken by "sites" of great companies that operate in the internet.

According to the specialists in safety in the internet, the users with access the band releases is more exposed, same the ones that use the "firewall" and intruders' detector in the computer, besides the antivirus.

Passwords - Nowadays, the financial institutions act with countersigns to avoid frauds with the cards.

As a specialist's information in computer science of banks never a case of invasion was registered in the "internet banking". However what happens, it is the robbery of passwords and a subsequent draft.

The countersigns or second password are usually a mixture of numbers and letters. After the checking account holder to type the conventional password, the countersign is asked for so much in operations by the "internet banking", electronic box or call.

Politics Of Safety In The Bank Operations In The Internet

- Politics of physical safety. It consists of the implementation in the physical facilities of the systems and employed computer science equipments for the "internet banking", as the choice of an appropriate place, moved away of public areas, with prevention systems and combat to the electric power lack, fire, alternative processings and copies of the processings. - Politics of logical safety.

Understanding the protection of the databases against informatic virus, taking care the storage and maintenance of the files, risk administration etc..

These two politics seek to avoid that intruders access bases of relative data to the bank transactions. Some exist means for such actions as:

- The job of the digital certification and cryptography: the certificate digital or electronic is a computer file that identifies the user for another person or for another computer, with the purpose of guaranteeing the authenticity, privacy and inviolability of the communication. This system executes the

cryptography, that is the process of codifying information, so that just the intended addressee of the information can decode them.

- The use of the passwords or the biometry, that it is the identification method for physical aspects, as the iris, fingerprint or voice. - Other form of prevention of damages to the customers of the "internet banking" is the politics of popularization of clues for the banks, how to change password periodically, to maintain the updated antivirus, not to accomplish operations in public equipments and not to open files of ignored origin.

The "internet banking" is contributing to improve the bank service, however, for the fact of making contracts among people that don't see each other, it removes a little the credibility in certain cases, to revert this picture the banks they have to continue investing in the electronic safety's technology, besides in the physical part of the agencies and to avoid assaults and undue appropriations in the net. Improper drafts are almost associated in totality the robberies of passwords.

A flaw example is the attack man-in-the-middle (MITM):

"HTTPS" (HyperText Transfer Protocol Secure), it is an implementation of the protocol "HTTP" on a layer "SSL" or of "TLS", that additional layer allows the data to be transmitted through a connection criptography and that the authenticity of the servant is verified and of the customer through digital certificates. The door "TCP" used by norm for the protocol "HTTPS" is to "443."

The protocol "HTTPS" are usually used when one want to avoid that the information transmitted between the customer and the servant is visualized by third, as for instance in the case of purchases "online."

In "URLs" of the "sites" the beginning would present, 'https: / / '.

The concept of attack man-in-the-middle (MITM) it is inserted in the safety's of nets computer sciences extent. It is based on an attack in

that the attacker is capable to read, to insert and modify messages among two entities without these have knowledge that connection was committed.

Any one of the entities (A and B) has ignorance that the connection was corrupted or committed. The packages sent by A to B are intercepted by C, and vice-versa, that has power to do what wants with them. In this context it is necessary, for besides the capture, the reshipment of the packages for the original addressee. This procedure introduces abnormal arrears in the net that they can be easily detected for mechanisms of detection of intrusions (IDS, IPS etc.). The packages captured by MITM can be in cleartext or ciphertext depending on the service that originates them (HTTP/HTTPS, POP3/POP3S etc.).

Mobile Banking

The popularization of technologies for movable communication has been allowing the access wherever to the remote information is been, opening a very big fan of means, applications and services for the users.

It is also noticed, a great evolution and popularization of devices computations movables, such as cellular, "PDAs" (Digital Personal

Assistant) and laptops, that brings us the estimate that in few years thousands of dispersed people for the world will have one of those types of devices with the communication capacity with the traditional fixed nets and with other movable computers. That atmosphere propitiates the creation of the concept of movable computation.

Movable computation can be represented as a new paradigm computation that allows users of that atmosphere to have access independently to services of location, being able to besides, to be in movement.

More technically it is a concept that involves processing, ^' mobility and communication without thread. The idea is to have access anywhere to the information and at any moment.

"Mobile Banking" is the use of these devices for transmission of information between the banks and their customers.

Devices For Movable Computation

Due to the definition of movable computation, a device for this end should have the capacity to accomplish processing, to change information through net and being capable of being transported easily by user. For that, it is important that the device computational has reduced size and don't need cables to connect it to the net of data or electric source of energy. Like this, equipments of this type should have the following characteristics: to be much smaller than the work stations that use, usually manipulated in the lap or in the palm of the hands; to possess a battery, to avoid the need of connections to the electric net through cables that would limit the mobility a lot; and to have access to the data through technologies of nets without thread, for the same previous reason.

Some devices have been used for the ends of the movable computation, basically they are "laptops" and "palmtops", "DPAs" (Digital Personal Assistant) and cellular telephones.

"Laptops" and "Palmtops"

"Laptops" are computers as the ones that use as work stations ("PCs" - Personal Computers), however, with quite reduced dimensions, allowing transport of a place for other with certain comfort and manipulation in practically any place.

In spite of having capacity and use compared to the one of a common "PC", a laptop is not still the best option for agile use and in movement, because it usually needs that user stops in a favorable place (with a table or support), remove it of a small suitcase or "marry", tie it (that can be a process a little slow), use and later keep in small suitcase.

"Palmtops" reduce a little the mentioned problems and they are basically similar to the "laptops", however, for they possess dimensions

still more reduced, they implicate in a larger limitation in the processing capacity, memory, storage, E/S (entrance and exit) and comfort in the use.

"DPAs" (Digital Personal Assistant)

They are "handhelds" (hand devices) servants with the objective of they be organizing personal. Their users easily can maintain and to consult personal data anywhere and at any moment, because the devices have quite reduced size, they fit in the pocket and they can be operated in the palm of the hand.

They are hand computers, but due to the quite reduced size, those devices possess processing capacity, memory, storage and E/E (entrance and exit) restricted.

Another inconvenience is the comfort lack in use, because usually those devices don't have keyboard (when they possess is quite reduced) or "mouse", in most of them entered her of data is done through a pen and a software of writing recognition. The screen is also small (some few inches) and not always they possess good resolution and capacity of colors.

Mobile Telephones

Originally the cellular telephones appeared as devices for conversation by voice, exclusively. However, with the progress of the technology and the evolution of the generations of the cellular telephony, those devices also acquired processing capacity and communication through the integration of the cellular net with net of data, especially the Internet.

Below a flaw example in the safety for better illustration of the theme on the agenda: A software company published the existence of a breach in the politics of safety of an operator of mobile phone, allowing malicious users to access the system of authentication of lines to apparels and, consequently, "cloner" numbers already registered other customers of the company.

The alert left of a team of experts in vulnerability.

According to specialists in the subject, to get to enable a line in more than an apparel, it is necessary to have access to a central system maintained by the telephony operator. The access, however, it is just obtained by authorized resellers and for computers that possess digital certification emitted by the own operator.

The cellular telephones are also objectives of the phreakers, that are hackers with high telephony knowledge, they mix telephony knowledge, digital electronics and computer science.

Vulnerability of "VoIP" The technology voice on IP offers reduction of costs in the calls of long distance. But, without the appropriate defenses it can expose telephony system to the intruders, affecting the rest of the systems "Web."

The telephony service was cut abruptly in a stockbroker after a "hacker" threw an attack of "DOS" (Denial-of-service) in their voice systems. A "worm" passed of the net of a giant's of the American retail data entering in voice net, turning off "call centers" and causing the loss of million in sales. An impostor enters in the net of telephony of a government agency and it steals information confidential "clonering" an existent identification of telephone.

In agreement with the specialists in safety, such sceneries are plausible and they can become inevitable the more companies and governments change their traditional systems of telephony for systems "VoIP". When doing phone calls for the internet, the companies are saving million. But they are exposing their voice systems the all of the curses that today attack the nets of data, as "worms", virus, "spam" on telephony internet (SPIT), attacks "DOS" and frauds. Besides, they open more doors so that other areas of the net are also attacked, affecting the infrastructure of the nets of data of the companies and their systems.

The "Ruts" that are anxious to begin to use in wide climb

"VoIP" need to understand that the alone "firewalls" don't protect them. It is enough to look the state of the internet ten years ago, before famous "Nimda", "Sasser"

and other incalculable famous attacks. To avoid that, the executives control the voice nets they should plan the encriptagao use, authentication, specific "firewalls" for "VoIP" and to separate the net of data of the one of voice. They need to assure redundancy in the case of the lack of energy and they should assure the safety of servants and equipments of the strange glance physically.

Traditional PBXs have their own vulnerabilities and the

"hackers" already got if it uses of them to enter in voice systems or "voice mail". But "VoIP" expands them, offering more opportunities. In a recent report, National Institute of Standard and Technology (NIST) affirms that exists offices more points to connect "LAN" than to the telephony systems.

The Ruts that already use systems of "VoIP" advise that she should focus in the safety from of the choice of the equipment or of the service. Like this, it is avoided the cost and the frustration of arranging to the door after having broken into. As most of the systems of "VoIP" are built around of the platforms "Linux" and "Microsoft", they are susceptible to the same problems of the servants that use those operating systems. However, the problem is that the applied measures of safety to the net of data don't work well with the systems of "VoIP". For instance, the traditional "firewalls" can delay or even blocking the calls and the criptoografy it can cause arrears and cuts of the communication. Like this, safety's techniques should be specialized in "VoIP."

In certain companies, the exit for ace possible flaws in the operating system was to adopt a closed solution, how to use hardware proprietor. The used technology left of the construction of a new administrative center, a tower of 12 floors drifted with the prepared infrastructure to use "VoIP" exclusively. In this unit, they exist about 700 telephones "IP" and more 70 "softphones" for executives in trips. In this case, a "VPN" is used to guarantee the safety. Besides the thirst, the company possesses more than 900 units of services and other entities that are in process of implementation of the solutions of

"VoIP". Up to now, they are more than 100 units that use "VoIP". Some of those entities will use telephony pure "IP" and another will just adopt a "gateway" of "VoIP" for communication expresses.

The architecture of the net of "VoIP" is the following: in the administrative center there is telephony pure "IP", with an only "LAN" for voice communication and data. For communication among the branches, also "VoIP" is used on the corporate net of data. It is the same physical net, but there is logical separation. Some exist protection mechanisms for the voice net, as, for instance, voice servants protected by "firewall" - however, they are treated of traditional "firewalls", no specific for "VoIP."

In agreement with a research company, only one among ten American companies implanted nets "VoIP" in wide climbs. But that is changing: In the end of 2006, the research indicated that 45% of the companies will already have some form of "VoIP" and the adoption will accelerate of there forward. Some problems already appeared. A development manager for voice products affirmed that virus, including "Sasser" and "Code Red", they dropped net of "VoIP" for four hours because of the existent interconnection with the net of data. The director of convergence of a consultancy company confirms that some of the 500 larger companies of the ranking of the magazine "Fortune", joint of "VoIP", already suffered some incident type with "hackers" that it caused problems in the operation of the day by day. For a lot of companies, however, the low cost and the convenience of the systems "VoIP" are stronger than the potentials existent risks.

The "Ruts" got ready for safer calls. Instead of quickly to install the new technology inside of the company, with several offices around of the world, they move using the technology more slowly only inside of the net of the company.

The specialists suggest that approach for who is beginning exactly. Like this, when it begins to use in a more insecure way, it will be familiarized with the technology. According to specialists, the critical factor of

success for the use of "VoIP" is to maintain a solid infrastructure, such as, systems of "knot-breaks" with generators and a net totally redundant.

It is suggested that the feeding of the equipments uses "Puts" (Power over Ethernet) to have an extra redundancy. Now, when a lawyer in London calls the office of San

Francisco, the call is "rotaded" of PBX and converted inside for the net "IP" of "WAN" of the company. When it arrives to the destiny is converted again for the system of PBX. Like this, the collection of calls of long distance is eliminated using the net "IP" without the risks of the connection with the net of data. In some years, there will be the total change of the system. The department began using "VoIP" for calls of long distance among the offices. After the initial period of tests they were substituted PBXs, except the one of the remote offices that still use the old systems. The department is saving 425 thousand dollars a year in the head office and in "call centers". But before systems of safety were implemented as the code of the voice traffic, the separation of the nets of data and voice they are using systems of intrusion detection and antivirus. The team also monitors the servants of "VoIP" the whole time. To invest in that can increase the costs, but even if that is not enough to move the whole infrastructure for the system "VoIP" - when one only thinks in the financial cost - the technological advantages that the company will have, such as mobility and collaboration, they are more than enough to justify the investment.

In another company, the concern with the safety is constant. When adopting the telephony for "VoIP", it was insured the necessary safety. The company sought a form to reduce costs and increases the agility of phone system, without losing in quality, since the connections among their units happen in great amount and frequently. Besides, it was vital to maintain the safety in the process. To separate the net of voice of the traffic of the internet, it was contracted a line dedicated until the provider's of the service "datacenter", turning the whole safest process. The installed "gateways" allow "firewalls" for VoIP as

optional. Beside the provider, "firewalls" exist to guarantee the service and monitorament 24 hours a day.

The same procedure was adopted by one of the largest pharmaceutical laboratories of the world where the use of "VoIP" is already part of the routine in company. Installed since 2004 the system allows the economy in the calls of long distance and also the flexibility in the net interns. To maintain it holds voice net and the one of data, they are separate physically.

According to the specialists, it is easy to intercept the calls "VoIP" no criptographies using a "iPod." When a virus reached the net of a certain institution in

2004, the system of "VoIP" of the university was not affected. That because the company understood that, safety's planning was key part to maintain high the readiness. Besides installing multiple "firewalls", a virtual net was built for the voice traffic, helping like this to protect the system against virus that could reach the net. When a virus reached the campus, this ended up not entering in the system of "VoIP". The used technique was to separate the traffic voice of the traffic internet. A virtual net can protect the voice traffic creating logical barriers. Virtual nets, "firewalls" and "gateways" can maintain intruders out of the systems of "VoIP", but they don't protect against internal "hackers." To add other layer of safety to the system, the users owe encript ace conversations like them do with the net of data. Encriptation is important, independent of the used protocol. Today, the main are two: "SIP" (Session Initiation Protocol) and H.323. In his/her basic form, "SIP" moves in pure text, meaning that he is vulnerable to the softwares spies. According to the specialists it is easy to intercept the calls "VoIP" no criptography using an "iPod". In the referred institution, to migrate for "VoIP" involves a careful calculation of as I scratch out them can have with that. For instance, they are όomfortable in using the system for instructors and students, but they decided to leave the safe telephones and the kiosks in the traditional system. In the current state of the technology, the companies should decide which risks want to run. Telephones and essential services, unless drifted, implemented and maintained carefully, they will

be of high risk if used in systems of "VoIP", in agreement with the report of "NIST". The report discourages the "softphones" use where the safety and the privacy are concerns. "Worms", virus and other malicious softwares are extraordinarily common in the connected personal computers in the internet, affirms the report. 2. The Problem

The growth of the use of the Internet can be evaluated with base in the expansion of the available resources and users in the last years. In 1984 the "hosts" number (servants of resources) it rotated around 1.000, jumping for 100.000 in 1989, reaching 1.000.000 in 1992 and given up 3.200.000 in 1994. In 1997 they existed about 10.000.000 of "hosts" and more than 30 million users. Already in the beginning of 2001 , they were more than 110.000.000 of "hosts" and more than 400 million users. According to data of an analyzing company of the Internet in May of 2003 there were 580 million users, while other, in September of 2003 told more than 840 million users. That growth is due, among other factors, the evolution of the transmission means, the reduction of the costs and the proliferation of the technology of the information so much in the middle commercial as residential and with that use electronic messages and electronic trade it is had spread to great taxes. Everyday companies and individuals use the Internet to execute countless of transactions "online". The companies share files and confidential information, through "e-mail" or for virtual nets, customers of banks update their bills, they make payments and they request products of all the forms and functions that are payed through electronic orders of their personal computers, governments emit certificates with legal validity and companies of the medical area, they make available certificates and opinions for their customers' access or other doctors, everything saw Internet.

Why has that been happening the Internet, as communication infrastructure, it has been waking up great interest of the companies and governments for several important factors, as reduction of the

costs and expansion of the consuming market that it has been motivating the passage of enterprises of the "old economy" for this new atmosphere. The graph of the evolution of the domains "dotcom" supplied by the Internet Software Consortium gives an idea of this growth in Latin America and in the World. In Brazil they don't exist many researches of public domain on the Internet. The more it completes available it is supplied by the partnership Public opinion poll-eRatings called Web Shoppers. In it is possible to accompany the evolution of some linked indicators to the electronic trade in the country showing that Brazil also follows the world tendency in that area. It is considered that in the year of 2004 the businesses for the Internet move something around 5 trillion dollars in the world fitting of Brazil less than 1.5% of that movement.

As tool of businesses and communication, the Internet has the potential of substituting other vehicles as the telephone and the fax in the daily relationships, mainly with the adoption in wide climbs of the nets without thread. In the wrong hands, the technology of the Internet can also be used to intercept and to forge messages, to capture sensitive information, to snoop and to defraud organizations and individuals.

Those threats exist because ace communications through Internet are, due to the employed communication protocols, inherently anonymous and public. Besides, the most employed suite for the communication in the Internet nowadays, TCP/IP2, possesses several breaches, some specific of the nets without thread, that needs to be closed so that this can half be indeed a capable and safe channel for communication, free from harmful incidents of safety. As the number of organizations that use the Internet to make businesses doesn't stop growing, it becomes indispensable to cover the breaches and to make possible the establishment of a trust bond among people and companies that never met and possibly they will never meet again, in an atmosphere with the characteristics of the Internet.

3. Current Solutions

The current solutions are excellent for rendered. The problem is that the focus is wrong. More and more, banks and customers suggest that the solution for safety's problems will be resolved when they are always sure of who is on the other side of the transaction.

The banks distribute new passwords, cards of safety, apparels GPS with viewfinder for receptions of automatic passwords, sending of passwords for cellular.

The users don't open links in "e-mails" and they possess antivirus and powerful "firewalls" to have certainty that the communication is really with the wanted bank.

If banks and users really wanted to protect the information, the cryptography systems used today, they would not be the servants in the decade of 70. The banks would not use the "https", which never had proven safety.

The current solutions are of high quality, but they are based on an outdated line of the concept of safety of the information. The new safety so much should include the safe recognition of who is on the other side of the communication how to impede that the data of the transaction .are intercepted by the undesirable "hackers" and thieves of information.

3.1. Infrastructure Of Public Key

One of the most promising solutions for the mentioned problems is the job of an Infrastructure of Public Key (IPK).

A "IPK" is a composed complex system essentially for three parts: softwares, hardwares and operational procedures it can be seen as a substratum on which they are implemented mechanisms of safety that can be used by any application that understands the access form the those resources of safety. To play its parts a "IPK" it should be capable to accomplish the whole process of emission of certificates, storage, publication (or access on-line), repeal and filing

for future verification. As a consequence of that, that system constitutes a workmanship complex computacional, with communication capacity, processing and storage with very specific requirements.

With a "IPK" becomes possible to transpose the limitations of the existent mechanisms in TCP/IP, guaranteeing like this secrecy to a communication (it wants for "e-mail", or any other form), integrity of the data, authenticity and no rejection, just mentioning the main ones, . besides being possible if certifies of the identity and to trust an user of the Internet.

In a "ICP", the central object is the digital certificate. It is emitted by an entity reliable call of Certify Authority (CA) and content declares an association among a digital key and a group of information that can being of an individual's identification, for instance, the digital certificate, when used for identification, it is similar to an identity bill in the Internet. It contains the user's identification in the Internet and information that vary with the job of the certificate or with the politics adopted by the issuing authority.

That identification is indispensable in several situations, as to control the users' access and to execute the trade using the Internet. When necessary, the association can be undone in an almost instantaneous way.

Therefore the study of "ICPs" stands out. It is importance in a market more and more globalization and its applicability, that it permeates a lot of relationships, as the interns of a company (among departments) and the external ones (between customers and suppliers), they make way for new interactions and great changes, mainly in the relationship among governments (change of national security information, as possible terrorists' data) and between the government and the society (declarations, for instance).

3.2 Banking

For a better understanding of the subject, it follows a summary of the applicability of the communication between banks and customers using the Internet today: 1) a certification entity emits a digital certificate;

2) the certificate is stored in a repository of certificates;

3) the certificate is published for use;

4) the bank is used of the certificate for communication with the customer; 5) the authorities certificadoras publish and they verify the certificates;

When a "violation", the certificate is detected is revoked and a new certificate is emitted, being restarted the process.

In the past, the safety of the nets of data was mainly of military and academic interest. It is intuitive to think that when the problems appeared in the commercial and private section (the current Internet) the previous approaches, especially the related to the nets without thread, were not appropriate. That inadequacy is due, among other factors, the current dimension of the net and its use, to the progress of the attack techniques with the consequent development of new tools of easy obtaining and job and with the increase of the capacity computational, facilitating the violation of systems and protocols, even of those that make use of the cryptography.

3.3 Electronic Trade

The exposed scenery cannot reveal the impact of the domain of the technology used to turn the electronic trade through possible Internet. As mentioned, all the communication in the Internet is inherently anonymous and public and that hinders the trade, for that the digital certificate appears with so much force.

With the inevitable expansion of the use of the Internet as middle of business a great amount of sensitive information and commercial transaction will pass to be accomplished through, using as support to the technology of the infrastructures of public key.

It is of waiting that in this scenery a very big number of certificates exist and that these continue being emitted to the high taxes. As

consequence, the problem will change in way. It will stop being an identification problem and it will start to be an administration problem and identity verification.

Now, the process more common of repeal of certificates it is done through the inclusion of the badges of the certificates in a special type of certificate that stores a sequential list. This structure is called of List of Revoked

Certificates, or simply LCR and it is generated and published by the certify authority that emitted the certificates or for other which the task was delegated.

A report of MITRE done with base in the use of LCRs quantified the consumption of necessary communication resources to the distribution of information about repeal and it concluded that this consumption has the potential of being the aspect of larger cost in an ICP with many users.

Besides, as the volume of certificates and consequently of operations accomplished with them can come to be so significant, it is waited that, without the due controls, these LCRs contain many certified and with that they reach significant sizes that they will consume width of considerable band, also owed to the great number of requests of the same ones.

Another problem of LCRs is the frequency with that they emitted, during these intervals the revoked certificates will pass erroneously as valid. The combination of those two problems with the present topologies for the validation roads can generate a flaw or slowness in the process and to cause serious impacts, as the impossibility of validating a certification road.

These possible problems become still more feasible, because: (a) the existent solutions, due to the strategic impact, are expensive, foreigners, landladies and they originate from an extremely small group of companies developments;

(b) the pilots' of tests development and researches for the academic section have not been thoroughly accomplished, given the importance of the technology in subject;

(c) the great majority of the systems and current applications use LCRs that are not appropriate, because they don't possess the performance and the necessary functionalities the demand of verifications and new applications for coming. Another factor that joins more difficulty to the problem is that with the fast growth of the Internet, the market of technology of the information didn't get to prepare professionals qualified in safety to the same tax, generating a gap in that area. As a consequence of that a difficulty exists in the creation of new applications that make use of this new technology and make possible the technological and commercial evolution of the country.

4. Effective Legislation

The bank activities consist, in synthesis, in intermediating money, in other words, the banks capture that well in the market and they review it. In that intermediation they are paid for the "spread" (difference among the value of the money in the reception and in it reviews, symbolized in the interest rate).

The banks now are institutions multifunctions, being devote to a variety of other activities.

The bank operations through Internet are the same operations done formerly, but now done in a faster way, the legislators, the judges and the indoctrinatores are taking charge of the necessary adjustments so that the computer science, with their own characteristics, don't complicate the work of the operators of the Law.

The Brazilian legislation accompanied the evolution of those activities, editing laws and resolutions, allowing such operations.

Among the services that more they are reflected in the customers' users of "internet banking" activity, they stand out consultations to balances, obtaining of extracts, transfers of values among bills or of a person the other, payments (calls of "and-cash") and bill opening.

National Monetary Council approved the Resolution

2.817 of 02.22.2001, which makes possible, among other providences, the opening of bills exclusively for half electronic in financial institutions or in authorized entities to work for the Brazil' Central Bank. For ends of application of norm referred, electronic means understand the internet, the solemnity-service terminals, the telephone and other communication means at the available distance for the bank institution for relationship ends with their customers (art. 1st, & 1st).

As for subject of the bank account opening, it accomplishes to highlight that there is a series of pertinent formalities to the conference of original documents and the elaboration of declaration of responsibility foreseen in normative of Bacen. The resolution 2.817/2001 diverse no bureaucratization of those demands, but on another side, it allows the institutions to request, to their criterion, some customers' documents. To confirm the data, the bank will compare the information supplied for half electronic before the traditional institution where the customer is titular of the checking account. Through this norm the financial institutions that makes available electronic means of relationship with any customer type should accomplish some requirements: 1) to do consist in a clear and necessary way:

. Condition of institution financial or authorized to work for Bacen;

Social denomination;

^■ The numbers of service telephones, that owe, at least, to assist between 8 and 18 hours in the work days;

^• The electronic address of the page of the Internet and of the electronic mail, when it is the case;

^■ Relationship of the servants tariffed with the respective values;

2) To offer in the pages of the Internet instruments of sending of electronic messages that should have confirmed reception and to be answered in the maximum period of 5 days.

3) To control the secrecy, the safety and to monitor the movements in the bill of the customers.

The Temporary Measure 2200-2 of August 24, 2001 establishes the use of system for safety based on asymmetrical cryptography, instituted by the Infrastructure of Public Keys of Brazil (IPK-Brazil), that it is an organization composed by an authority manager of politics (Manegement Commitee, linked to the Civil House of the Presidency of the Republic) and for a chain of Certify Authorities (CA) that are the responsible for the emission of the electronic certificates, taking providences to establish the people's identity or organizations applicants of the certificate.

4.1 The Juridical Validity Of The Electronic Document The juridical validity of the electronic document also contemplates in the safety of the businesses accomplished through the "internet banking", for facilitating use as proof instrument.

According to the Law' project 4.906/2001 the electronic document is the generated information, correspondent, received, stored or communicated by means electronic, optical, optoeletrδnicos or similar.

The art. 333, I and Il of the Civil Process Code says that the proof of the existence of the document is obligation of who invokes in own favor. Besides, our ordenament brings as general rule the freedom in the use of the several proof means foreseen or not in the law (art. 322 of CPC), however there are exceptions as the art. 401 of CPC where the proof oral cannot be admitted contracts above minimum ten wages.

That matter comes treated in the Temporary Measure

2.200/2001, which one, however, it doesn't impose the use of the digital certification for ends of validity of documents emitted by the electronic road. That norm attributes relative presumption of authenticity to the digital signatures contained in document certified electronically by an certify authority accredited to the Commitee Management of ICP - Brazil (art. 10, paragraph 1st).

The art. 225 of the New Civil Code (Law 10.406 of

2002) as for the probatory value of the electronic document it still establishes, that the electronic reproductions make full proof of the facts in them treaties, if the accuracy be not refuted by the other part.

4.2 The Bank Operations In The Internet In The Consumer Code Defense

A controversial subject exists on if the Consumer Code Defense of the would be applied in the bank relationships.

The banks, as every commercial establishment, seek the profit.

The existence of a consumption relationship is found when it is made the connection among consumer's legal definition and of supplier of services. This way the contract of Serbians between bank and customer would be a consumption relationship since the elements of the goods 2nd and 3rd of CDC are rendered.

Art. 2nd: Consumer is every natural person or juridical that acquires or uses product or service as final addressee.

Only paragraph: It is equipped the consumer the people's collectivity, although indeterminable, that it has intervened in the consumption relationships.

4.3 The Consequences Of The Application Of The Consumer Code Defense In

The "Internet Banking"

The Consumer Code Defense entered as half so that the consumers can be protected, the banks were not favorable, because it

impeded the abuses that practiced and eventually they do, the understandings of the Superior Tribunal of Justice and of Federal Supreme Court, besides the Tribunals of Justice they continue giving decisions in the consumer's favor when it is harmed. The Consequences of the application of the Consumer

Code Defense in the "Internet Banking" are the following ones:

^• Advertising protection: the offers of services and products made us bank "sites" link the banks in the terms of the art. 30 of CDC. Besides, stipulations of difficult understanding should be considered null or they suffer an interpretation in the consumer's favor, such as lack of information on presented services, explanation lack on the risks of the net, terms of exemption of civil responsibility;

^• Protection duty and safety: the banks should be been worth of mechanisms of safety to protect the consumer; ^■ Duty of information: in the terms of CDC, art. 6th, inc I, the consumer should be explained remains what exactly is negotiating, which the prices, which the collected tariffs of the electronic operations etc. It owes the customer to be informed, besides, if the bank is monitoring the consumer's navigation through "cookies." In the extent of the Compared Right Brazil is ahead of several Latin-American countries, because it is the only to have a Consumer Code Defense, because in these countries laws only exist without a lot of force, and also the Brazilian legislation is not behind the laws and directing European, in spite of Europe to be more developed technologically. 5. It Disputes Of New Solutions

Usually, it is not a simple task to attack and to swindle data in a servant of an institution bank or commercial. Then, the attackers have their concentrate efforts in the exploration of the users' fragilities, to accomplish commercial and bank frauds through the Internet.

To obtain advantages, the defrauders have been using e-mails thoroughly with speeches that, in most of the cases, they involve social engineering, which try to persuade the user to supply their personal and financial data. In many cases, the user is induced to install some malicious code or to access a fraudulent page, so that personal and sensitive data, as bank passwords and numbers of credit cards, they can be stolen.

The solutions introduced to the users limit to the spelling books of how to act to prevent of known fraudulent actions.

The users need solutions where it is necessary where user is only user and the banks need to be just banks, solutions that solve the problem and no palliative solutions in known methods of fraud.

The one that the users demand is system of transmission of information where the safety is total, research of new technologies, solutions really effective against frauds that facilitate the customers' operations, instead of more and more you make responsible them for the existent problems.

The customers don't want to lose time with several passwords and confirmations and readings of inefficient spelling books. They need to win time and to enjoy the technological means developed along the time.

The consuming market demands safety with evolution and with innovation.

Summary Of The Disposition

The method now proposed is composed of modules that allow to build applications returned a computer science and telephony, also including the Internet with applications of bank safety, phone safety,- safety for VoIP (Voice on IP), distributed commercial applications and supplying applications of services.

The proposal of the method is to cure connectivity problems offering safety in the transmission of information, be them in the Internet or in the telephony, eliminating virus problems, virtual threats, spies, hackers and

the whole type of virtual curses that exist today in the reality of the. global Internet, offering a navigation alternative for the model existent ICANN.

The modules of the proposed method create a software architecture that allows an unilateral coexistence with the current Internet, working together with the protocol TCP/IP to establish communication with the connected machines in the globe. In time, the software architecture mentioned allows to supply an alternative for the model ICANN, creating a net disentailed landlady of ICANN starting from that architecture.

The differential of that architecture is in the fact of installation need not to exist of any application in the user's computer for the use of the services. The facilities and configurations are only stored in the computer that plays the servant part.

Basic Principal:

Breaking of which computer will carry out the servant function, they settle the modules that compose the mentioned architecture. The computer servant can be using any operating system, since the mentioned computer makes part of the family of microcomputers PC 32 or 64 bits.

The built applications can be accommodated in any servant Web, since works with the pattern Java J2EE or JSP. Nevertheless, the mentioned architecture supplies a servant Web to accommodate their own applications.

A system is considered perfect just until being discovered a flaw. Several examples of flaws of safety exist in the operating system Windows, in "Browsers" (navigators), in creation programs and maintenance of "sites Web". Logically, after if they give bill of the breach, the creators of the program if they speed up in making available a correction, but nor all of the users install the corrections and with the time another fail end being discovered.

Every day new softwares appear, with new breaches of safety, besides, more and more microcomputers are connected, enlarging the possible attack area.

Several forms exist of to steal data or to invade computers, 99% of the invasions happen due to an or several factors, listed below:

1 "Trojans" installed in the personal computer.

2 "Bugs" of safety Windows, Internet Explorer, Netscape, ICQ or of any program that be installed in the personal computer.

3 Doors open TCP. 4 Negligence or the user's ingenuousness.

Programs known as "Trojans"

The "trojans", anything healthier than program that once installed transform the computer of personal use in a servant, which can be accessed by any one that has the module customer of the same program. These programs are almost invisible after having installed, hindering identification. As any other program, these need to be installed. Every computer is contaminated due to some negligence of the user. To induce the user to install the said programs, several artifices are used. It can be sent the "trojan" disguised of a game or any other thing, doing with that the user executes the file or it can be installed without this notices, taking advantage of some vulnerability in one of the programs that has installed.

Any updated antivirus will be capable to detect these programs and to eliminate them, however for that is need that the antiviruses are updated always, because practically every day new programs, or improved versions appear, capable to dribble the previous updatings. Of anything it advances anything to maintain the active antivirus in case this is not updated. Some programs antiviruses inform about available updatings.

Flaws In The Programs Known As "Bugs"

As for the "bugs" in the programs, these be the simplest of solving, therefore as soon as a "bug" becomes public the manufacturer hurries in throwing a correction for him. In the case of the operating system Windows and of the navigator Internet Explorer, the corrections can be lowered using Windows "Update" or then to be lowered manually starting from the "site" of the Microsoft Company.

In the case of other programs, as the navigator

Netscape, for instance, it can bow the available updatings starting from the manufacturer's page in the Internet. In many cases the "bugs" are just corrected the being thrown a new version of the program. Until some time, several programs of "Nuke" existed, that dropped the connection and they locked the personal computer. Now the great majority of these programs doesn't work, exactly why the "Bug" of the operating system Windows 95A that turned vulnerable to this attack type it was corrected starting from the operating system Windows 95 OSR/2. Other common vulnerabilities are the one of "buffer overflow", that reach a very big number of programs. The "buffers" are areas of memory created by the programs to store data that are being processed. Each "buffer" has a certain size, depending on the type of data that he will store. A "buffer overflow" happens when the program receives more data than it is prepared to store in the "buffer". If the program was not appropriately writing., this excess of data can end being stored in close areas of memory, corrupting data or locking the program, or even to be executed, that it is the most dangerous possibility.

If any program had a vulnerability for instance in the "login" system, it could be created a program to supply text characters to complete the "buffer" and later sent an executable one, that it would end up turning thanks to the vulnerability.

Frequently vulnerabilities of "buffer overflow" are discovered in several programs. Some are almost inoffensive, while another can cause serious problems. The own "codered" dispersed exploring a vulnerability of IIS of the company Microsoft so quickly, with this, the "worm" could contaminate

unprotected servants simply sending the code that explores the "bug", without no file was executed.

Doors Open TCP

The third problem, are the doors open TCP is a little more complicated of detecting. The protocol TCP/IP that we used in the Internet is composed by a series of logical doors. It is similar to the telephone number with several extensions.

They exist in the total 65.535 doors TCP. As in the example of the extension, it is not enough an extension to exist, it is necessary that somebody exists to assist its, otherwise he won't be for anything. So that a door TCP is active, it is necessary that some program is "listening" the door, in other words, be hoping to receive data through it. For instance, the door 21 is to transfer files through FTP, the door 80 is to access pages "Web" and so on. •

Two access manners exist, as servant and as "host". Servant is who makes available data and "host" is who accesses the data. When opening a "site", the servant where the "site" is accommodated is the servant and the user is the "host". Being excluded some eventual "bug" of the navigator, any doesn't exist danger in accessing a page or any other thing as simple "host", since the user's paper will simply be to receive data and not to transmit anything. The danger is exactly when any program that the user has installed in the personal computer opens any one of the doors TCP, transforming the personal computer in a servant, it is exactly what the "trojans" does.

Besides the "trojans", they exist several- other forms of maintaining the doors open TCP, as, for instance, to maintain a servant of FTP, to maintain Napster or any other program that shares open files, or even to maintain ICQ or MSN "online". In these cases the application takes charge of offering safety, blocking the open door, but a good "firewall" program will complete the safety, offering an additional protection.

A common mistake in this case is to maintain the

"sharing of files and printers" enabled in the connection with the net. As the name suggests, this service is to share files and printers with the net where is connected, in other words, with the whole Internet. Any one with a scanner of doors can find dozens of "objectives" quickly with the qualified sharing and to invade them easily, without at least to need to use any other program, just the atmosphere of nets of the operating system Windows.

I Steal Of Data And Passwords

This is another dangerous possibility, more until than the possibility to have the invaded microcomputer. After all, if a thief gets to discover "Internet Bank" password of some user it can make any bank operation without any impediment.

Even if the microcomputer is completely protected against external attacks, this doesn't guarantee that the data and passwords sent have the same safety. The most efficient weapon in this case is the cryptography, used to guarantee the safety of the transactions bank "online". The cryptography use guarantees that, even if the data are intercepted, these are completely useless. The cryptography can be used in "e-mails" and even in other important applications, using the appropriate programs. A blow that is being quite used is to send an "e-mail" making to happen for the bank or access provider, asking for data as part of some confirmation, recadastry, or any thing of the gender. Same seeming absurd, many users believe and they end up sending the data.

The "trojans" are the more used, for they be the easiest of using. It is not necessary knowledge in computer science, to know doors TCP or

"bugs" in the programs, to use Linux, to use them, it is just enough to induce the user to execute the file, and to verify that the antivirus is installed. Some "trojans" are so easy of using as a program of FTP.

The antivirus manufacturers are proud of exhibiting the virus number that the program is capable to find, but a program that is capable to

detect 70.000 virus is not necessarily better than a capable one of finding 50.000 virus, for instance, of anything it advances the antivirus to detect a great number of old virus if he is not capable to impede executing a file infected by a current virus. As well as the influenza, new virus species spread very quickly, in subject of days. It is very larger the possibility of the microcomputer to be contaminated by a recent virus than for one or two years ago. Being like this, the frequency of the updatings and the capacity in finding new virus quickly are more important than simply the total.

However, they still remain two ways to get to invade a microcomputer: through doors open TCP and through the "browser" (navigator), when the user visits some page with a malicious script. After the "browsers" started to have support Java and the company Microsoft created ActiveX, the "browsers" became very vulnerable to this attack type. For instance, Windows "Update" transmits data of the files of configuration of the operating system Windows and it installs programs automatically through the "browser". In this case the resources are just used in way to offer one more service to the user, without intention of causing any damage, but similar systems can (and it was already had news of they have really already been used) to steal files, to install "trojans" and virus, etc. all this simply for visiting a page "Web." The doors TCP and UDP for time are logical doors, and, in case they are open form the middle of connection that makes possible access remotely to the user's personal computer. In case any door doesn't exist open TCP, even if a supposed invader possesses the address the user's IP and dominate all the invasion techniques, it won't get access to the strange microcomputer.

The problem is that: the doors TCP and UDP are also use by programs, for that it is very difficult to maintain all the closed doors. Always some will remain entrance to turn the vulnerable personal computer. Again it enters in scene the "firewall", that takes charge of monitoring all the doors open TCP, obstructing any potentially communication dangerous.

The great problem of the "firewalls", is that accesses perfectly legitimate they can be easily confused with invasion attempts, see Windows "Update" examples and of "Myspace". A good "firewall" should be good enough to distinguish the good programs of the virus attacks. Like this, to present patent it was projected seeking to obtain a "METHOD FOR DEVELOPMENT OF APPLICATIONS TO INTERACT WITH INTERNET", in order to allow that the connected computers in the Internet can transmit the information with safety without they are stolen or that it happens some digital fraud with the same ones. Brief Description of the Flowchart of the Invention

To proceed, for better understanding of as the

"METHOD FOR DEVELOPMENT OF APPLICATIONS TO INTERACT WITH INTERNET", that here it is pled, it comes an illustrative flowchart enclosed, where it sees: FIG. 1 - display a flowchart of a net of computers (1) with the "METHOD FOR DEVELOPMENT OF APPLICATIONS TO INTERACT WITH INTERNET"; where it sees servant (2) with the method now proposed, connection safety (3), internet/WAN (4), telephony (5), the user's microcomputer (6), connection safety in the cellular (7) and virtual machine (8). FIG. 2 - it shows the concept of attack man-in-the- middle (MITM).

Detailed Description of the Invention

Of conformity with the all illustrates the illustrations above related, the "METHOD FOR DEVELOPMENT OF APPLICATIONS TO INTERACT WITH INTERNET", object of the patent present, treats of an architecture for development of applications, that makes possible to interact with the current internet through the protocol TCP/IP.

1. Modules of the architecture now proposal:

a) module servant; b) module compiler; c) module interpreter; d) module of graphic objects; e) module connection safety; f) programming language module; . g) telephony module; h) module of virtual machine. Module servant It is a module that is executed in a computer with paper of remote servant.

This module is responsible for the execution of the applications that will be invoked by the user's computer through "http" or "https."

However, no there is the need to install any application or it programs in the user's computer, because the applications will be executed remotely in the computer servant.

Module compiler

It is about a compiler to compile programs written in the programming language landlady for execution couples that wijl be executed remotely by the user's computer.

Module interpreter

It is an interpreter of binary execution, which will interpret each binary one in the servant in order to maximize performance and will send for the user's computer only the necessary data without burdening the communication with the same.

Module of graphic objects

It is treated of an API that makes available and it controls several graphic objects for they be used in the applications, such as: windows, buttons, text boxes, letter sources, icons, illustrations, snowballing bars etc.

Module connection safety

It is a module that works the module servant close to provide safety in the transmission of information, creating a screening around of the communication channel between the computer servant and the user's computer.

Programming language module

It is a module that provides a programming language landlady based in patterns XML (extensible Markup Language), which is a universal pattern in terms of applications for Internet or communication among applications in general.

Telephony module

It is a module that provides telephony services for cellular propitiating integration with the computers and offering safety for the voice transmission and data. Module of virtual machine

It is a module that provides an atmosphere of emulation of a computer Intel x86 to turn the modules of the architecture now proposal in any standard computer PC 32 or 64 bits, in order to shield all of the applications that are accommodated in the module servant. It was treated, therefore, in the present descriptive report of a new method that defines a new architecture for development of applications, that makes possible to interact with the current internet, presenting as we could evidence for the accomplished analysis and for the shown flowchart, countless differences on the existent conventional techniques, besides technical characteristics completely different from those pertinent ones to the state of the technique. For the advantages that it offers, and still, for covering of characteristics truly innovative that fill out all of the requirements of innovation and originality in the gender, the present "METHOD FOR DEVELOPMENT OF APPLICATIONS TO INTERACT WITH INTERNET" gathers necessary conditions to deserve the Privilege of Invention.