Wu Wen

Bio: Wu Wen is an academic researcher from University of Tokyo. The author has contributed to research in topics: Model checking & Automated theorem proving. The author has an hindex of 4, co-authored 6 publications receiving 163 citations.

User selectable authentication interface and universal password oracle

Abstract: A password interface application (1) presents successive arrays of images or other sensory cues (4) for display or playback on a client device. A user selects, or simply recognizes, one object from each of the successively presented arrays, wherein after recognizing the object subsequent arrays are presented for defining a complete password. Unlike image based authentication systems in which a graphic method merely replaces original username/password pair authentication, a client system is used which helps a user to recall a forgotten password without requiring modification to server software, such as a secure web server (3). Thus existing ATMs (2), online or telephone banking services, and the like, can function as is. The system provides enhanced security because, although people can possibly eavesdrop on the images or sensory cues selected, they cannot see into the user's mind to comprehend the password that the user recognizes.

An authorization-based trust model for multiagent systems

Abstract: In this paper an authorization-based trust model (ABTM) is described which is designed for managing access to services in a semi-open distributed environment. This is called a multiagent-based smart office environment. In this model, "trust" is defined as a set of authorization attributes that are granted by the owner of a service to the user of the service. Central to this model is a trust manager that redelegates authorizations from the service owner to the requesting user, based on access control policies that are specified by role labels which are assigned to a set of agents. The ABTM scheme is different from a centralized scheme, in which authorizations are granted directly by an authority. It is also different from a fully distributed system,where authorizations are granted based solely on the discretion of the owner of the services. The design philosophy is the separation of trust management and trust application to allow efficient management of access control in large-scale and dynamic environment...

Analysis and verification of multi-agent interaction protocols

Abstract: This paper describes our initial study on analysis and verification of agent interaction protocols using model checking. We use the symbolic model checker SMV to analyze and verify two examples of agent interaction protocols. We show that proofs obtained using belief logic and theorem proving for a simple provider consumer multi-agent system can be trivially proven using the model checking method. Furthermore, the verification results identify inadequacies in the original proof. A study on a more complex multi-agent interaction protocol is also presented with discussion on how model checking can complement specification based verification methods.

Analysis and verification of multi-agent interaction protocols

Abstract: This paper describes our initial study on analysis and verification of agent interaction protocols using model checking. We use the symbolic model checker SMV to analyze and verify two examples of agent interaction protocols. We show that proofs obtained using belief logic and theorem proving for a simple provider consumer multi-agent system can be trivially proven using the model checking method. Furthermore, the verification results identify inadequacies in the original proof. A study on a more complex multi-agent interaction protocol is also presented with discussion on how model checking can complement specification based verification methods.

Security of Public Key Certificate Based Authentication Protocols

Abstract: The security of authentication protocols based on public key cryptography depends on the validity of the certificate. It is usually assumed that a well deployed PKI can guarantee the validity of certificates through mechanisms such as CRL or OCSP. In reality, such guarantee is not always assured. This paper describes an attack that exploits this certificate validity weakness and breaks some well-known certificate-based authentication protocols, namely the SSL and the TLS protocol. This attack affects the “named-server” version of both protocols, but is ineffective for the “named-server, named-client” version of both protocols. Along with the attack, we also describe how it was discovered as a result of our ongoing research on analysis of authentication protocols using both logic based and model checking based methods.

Unlocking a device by performing gestures on an unlock image

Abstract: A device with a touch-sensitive display may be unlocked via gestures performed on the touch-sensitive display. The device is unlocked if contact with the display corresponds to a predefined gesture for unlocking the device. The device displays one or more unlock images with respect to which the predefined gesture is to be performed in order to unlock the device. The performance of the predefined gesture with respect to the unlock image may include moving the unlock image to a predefined location and/or moving the unlock image along a predefined path. The device may also display visual cues of the predefined gesture on the touch screen to remind a user of the gesture.

Embedded authentication systems in an electronic device

Abstract: An electronic device with a display and a fingerprint sensor may authenticate a user for a respective function. While a respective function of the device is in a locked state, the device displays a graphical element on the display, the graphical element indicating a first direction of finger movement that enables unlocking of the respective function. While displaying the graphical element, the device detects an input that includes movement of a finger in the first direction over the fingerprint sensor and determines whether the input meets unlock criteria based at least in part on fingerprint information of the finger detected by the fingerprint sensor during the input. In accordance with a determination that the input meets the unlock criteria, the device unlocks the respective function; and in accordance with a determination that the input does not meet the unlock criteria, the device maintains the respective function in the locked state.

System and method for fraud monitoring, detection, and tiered user authentication

Abstract: The present invention provides systems and methods for authenticating access requests from user devices by presenting one of a plurality of graphical user interfaces selected depending on a perceived risk of fraud associated with the devices. User devices are identified with fingerprinting information, and their associated risks of fraud are determined from past experience with the device or with similar devices and from third party information. In preferred embodiments, different graphical user interfaces are presented based on both fraud risk and, in the case of a known user, usability. In preferred embodiments, this invention is implemented as a number of communicating modules that identify user devices, assess their risk of fraud, present selected user interfaces, and maintain databases of fraud experiences. This invention also includes systems providing these authentication services.

Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs

Abstract: An electronic device with a display and a fingerprint sensor displays a fingerprint enrollment interface and detects, on the fingerprint sensor, a plurality of finger gestures performed with a finger. The device collects fingerprint information from the plurality of finger gestures performed with the finger. After collecting the fingerprint information, the device determines whether the collected fingerprint information is sufficient to enroll a fingerprint of the finger. When the collected fingerprint information for the finger is sufficient to enroll the fingerprint of the finger, the device enrolls the fingerprint of the finger with the device. When the collected fingerprint information for the finger is not sufficient to enroll the fingerprint of the finger, the device displays a message in the fingerprint enrollment interface prompting a user to perform one or more additional finger gestures on the fingerprint sensor with the finger.

Touch-based authentication of a mobile device through user generated pattern creation

Abstract: A method, system, and apparatus of a touch-based authentication of a mobile device through user generated pattern creation are disclosed. In one embodiment, a method of a mobile device includes recognizing a tactile force on a touch screen without a visual aid as an unlocking gesture, storing the unlocking gesture to a memory of the mobile device, associating another tactile force on the touch screen with the unlocking gesture, and transforming the mobile device from an initial state to an unlocked state based on the association between the another tactile force and the unlocking gesture. The method may include transforming the mobile device to operate as a telephonic communication device in the unlocked state.