Patent
Server-assisted regeneration of a strong secret from a weak secret
Reads0
Chats0
TLDR
In this paper, the authors propose an approach for regenerating a strong secret for a user based on input of a weak secret, such as a password, assisted by communications exchanges with a set of independent servers, each server holds a distinct secret value (i.e., server secret data).Abstract:Ā
Methods for regenerating a strong secret for a user, based on input of a weak secret, such as a password, are assisted by communications exchanges with a set of independent servers. Each server holds a distinct secret value (i.e., server secret data). The strong secret is a function of the user's weak secret and of the server secret data, and a would-be attacker cannot feasible compute the strong secret without access to both the user's weak secret and the server secret data. Any attacker has only a limited opportunity to guess the weak secret, even if he has access to all messages transmitted in the generation and regeneration processes plus a subset (but not all) of the server secret data.read more
Citations
More filters
Patent
Server-assisted regeneration of a strong secret from a weak secret
TL;DR: In this paper, the authors propose an approach for regenerating a strong secret for a user based on input of a weak secret, such as a password, assisted by communications exchanges with a set of independent servers, each server holds a distinct secret value (i.e., server secret data).
Patent
Method and system for identifying users and detecting fraud by use of the internet
TL;DR: In this paper, a method and system for detecting and preventing Internet fraud in online transactions by utilizing and analyzing a number of parameters to uniquely identify a computer user and potential fraudulent transaction through predictive modeling is presented.
Patent
Systems and methods for detection of session tampering and fraud prevention
TL;DR: In this paper, a plurality of device fingerprints may be collected from a user computer associated with a designated Session ID, and a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the-middle attacks.
Patent
Methods and apparatus for securely displaying digital images
Ori Eisen,Raz Yalov +1 more
TL;DR: In this paper, a method and apparatus for securing personalized or sensitive information appearing in digital images was proposed, where images containing information to be secured are processed and divided into a plurality of image cells.
Patent
Methods and systems for secure user authentication
Ronald King-Hang Chu,Mark Kogen,Warren Tan,Simon Ma,Yosif Smushkovich,Gerry Glindro,Jeffrey William Coyte Nicholas +6 more
TL;DR: In this paper, the authors proposed a method for secure user authentication using a OTP, which involves pre-storing an OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user.
References
More filters
Proceedings Article
The Secure Remote Password Protocol.
TL;DR: This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and has significantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE.
Proceedings ArticleDOI
Server-assisted generation of a strong secret from a password
W. Ford,Burton S. Kaliski +1 more
TL;DR: This work describes a credentials server model and supporting protocol that overcomes the vulnerability to exhaustive password guessing attack at the server, and provides for securely generating a strong secret from a weak secret (password) based on communications exchanges with two or more independent servers.
Patent
Fair cryptosystems and methods of use
TL;DR: In this paper, the authors proposed a public-key cryptosystem for enabling a predetermined entity to monitor communications of users (12, 14) suspected of unlawful activities while protecting the privacy of law-abiding users, where each user's secret key is broken into shares.
Patent
Key management system for mixed-trust environments
TL;DR: In this article, a symmetric key encrypted using an asymmetric encryption technique is used to transport ciphertext derived from plaintext encrypted under this symmetric public key. But the encryption process is different for different levels of security.
Journal ArticleDOI
Increasing availability and security of an authentication service
TL;DR: A general solution in which the authentication server is replicated so that a minority of malicious and colluding servers cannot compromise security or disrupt service is proposed.