Showing papers on "Authentication server published in 2008"

Methods and systems for graphical image authentication

Abstract: Systems and methods for providing authentication using an arrangement of dynamic graphical images, which may display a popup element while a pointing device indicator is over a graphical image. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.

Identity authentication and secured access systems, components, and methods

Abstract: Security tokens contain data that is each uniquely encrypted based on a unique biometric identifier of an authorized user of that token. Decoders receive the token and the user's biometric identifier, convert the biometric identifier to a biometric key, and apply the biometric key to decrypt the token. In this way, the decoders authenticate the users without performing a biometric identifier comparison. In some embodiments pieces or sets of the data are stored in designated data compartments, which are individually encrypted based on authority keys, and all of the encrypted data compartments are collectively encrypted based on the biometric key to create the token. The decoders store only the authority keys corresponding to the data compartments which they have authorization to open. In addition, in some embodiments the token and the biometric identifier are encrypted and sent to a remote authentication server for decryption of the token.

User Authentication System and Method

Abstract: A user authentication system and method are disclosed. The user authentication system includes an authentication device which can be donned and doffed by the user, a sensor to determine whether the authentication device is donned or doffed by the user, and an authentication server to receive information from the sensor and to authenticate the user based on whether the authentication device is donned by the user.

Method and Apparatus for Using a Third Party Authentication Server

Abstract: A method and apparatus for a third party authentication server is described. The method includes receiving a record ID for a user, and a one-time key generated by the server and encrypted with a user's public key by the server. The method further includes receiving the user's authentication data from the client, and determining if the user's authentication data matches the record ID. If the authentication data matches the record ID, decrypting the one-time key with the user's private key, and returning the decrypted one-time key to the client.

Method and apparatus for communicating authorization data

Abstract: A permission level associated with a user's access to a Web server is identified. A relationship ticket is obtained from an authentication server and a request is generated to set or modify the identified permission level. The request and the relationship ticket are sent to the Web server and a success code is received from the Web server if the requested permission level is established.

Authentication messaging service

Abstract: In one embodiment an authentication server comprises one or more processors, and a memory module communicatively connected to the one or more processors. The memory module and comprises logic instructions which, when executed on the one or more processors configure the one or more processors to regulate access to a service in a communication network by performing operations, comprising receiving, in the authentication server, a first authentication token request for an authentication token, wherein the first authentication token request uniquely identifies a client computing device and a unique service, processing, in the authentication server, the first authentication token request, and transmitting an authentication token from the authentication token server to the client computing device when the first authentication token request is approved by the authentication server.

Method and system for storing and using a plurality of passwords

Abstract: A system and method for managing a plurality of a user's authentication elements. In a preferred embodiment a user initiates a webpage browser session at a user website access device and activates a password manager program. The user's identity is authenticated to an authentication server and allowed to access a secure database comprising a plurality of website authentication elements. Thereafter, the user accesses a ftrst secure website and the program determines the presence of a user authentication data field. When a user authentication data field is present the program instructs the authentication server to automatically transmit at least one of the authentication elements specific to the authentication data field of the first secure website to authenticate the user to the first website.

Method for authenticating a mobile unit attached to a femtocell that operates according to code division multiple access

Abstract: The present invention provides a method involving a femtocell in communication with an Internet Protocol Multimedia Subsystem (IMS) network. In one embodiment, the femtocell operates according to code division multiple access (CDMA) standards. The method includes receiving, from the femtocell and at a first secure entity in the IMS network, first authentication information generated by the mobile unit using a first random number broadcast by the femtocell in a global challenge. The method also includes receiving, from a second secure entity in the secure network, at least one security key formed based on the global challenge and second authentication information for uniquely challenging the mobile unit. In one embodiment, the second secure entity is a CDMA-based authentication server. The method further includes providing the security key(s) to the femtocell in response to authenticating the mobile unit based upon the second authentication information.

Blacklisting of unlicensed mobile access (UMA) users via AAA policy database

Abstract: In one embodiment, while bei.ng connected, to the network (110), a security issue may be detected and associated with a device (104). The device may be placed on a blacklist for the security issue. The blacklist is a list that is used to deny service for the device when it attempts to connect. Thus, the device is disconnected from the. network. Identification information for the device is added to the blacklist at the authentication server (102). If the device attempts to reconnect to the network, the request is received at the authentication server. The authentication server can then check the blacklist and deny the request for access to the network if the identification information is on the blacklist. This denial is determined without sending the request to the HLR (108). Accordingly, the HLR is protected in that requests from a device that may be considered a security issue are not sent to the HLR.

Biometric authentication method, computer program, authentication server, corresponding terminal and portable object

Abstract: A biometric authentication method and apparatus are provided. A user to be authenticated uses a portable object including at least one biometric sensor. The portable object is adapted to cooperate with a terminal. The method includes: capturing, by the portable object, a biometric sample to be compared coming from the user to be authenticated; transmitting, by the portable object, the biometric sample, in a secure form to an authentication server; and determining, by the authentication server, a signature to be authenticated using said biometric sample, then comparing the signature with a reference signature.

Secure serial number

Abstract: A serial number for a software product is secured with an authenticator value. The authenticator value and the serial number are evaluated entirely by a remote authentication server such that no cryptographic authentication occurs on a local computer on which the software product is being installed. An abbreviated portion of the authenticator value is used for offline authentication.

Security for a non-3gpp access to an evolved packet system

Abstract: A home subscriber server (400) receives a request for authentication information from an authentication server (300) and transforms cryptographic keys for a user equipment (100) into access specific cryptographic keys based on an identity of an authenticator (200) controlling access from the user equipment (100) to an EPS network, and generates the authentication information including the access specific cryptographic keys and a separation indicator which is setThe user equipment (100)checks whether the separation indicator included in the authentication information is set, and if the separation indicator is set, transforms cryptographic keys into access specific cryptographic keys based on the identity of the authenticator (200), and computes a key specific to an authentication method from the access specific cryptographic keys

Device and method for providing RFID identification data for an authentication server

Abstract: The invention relates to a system (1) for transmitting RFID identifiers, which can be read from RFID tags (4), to an authentication server (6), wherein at least one RFID protocol message, which is encoded in authentication messages, can be transmitted from an RFID reading unit (2A) to the authentication server (6)

Enabling two-factor authentication for terminal services

Abstract: Techniques for enabling two-factor authentication for terminal services are described. A client receives an authentication token from an authentication server. The authentication token is used as a factor for authenticating the client to a terminal services device. Native authentication of the client is also performed.

Image-data management system, network scanner device, and image-data management method

Abstract: An image-data management system that includes an authentication server device and a network scanner connected to each other via a network, wherein the network scanner device includes a keyboard, a display, a control unit, and a storage unit, the keyboard and the display are disposed so as to cover the top of the body of the network scanner device. The control unit includes a user-authentication requesting unit that sends a user ID and password to the authentication server device to request an user authentication when the user ID and the password are input by a user, an image reading unit that reads an image data from an original document when the user authentication requested by the user-authentication requesting unit is approved by the authentication server device, and an image storing unit that stores the image data read by the image reading unit in the storage unit.

System and method for implementation of single login

Abstract: The invention is applicable to the mobile communication field, and provides a method and a system for realizing single sign-on. The method comprises the following steps: an authentication server receives the authentication request sent out by a user mobile terminal, and identity authentication is carried out for the user ; if the authentication is passed, a bill server generates a bill which corresponds to the user identity, and the bill is returned to the user mobile terminal; any business server in a plurality of business servers receives business request data which contain the bill and are sent by the user mobile terminal, and sends out the bill verification request to the bill server; the bill server calls a public key which corresponds to the user identity to decrypt the received bill, reads the professional limit information and verifies the professional limit and the time effectiveness, and sends out the result to the business servers; the business server receives and verifies the result to carry out the business processing. The invention enables the user to use multi registered wireless services only by logging in once, thereby dispensing with repeating logins to carry out the identity authentication.

Method and network authentication server for controlling client terminal access to network appliance

Abstract: The present invention provides a method for controlling client to access network equipment and a network authentication server. The method mainly comprises the following steps that: an authentication server in a network carries out identity authentication to a user through a user client ; after the user passes the identity authentication, the authentication server allocates authentication information to the user client ; the authentication information comprises a temporary ID and corresponding validity; the authentication server controls the user client to access equipment in the network according to the authentication information allocated to the user client. The method and the network authentication server of the present invention can realize authentication server safety in the network and control the access of user terminals to the equipment in the network effectively and conveniently.

Access server and connection restriction method

Abstract: The access server receives an authentication packet including an authentication result, a port change setting information, a port change time, a filtering setting information and a filtering time from the authentication server. The access server stores the respective information in the authentication packet into a memory. The access server refers to the memory, and in the case where the port change setting information on an arbitrary user identifier is set to perform port change, when it becomes the port change time, the access server changes the output destination of a packet from a user terminal to, for example, a proxy server B from a proxy server A. Besides, in the case where the filtering setting information on an arbitrary user identifier is set to perform filtering, when it becomes the filtering start time, the access server performs filtering on the port to which the user terminal is connected.

The Security Limitations of SSO in OpenID

Abstract: As the Internet becomes a way of social life, there are lots of accounts which a user has to manage. To receive the Web service, people have to register each Web site. It is the OpenID to resolve these burdensome. The OpenID provides the single sign-on service which a user can be authenticated in several Web sites by submitting the password of OpenID to authentication server only once. In this paper, we analyze the single sign-on in OpenID and show an experiment of vulnerability of OpenID.

A remote server centrally controls access to data stored in a data container in an encrypted form

Abstract: Disclosed is a method providing secure storage and transportation of secret, confidential or private data. The data is stored in encrypted form on a portable data container 5 such as a removable USB flash drive or an optical disk. Access to decryption keys is controlled by a central system regardless of the whereabouts of the data container, thus protecting secure information if the actual data containers are lost or stolen. The central system preferably comprises an authentication server 10 which sends decryption keys to a user's application 6 upon authentication of the user 1. The system avoids delays and bandwidth issues associated with 'Host-Based' systems as only keys and authentication information are transmitted via potentially slow links and large volumes of data are kept fully encrypted on the data container.

System and method for authentication upon network attachment

Abstract: An information processing system for remote access computing comprising a network access server and a local authentication server is augmented with the capability for forwarding authentication requests by tunneling interactions between the requesting client and an identity provider.

Method of establishing security association in inter-rat handover

Abstract: A method of establishing security association during handover between heterogeneous networks in a radio access system is disclosed. A method of establishing security association before handover with a target base station included in a heterogeneous radio access network is performed comprises transmitting a request message to a service base station, the request message requesting the service base station to transfer authentication related information of a mobile station to a target network authentication server; and receiving a response message from the service base station before the handover with the target base station is performed, the response message including security related information used in a target network.

Method and apparatus for performing secure communication using one time password

Abstract: The invention relates to a communication method and system using a one time password (OTP). The communication system includes: a user computer that has an OTP generator for generating the OTP provided therein; a service server that performs user authentication using user information and an OTP value input from the user computer, and communicates with the user computer using the encoded data that is associated with the OTP value, when the user authentication succeeds; and an OTP integrated authentication server that verifies the OTP value between the user computer and the service server.

Methods and systems for protecting website forms from automated access

Abstract: Systems and methods to tell apart computers and humans using image recognition task having a dynamic graphical arrangement of randomly selected images. The images can be arranged as a grid or matrix for presentation on a device display for authentication of a user as human. The kinds of graphical images can be derived from a selected category for the image recognition task. A series of randomly generated access codes corresponding to the images can be displayed with the images. The user may enter the access codes corresponding to images from the selected category. An authentication server can compare the access code entry to an authentication reference code corresponding to the particular arrangement of images. The selection of images, their arrangement and their corresponding access codes, may dynamically change in between verification sessions.

System and method providing secure access to a computer system

Abstract: A system and method for providing secure access to a computer system. An access device divides the password into multiple segments and places them in data packets. In one embodiment, an authentication server has multiple addresses, and each packet is sent to a different address. The server then reassembles the password. In another embodiment, when the server receives a password, the server sends an index value back to the access device, which then accesses the server on another address indicated by the index value. Alternatively, the password is sent to multiple addresses for the server, and the server determines whether any of the received packets have been altered. The multiple password packets may be forced to follow different paths to the server, thereby denying hackers the ability to intercept all of the password characters or determine the inter-packet timing factor. The system is effective against passive and active hackers, Trojans, and phishing techniques.

Security authentication system and method

Abstract: Authentication system and method are provided. The authentication system includes: a server configured to provide at least two security levels and configured to transmit one of at least two security modules corresponding to the security level of a user terminal, via communications network, to the user terminal based, at least in part, upon an environment of the user terminal; and an authentication server communicatively linked with the server and configured to perform a user authentication in response to a user authentication request from the user terminal. Accordingly, various hackings can be prevented and the user authentication can be accomplished with user's convenience and security.

A method and system for dynamic security using authentication server

Abstract: Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring System, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network

Wlan access integration with physical access control system

Abstract: A network access system. In particular implementations, a method includes monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client, and determining user credential information associated with a user of the client based on one or more messages of the authentication session. The method also includes accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter, and conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.

Authentication gateway apparatus for accessing ubiquitous service and method thereof

Abstract: An authentication gateway apparatus for accessing a ubiquitous service includes: an authentication server of a service provider that receives an authentication data request message from a portable apparatus, and provides an authentication token; a first authentication device of the portable apparatus that transmits the authentication data request message to the authentication server, receives and stores an authentication token from the authentication server, and is used as a representative authentication device; and second authentication devices of ubiquitous apparatuses that are connected to the first authentication device of the portable apparatus by a wireless communication system, and have individual unique values.

Method, access controller and WEB authentication server for pushing login page

Abstract: The invention provides a method, an access controller and a WEB authentication server used for pushing login pages, which are applied to a wireless network; the wireless network comprises a plurality of access points (AP) which are divided into at least two logic networks; each AP corresponds to one logic network; the method comprises the steps that: according to the current AP accessed to a mobile terminal, the mobile terminal is controlled to access the logic network corresponding to the current AP, and the WEB authentication server is triggered to push the login pages corresponding to the logic network corresponding to the current AP towards the mobile terminal. By adopting the method, the network operator can push the custom-built login pages to the mobile terminal according to the concrete position of the user accessing to the AP.