Showing papers on "Authentication server published in 2016"

Method for mapping at least two authentication devices to a user account using an authentication server

Abstract: The invention provides a method for mapping at least two authentication devices to a user account using an authentication server, where each authentication device connects to the authentication server using a secured communication channel; their mapping to the user account is recorded on the authentication server, and, when a transfer of data between the authentication devices mapped to the user account occurs, the data is passed over from the first authentication device to the authentication server using a secured communication channel and from the authentication server to another authentication device mapped to the account of said user using a secured communication channel, where the aforesaid secured communication channel is created by the second authentication device. This procedure allows the use of a single personal local authentication factor for multiple authentication devices and increases the security of authentication of devices with authentication servers.

Single sign-on system, terminal device, control method and computer program

Abstract: PROBLEM TO BE SOLVED: To provide a single sign-on system which allows a terminal user to achieve single sign-on to a server providing various functions with one login operation to a terminal without installing an authentication server separately.SOLUTION: An information processor 400 transmits an authentication cooperation request to an authorization server 200 by receiving a login operation to the own device, transmits a second authentication request to a service provision server 300 due to reception of the first authentication request from the authorization server 200, transmits a third authentication request to the service provision server 300 due to a response to the second authentication request by the service provision server 300, receives a redirect instruction to an authorization server including an authorization code from the service provision server 300 responding to the third authentication request, and receives a response to the authentication cooperation request including an authentication token from the authorization server 200 generating the authentication token by using the authorization code included in the redirect.

Locking applications and devices using secure out-of-band channels

Abstract: Systems and methods are provided for locking/unlocking a user account for accessing a client application. The systems and methods pair a user account for accessing a client application to a separate user authentication account. The user authentication server managing the user authentication account provides heightened measures for authenticating the identity of the user, such as by voice samples and human authenticator. After the heightened authentication of the user, the user may lock or unlock paired accounts from the user authentication account, wherein preventing all attempts to access the client application using the paired account. The client application may also capture information regarding login attempts to the paired user account. The captured information may be sent to the authentication server for providing reports of login attempts and generating alerts to automatically lock the paired account in cases of suspicious behavior.

Utilization of a protected module to prevent offline dictionary attacks

Abstract: Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module.

Augmented reality dynamic authentication for electronic transactions

Abstract: A system for authorizing an electronic transaction in an augmented reality environment comprises an augmented reality user device and an authentication server The augmented reality user device includes a display that overlays virtual objects onto a field of view of the user The user device receives a request to verify information about a payment card used in an electronic transaction The request includes a virtual authentication object, which is a virtual representation of an object capable of being manipulated by the user in a particular sequence to enter an authentication code The user device displays the virtual authentication object to the user and detects gestures performed on the virtual authentication object The user device sends the detected gestures to the authentication server The authentication server determines the authentication code using the virtual authentication object and the detected gestures, and uses it to authorize the transaction

A distributed user profile identity verification system for e-commerce transaction security

Abstract: There is provided a distributed user profile identity verification system comprising: at least one authentication server; a distributed blockchain identity verification ledger comprising a plurality of synchronised distributed identity verification databases, each database comprising unique user profile identifier records and associated verification level records, wherein, in use: the least one authentication server is configured for identity verification of an online user profile by creating a user profile record for the online user profile in the ledger, the user profile record comprising a unique user profile identifier and an associated first verification level, subsequently performing a verification task; and upon successful completion of the verification task, pushing a verification level blockchain update record to the ledger, the verification level blockchain update record comprising a second verification level being greater than the first verification level, the verification level blockchain update record linked to the user profile record and cryptographically signed by the authentication server and, wherein, for subsequently verifying the online user profile, the distributed block chain identity verification ledger may be queried with the unique user profile identifier to retrieve the second verification level.

Multi-factor user authentication

Abstract: Embodiments of the present invention relates to a multi-factor authentication system and method using an authentication device, a browsing device and an authentication server. Authentication requires a user to keep an authentication device within a certain proximity of a browsing device, and to authenticate locally to the authentication device using biometric information. The biometric information of the user is stored locally in the authentication device to prevent the need to transmit sensitive biometric information to an authentication server. The authentication server is capable of detecting unusual activity based on information received from the authentication device and the browsing device.

Identity and access control and management system and method in cloud environment

Abstract: The invention discloses an identity and access control and management system and method in a cloud environment. The system comprises an identity and access control and management system (IAM), a user terminal and an application server. For different application services, integrated identity authentication and unified user management follow an identity authentication and access control separation principle, and user identity and access control management is realized. On the respect of user identity information management, from generation to cancellation of the user identity, a registration service provides self-help service for the user; on the respect of user authentication, a double-factor authentication technology is used for realizing the bidirectional authentication of the user and an authentication server and issuing an authentication bill to realize one-time authentication and multi-time use; and on the respect of access control and management, the access authority of the user is managed based on a role access control strategy of a user group, and the server is authorized to issue an authorized bill to the user. By adopting the identity and access control and management system and method disclosed by the invention, the user is convenient to manage the identity information, multi-time authentication is avoided, the authentication security is enhanced, and the illegal access of unauthorized users is prevented.

Confidential authentication and provisioning

Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

Payment method, computer readable recording medium and system using virtual number based on otp

Abstract: The objective of the present invention is to provide a one time password (OTP)-based virtual number payment method, and a computer readable recording medium and a system thereof. The objective of the present invention is to support a safe transaction in a payment or authentication process by generating a virtual number with utilization of OTP, which is a one-time pass, as a decryption key value. The virtual number payment method includes the steps of: operating a client application in a client terminal; generating an OTP if a password is received while the client application is operated; transmitting, by the client terminal, a virtual number generation request to an authentication server; generating, by the authentication server, the virtual number by using the OTP included in the virtual number generation request as an encryption key; transmitting, by the authentication server, the generated virtual number to the client terminal; receiving, by the client terminal, the virtual number and transmitting a payment request including the virtual number and payment information; receiving, by the authentication server, the payment request and extracting an actual card number matched with the virtual number; and processing, by the authentication server, a payment approval based on the actual card number by linking with a card company server.

Looks Good To Me: Authentication for Augmented Reality

Abstract: Augmented reality is poised to become a dominant computing paradigm over the next decade With promises of three-dimensional graphics and interactive interfaces, augmented reality experiences will rival the very best science fiction novels This breakthrough also brings in unique challenges on how users can authenticate one another to share rich content between augmented reality headsets Traditional authentication protocols fall short when there is no common central entity or when access to the central authentication server is not available or desirable Looks Good To Me (LGTM) is an authentication protocol that leverages the unique hardware and context provided with augmented reality headsets to bring innate human trust mechanisms into the digital world to solve authentication in a usable and secure way LGTM works over point to point wireless communication so users can authenticate one another in a variety of circumstances and is designed with usability at its core, requiring users to perform only two actions: one to initiate and one to confirm Users intuitively authenticate one another, using seemingly only each other's faces, but under the hood LGTM uses a combination of facial recognition and wireless localization to bootstrap trust from a wireless signal, to a location, to a face, for secure and usable authentication

Identity authentication method, system and equipment

Abstract: The invention discloses an identity authentication method, system and equipment The method comprises the steps that a third-party application client sends an operation request to a third-party application server after acquiring an operation instruction used for requesting to execute a target operation; the third-party application server requests to acquire information to be signed from an authentication server and transmits the information to be signed to intelligent hardware through the third-party application client; the intelligent hardware signs the information to be signed by adopting an application private key corresponding to a third-party application, and a first signing result is obtained and sent to the authentication server; the authentication server verifies that the first signing result is correct by adopting an application public key corresponding to the third-party application and then sends a successful verification instruction to the third-party application server; the third-party application server executes the target operation According to the method, identity authentication is achieved through the intelligent hardware without needing to manually input related information for identity authentication by a user, and therefore more convenience and higher efficiency are achieved when the user executes a network operation needing identity authentication

Identity authentication method and system

Abstract: The invention provides an identity authentication method and system. The identity authentication method comprises the steps of carrying out associated storage for identification information of an information security device and user identification card information by an authentication server; reminding a user to input a personal identification code and verifying whether the personal identification code input by the user is correct by the information security device; receiving login information input by the user by an application program; receiving the login information and judging whether the login information is correct by an application server; by a terminal, generating an identity authentication request and sending the identity authentication request to an authentication server; receiving the identity authentication request and authenticating the user identification card information by the authentication server; generating to-be-authenticated information by the authentication server; by the information security, obtaining the to-be-authenticated information device and generating an identification image by using the to-be-authentication information; by the terminal, obtaining a group photo image and sending the group photo image to the authentication server; and by the authentication server, receiving the group photo image and authenticating the identification image and a face image in the group photo image.

Authentication system and authentication method of network access device in quantum network

Abstract: The invention discloses an authentication system and authentication method of a network access device in a quantum network. The authentication system comprises a client, a quantum device authentication controller, a login certificate issuing server, a quantum gateway and a quantum device authentication server. The authentication method comprises a network deployment stage, a certificate issuing stage, a bidirectional authentication stage, a quantum secrete key updating stage and a heartbeat authentication stage. According to the authentication system and authentication method of the network access device in the quantum network provided by the invention, bidirectional authentication is employed in the authentication process, the abstract of authentication information is extracted and an authentication secrete key is updated by using a quantum secrete key; the security is high; and the reliability is high.

System and method for point of sale payment data credentials management using out-of-band authentication

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect payment credentials without the risk of malware and skimming attacks. When opened, the secure payment application generates a multi-dimensional transitory key. The user authenticates the multi-dimensional transitory key and validates the secure payment application, triggering an out-of-band outbound mechanism. The portable mobile device invokes the authentication server and the authentication server authenticates the user based on the authenticated transitory key. After authentication, the merchant is allowed access to the payment credentials to complete the transaction. The process of the invention includes an authentication server, a secure payment application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional transitory key) and handle incoming requests, and a portable communication device with a smartphone application.

Virtual reality dynamic authentication

Abstract: A system for performing authorization of a user in a virtual reality environment includes a virtual reality user device. The virtual reality user device includes a display configured to display a virtual environment. The user device receives a virtual authentication object comprising a virtual representation of an object that the user can manipulate to enter an authentication code. The user device detects gestures performed by the user on the displayed virtual authentication object and forms an authentication request, which includes the virtual authentication object, the detected gestures; and an identifier of the user. The user device sends the authentication request to an authentication server. The authentication server determines an authentication code using the virtual authentication object and the detected gestures. The authentication server authenticates the user by comparing the determined authentication code with an authentication code stored in a database and sends an authentication response to the user device.

Identity recognition method and system based on multi-biometric feature in combination with device fingerprint

Abstract: The present invention discloses an identity recognition method and system based on a multi-biometric feature in combination with a device fingerprint The method comprises two main steps of registration authentication and user identification, and the system comprises a smart phone, a storage server and an authentication server; the smart phone is connected with an input end of the storage server, and an output end of the storage server is connected with the authentication server; and the smart phone is interconnected with the authentication server The method disclosed by the present invention comprises two main sections of the registration authentication and the user identification, and by means of iris local authentication, the two main sections can confirm that an operator of a phone is an owner of the phone; human face information acquired at the same time as the iris local authentication can be confirmed as human face information of the owner of the phone, thereby ensuring accuracy of registered user information According to the method and the system disclosed by the present invention, a smart phone iris recognition technology and a smart phone device fingerprint technology are combined, so that effects of network real person and real name authentication as well as high network account security and login convenience and the like are achieved

CAKA: a novel certificateless-based cross-domain authenticated key agreement protocol for wireless mesh networks

Abstract: Due to the flexibility of wireless mesh networks (WMNs) to form the backhaul subnetworks, future generation networks may have to integrate various kinds of WMNs under possibly various administrative domains. Aiming at establishing secure access and communications among the communication entities in a multi-domain WMN environment, in this paper, we intend to address the cross-domain authentication and key agreement problem. We present a light-weight cross-domain authentication and key agreement protocol, namely CAKA, under certificateless-based public key cryptosystem. CAKA has a few attractive features. First, mutual authentication and key agreement between any pair of users from different WMN domains can be easily achieved with two-round interactions. Second, no central domain authentication server is required and fast authentication for various roaming scenarios is supported by using a repeated cross-domain algorithm. Third, no revocation and renewal of certificates and key escrow are needed. Finally, it provides relatively more security features without increasing too much overhead of computation and storage. Our analysis shows that the proposed CAKA protocol is highly efficient in terms of communication overhead and resilient to various kinds of attacks.

User simple authentication method and system using user terminal in trusted execution environment

Abstract: The present invention relates to a method and a system for convenient user authentication using a wired and wireless terminal based on trusted execution environment, which can easily provide a login service or an electronic signature service with a wire and wireless terminal user without inputting user pin number or user ID. The method for convenient user authentication according to the present invention comprises: a login requesting step of allowing a user terminal operated by a general operation system and a security operation system to make a request for a login to a site server and receive a user token, a site ID, and whether an authentication service is used as a login response; an authentication service registration step of allowing an authentication application, which is executed by the user terminal, to transmit the user token through the authentication server to the site server in order to request site registration and receive a user private key as a result of the site registration approval to encrypt the user private key and store the user private key in the secure operating system; and a login service step of allowing the executed authentication application to transmit an authentication token generated by using the site ID and the user private key in the security operation system to the authentication server to request a login service when the login service to a site registered in the authentication application executed by the user terminal is requested and receive a permission token generated in the authentication server as a login response result to transmit the permission token to the user terminal.

User friendly two factor authentication

Abstract: A user friendly two factor authentication method and system for a user is disclosed. In an embodiment the system includes a user device, an authentication server, a network interconnecting the user device and authentication server and software on the user device and authentication server that cooperates to first register the user by storing first key share K1 of an authentication key K on the user device and storing a second key share K2 of K blinded by a user chosen password on the authentication server, and then authenticate the user by implementing a protocol where the user's knowledge of the password and the possession of the user device is used to derive the key K for authentication. Thus, the two factors are checked in one integrated protocol, thereby requiring no additional work or change in user behavior.

Keyless entry method and system of vehicle

Abstract: The embodiment of the invention discloses a keyless entry method and system of a vehicle. The method includes the steps that a vehicle body system detects the position of a terminal; if the position of the terminal is located in a strong connection area, authentication operation is conducted on the terminal through an authentication server with first time as the interval, and the authentication result is stored for preset time; when the vehicle body system detects that the terminal is located in an unlocking area, whether the authentication result of the terminal shows that authentication succeeds or not is judged; if the authentication result of the vehicle shows that authentication succeeds, the vehicle is unlocked; and if the authentication result of the vehicle shows that authentication fails, the terminal is authenticated again. By means of the manner that the vehicle is unlocked by authenticating the terminal through the authentication server, convenience of unlocking the vehicle is increased.

Wireless network connecting method, device and system

Abstract: The embodiment of the invention discloses a wireless network connecting method, device and system belonging to the network security field According to the invention, a first access request is sent to a wireless access point; an authentication server sends a second access request; whether the wireless access point belongs to a trust wireless access point is authenticated, when the wireless access point belongs to the trust wireless access point, first identity authentication is carried out with a user terminal, a main secrete key is generated through negotiating with the user terminal; the main secrete key corresponding to a user name is sent to the wireless access point; an encrypted wireless network connection is built by negotiating with the user terminal according to the main secrete key; the problems that the data transmitted to the counterfeit public Wi-Fi by the user terminal and the data in the user terminal are in security threat are solved; only the trust wireless access point can obtain the secrete key corresponding to the user name; therefore, the encrypted wireless network connection is built by negotiating with the user terminal according to the main secrete key; the data security of the data transmitted by the user terminal and the data in the user terminal is improved

Parallel active dictionary attack on IEEE 802.11 enterprise networks

Abstract: One of the greatest challenges facing 802.11 wireless local area network (WLAN) is to provide equivalent security to wired local area network (LAN). Wi-Fi Protected Access II (WPA-II), also referred to as IEEE 802.11i standard, is the current security mechanism for enterprise wireless networks. IEEE 802.11i standard depends upon IEEE 802.1X standard to authenticate and generate the main cryptographic key used to secure wireless network traffic. In a WPA-II enterprise network, capturing wireless frames during the authentication phase between the Access Point (AP) and an authorized wireless client will not compromise the security of the WLAN. However, an attacker can apply active dictionary attack by guessing the credentials used to access the wireless network. In this case, the attacker communicates directly with the Authentication Server (AS). The main downside of this attack is the low intensity of password guessing trials that the attacker can achieve, thus security community usually does not pay attention to such an attack. In this paper, we present a new attack scheme that can increase the intensity of guessing trials against WPA-II enterprise. The new scheme is based on using one wireless interface card to create multiple virtual wireless clients (VWCs), each VWC communicates with the Authentication Server as a standalone wireless client. We have developed a working prototype and our experiments show that the proposed scheme can improve the active dictionary guessing speed by more than 1700% compared to the traditional single wireless client attack.

Secure remote access for secured enterprise communications

Abstract: Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. One method includes initiating a secured connection with a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on a remote computing device, and initiating communication with an authentication server within an enterprise via the secured connection. The method also includes receiving specific credentials from the authentication server, terminating the secured connection with the VPN appliance, and initiating a second secured connection with the VPN appliance using the specific credentials, the specific credentials providing access to one or more computing devices within the enterprise being within a same community of interest as the remote computing device and obfuscating one or more other computing systems within the enterprise excluded from the community of interest. The method also includes initiating communications with at least one of the one or more computing devices included in the community of interest.

Access authorization method, device and system

Abstract: The invention discloses an access authorization method, device and system, and relates to the field of security access authentication. The access authorization method, device and system are used for solving the problem that under the scene that an access terminal does not support the function of scanning two-dimensional codes or an authorization terminal does not has the display function, two-dimensional code authentication cannot be performed. The access authorization method comprises the steps that a Portal server receives an access request from the access terminal; the Portal server generates a two-dimensional code according to the access request; the Portal server sends the two-dimensional code to the access terminal; the authorization terminal scans the two-dimensional code displayed on the access terminal; the authorization terminal generates an authorization request according to the two-dimensional code and sends the authorization request to the Portal server; the Portal server judges whether the access terminal is authorized or not according to the authorization request; if it is determined that the access terminal is authorized, the Portal server requests an authentication, authorization and accounting AAA authentication server for authenticate the access terminal; if the access terminal passes authentication, the AAA authentication server informs the access terminal that authorization and authentication are successful. The access authorization method, device and system are applied to visitor internet-surfing authentication.

SSO (Single Sign On) authentication method, web server, authentication center and token check center

Abstract: The invention discloses a SSO (Single Sign On) authentication method. The web server receives a web application access request sent by a client; the web server sends a token check request to the token check center according to the web application access request; and when the web server receives a token check success message returned by the token check center, session authentication is carried out on the client according to the token check success message. The invention also discloses the web server, an authentication server and the token check center.

Method and system for performing authentication on access request

Abstract: The invention discloses a method and system for performing authentication on an access request. The method comprises the following steps: receiving an access request of an access terminal by a CDN (Content Distribution Network) server, wherein the access request at least comprises a first identification used for identifying the access request; if the first identification is inquired in a local cache of the CDN server, then performing authentication on the access request locally by the CDN server, wherein authentication is used for determining the legality of the access request; and if the first identification is not inquired in the local cache of the CDN server, then transmitting the access request to an authentication server to perform authentication by the CDN server. The method and system for performing authentication on the access request provided by the invention solve the technical problem that an anti-stealing link method of the existing back to the source authentication only depends on the authentication server to recognize a hotlinking request in any case, so that the load of the authentication server is excessive.

Identity authentication method, apparatus, device and system

Abstract: The invention discloses an identity authentication method, apparatus, device and system. The method comprises the following steps: obtaining certificate information of a user; shooting a face photograph of the user; according to a head image of the user, obtained by a pick-up head in real time, determining whether the pick-up head faces a real person; and under the condition that it is determined that the pick-up head faces a real person, sending the certificate information of the user and the face photograph to an authentication server in an associated mode. To sum up, based on the identity authentication method, apparatus, device and system, in an authentication process, it can be ensured that the user performing authentication is a real person and is just the corresponding person submitting the certificate information, and thus the security of identity authentication is improved.

Multiscreen real-time interaction system based on Web technology

Abstract: The invention discloses a multiscreen real-time interaction system based on the Web technology. The multiscreen real-time interaction system comprises at least one client side, a static resource WEB server, a real-time communication server, a data interface API server, an authentication server and a large-screen controller. The client sides support Html5 webpage browsing. The static resource WEB server provides webpage codes, pictures, style definitions and/or script programs to the client sides. The real-time communication server provides a real-time communication service, pushes monitoring data to the client sides in real time and shares operation data between the client sides and transmits a control instruction to the large-screen controller according to a preset scheme. The data interface API server provides service data to the real-time communication server and pushes the services data to the client sides so that the client sides are enabled to acquire the data through an Ajax request. The authentication server provides client side access authentication. The large-screen controller is connected with large screen hardware, receives a soket instruction and performs switching of a large screen application mode.