Showing papers on "Authentication server published in 2017"

Method and system for realizing block chain private key protection based on key segmentation

Abstract: The invention discloses a method and a system for realizing block chain private key protection based on key segmentation, and aims to solve a technical problem that a private key of a block chain is lack of security and cannot be retrieved The method for realizing block chain private key protection based on key segmentation comprises that hard encryption for a block chain private key supporting mobile phone equipment certificate authentication and password authentication is realized by taking a mobile phone as a terminal carrier and using a cipher machine and an authentication server of the cloud; and the block chain private key is segmented by using a threshold algorithm, and multi-party participating key backup and key recovery/retrieval is realized The method comprises (1) a registration procedure, (2) a private key utilization procedure, (3) a private key backup procedure, and (4) a private key recovery/retrieval procedure The system structurally comprises a cipher machine and an authentication server of the cloud and a mobile phone acting as the terminal carrier The method and the system disclosed by the invention can realize safe storage, safe utilization, multi-party participating backup and multi-party participating retrieval of the block chain private key

Block chain-based identity authentication methods, authentication server and user terminal

Abstract: Embodiments of the present invention disclose a block chain-based identity authentication method, an authentication server and a user terminal, relating to the technical field of identity identification The method comprises the steps of signing identity registration information sent by the user terminal, and providing the signed identity registration information for the user terminal; receiving an identity authentication request sent by the user terminal after identity registration to a preset smart contract in a block chain according to the signed identity registration information; returning identity authentication information to the user terminal according to the identity authentication request; and receiving a program running result generated by the smart contract according to the identity authentication information provided by the user terminal, and verifying the identity of the user terminal according to the program running result Through adoption of the identity authentication method, both security and efficiency of the information are ensured

Identity authentication method based on block chain, authentication server and user terminal

Abstract: The embodiment of the application discloses an identity authentication method based on a block chain, an authentication server and a user terminal, and belongs to the technical field of identity identification. The method comprises the steps of: according to an identity authentication request sent by the user terminal, acquiring an authentication factor of the user terminal; according to the authentication factor, creating a smart contract, wherein an operation result obtained after a preset operation is carried out on the authentication factor is pre-stored in the smart contract; broadcasting the smart contract into the block chain, and sending a smart contract block chain account address to the user terminal; and according to an execution result obtained after the user terminal executes the smart contract by utilizing the authentication factor, carrying out identity authentication, wherein when the execution result is matched with the operation result, success of identity authentication is confirmed, and when the execution result is not matched with the operation result, failure of identity authentication is confirmed. Therefore, the identity authentication method in the embodiment of the application has very high safety.

Architectural design of token based authentication of MQTT protocol in constrained IoT device

Abstract: An effective and secure authentication mechanism is one of the important part in implementation of communication protocol in a Internet of Things (IoT) based system. As one of the popular messaging protocol in IoT world, Message Queue Telemetry Transport (MQTT) offers a basic authentication using username and password. However, this authentication method might possibly have a problem in term of security and scalability. In this paper, we propose the design and implementation of token based authentication of MQTT protocol in constrained devices. The proposed design consists of four components : publisher, subscriber, MQTT broker and token authentication server. Publisher/subscriber first sends its username password to authentication server to get the token. Notice that, the token generating process is only performed at following conditions : 1) when token has not been generated yet and 2) when token has been expired. Once publisher get a valid token, it will store that token in its local storage and use it for further authentication. From usability and performance testing result, the proposed system can perform the authentication of valid and expired token in relatively acceptable time.

A Secure and Practical Authentication Scheme Using Personal Devices

Abstract: Authentication plays a critical role in securing any online banking system, and many banks and various services have long relied on username/password combos to verify users. Memorizing usernames and passwords for a lot of accounts becomes a cumbersome and inefficient task. Furthermore, legacy authentication methods have failed over and over, and they are not immune against a wide variety of attacks that can be launched against users, networks, or authentication servers. Over the years, data breach reports emphasize that attackers have created numerous high-tech techniques to steal users’ credentials, which can pose a serious threat. In this paper, we propose an efficient and practical user authentication scheme using personal devices that utilize different cryptographic primitives, such as encryption, digital signature, and hashing. The technique benefits from the widespread usage of ubiquitous computing and various intelligent portable and wearable devices that can enable users to execute a secure authentication protocol. Our proposed scheme does not require an authentication server to maintain static username and password tables for identifying and verifying the legitimacy of the login users. It not only is secure against password-related attacks, but also can resist replay attacks, shoulder-surfing attacks, phishing attacks, and data breach incidents.

A secure authentication and key agreement scheme for roaming service with user anonymity

Abstract: Summary Nowadays, with the advancement of wireless technologies, global mobility networks offer roaming services for mobile users. Since in global mobility networks the communication channel is public, adversaries can launch different security attacks to breach the security and privacy of data and mobile users. Hence, an authentication and key agreement scheme can be used to provide secure roaming services. It is well known that the conventional authentication schemes are not suitable for global mobility networks, because the authentication server of each network has the credentials of its registered users and thus cannot verify the authenticity of the other mobile users. Hence, for providing secure roaming services, another type of authentication called roaming authentication is required. Hitherto, a large number of authentication protocols have been proposed for global mobility networks. However, most of them have been proved to be insecure against various attacks. This paper proposes a secure and efficient authentication and key agreement scheme for global mobility networks. The proposed scheme is based on the elliptic curve cryptosystem. The correctness of the proposed scheme is verified using Burrows-Abadi-Needham logic. In addition, the security of the proposed scheme is proved using ProVerif. Detailed analyses demonstrate that the proposed scheme not only withstands various security attacks but also improves the efficiency by reducing the computational costs.

Key distribution and authentication methods, devices and systems

Abstract: Embodiments of the invention provide key distribution and authentication methods, devices and systems. The key distribution and authentication methods comprise the following steps that a business center server receives a first key request message sent by a user management server, generates a first key of a terminal device according to the first key request message and sends the first key to the user management server; and the user management server generates a first key of the terminal device, which is sent by the business center server, and sends the first key of the terminal device to the terminal device in order to make the terminal device and a network authentication server carry out mutual authentication according to the first key. The business center server and the user management server distribute the different keys to each terminal device, each terminal device carries out mutual authentication with the network authentication center based on the respective key, and a communication key of the terminal device and a function network element is finally obtained, a method for establishing a safety communication channel is provided for the terminal device, and the application range is wide.

Authentication method and apparatus based on face recognition of mobile terminal

Abstract: The embodiment of the invention provides an authentication method and apparatus based on face recognition of a mobile terminal. The method mainly comprises the following steps: when a user requires authentication, sending an authentication request to an authentication server, shooting a face picture of the user by a mobile terminal of the user, and extracting face features of the user from the face picture; comparing the face features of the user with face features of the user pre-stored in the mobile terminal or the authentication server, and judging to accept the authentication request or not by the authentication server according to a comparison result. According to the authentication method and apparatus provided by the embodiment of the invention, when the user logins in a website, the user does not need to input a username and a password just like traditional login, the user does not need to remember a lot of complex and tedious passwords, thereby facilitating the use of the user. The identity is authenticated by using the biometric technology of face recognition, thereby being difficult to counterfeit and fake, and being more secure, reliable and accurate. The security and reliability of login of the user are guaranteed.

User authentication method for enhancing integrity and security

Abstract: Disclosed is a user authentication method including at least: (1) performing a primary conversion to generate a first common authentication key and performing a secondary conversion to provide an encrypted first common authentication key, and registering the encrypted first common authentication key; (2) generating a first server authentication key, and performing an OTP operation on the first server authentication key to generate first server authentication information; (3) performing a primary conversion to generate a second common authentication key, performing a secondary conversion to generate an encrypted second common authentication key, generating a first user authentication key, and performing an OTP operation on the first user authentication key to generate first user authentication information; and (4) performing a user authentication or an authentication of the authentication server for determining a genuineness of the authentication server, based on coincidence of the first server authentication information and the first user authentication information.

Tenant-aware distributed application authentication

Abstract: Flexible authentication technologies customized to particular tenants of a data center network can be implemented. For example, an administrator can specify a primary authentication server and specify at which data centers different applications are to be hosted for a given tenant. End users can be shielded from the complexities of implementing such configuration details. For example, single sign-on authentication can be implemented, even when applications are configured to be hosted in different data centers. Enterprise tenants can thus control where applications are hosted and enforce data containment scenarios without encumbering users with additional tasks. Collaboration and application-to-application authentication can be achieved.

HLS live broadcast index list encryption anti-stealing-link system and method

Abstract: The invention discloses an HLS live broadcast index list encryption anti-stealing-link method The method mainly comprises the following steps that 1, a client side acquires a user token through a client authentication server of a system, and the user token and the IP address of the client side are bound; 2, the client side acquires an M3U8 playing address; 3, the client side acquires a URL address of a secret key and M3U8 enciphered data; 4, a standard M3U8 playing list text is acquired; 5, a TS file is acquired and played, and the client side downloads the video section TS file from a content distribution server through a TS file downloading address in a decrypted standard M3U8 playing list According to the HLS live broadcast index list encryption anti-stealing-link system, the content is encrypted when the client side acquires M3U8 files, the video file address cannot be obtained even though the files are directly downloaded, therefore, an anti-stealing-link function is achieved, it is avoided that a large number of CPU resources need to be consumed during TS file decryption, and the aim of smooth playing of low-performance equipment is solved

Identity authentication method, user equipment and server

Abstract: The invention discloses an identity authentication method, which is applied to a user equipment side, and comprises the steps of: sending an equipment authentication public key and an equipment unique identifier to an equipment authentication server for storage by the equipment authentication server; using an equipment authentication private key to sign a server authentication public key, and sending signature data and the equipment unique identifier to the equipment authentication server, so that the equipment authentication server retrieves the equipment authentication public key by means of the equipment unique identifier, performs signature authentication on the signature data, and returns a result to an identity authentication server for storage when the signature authentication passes; and using a service authentication private key for signing a user authentication public key, sending signature data to the identity authentication server so that the identity authentication server performs signature authentication by using the service authentication public key, and saving the user authentication public key when the signature authentication passes. The identity authentication method solves the security risk problem existing in registration of a user in the existing FIDO authentication standard. The invention further provides corresponding user equipment and servers.

Identity authentication method, terminal device, authentication server, and electronic device

Abstract: An identity authentication method, a terminal device, an authentication server and an electronic device. The method comprises: receiving an input biological feature of a first user, and acquiring account information about the first user and a device identifier of a terminal device; sending an identity authentication request to an authentication server; receiving identity confirmation information returned by the authentication server; receiving an input biological feature of a second user; sending a verification request to the authentication server; and receiving a login code returned by the authentication server, so that the second user performs login by using the login code. By means of the method, on a terminal device where a first user is successfully authenticated, the terminal device can be taken as a device for authentication and login of a second user, and identities of the first user and the second user are sequentially authenticated on the same device, so that the second user can successfully perform login only on the premise that the first user provides a guarantee, ensuring that the second user uses a security device for login and thereby ensuring the security and reliability.

Method and device for review of authentication records based on public block chains

Abstract: The invention discloses the method and device for review of authentication records based on public block chains, wherein, the method of review of authentication records based on public block chains is to be performed on the authentication server side, comprising: obtaining the pre-saved authentication records; generating and storing the authentication certificate according to the authentication records; writing relevant authentication information to the public block chains; receiving the request for review of authentication records sent by the client server; obtaining information assisting the review according to the request; and sending such information to the client server for the client server to review such information and inquiry in the public block chain the information related to the authentication and to review the authentication records requested.The program utilizes the characteristics of tamper-resistance and openness of the public block chain to increase the reliability of the authentication certificates and make the review of authentication records easier.

Establishing a session database for SDN using 802.1X and multiple authentication resources

Abstract: Network control systems based on identities allow fine-grained access control for users. They require a network-wide session database containing information about active authenticated and authorized users. We propose an authentication and authorization (AA) module (AAM) as a controller application for software-defined networking to establish a network-wide session database and provide a prototypical implementation with OpenFlow. End systems issue authentication requests and the switch redirects them to the AAM. The AAM either relays them to a RADIUS server as in legacy 802.1X (pass-through mode) or processes them based on directly attached AA resources (authentication server mode). After successful authentication, the AAM authorizes the requesting user and maintains a network-wide session database of authenticated and authorized identities. As the AAM interfaces to end systems and AA resources through existing protocols, i.e., EAP and RADIUS, its use is compatible with current infrastructures. Through implementation as distributed network functions, the AAM can be scaled so that high rates of authentication requests can be supported.

Login authentication method and system

Abstract: The invention discloses a login authentication method and system The method includes that a client generates a login authentication first request and sends the same to an application server, the application server generates a login authentication second request according to an analysis result of the login authentication first request and an application identify and sends the login authentication second request to an authentication server, the authentication server generates a login authentication second request response according to the login authentication second request and sends the same to the application server, the application server generates a login authentication first request response according to an analysis result of the login authentication second request response and sends the same to the client, the client generates a to-be-signed request according to an analysis result of the login authentication first request response and sends the same to authentication equipment, the authentication equipment generates a signature verification request and sends the same to the authentication server, the authentication server sends a verification result of a signature value in the signature verification request to the application server, and the application server allows or rejects a login operation according to the verification result

GIS Enterprise type rental house management system connected to GIS map by using smart devices and method thereof

Abstract: The present invention relates to an enterprise type rental house management system connected to a GIS map by using a smart device, and a method thereof. The present invention comprises: a rental house management server including real estate asset management database; an authentication server for authenticating rental contract and release; and a GIS server which provides GIS map information. The present invention provides a three-dimensional rental house management statistics information through a three-dimensional renderer and efficiently provides rental/asset management.

Method for carrying out kerberos identity authentication in multi-tenant mode

Abstract: The invention provides a method for carrying out kerberos identity authentication in a multi-tenant mode, and belongs to the field of big data security. Before a user performs a task, firstly, the user is authenticated by an authentication server and obtains a (Ticket Granting Ticket); the user requests for a ticket granting server by the TGT to access a Service Ticket of a service, and a KDC generates a session key, the Service Ticket and the session key are sent to a client together; and the client carries out authentication to the server by the service ticket so as to complete identity authentication. The user implements security data operations with hadoop big data cluster components, such as hdfs, hive, hbase, spark and the like, at the server side by the ticket.

Shared bike electronic lock system and unlocking method thereof

Abstract: The invention discloses a shared bike electronic lock system and an unlocking method thereof. The electronic lock system comprises an electronic lock module, a mobile phone supporting near-field communication and an authentication server. The electronic lock module is an electronic lock supporting the near-field communication and the mobile communication modes and having a cipher algorithm. The mobile phone supporting the near-field communication is a smart phone with the near-field communication technology. The authentication server comprises a cipher algorithm analysis system and a vehicle identification code database. According to the invention, by use of the near-field communication technology, encrypted message interaction between the electronic lock and the authentication server is improved; user experience is improved; and information safety is ensured.

Identity authentication method and device

Abstract: Embodiments of the present disclosure disclose an identity authentication method and device. The method comprises: receiving, by an identity authentication server, an identity authentication request transmitted by a third-party platform; determining, according to the phone number, an ID of a first identity authentication client by searching a pre-stored correspondence; if the first identity authentication client is online, transmitting a user information request; transmitting an authentication success message to the third-party platform if a user information response carrying the user information is received and the user information is consistent with user information stored in the identity authentication server; or transmitting an authentication fail message to the third-party platform if the user information is inconsistent with user information stored in the identity authentication server, or if a user information response carrying the user information is not received.

Intelligent identity authentication system

Abstract: The invention provides an intelligent identity authentication system. The intelligent identity authentication system comprises an authentication client SDK, an authentication server SDK, an authentication service proxy device, an authentication server, an authentication analysis engine and a cloud service platform, wherein the authentication client SDK is used for acquiring client information of authenticated users; the authentication server SDK is used for checking service strategies, and executing and forwarding information of an authentication client; the authentication service proxy device is used for providing a server reverse proxy when the authentication server SDK cannot implement an authentication function; the authentication server is used for managing the service strategies, authentication modes and cases, and displaying authentication analysis results; the authentication analysis engine is used for performing risk analysis based on a risk control model, wherein the risk analysis includes the steps of performing risk level scoring based on predefined rules and implementing big data analysis in combination with a big data analysis engine; and the cloud service platform dynamically adjusts identity authentication modes and requirements according to risk analysis results of the authentication server and the authentication analysis engine, performs identity authentication for the users, and returns an authentication result to the authentication analysis engine. According to the intelligent identity authentication system provided by the invention, an appropriate identity authentication mode can be selected for the users based on a risk analysis method.

User authentication and/or online payment using near wireless communication with a host computer

Abstract: A system and computer-implemented method for authenticating a user of a host computer communicating with a service server over a network. A mobile communication device including at least one processor and enabled for near field communication (NFC) receives authentication event information from the host computer via a near field communication link, wherein the authentication event information was generated by the service server and uniquely identifies a particular service process between the service server and host computer. At least one processor of the mobile communication device transmits authentication data associated with the user and the received authentication event information to an authentication server that is physically separate from the service server. The transmitted authentication data and authentication event information permit the authentication server to authenticate the user and notify the service server of the authentication results.

Enhanced smartcard-based password-authenticated key agreement using extended chaotic maps.

Abstract: A smartcard based password-authenticated key agreement scheme enables a legal user to log in to a remote authentication server and access remote services through public networks using a weak password and a smart card. Lin recently presented an improved chaotic maps-based password-authenticated key agreement scheme that used smartcards to eliminate the weaknesses of the scheme of Guo and Chang, which does not provide strong user anonymity and violates session key security. However, the improved scheme of Lin does not exhibit the freshness property and the validity of messages so it still fails to withstand denial-of-service and privileged-insider attacks. Additionally, a single malicious participant can predetermine the session key such that the improved scheme does not exhibit the contributory property of key agreements. This investigation discusses these weaknesses and proposes an enhanced smartcard-based password-authenticated key agreement scheme that utilizes extended chaotic maps. The session security of this enhanced scheme is based on the extended chaotic map-based Diffie-Hellman problem, and is proven in the real-or-random and the sequence of games models. Moreover, the enhanced scheme ensures the freshness of communicating messages by appending timestamps, and thereby avoids the weaknesses in previous schemes.

Login authentication method, authentication server, authentication client and login client

Abstract: The invention provides a login authentication method, an authentication server, an authentication client and a login client. The login authentication method is applied to the authentication server, and comprises the steps of: acquiring an authentication request message generated by the login client in a terminal according to user identifier information of a login user; according to the authentication request message, triggering the authentication client to acquire biological characteristic information of the user; receiving the biological characteristic information acquired by the authentication client; and comparing the biological characteristic information with pre-stored user biological characteristic registration information corresponding to the user identifier information, and generating an authentication result. According to the scheme, triggering on biological characteristic information acquisition is carried out by utilizing the authentication server, and when the terminal in which the login client is positioned has no biological characteristic acquisition ability, the user also can carry out the login operation by utilizing the biological characteristic information, so that flexibility of user operation is improved.

Access control method, device and system

Abstract: The application provides an access control method, device and system. In the scheme, after intercepting and capturing a service operation request with a target user identifier and service operation information, an application server of a service system sends an authentication request with the target user identifier and the service operation information to an authentication server; and when the authentication server detects that the target user identifier is a target user identifier of a user who has logged in and a target operation authority matched with the service operation information exists in a target operation authority set corresponding to the target user identifier, an authentication success indication is returned to the application server, so that the application server executes a service operation according to the service operation information. According to the scheme of the application, development workload of a network service platform, which is required for implementing authority verification, can be reduced, and complexity of authority verification is reduced.

Secure storage platform for data

Abstract: The invention discloses a secure storage platform for data. The secure storage platform for data comprises an authentication server, a secure key management server, an application server and a distributed cluster, wherein the authentication server is connected to a client and used for performing security verification on an access request after the access request is sent to the distributed cluster by the client; the secure key management server is connected to the authentication server and used for managing a file key so as to assign a private key of the file key to the designated client; the application server is connected between the distributed cluster and the client and is taken as an access agent of the client to access the distributed cluster; the distributed cluster is connected to the application server and is used for storing cloud data, and the application server is allowed to access the distributed cluster after the authentication server judges that the client is the designated server according to the private key and the access request. According to the technical scheme, the security of the storage platform is improved on the premise that expansibility, economic efficiency and effectiveness of the platform are guaranteed.

Electronic device and method for authenticating biometric information

Abstract: An electronic device includes a plurality of biometric sensors that each sense pieces of biometric information of different types, respectively, a communication circuit that communicates with an authentication server, a memory that stores a payment application, and a processor electrically connected with the plurality of biometric sensors, the communication circuit, and the memory. The processor is configured to generate pieces of account information respectively corresponding to the plurality of biometric sensors, to make a request for authentication of the biometric information corresponding to the account information to the authentication server using account information, which corresponds to biometric information to be authenticated, from among the pieces of account information, is the payment application is executed, and to receive a response to the request for the authentication from the authentication server.

Authentication method, device and system of automobile charging terminal and authentication server

Abstract: The invention discloses an authentication method of an automobile charging terminal and an authentication server. The method is applied to the charging terminal, and comprises the following steps: the charging terminal sending an authentication request to the authentication server, wherein the authentication request comprises a device identifier of the charging terminal and a user identifier acquired from a user recognition card for performing the first verification on a binding relation between the device identifier and the user identifier through the authentication server, and returning an authentication response containing the first verification result; the charging terminal receiving the authentication response sent by the authentication server. The invention further discloses a vehicle-mounted charging device, a ground charging device and the authentication server. An authentication platform on a service network is used for verifying the binding relation between the device identifier and the user identifier to guarantee that the binding relation between the charging terminal and the user identifier card is legal, the security of the automobile wireless charging is improved from the source, and the illegal operation and electricity-stealing are prevented.

Identity authentication method for Hadoop cluster

Abstract: The invention discloses an identity authentication method for a Hadoop cluster The method comprises the following steps: step one, a client sends a request to an authentication server to request for the ticket granting, the request is sent to the authentication server in a plaintext way, the request message comprises a user name, an authorization server name, a valid survival period, the first random number and a user located Kerberos field user information; step two, after receiving the request message of the client, the authentication server firstly finds a key of the user in a local database according to the user name, if the finding is successful, the authentication is continued By adopting an authentication mode based on the PKI, the command of the user is unnecessary to save on the KDC, the risk point of the system is reduced, and the security of the Hadoop cluster identity authentication is greatly improved

Authentication method, authentication system, edge node and authentication server in CDN (Content Delivery Network)

Abstract: The invention discloses an authentication method, an authentication system, an edge node and an authentication server in a CDN (Content Delivery Network). The method comprises the following steps: the authentication server authenticates and saves equipment information of external equipment; the external equipment transmits an access request to the edge node in the CDN, wherein the access request comprises encryption data carrying an identity label; the edge node acquires the identity label of the external equipment and transmits an authentication request carrying the identity label to the authentication server; the authentication server queries whether the equipment information corresponding to the identity label exists or not, if so, the authentication server feeds back the equipment information corresponding to the identity label to the edge node; after the edge node receives the equipment information fed back by the authentication server, the edge node authenticates to pass the access request of the external equipment. According to the technical scheme provided by the invention, normal operation of the authentication process can be guaranteed.