87 results about "Email authentication" patented technology

A policy agent of a network performs an out-of-band user authentication process to verify the identity of a user of a client computer and associates the network data received from the client computer with the user. When the client computer initiates a network data connection to or through the policy agent, the policy agent sends an encrypted challenge to the client computer. The challenge is encrypted with a private key of the policy agent. When the client computer receives the challenge, it decrypts the challenge and prepares a message digest value based on the challenge and the network data sent by the user. The message digest value is then encrypted with the private key of the user to form a response, and the response is sent to the policy agent. The policy agent decrypts the response with the public key of the user to obtain the message digest value and calculates a digest value based on the challenge and the received network data. The policy agent then compares the calculated digest value with the decrypted digest value. A match between the two digest values indicates that the user is successfully authenticated and that the received network data are associated with the user. The policy agent may then apply network policies based on the credentials of the authenticated user.

The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.

A confidential content reporting system and method with electronic mail verification functionality are provided. With the system and method, a security compliance search engine is provided for searching items of information to identify items containing confidential content and security violations with regard to this confidential content. Results of the search may be reported to a user via a graphical user interface (GUI) that identifies the item of information, the security violations detected, and suggested corrective actions, such as encryption. A user may interact with the GUI to apply security mechanisms in accordance with the suggested corrective actions. Moreover, the searching and reporting mechanism may be used to search electronic mail messages and their attachments prior to distribution of the electronic mail messages. Automatic modification of the electronic mail message to modify distribution lists and/or content of the electronic mail message may be performed using the mechanisms of the illustrative embodiments.

Systems and methods for verifying a financial transaction based on an account number, a mobile directory number associated with the financial transaction, a mobile directory number associated with the account number, an email address associated with the account number, internet protocol address data associated with the financial transaction, and internet protocol address data associated with accesses of the email address.

Methods, systems, and data structures are provided for single sign-on with basic authentication on a transparent proxy. A user accesses a client to issue requests for content on an origin server. The transparent proxy requires user authentication before access can be granted to the origin server. The transparent proxy receives the requests and determines if the user is presently authenticated to the origin server. If the user is not authenticated, then the transparent proxy issues a basic authentication error to the client causing the client to prompt the user for authentication information. The transparent proxy directs the client to retain the authentication information and supply it with subsequent requests to the origin server. Further, the transparent proxy independently reconstructs the authentication information for subsequent requests directed to other servers under the handling of the transparent proxy, without requiring additional user action.

The invention discloses a method, device and system of authentication and service calling, used for realizing legality authentication of an authentication server in a service platform to a client side application and promoting the safety reliability of a calling mechanism of a platform capacity API (Application Programming Interface). The authentication server realizes the safe distribution of a clientKey by displacing a test authentication module in the client side application to a client side authentication module preset with an MAC (Media Access Control) fingerprint and the clientKey. When the client side application satisfies a trigger condition, the client side authentication module firstly passes an integrity check based on an MAC fingerprint mechanism and applies for registration to the authentication server based on an MAC1 generated by the shared clientKey and obtains a random authentication factor. When the client side application needs to call the platform capacity API, a dynamic token is generated based on the authentication factor to be carried in a service request. After the dynamic token authentication passes, the platform capacity API is allowed to be called.

Systems and methods are provided for using digital signatures to help distinguish legitimate email from known or trusted organizations from unsolicited email or forged email. Digital signatures may be used in an email body, mail header, or embedded links. The signatures may be verified by a recipient or internet service provider and may be used in conjunction with spam filtering applications.

A zero-configuration secure mobility networking technique for WLANs is provided, utilizing split link-layer and a Web-based authentication. The link-layer authentication process facilitates network-to-user authentication and generation of session-specific encryption keys for air traffic using digital certificates to prevent man-in-the-middle attacks without requiring users to have pre-configured accounts. Although any WLAN host can pass the link-layer authentication and obtain link connectivity, the WLAN only allows the host to obtain IP networking configuration parameters and to communicate with a Web-based authentication server prior to initiating the Web-based authentication process that is responsible for user-to-network authentication. The Web-based authentication server employs a Web page for initial authentication and a Java applet for consequent authentications. In the Web page, registered users can manually, or configure their Web browsers to automatically, submit their authentication credentials; new users can open accounts, make one-time payments, or refer the Web-based authentication server to other authentication servers where they have accounts. Once a user is authenticated to the WLAN, the user's mobile host obtains full IP connectivity and receives secure mobility support from the WLAN. The mobile host always owns a fixed IP address as it moves from one access point to another in the WLAN. All wireless traffic between the mobile host and the WLAN is encrypted. Whenever the mobile host moves to a new access point, a Java applet (or an equivalent client-side program delivered over Web) enables automatic authentication of the mobile host to the WLAN. In addition, the ZCMN method supports dynamic load balancing between home agents. Thus, a mobile host can change home agents during active sessions.

The invention provides a user authentication and authorization method and a system for implementing the user authentication and authorization method. When a user end launches a business access request, a business server checks whether the user is a contracted user in accordance with identity information of the user; if the user is the contracted user based on the user identity information, the communication mode of at least one social relation user is selected from the user contracted information as an authentication end; the business server judges the validity of the user identity in accordance with information provided by the authentication end; and if the user identity is valid, the business server authorizes a user end and carries out corresponding business access responses. The method and the system for implementing the method provided by the invention are used to overcome the defects in a background technology and effectively ensure the security of user information and network services by using a mode that the communication mode of at least one social relation user is selected from the contracted information which is kept at the time of signing a business service by the user as the authentication end, and the business server judges the validity of the user end identity in accordance with the information provided by the authentication end and authorizes the user end.

Once information requesting superseding of a log-in through an authentication app is obtained from a service provision app on a user terminal, a service provision server transfers authentication request response information to the service provision app and, after an authentication redirection request thereof is transferred to the authentication app and then server challenge request information is obtained, server challenge request response information is transferred to the authentication app, thereby supporting the determination as to whether or not certificates of the server and the app are valid, an authentication result message including information on the validity is obtained from an authentication server, a predetermined access token is transferred to the service provision app, and thereby the log-in is handled by providing support such that a service can be used.

The present invention provides a method for modifying validity of a certificate in a public key infrastructure (PKI)-based authentication system, which is capable of performing online suspension, recovery and revocation of a certificate between a user system and a certificate authority by executing user authentication with guaranteed reliability using user biometric information. Accordingly, there is no need for the user to personally visit a registration authority or certificate authority to modify the certificate validity. The user can easily modify the certificate validity using his/her user system connected online to the certificate authority.

The invention discloses a method and system for performing authentication on an access request. The method comprises the following steps: receiving an access request of an access terminal by a CDN (Content Distribution Network) server, wherein the access request at least comprises a first identification used for identifying the access request; if the first identification is inquired in a local cache of the CDN server, then performing authentication on the access request locally by the CDN server, wherein authentication is used for determining the legality of the access request; and if the first identification is not inquired in the local cache of the CDN server, then transmitting the access request to an authentication server to perform authentication by the CDN server. The method and system for performing authentication on the access request provided by the invention solve the technical problem that an anti-stealing link method of the existing back to the source authentication only depends on the authentication server to recognize a hotlinking request in any case, so that the load of the authentication server is excessive.

Embodiments described herein relate to an invention for restoring a modified token or reissuing an unfettered token for use in a financial transaction. The systems, methods, and computer program products are configured to: (a) provide to a user a notification indicating a fettered token was generated for a payment vehicle or a token associated with the payment vehicle was modified based at least partially on identifying a potential exposure to loss associated with a financial transaction involving the payment vehicle; (b) receive, from the user, authentication information, wherein the authentication information is useable to authenticate the financial transaction and/or to authenticate the user; and (c) determine whether or not to restore the token associated with the payment vehicle that was modified or to generate an unfettered token and associate the unfettered token with the payment vehicle based at least partially on the authentication information.

Embodiments of the present invention relate to a method and system in which a URI is signed using a private key (PKI), and the signed URI is sent to a second server where the signature is validated using the public key.

The invention relates to mail identification method and reliability classified transmission method, based on label password technique, wherein it comprises that: user requests register identification and legal mark to the password center; user uses private key and client software to sign and send mail; when user receives mail, judges if it has sign; if there is sign, the mail is effective, but not be filtered. The invention can support lots of users, with simple process and high reliability.

A method and system for delivering electronic messages from a sender to a recipient over a communications network. The method includes receiving an email message verification request from a recipient mail server. Authorization of an email message is then verified, and the verification step includes generating a hostname using information in the email message transmission and querying a domain name server using the generated hostname. A verification result is transmitted to the recipient mail server. The verification result is valid when the generated hostname is successfully retrieved from the domain name server. The delivery system may be used to minimize, reduce, or eliminate the blocking or deletion of legitimate emails by spam filter applications.

This invention provides a portal authenticating method and system. The method comprises the following steps: a terminal sends a first HTTP (Hyper Text Transport Protocol) request to an access point and receives a first HTTP response returned by the access point; a status code of the first HTTP response comprises a redirection jump code based on browser identification; the redirection jump code comprises a uniform resource locator of the portal authentication; the terminal acquires the uniform resource locator of the portal authentication in the first HTTP response, and requests the portal authentication to an authentication server based on the uniform resource locator of the portal authentication. By adopting the method and the system provided in the invention, a plenty of invalid HTTP data packets are reduced to the authentication server, so that the processing pressure of the authentication server is relieved; and thus, a better network service is provided for the access point.

The invention discloses a real-name authentication apparatus. The real-name authentication apparatus comprises an identity information authentication apparatus and an identity confidence level management apparatus, wherein the identity confidence level management apparatus is used for determining the identity confidence level of users according to various identity information authentication results of the identity information authentication apparatus; the identity information authentication apparatus comprises but not limits to an Email authentication device, a mobile phone authentication device, a certificate authentication device, a payment authentication device, a communication address authentication device, a user association authentication device and an authentication information logout apparatus. According to the invention, the identity confidence level of the users can be sketched out according to the various authentication results of different information, so that a network virtual community is closer to reality, and a more credible and safe interactive environment is provided for the users in the network virtual community.