679 results about "Replay attack" patented technology

A system for detecting and preventing replay attacks includes a plurality of interconnected authentication servers, and one or more tokens for generating a one-time passcode and providing the one-time passcode to one of the authentication servers for authentication. The system includes an adjudicator function associated with each authentication server. The adjudicator evaluates a high water mark value associated with a token seeking authentication, allows authentication to proceed for the token if the high water mark evaluation indicates that the one-time passcode was not used in a previous authentication, and prevents authentication if the high water mark evaluation indicates that the one-time passcode was used in a previous authentication. The token is associated with a home authentication server that maintains a current high water mark of the token. The home authentication server validates the current high water mark on behalf of the adjudicator function evaluating the token for authentication.

Authentication method for authenticating a mobile node to a packet data network, in which a shared secret for both the mobile node and the packet data network is arranged by using a shared secret of the mobile node and a telecommunications network authentication center. In the method, the mobile node sends its subscriber identity to the packet data network together with a replay attack protector. The packet data network obtains authentication triplets, forms a session key using them, and sends back to the mobile node challenges and a cryptographic authenticator made by using the session key. The mobile node can then form the rest of the authentication triplets using the challenges and then form the session key. With the session key, the mobile node can check the validity of the cryptographic authenticator. If the authenticator is correct, the mobile node sends a cryptographic response formed using the session key to the packet data network for authenticating itself to the packet data network.

Methods and system of preventing unauthorized scripting. The invention includes providing one or more tests to a user for distinguishing the user from a machine when the user requests access to the server. By storing information on a correct solution to the test in a block of data and sending the block of data together with the test, the invention provides stateless operation. Moreover, maintaining a database of previously used correct responses prevents replay attacks. The invention also includes providing combinations of alternative tests, such as visually altered textual character strings, audible character strings, and computational puzzles. Other aspects of the invention are directed to computer-readable media for use with the methods and system.

A method and apparatus for performing SIM-based authentication and authorization in a WLAN Internet Service Provider (WISP) network supporting the universal access method (UAM) of authentication and authorization enabling roaming for customers of mobile service providers onto said networks. In addition, the invention provides a secure way of authenticating the customer's client device to the mobile service provider's network by employing temporary credentials for authentication that provide privacy of the user's identity and prevent replay attacks. Finally, if the WISP network supports the ‘pass-through’ facility, the authentication can be done more securely and quickly.

The invention relates to the field of commutation and discloses an authentication and key negotiation method, an authentication method, a system and a device, which leads a user card to be capable of resisting the playback attack during the process of an AKA under the situation of not supporting SQN storing. In the invention, when a network side receives the authentication request of a terminal, a random number, a first sequence number SQN1 and a first authentication code MAC are sent to the terminal according to the shared key, the random number and the first authentication code MAC generated by the first sequence number SQN1, the first authentication code MAC represents the current system time at the network side; if a second authentication code XMAC is the same as the first authentication code MAC, and the difference value of a second sequence number SQN2 representing the current system time at the terminal side and the first sequence number SQN1 meet a preset condition, the terminal determines the network side legal according to the key shared with the network side, the received random number and the first authentication code MAC generated by the first sequence number SQN1.

A system and method implementing advanced cryptographic techniques to protect both the confidentiality and integrity of data sent to and received from a storage system or storage utility. Particularly, the system and method provides for the privacy and integrity of stored data. The integrity protection scheme employed defends against modification of data as well as “replay” and “relocation” of data since cryptographic integrity values are not only a function of the plaintext data and a cryptographic key, but also a function of the “address” of the disk block and a “whitening” value that defends against “replay attacks”. The integrity scheme protects the integrity of an entire virtual disk while allowing incremental, random access updates to the blocks on the virtual disk.

A key update process applied to encrypted memory in a processing system determines an address from contents of a boundary register, reads an encrypted data block from a memory location specified by the address, decrypts the encrypted data block using a first key, re-encrypts the decrypted data block using a second key, writes the re-encrypted data block back to the memory location specified by the address, and updates the boundary register. These operations are repeated for one or more additional addresses. The boundary register contents are also used to determine appropriate keys for use in other read and write transactions to the memory. The key update process can be run as a background process, separate from the other read and write transactions to the memory, so as to incur minimal processing overhead.

The invention discloses an identity based efficient anonymous batch authentication method in an IOV (Internet of Vehicles) environment. The identity based efficient anonymous batch authentication method in the IOV environment comprises an initial handshake module, a message signature module, a batch authentication module, an identity tracing module, a group key generation module and a group message signature and authentication module. According to the identity based efficient anonymous batch authentication method in the IOV environment, authentication between vehicles and infrastructures and authentication between vehicles can be realized, no tamper-proofing device is depended, privacy protection is realized by utilizing a pseudonymous name, conditional privacy protection is realized as a TA (Trusted Authority) can trace the real identity of each vehicle if necessary, the efficiency is improved as batch authentication is adopted, and the authentication process is simple and efficient. The message signature process and the group message signature process are same, the operating cost is low, and a replay attack can be borne as a time stamp is added.

A method of in-line sign in that allows a user to sign into a first server based on a sign-in methodology of a second server is disclosed. The method uses, among other things, a nonce and approved URL list to prevent spoofing and replay attack. Additionally, the method allows error messages that occur during the authentication process to be displayed to the user having the look and feel of the first server, despite using the authentication process of the second server. A method of dual or distributed authentication is also disclosed wherein the user need only to input the login id and password once and wherein the two authentication processes need not exchange the user's password.

A storage area network resistant to spoofing attack has several nodes each having a port, and storage area network interconnect interconnecting the ports. Each port is provided with a hash function generator for providing and verifying an authentication code for frames transmitted over the storage area network, and a key table for providing a key to the hash function generator. The authentication code is generated by applying a hash function to the key and to at least an address portion of each frame. In each node, the key is selected from that node's key table according to address information of the frame.

The application provides a network communication method, a system, a server and a terminal based on HTTP (Hypertext Transfer Protocol), aiming at resisting replay attack in HTTP network communication. The network communication method comprises the steps of sending a first time stamp to the terminal according to a terminal request; receiving network request information sent by the terminal, wherein the network request information includes the first time stamp and corresponding time stamp ciphertext, and the time stamp ciphertext is generated by encrypting algorithm factor containing the first time stamp according to a preset encryption algorithm at the terminal; and verifying whether the time stamp ciphertext is in effect or not according to the preset encryption algorithm, if no, judging the network request information is an invalid request. By verifying the validity and effectiveness of the time stamp ciphertext containing time stamp information, the possibility that the time stamp information in the network request is tampered can be further prevented, and occurrence of network replay attack can be avoided.

The application provides a safety test system and method. The system specifically comprises a visiting log recording device, a visiting log extraction device and a visiting test device, wherein the visiting log recording device aims at an on-line application program, the characteristic data of a user visiting request is preserved in a visiting log record, and the user visiting request comprises a normal visiting request and an abnormal request; the visiting log extraction device is used for extracting a visiting log record corresponding to the abnormal visiting request from the visiting log record of the on-line application program; and the visiting test device is used for using an obscuring test script to replay and attack the abnormal visit request and cam judge whether a loop hole exists according to the returned respondence. The safety test system and the method provided by the application can reduce the consumed substantive machine resources and manpower resources by safety test, and business logic coverage rate of the safety test is improved.

The invention discloses an authentication method for preventing a replay attack. The method comprises the following steps of transmitting an authentication evidence and service requests to an application server, wherein the authentication evidence is acquired from a login authentication server by a client side and is provided with a first time stamp; identifying the sequence of the user requests by using a unidirectional data chain; calculating the time difference between the current time and the first time stamp at the login authentication server end; packaging a judging result, the time difference and a unidirectional data chain value into verification information; and transmitting the verification information to the application server, wherein the application server judges whether the verification information is replay information or not according to the received unidirectional data chain value, and furthermore, whether the service requests are authenticated within effective time or not can be judged according to the time difference and the judging result. Time is not required to be synchronous, so that the complexity of the system or a protocol is avoided, and the delay caused by synchronization of time is also avoided. The probability that the user requests undergo the replay attack is avoided through the application of the unidirectional data chain.

A wireless station prepares to roam by pre-authenticating itself with a neighboring access point. The wireless station sends a rekey request, which can include an incremented rekey number. The wireless station receives a rekey response. The rekey response can include the incremented rekey number. Because the wireless station is pre-authenticated, after it roams it only needs to perform a two-way handshake with a new access point to establish secure communications with the new access point. The two-way handshake starts by the wireless station sending a reassociation request to the neighboring access point, the reassociation request comprising the incremented rekey number established during pre-authentication. The wireless station receives a reassociation response from the neighboring access point. To protect against replay attacks, the neighboring access point can verify the rekey number sent in the reassociation request matches the rekey number sent in the rekey response.

The invention relates to a blockchain-based identity authentication method and a blockchain-based identity authentication system. The identity authentication method based on the block chain comprisesthe following steps that an intelligent contract of the block chain receives an identity authentication request sent by a server side, the identity authentication request comprises a user public key and E(f (x)), and the E(g (x)), the E(f (x)) and the E(g (x)) are obtained through calculation by a client side according to a preset homomorphic encryption algorithm E; the intelligent contract inquires an authentication certificate Ea of the user on the block chain according to the public key of the user, carries out calculation and verification according to E (f (x)) , E (g (x)) and the homomorphic attribute of a homomorphic encryption algorithm E, and passes identity authentication if the homomorphic attribute is met; and the smart contract returns the identity authentication result to theserver. The method has the beneficial effects that based on the characteristics of the block chain, the threats of replay attacks and violent cracking can be resisted, so that the attack cost is increased. By utilizing a homomorphic encryption attribute equation, the nizk can be constructed, and under the condition that an original credential for user identity authentication is not leaked, the user is proved to have the credential, so that the identity of the user is proved.

A mechanism for providing strong anti-replay protection at a security gateway in a network for protection against an attacker duplicating encrypted packets. The mechanism assigns a unique sequence number to each encrypted packet and a time stamp. A receiving security gateway rejects packets that have a duplicative sequence number or that is too old to protect itself against replay attacks. Each security gateway checks off the sequence numbers as they are received knowing that the sending security gateway assigns sequence numbers in an increasing order. The receiving security gateway remembers the value of the highest sequence number that it has already seen as well as up to N additional sequence numbers. Any packet with a duplicative sequence number is discarded. In addition to the sequence number, each packet also has an associated time stamp that corresponds to an epoch during which it should be received. If the packet is received after the epoch has expired, the packet is rejected.

The invention, which belongs to the technical field of vehicle-mounted network, discloses a vehicle-mounted CAN bus network abnormity detection method and system. CAN bus abnormity detection based on a relative entropy is performed on an identifier ID; a sliding window with a fixed message number is employed; messages are paired based on a relationship between a message sensing sequence and a sending number, relative entropies of the paired messages and relative entropies of all IDs and normal distribution are calculated, and whether abnormity occurs is determined based on the two kinds of relative entropies; a replay attack and a denial of service attack are detected; CAN bus network abnormity detection based on a message data domain is performed on a data domain; features, including a constant value feature, a cyclic value feature, and a multi-value feature, of the message data domain are extracted; and a normal message model is established based on the extracted features and the message abnormity is detected. Therefore, the replay attack, the denial of service attack, the tampering attack and the forgery attack can be detected effectively and efficiently; more abnormal information is provided; and thus subsequent protection can be performed well.

The embodiment of the invention discloses a terminal authentication method and device based on single sign-on. The method comprises the following steps: a single sign-on server receives log-on evidence generated by a terminal to be authenticated carried in an authentication request of the terminal, wherein the log-on evidence at least comprises a serial number and verification information, the serial number is generated according to an initial random number distributed for the terminal by the single sign-on server and the cumulative number of terminal authentication, and the verification information is generated according to a shared key between the terminal and the single sign-on server; the single sign-on server judges that the terminal to be authenticated passes authentication if the serial number of the terminal to be authenticated is matched with the serial number of a terminal recorded by the single sign-on server; and otherwise, the authentication of the terminal to be authenticated fails. By adopting the method and the device, replay attack is prevented, and the singe log-on efficiency is increased.

The invention discloses a mobile phone door lock system based on an asymmetric secret key and a realization method thereof, and belongs to a mobile phone door lock. The system comprises an intelligent mobile phone, a door lock and a server; data transmission among the intelligent mobile phone, the door lock and the server is carried by network; the server is used for storing a mobile phone identification number blacklist, and encrypting door opening permission serial data after the verification is valid and sending the serial data to the mobile phone; the intelligent mobile phone is used for sending the door opening permission serial data of the mobile phone to the door lock, and the door opening authority serial data at least comprises a door lock ID, a mobile phone identification number, etc.; the encrypted permission serial data and black list verification and multiple encryption and decryption verifications are carried out between the mobile phone, the door lock and the server, thereby solving the technology problem that the prior mobile phone door lock product cannot withstand replay attack and the invalid unlocking risk is high, providing a complete permission distribution, authentication and cancel process, greatly improving safety performance of the mobile phone door lock product, and promoting the development of the mobile phone door lock industry.

Methods, systems, and devices are described for device-to-device (D2D) wireless communication. A device may receive a timing variable from a network while the device is in a connected mode. The device may then use the timing variable for D2D discovery message authentication. The device may compare the timing variable with a local timing variable to determine whether a difference between the two variables is within a maximum allowable offset. The device may announce the D2D discovery message to another device when the difference is within the maximum allowable offset.

The invention provides an anti-replay-attack system for an industrial wireless network, which introduces a third-party detection mechanism in order to reduce system resource consumption. The industrial wireless network comprises a gateway, a router, field equipment and network security manager. The anti-replay-attack system for the industrial wireless network comprises a third-party detection module used for detecting whether intrusion data packets and replay attack data packets exist in the industrial wireless network or not and sending detection results to the network security manager, and the network security manager compares the system resource consumption caused by replay attacks with resource consumption brought by using an anti-replay-attack means to determine whether the anti-replay-attack means is used, thereby effectively preventing the anti-replay-attack means from bringing more system resource consumption than the replay attacks, and two time stamps of creation time and sending time are added in the data packet by a sender, so that the certainty and uniqueness of messages can be ensured; a receiver detection mechanism is adopted, and the data packets of the replay attacks are judged and discarded by a receiver so as to solve the problems of ID authentication and the like.