426 results about "Server authentication" patented technology

A system for enforcing security policies on mobile communications devices is adapted to be used in a mobile communications network in operative association with a subscriber identity module. The system having a client-server architecture includes a server operated by a mobile communications network operator and a client resident on a mobile communications device on which security policies are to be enforced. The server is adapted to determine security policies to be applied on said mobile communications device, and to send thereto a security policy to be applied. The client is adapted to receive the security policy to be applied from the server, and to apply the received security policy. The server includes a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; the client is further adapted to assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module.

Systems and methods are provided which implement a bridge server to provide user access to one or more secure applications. A bridge server of embodiments is disposed between a user and a secure application and invokes bridge server security protocols with respect to the user and secure application security protocols with respect to the secure application. In operation according to embodiments, client applications will link into a bridge server, the user will be authenticated by the bridge server, and a valid user will be correlated to an account of the secure application by the bridge server. Bridge servers of embodiments facilitate providing features with respect to secure application user access unavailable using the secure application security protocols.

A client-server authentication method for use where a server process has access to a repository storing cipher-protected client passwords. The method includes applying the same cipher function to the client's copy of its password as was previously applied to generate the stored cipher-protected client passwords. This ensures that both the client and server have access to an equivalent cipher-protected client password-providing a shared secret for driving a mutual challenge-response authentication protocol without having to convert the password into cleartext at the server. The invention can be implemented without significant additional software infrastructure in a UNIX environment. Client passwords are typically stored in the UNIX password repository under the protection of the crypt( ) function applied to the combination of the password and a random number (a "salt'). By sending the salt to the client system together with the server's initial challenge of the authentication protocol, a process at the client is able to apply the crypt( ) function to the client password with the same salt such that the client and server have a shared secret for use as, or to generate, a common session key for the authentication.

Methods and systems for secure electronic data communication over public communication networks. A secure data communication component may be utilized to implement a communication protocol. New versions of the data communication component may be generated, with each version containing a different communication protocol. Source code of the data communication component may be modified using a polymorph engine to create a functionally-equivalent component having a different code structure. An anti-phishing component may intercept a link in an electronic communication activated by a user, analyze the link and the electronic communication, determine a phishing risk to the user posed by the link, and direct the user to a location indicated by the link or redirect the user to a valid location. A server authentication component may detect and prevent DNS attacks, injections, and defacing activities.

A user gains access to a private network by connecting to a network, either through a hardwired or wireless connection, and then initiates an Internet access request targeting any website. If the user is not already authorized for Internet access, then the user is sent to a first predetermined website that points the user to an authentication server accessible via the Internet. The authentication server sends the user an HTTP form pages requesting authentication information. When the user responds, a network monitoring device within the private network alters the form page to include the user's hardware address and an encoded ID based on the network's location. The authentication server forwards this data to a gate keeper server, which authenticates the new user and transmits an unblock message along with another encoded ID based on the network's location and the user's hardware address.

The invention discloses a multi-party trusted identity authentication method and system based on a block chain, and belongs to the field of Internet identity authentication. The technical problem to be solved is to realize identity authentication of a user in a plurality of application systems based on the block chain, securely store the user information in the identity authentication process through the block chain and really and completely verify the user identity. The method comprises the following steps: an application system generates user attribute card information according to a received registration request, encrypts the user attribute card information and issues the user attribute card information to the block chain, wherein a plurality of application systems are provided, and the encrypted user attribute card information corresponding to each application system is stored in the block chain; each application system verifies the user identity based on the block chain. The system structurally comprises a block chain network, a client authentication module configured in a client and an application server authentication module configured in the application system. By adoption of the multi-party trusted identity authentication method and system, the real name information of the user is stored in the block chain securely and reliably, and the identity authentication of the user is implemented really and completely through the block chain.

Provided is a method for delivering all or part of a rights object (RO) of a user associated with the content to other users. The method includes creating a rights object to be transmitted to a second user within a limit of the rights object held by the first user, and forwarding the created rights object to the second user. The method allows each user to share its own RO with other users within the limit of the RO without server authentication.

Systems and methods for increasing user trust by authenticating an electronic commerce server over an electronic communications channel using information received through an out-of-band communication in a physical communications channel are described. In one configuration, a paper bill is sent to a user by physical mail delivery and it includes challenge and response data used to authenticate the electronic commerce server over the electronic communications channel.

Provided is a process for mobile-initiated authentications to web services. Credential values of the user are established within a trusted execution environment of the mobile device and representations are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may convey access to a web-based service from a relying device. The server may pass credentials corresponding to the web-service received from the mobile device and verified to permit user access to the web-service to the relying device. The relying device presents credentials to the web-service to login, authenticate, or otherwise obtain user-level permission for the user on the relying device. The user of the mobile device may authenticate with the mobile device to the server, and may initiate the authentication process from the mobile device, without inputting credentials corresponding to the web-service on the relying device.

Provided is a process that establishes representations and permits users to login to a relying device to which a mobile device has registered. Credential values of the user are established within a trusted execution environment of the mobile device and representations of those credentials are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may permit user access to the relying device via secure session. The user of the mobile device may authenticate with the mobile device to the server, which may permit user access by causing the mobile device to obtain a value by which the relying device may be accessed. The user of the mobile device may authenticate with the mobile device based on a policy received from the server to obtain a value by which the relying device may be accessed.

A technique for authenticating a user to a server using SIP messages includes forwarding an SIP request from the user agent to the server. The server then forwards a request for authentication to the user agent in response to the invite request, the request for authentication including information that the authentication will be performed using a UMTS AKA mechanism. The user agent then forwards and authentication response to the server in accordance with the UMTS AKA mechanism and the server then performs the appropriate actions to perform an invoked SIP procedure in response to the SIP request. The SIP request may include any standardized SIP request including an SIP INVITE request or an SIP REGISTER request.

The invention relates to a method for communicating between a server and a client. The server and the client access at least one session extension key and/or a key associated with the session extension key, as an associated key. The server authorizes to extend an open communication session with the client until an expiration time only if the client sends to the server authentication data allowing the server to authenticate at least the client on a basis of the session extension key. The expiration time is a time at which the communication session is open completed by a predetermined extension time period. The invention also relates to corresponding client, server and system.

The invention relates to a method and system for legality authentication of receiving terminals in a unidirectional network. The digital signature of UID of chips is written in terminal equipment, terminal firmware downloads a server authentication agent program from the network, the program runs on the hardware platform of the terminal, and UID signature is decrypted by using a built-in public key or the public key of the signature certificate acquired from the network; if the decrypted value and the abstract value of UID read out from the chips are determined to be identical and the signature certificate is in a trust chain established by the rood certificate, the terminal is legal, or the terminal is illegal. Also, in the process of self-test of the firmware, the decrypted value can be obtained by using the public key in the signature certificate to decrypt UID signature, then UID of the chips is read out and the abstract value thereof is calculated, and if the two values are identical, the self-test passes, or the work state ends. By using the self-test of the terminal firmware or the mutual authentication between the server authentication agent program and the firmware, the invention makes clone and copied set-top boxs not work normally in the network.

The invention provides a method and a system for improving SaaS application security. The encryption method includes that a public password belonging to the client is set up; a data password used for encrypting business data for the client is randomly generated when the business data of the client is saved; the data password is used as the password to encrypt the business data according to a symmetrical cryptographic algorithm; the business data are encrypted through the public password and according to an unsymmetrical cryptographic algorithm; the business data cryptograph and the data password cryptograph are saved in a server; the client gets the cryptograph saved in the server after successfully decrypting the challenge message of the server with the private password; the client decrypts the data password cryptograph with the private password and further decrypts the business data according to the symmetrical cryptographic algorithm. The system includes a WEB server, an authentication server and a database server which can transmit data each other. The invention effectively prevents the administrator from reveal and malicious use of the data password.

A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret. The method comprises authenticating the client to a first server using said shared secret, signalling associated with this authentication process being sent between the client and said first server via a second server, generating a session key at the client and at the first server, and providing the session key to said second server, and using the session key to authenticate the client to the second server.

Mobile device, client device and server associated with client-server authentication are described. In embodiments, the mobile device may comprise a camera and a token extractor. The token extractor may be coupled to the camera and configured to analyze an image, captured by the camera. The captured image may contain a barcode and may be displayed on a client device in response to a request of a server for access to a resource. The barcode may contain a token, which may be extracted by the token extractor to be used to gain access to a resource requested from a server. Other embodiments may be described and/or claimed.

The present disclosure is directed to systems and methods for performing single sign on by an intermediary device for a remote desktop session of a client. A first device intermediary to a plurality of clients and a plurality of servers authenticates a user and establishes a connection to the user's client device. The device provides a homepage including links to one or more remote desktop hosts associated with the user. The device receives a request to launch an RDP session with a remote desktop host via the homepage and generates RDP content, including a security token, for the user. The device receives a second request that includes the security token to launch the RDP session. The device validates the user using the security token and establishes a connection to the remote desktop host. The device signs into the desktop host using session credentials.

A security system for electronic commerce for verifying the authenticity of a user including: a server authentication program installed in a web-server at a website of a web-service provider; a client software component downloaded and installed at a workstation of the user; the server authentication program being integrated with existing web-applications with the web-service provider and for receiving existing security parameters entered by the user; a biometric scanner activated for identifying characteristics of a biometrics image and for converting the biometrics image into digital data; a device for compressing and encrypting the digital data from the biometric scanner; a device for transmitting the compressed and encrypted data to the web-server; a device for comparing the encrypted data with data stored in a database; and a device for sending status codes of comparison, if comparison is successful, to the web-service provider.

The invention discloses an electric vehicle, a charging device, a charging system and a method. An automatic identifying device of the electric vehicle comprises a RFID radio frequency identifying device for reading an electronic label on a charging gun, and a wireless transmission device for transmitting user identity information and electronic label information to an integrated controller of the charging device. After the integrated controller detects the connection between the electric vehicle and the charging gun and receives the user identity information and the electronic label information, the information is sent to a server for authentication; and after the server authentication is qualified, a charging instruction is given to the integrated controller, and the integrated controller is connected with a charging branch connected with the charging gun. Before the charging gun is connected with the electric vehicle, the charging gun is not electrified; after the charging gun is connected with the electric vehicle, the functions of identity identification and automatic charging can be performed; the charging process of the electric vehicle is largely simplified; and the charging method of the electric vehicle is safe, reliable and fast.

A method and system for mutually authenticating a client and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server to the client. Thereafter, the method continues with establishing a secure data transfer link between the server and the client. A server certificate is transmitted to the client during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes a client authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.

The invention relates to a method for authenticating user identity through P2P service request. The prior P2P network authentication mode has certain limitations. The method for authenticating user identity comprises steps of: user registration, namely, a user obtains a legal account number after submitting a registration request to a server, and the user can log in a P2P network to acquire services by using the account number; login authentication, namely, the user inputs a user name and a password on a host computer provided with client software to log in an authentication server and perform identity authentication, and the login authentication comprises local login and server authentication; and service request authentication, namely, the user receiving a resource service request from the P2P network queries the authentication server to authenticate the identity of the user sending the request. The method adopts dual authentication in the process of the user identity authentication, so the safety factor is higher, and the same account number can be prevented from being logged in by a plurality of users at the same time; besides, the authentication server has no need of saving the password of the user, so the account number and the password of the user cannot be given away.