474 results about "Web authentication" patented technology

Access to a database is provided via the Internet using a World Wide Web server including a search engine, a CGI gateway and user selectable data queries for extracting data, generating reports, and the like. Access by the user is authenticated by querying the user's central machine for authentication. The authentication process operates by sending a page request from the web browser through three checkpoints before the requested page can be served to the web browser. The first checkpoint determines if the requested page is protected. If not, the requested page is served to the web browser. However, if the requested page is protected, the authentication process on the web server checks the host name of the system where the page request is coming from. If the domain of the requesting host is the same domain specified in the web authentication configuration, then the requested page is served to the web browser. However, if the page request is determined to come from outside of the domain of the web server, then the authentication process checks a "cookie" from the web browser to determine if the requesting user has been authenticated as an authorized user earlier in the same session. If the cookie has been "set" during the login procedure, then the requested page is served to the web browser. Otherwise, the user is prompted with a login page. After the user ends the web browser session, the cookie is cleared. Data Query software at the web server permits queries initiated via a web browser to be completed off-line and the results e-mailed to the initiator of the request.

A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

A user gains access to a private network by connecting to a network, either through a hardwired or wireless connection, and then initiates an Internet access request targeting any website. If the user is not already authorized for Internet access, then the user is sent to a first predetermined website that points the user to an authentication server accessible via the Internet. The authentication server sends the user an HTTP form pages requesting authentication information. When the user responds, a network monitoring device within the private network alters the form page to include the user's hardware address and an encoded ID based on the network's location. The authentication server forwards this data to a gate keeper server, which authenticates the new user and transmits an unblock message along with another encoded ID based on the network's location and the user's hardware address.

There is disclosed a system and method for authenticating the identity of a user of a client device as part of a transaction between the client device and a server of a service provider over a communications network, the client device comprising a unique identifier. The system and method comprise one or more personal identification elements issued to the user based upon an initial authentication of the identity of the user, a credential issued to the client device by the service provider based upon the personal identification elements and the unique identifiers, and a trigger event for launching an authentication application installed on the client device. When the authentication application is launched by the trigger event, the authentication application transmits the one or more personal identification elements and the unique identifier in a combination with the credential to the server for authentication by the service provider.

A method, system, and computer program product for providing network convergence of applications and devices across multiple types of networks are provided. The method includes receiving an identifier for a device and user credentials for an account. The account specifies network access privileges for a user. The method also includes authenticating the user credentials and storing the device identifier with the user credentials within the account upon successful authentication of the user credentials. The method further includes using the user credentials and an identifier of a respective selected device specified in the account to route a sign on request from the respective selected device to a network authentication element for providing a single sign on credential for a user of the respective selected device.

A distributed authentication system includes a cryptography service node, and a client node interface coupled to a network authentication database, for providing automatic authentication to enable the client node to access network resources, such as applications or services, resident in one or more network server nodes. Authentication secrets corresponding to the network resources are each encrypted with a respective strong key and stored in the authentication database. Authentication of the client node is accomplished with the retrieval of an authentication secret corresponding to a requested network resource. The retrieval process includes: i) decrypting the authentication secret using the strong key and encrypting the secret using a second key, and ii) sending a copy of the second key encrypted with a third key along with the encrypted secret to the requesting client node via a communication medium.

A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user's identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user's identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users.

A method and apparatus for performing SIM-based authentication and authorization in a WLAN Internet Service Provider (WISP) network supporting the universal access method (UAM) of authentication and authorization enabling roaming for customers of mobile service providers onto said networks. In addition, the invention provides a secure way of authenticating the customer's client device to the mobile service provider's network by employing temporary credentials for authentication that provide privacy of the user's identity and prevent replay attacks. Finally, if the WISP network supports the ‘pass-through’ facility, the authentication can be done more securely and quickly.

A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

The present invention provides a method for facilitating mobile communication of a subscriber associated with a home network roaming in a visited network, even when the visited network has a No-Roaming Agreement (NRA) with the home network. The method includes detecting at a switching unit associated with the visited network, a registration attempt by the subscriber to register with the visited network. The method further includes authenticating by the switching unit, the subscriber with the home network via a sponsoring network that has a roaming agreement with the home network. Finally, the method includes sending by a service node, a trigger profile information to the switching unit in response to the registration attempt so as to enable redirection of call control associated with the subscriber to the service node. The service node thereafter allows the subscriber to perform call and non-call related mobile activities in the visited network.

A method and system for secured network access is provided in accordance with the present invention. The method begins with receiving a login request from a client on a router. Thereafter, a certificate transfer instruction for the router to an authentication appliance is generated where the client lacks a copy of a client certificate. The client is authenticated with a challenge-response sequence, the response to which is deliverable through an out-of-band communications channel. Upon authentication, the client certificate and the client private key are transmitted to the client, which are used to authenticate the client to the network.

Secure communication protocols are disclosed in which two parties generate a shared secret which may be used as a secure session key for communication between the parties. The protocols are based on Diffie-Hellman type key exchange in which a Diffie-Hellman value is combined with a function of at least a password using the group operation such that the Diffie-Hellman value may be extracted by the other party using the inverse group operation and knowledge of the password. In one embodiment, each of the parties explicitly authenticates the other party, while in another embodiment, the parties utilize implicit authentication relying on the generation of an appropriate secret session key to provide the implicit authentication. Typically, the parties will be a client computer and a server computer. In accordance with other embodiments of the invention, in order to protect against a security compromise at the server, the server is not in possession of the password, but instead is provided with, and stores, a so-called password verifier which is a function of the password and where the password itself cannot be determined from the value of the password verifier.

A system and method, implementable using an authenticating device, are provided for authenticating requesting devices such as mobile devices and other communication devices over a network. At least one group shared secret is provisioned on a plurality of requesting devices, which are further provided with other authentication credentials such as a shared secret for full authentication by the authenticating device. When authentication is sought, the requesting device transmits a pre-authentication request comprising one of the group shared secrets to the authenticating device, which verifies that group shared secret. The group shared secrets may be stored in volatile memory at the authenticating device. If the group shared secret is verified, the authenticating device will authenticate that same device in response to a subsequent authentication request.

Methods and systems are directed to authenticating a client over a network. The client generates a certificate and sends it to a server through a trusted mechanism. The server is configured to store the received certificate. When the client requests authentication over the network, it provides the certificate again, along with a parameter associated with a secure session. The server verifies the parameter associated with the secure session and determines if the certificate is substantially the same as the stored certificate. The server authenticates the client over the network, if the certificate is determined to be stored. In another embodiment, the client transmits the certificate that is generated by a third party Certificate Authority (CA) based, in part, on the client's public key.

The invention discloses an authority setting method of a user access network and equipment, which are applied to a network system comprising a network authentication server and a plurality of network access areas. The network authentication server stores access authority information of at least one user name in the plurality of network access areas respectively; when a user request is accessed, the user name and the position recognition information of the current network access area are provided, the corresponding resource access authority is obtained and network access is carried out. The invention realizes access authority allocation based on the actual access position of the user, can avoid that the access authority can not be controlled due to change of the access area, can adopt uniform access authority control for unfixed staff in all access areas, and adopts a single account number mode to access, thus providing convenience for use of users, improving network security of the network and simultaneously user experience.

A computer-implemented method and apparatus authenticates a user of a remote computer over a network. In one aspect of the present invention, an authentication challenge is received at said remote computer an authentication challenge message from an authentication server over a network, at least a portion of the network including an Internet communication link. A passcode is received at the remote computer. A response message to the authentication challenge is created, the response message including the passcode. The response message is transmitted from the remote computer to the authentication server over the network. The remote computer receives a verification message from the authentication server that the response message is verified.

A user device may request access to a service provided by an application server. The application server may request that an identity server authenticate the user device. The identity server may have a network authentication system assist with the authentication of the user device. Once authenticated by the network authentication system, the application server may be informed and may grant the user device access to the requested service. Additionally, the identity server may help determine whether the user device is a security threat by comparing user information from the network authentication system with user information from the application server. Additionally, the network authentication system may provide the application server with user information to enable the application server to automatically register the user device for a particular service.

The present invention provides a method for controlling client to access network equipment and a network authentication server. The method mainly comprises the following steps that: an authentication server in a network carries out identity authentication to a user through a user client ; after the user passes the identity authentication, the authentication server allocates authentication information to the user client ; the authentication information comprises a temporary ID and corresponding validity; the authentication server controls the user client to access equipment in the network according to the authentication information allocated to the user client. The method and the network authentication server of the present invention can realize authentication server safety in the network and control the access of user terminals to the equipment in the network effectively and conveniently.

The invention provides a control method, a device and a system for identifying login on the basis of voiceprint. The control method includes steps of enabling a mobile terminal to acquire voiceprint features and login passwords of users and store the voiceprint features and the login passwords, acquiring login information of a plurality of application programs and/or a plurality of websites and binding the login information of the multiple application programs and/or the multiple websites to the voiceprint features and the login passwords; enabling the mobile terminal to display login interfaces of current application programs or current websites to current users, and starting a voice acquisition function; enabling the mobile terminal to acquire information of the current application programs or the current websites, and acquiring voice information inputted by the current users; enabling the mobile terminal to authenticate the voice information according to the voiceprint features and the login passwords; acquiring the corresponding login information according to the information of the current application programs or the current websites if the current users are authenticated; adding the login information to the login interfaces to perform login operation. The control method, the device and the system have the advantage that the network authentication safety and the network authentication convenience can be improved.

The embodiment of the invention discloses a wireless local area network (WLAN) authentication method. The method comprises the following steps of: a mobile terminal automatically obtains an access account number and an access password; and the mobile terminal automatically sends a WEB authentication request to a network server, wherein, the WEB authentication request carries the access account number and the access password. The embodiment of the invention further discloses the corresponding mobile terminal. By adopting the WLAN authentication method and the mobile terminal disclosed by the invention, the mobile terminal can automatically complete WEB authentication of a WLAN without inputting the account number and the password by a user and displaying a WEB authentication interface to the user, thus avoiding complicated authentication operation and improving the user experience.

The invention provides a method, a system and a device for authenticating a portal in a wireless network. The method comprises the following steps: after receiving an authenticating request of a mobile terminal (STA) by a wireless access point (AP), transmitting the authenticating request to an accessing controller (AC) through the control of the wireless accessing point and a supply protocol (CAPWAP) tunnel, and forwarding the authenticating request to a portal server by the AC; after the AC successfully authenticates the STA by the Portal server, transmitting configuration information to indicate the AP to start a local forwarding function to the STA through the CAPWAP tunnel by the AC; and after learning a condition that the STA quits the authentication, transmitting configuration information to indicate the AP to close the local retransmission function to the STA through the CAPWAP tunnel. The invention is capable of using a prior network authentication framework to perform a Portal authentication under the condition of an AP local retransmission without extra increasing authenticating apparatuses, thereby saving the networking cost.