127results about "User identity/authority verification" patented technology

Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing, along with a token, a token assurance level and data used to generate the token assurance level. At the time a token is issued, one or more Identification and Verification (ID&V) methods may be performed to ensure that the token is replacing a PAN that was legitimately used by a token requestor. A token assurance level may be assigned to a given token in light of the type of ID&V that is performed and the entity performing the ID&V. Different ID&Vs may result in different token assurance levels. An issuer may wish to know the level of assurance and the data used in generating the level of assurance associated with a token prior to authorizing a payment transaction that uses the token.

Access to a privileged account is managed by first requiring authentication of a user logging into the account and then performing a policy evaluation to determine whether the identified user is allowed to log in using the privileged identity. Preferably, the authentication is a two factor authentication. The policy evaluation preferably enforces a policy, such as a role-based access control, and a context-based access control, a combination of such access controls, or the like. Thus, according to this approach, the entity is provided access to the privileged account if the user's identity is verified and a policy is met. In the alternative, the entity is denied access to the privileged account if either the authentication fails, or (assuming authentication does not fail) policy criteria for the user is not met.

A SoC may be utilized to authenticate access to one or more secure functions. A password may be generated within the SoC which is unique to each SoC instance and unique to each iteration of authentication. The SoC may challenge external entities attempting access to provide a matching password. A random number sample may be generated within the SoC and stored. A chip ID, secret word and a table of keys with key indices are also stored in memory. Two or more of the stored items may be passed to a hash function to generate the password. The external entity may generate and return the password utilizing information communicated from the SoC during each authentication operation as well as information known a priori. The SoC may compare the returned password with the internally generated password and may grant access to the secure functions.

The invention relates to an anonymous electronic voting method based on blockchain. A blind signature electronic voting scheme is introduced into blockchain as a vote information database, each vote is written into a transaction data block and transmitted to a counting center, in addition, a monitoring mechanism is introduced into the method, then rights of operators can be limited, and the situation that fraud voting is resulted or the voting process is interfered and voting results are affected since rights of operators are too centralized, is avoided. By adopting the method, the anonymity of a conventional electronic voting system is effectively solved, and the method has the characteristics that votes cannot be forged, the voting process and the voting results are open and transparentand can be verified, and the like.

A system and method for enhancing spam avoidance efficiency by automatically identifying a phishing website without human intervention. The system receives a stream of suspect Internet urls for potential phishing websites and uses a comparison strategy to determine whether the potential phishing website has already be labeled as a bonefid phishing website. A comparison system is utilized in which similarity data is calculated on various elements of the potential phishing website and then compared to similarity data of known phishing websites. Various types of categorization structures and notification strategies are utilized in the system.

A technique is disclosed that allows different computers in a network to create an identifier that uniquely identifies the network. The technique allows the unique identifier to be consistently created over time, regardless of the particular make up of the computing devices in the network at any particular point time. In some implementation, a computer within the network hosts the identification creation tool. In order to create a unique identifier for the network, the tool identifies each network adapter used by the host computer. Using this information, the tool identifies a gateway device used by the network adapter or adapters, and then determines the physical network address of that gateway device. For example, if the network is an Ethernet network, the tool will determine the medial access control (MAC) address for the gateway device. The tool then creates a unique identifier for the network based upon the physical address. The unique network identifier can then be used to associate the billing a usage fee, such as a licensing fee, with the network rather than with an individual computer within the network. Alternately or additionally, the unique network identifier can be used to maintain and support the gateway device for the network.

A system and method are presented for authorizing execution of requested actions transmitted between clients and servers of a data processing system. The method includes receiving a message including a set of actions and simulating execution of the set of actions. A list representing allowable actions and user-definable inputs to the simulated actions is defined. The list of allowable actions and user-definable inputs to the allowable action is then compared to user-requested actions and inputs. When elements within the user-requested actions and inputs are included in the allowable actions and input list, the user-requested actions and inputs are authorized for execution.

An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together. Otherwise, random numbers generated for the respective constituent elements are bound together, then the hash values of the respective random-numbered constituent elements are calculated, and then an electronic signature is affixed to data obtained by binding the calculated hash values together.

A cargo theft prevention method is disclosed. According to the method, a security device for sealing a cargo container and a communication system capable of being in communication with a sealer and an unsealer are provided. A first code utilizing a first algorithm stored in the communication system is generated. A second code utilizing a second algorithm stored in the security device is generated. The second code is then examined when the security device is to be unsealed.

An apparatus and method are disclosed for variable authentication requirements. The apparatus includes an operating status module identifying a change in an operating status of a device and maintaining a history of operating statuses, and an access control module comparing a current operating status with a previous operating status. The apparatus also includes a profile module maintaining a trust indicator for each operating status. The access control module determines a level of authentication required to unlock the device in response to the trust indicator associated with the current operating status. The method includes identifying a change in an operating status of a device and maintaining a history of operating statuses, and comparing a current operating status with a previous operating status. The method also includes maintaining a trust indicator for each operating status, and determining a level of authentication required to unlock the device in response to the trust indicator associated with the current operating status.

The invention relates to a method, which comprising initiating the establishment of a security association between a client node and a gateway node. User data is obtained from an authentication server and the user is au-thenticated. Authorization is obtained for the user for certain network services from a separate authorization node. An authorized address is provided to the client node. The authorization is checked by the gateway node for the allowing outbound packets to specific destinations.

The invention relates to a login method and system, a computer device and a storage medium. The method comprises the steps of acquiring a product trigger instruction via a logged-in page correspondingto a user identifier, wherein the product trigger instruction carries a product-party identifier; generating a product information access request according to the product trigger instruction, and sending the product information access request to a platform-party server, wherein the product information access request carries the user identifier, and the product information access request is used for indicating the platform-party server to generate a security token according to the user identifier; receiving the security token sent by the platform-party server, and generating a login request according to the security token; sending the login request to a product-party server corresponding to the product-party identifier, and receiving a verification result sent by the platform-party server,wherein the login request is used for indicating the product-party server to send the security token to the platform-party server for verification; and when the verification result is that the verification is successful, logging in the product-party server, and receiving product information returned by the product-party server. By adopting the method, a product-party system can be logged in quickly.

Reflective factors are used in combination with a, one-time password (OTP) in order to strengthen a system's ability to prevent man in the middle (MITM) phishing attacks. These reflective factors may include information such as URL information, HTTPS, a server's certificate, a session key, or transaction information. These reflective factors help to ensure that a client that wishes to access a server is the legitimate client, because even if a phisher (including a phisher attacking the legitimate client in real time) records identifying information from the legitimate client, it cannot replicate the reflective information to authenticate itself with the server.

An authentication system (10) to verify a password is provided. The authentication system includes a first storage unit (16) to store an authentication sequence (24) and a read-only memory unit (18) on which an authentication algorithm (26) is programmed. A microcontroller (20) is coupled to the first storage unit, the read-only memory unit and a web server. The microcontroller receives the password and executes the authentication algorithm to verify the password with the authentication sequence. A second storage unit (22) is coupled to the microcontroller to store data from the web server. Access to a second storage unit is permitted by the microcontroller only if the password has been verified.

A plurality of logical nodes are identified from a plurality of elements on a network, where the plurality of elements include security devices. One or more path entries may be determined for at least some of the logical nodes. Each path entry is associated with one of the logical nodes and specifies a set of communication packets, as well as a next node to receive the communication packets from the associated node. The path entries are used to characterize at least a substantial portion of a network path that is to carry communication packets in the set of communication packets.

A method, programmed medium and system are provided for enabling a user to choose a user-preferred encryption type from among a plurality of encryption types listed in a user's Kerberos configuration file. During the ticket granting process in a Kerberos system, a user is requested to select a preferred encryption type to be used in the Kerberos communication from among encryption types contained in the user's Kerberos configuration file. The user-selected encryption type is then implemented for use in encrypting a session ticket (as well as generating the session key of user requested encryption type) for use by the user machine in communicating securely with an Kerberized application server when being communicated by that particular user. Thus, the system allows different users to simultaneously communicate with the same Kerberized application server using a supported encryption type of the user's own choice.

The present disclosure relates to a method for updating a firmware component of a measurement and control technology device. The method includes: a segment-by-segment reception of a first firmware image; an authentication of the first firmware image based upon a first encryption method; a creation of a second authentication datum for the first firmware image via an algorithm that differs from the first encryption method; a re-transmission of the data used for updating the firmware component as a second firmware image; an authentication of the second-firmware image based upon the second authentication datum; and in the case of a successful authentication of the second firmware image, enabling and execution of the firmware program code.

A user of a mobile phone photographs himself/herself, and sends a password to an authentication server. After the authentication server authenticates the user, the mobile phone stores the photographed image of the user in a memory accessible only by authentication software. When the authentication software detects a billing apparatus at the time the user makes a purchase, the image is read from the memory and displayed while an indicator is on. A store clerk can confirm whether the person carrying the mobile phone is the legitimate user by judging whether the face image matches the person and whether the indicator is on at the same time.

A method, apparatus, and computer readable medium is provided. According to an embodiment, a method includes, receiving a message from a client. The method further includes, forwarding the message to a first service when the message includes an authentication token, where the authentication token indicates that the client can access the first service. The method further includes, forwarding the message to a second service when the message excludes the authentication token. The receiving the message from the client and the forwarding the message to the first service occur over a confidential channel.

The present invention relates to the field of anti-counterfeit protection of products. Specifically, the invention is directed to a composite security marking for a physical object, in particular to an anti-counterfeit product marking. In particular, without limitation, such composite security marking can be used in connection with or can form a component of a multi-component security system, in particular of an anti-counterfeit protection system, which is also disclosed herein as part of an overall solution for anti-counterfeit protection. The composite security marking comprises a physical unclonable function, PUF, and a representation of a digital signature or of a pointer indicating a location where said digital signature can be accessed. The digital signature digitally signs a hash value resulting from application of a predetermined cryptographic hash function to data representing a response generated by the PUF in reaction to a challenge of a predetermined challenge-response authentication scheme.

A wireless meshed network access authentication method belongs to the computer network field. When the system is initializing, offline CA gives a public-private key pair respectively to the system and itself; user provides user basic information to the offline CA to register for obtaining a public-private key pair and a public key certificate before accessing the network; if user want to serve as a backbone or an area router, it further need to provide an application; the offline CA selects users with better performances to serve as backbone and area router; the backbone router manages the system public-private key pair according to (n, t) threshold system, and gives authorization certificates and identity-based private keys to users. if a user want to enter some area, it provides the authorization certificate to the area router of the area, verifying with the area router to each other by the authorization certificates, and negotiating the authorization secret key of itself using three-sides agreement algorithm in order to access the area network. The method can effectively prevent unauthorized user from entering into network, and enable the authorized user to be quickly authenticated to acquire the resource service in network.

In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.

In order to grant an access to a computer-based object, a memory card having a program code processor is provided, on which at least one public and private key assigned to the memory card are stored. In addition, an item of license information is provided, which comprises at least one license code encrypted by means of the public key assigned to the memory card, on a computing device which controls the access to the computer-based object.