WO2000010286B1 - Internet authentication technology - Google Patents

Internet authentication technology

Info

Publication number
WO2000010286B1
WO2000010286B1 PCT/CA1999/000633 CA9900633W WO0010286B1 WO 2000010286 B1 WO2000010286 B1 WO 2000010286B1 CA 9900633 W CA9900633 W CA 9900633W WO 0010286 B1 WO0010286 B1 WO 0010286B1
Authority
WO
WIPO (PCT)
Prior art keywords
executable code
machine executable
reversible function
transmitting
reference value
Prior art date
Application number
PCT/CA1999/000633
Other languages
French (fr)
Other versions
WO2000010286A1 (en
Inventor
Stanley T Chow
Harold J Johnson
Yuan Gu
Original Assignee
Cloakware Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloakware Corp filed Critical Cloakware Corp
Priority to EP99928969A priority Critical patent/EP1105999A2/en
Priority to CA002340742A priority patent/CA2340742A1/en
Priority to AU45970/99A priority patent/AU4597099A/en
Publication of WO2000010286A1 publication Critical patent/WO2000010286A1/en
Publication of WO2000010286B1 publication Critical patent/WO2000010286B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The present invention relates generally to cryptography, and more specifically, to secure authentication of a First Computer Program to a Second Computer Program. The approaches known in the art require that secure data positively identifying Client accounts be stored at a central location, either the Server or a Certifying Authority, requiring large overheads of memory and computational power, and presenting obvious and high-value targets for attacks. The invention provides a means of authenticating Clients to Servers without requiring confidential data to either be stored at the Server, or transmitted to the Server. The Client generates a series of one-time passwords by successive iterations of a non-reversible function on a seed value. The last value in the series is then sent to the Server to establish an account. When the Client wishes to log on to his account, he sends the previous value in the non-reversible series as his password. The Server can easily authenticate the Client by executing the same non-reversible function on the password and verifying that is equal to the previous password. However, given such a one-time password, there is no practical means for generating a prior value in the non-reversible series. Therefore, even if the password is intercepted or the Server data accessed, there is no useful information available in either the transmission or the central storage.

Claims

AMENDED CLAIMS[received by the International Bureau on 15 February 2000 (15.02.00); original claims 1-3, 6-9, 11, 12-14, 17, 21-25, 27, 32-34 and 37 amended; remaining claims unchanged (14 pages)]
1. A method of authentication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non- reversible function on a stored seed value, said method comprising the steps within said first set of machine executable code of: transmitting to said second set of machine executable code: a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said fewer iterations; and storing said quantity of said fewer iterations with said first set of machine executable code.
2. A method of authentication as claimed in claim 1 wherein said step of transmitting comprises the step of: transmitting to said second set of machine executable code: a password calculated by a predetermined number of fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said predetermined number of fewer iterations; and said step of storing comprises the step of: storing said predetermined number of fewer iterations with said first set of machine executable code.
3. A method of authentication as claimed in claim 2 wherein said step of transmitting comprises the step of: transmitting to said second set of machine executable code: a password calculated by one fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said one fewer iterations; and said step of storing comprises the step of: storing said quantity of said one fewer iterations with said first set of machine executable code.
4. A method of authentication as claimed in claim 3 comprising the step of: transmitting to said second set of machine executable code a new initial value calculated by at least one iteration of said non-reversible function on a new seed value.
5. A method of authentication as claimed in claim 4 wherein said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, said first and second computers being linked by a communication network, and each step of transmitting comprises a step of transmitting via said communication network.
6. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, and said first and second computers are linked by a communication network, said method comprising the step within said first set of machine executable code of: responding to an authentication challenge from said second set of machine executable code by: 49
transmitting to said second set of machine executable code via said communication network: a password calculated by one fewer iterations of said non- reversible function on said stored seed value than used to calculate said reference value; and the quantity of said one fewer iterations; and storing said quantity of said one fewer iterations with said first set of machine executable code; and transmitting to said second set of machine executable code via said communication network, a new initial value calculated by at least one iteration of said non-reversible function on a new seed value.
7. A method of authentication as claimed in claim 6 wherein said first computer has established an account with said second computer by transmitting a plurality of initial values to said second computer calculated by at least one iterations of a non-reversible function on a plurality of stored seed values, and said step of responding to an authentication challenge comprises the step of: responding to an authentication challenge from said second set of machine executable code by: successively transmitting to said second set of machine executable code via said communication network: a password calculated by one fewer iterations of said non- reversible function on one of said plurality of stored seed values than used to calculate said plurality of initial values; and the quantity of said one fewer iterations for the respective one of said plurality of stored seed values; and storing said quantity of said one fewer iterations for the respective one of said plurality of stored seed values with said first set of machine executable code.
8. A method of authentication as claimed in claim 7 further comprising: the prior step of calculating a plurality of new seed values by multiple iterations of a non-reversible function on an initial seed value; and 50
wherein said step of transmitting to said second set of machine executable code via said communication network, a new reference value, comprises the step of: transmitting to said second set of machine executable code via said communication network, a new reference value calculated by multiple iterations of said non-reversible function on one of said plurality of new seed values.
9. A method of authentication as claimed in claim 8 wherein said second computer delegates access to a third computer, said third computer linked to said first and second computers via said communications network, by performing the step of: responding to a request for delegation of access to said second computer by said third computer by: transmitting to said third computer via said communications network a password corresponding to one fewer iterations of said non- reversible function than used to calculate said reference value.
10. A method of authentication as claimed in claim 9 wherein said communication network comprises an Internet communications protocol network and each said step of transmitting comprises a step of transmitting via said Internet communications protocol network.
11. A method of authentication as claimed in claim 6 wherein said second set of machine executable code has higher and lower security levels, said first set of machine code has established accounts for said higher and lower security levels by transmitting to said second set of machine executable code a higher level security reference value and a lower reference value, and said first set of machine executable code has access to said lower security level, comprising the steps within said first set of machine executable code of: responding to an authentication challenge from said second set of machine executable code to access said higher security level by: transmitting to said second set of machine executable code via said communication network: 51
a password calculated by one fewer iterations of said non- reversible function on a higher security level stored seed value than used to calculate said higher level security reference value; and the quantity of said one fewer iterations; and storing said quantity of said one fewer iterations with said first set of machine executable code.
12. A method of authentication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non- reversible function on a stored seed value, said method comprising the steps within said second set of machine executable code of: receiving from said first set of machine executable code: a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said fewer iterations; responding to said non-reversible function operating upon said password being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code; and storing said password as said reference value.
13. A method of authentication as claimed in claim 12 wherein said step of responding comprises the step of: responding to said non-reversible function operating upon said password a predetermined number of iterations, being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
AMENDED.SHEET (ARTICLE 19) 52
14. A method of authentication as claimed in claim 13 wherein said step of responding comprises the step of: responding to said non-reversible function operating upon said password by one iteration, being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
15. A method of authentication as claimed in claim 14 comprising the step of: responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value.
16. A method of authentication as claimed in claim 15 wherein said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, said first and second computers being linked by a communication network, and each said step of receiving comprising receiving via said communication network.
17. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, and said first and second computers are linked by a communication network, said method comprising the step within said second set of machine executable code of: receiving from said first set of machine executable code, via said communication network, in response to an authentication challenge: 53
a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said fewer iterations; responding to said non-reversible function operating upon said password by one iteration, being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code; storing said password as said reference value; and responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value.
18. A method of authentication as claimed in claim 17 wherein said first computer has established an account with said second computer by transmitting a plurality of initial values to said second computer calculated by at least one iteration of a non-reversible function on a plurality of stored seed values, and said step of responding to said non-reversible function comprises the step of: responding to said non-reversible function operating upon one of said plurality of passwords by one iteration being equal to a corresponding one of said reference values by authenticating said first set of machine executable code to said second set of machine executable code.
19. A method of authentication as claimed in claim 18 wherein access may be delegated to a third computer, said third computer linked to said first and second computers via said communication network, by responding to said non-reversible function operating upon said delegation password by one iteration being equal to said reference value by authenticating said third computer as a delegate of said first computer.
20. A method of authentication as claimed in claim 19 wherein said communication network comprises an Internet communications protocol network and each said step of receiving comprises a step of receiving via said Internet communications protocol network. 54
21. A method of authentication as claimed in claim 17 wherein said second set of machine executable code has higher and lower security levels, said first set of machine code has established accounts for said higher and lower security levels by transmitting to said second set of machine executable code a higher level security reference value and a lower reference value, and said first set of machine executable code has access to said lower security level, comprising the steps within said second set of machine executable code of: receiving from said first set of machine executable code, via said communication network, in response to a challenge to authenticate to said higher security level: a password calculated by one fewer iterations of said non- reversible function on a higher security level stored seed value than used to calculate said higher level security reference value; and the quantity of said one fewer iterations; responding to said non-reversible function operating upon said higher security level password by one iteration, being equal to said higher security level reference value by authenticating said first set of machine executable code to said second set of machine executable code; and storing said password as said reference value.
22. A computer readable storage medium storing a first set of machine executable code, said first set of machine executable code being executable by a computer to perform the step of: transmitting to said second set of machine executable code: a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said fewer iterations; and storing said quantity of said fewer iterations with said first set of machine executable code. 55
23. A computer readable storage medium as claimed in claim 22 wherein said step of transmitting comprises the step of: transmitting to said second set of machine executable code: a password calculated by a predetermined number of fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said predetermined number of fewer iterations; and said step of storing comprises the step of: storing said predetermined number of fewer iterations with said first set of machine executable code.
24. A computer readable storage medium as claimed in claim 23 wherein said step of transmitting comprises the step of: transmitting to said second set of machine executable code: a password calculated by one fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said one fewer iterations; and said step of storing comprises the step of: storing said quantity of said one fewer iterations with said first set of machine executable code.
25. A computer readable storage medium as claimed in claim 24 wherein said first set of machine executable code is further executable to perform the step of: transmitting to said second set of machine executable code a new initial value calculated by at least one iteration of said non-reversible function on a new seed value.
26. A computer readable storage medium as claimed in claim 25 wherein each step of transmitting comprises a step of transmitting via a communication network. 56
27. A computer readable storage medium storing a second set of machine executable code, said machine executable code being executable by a computer to perform the steps of: receiving from said first set of machine executable code: a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said fewer iterations; responding to said non-reversible function operating upon said password being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code; and storing said password as said reference value.
28. A computer readable storage medium as claimed in claim 27 wherein said step of responding comprises responding to said non-reversible function operating upon said password a predetermined number of iterations being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
29. A computer readable storage medium as claimed in claim 28 wherein said step of responding comprises responding to said non-reversible function operating upon said password by one iteration being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
30. A computer readable storage medium as claimed in claim 29 wherein said second set of machine executable code is further operable to perform the step of: responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value.
31. A computer readable storage medium as claimed in claim 30 wherein each said step of receiving comprises a step of receiving via a communication network.
32. A system for authenticating communication comprising: a first set of machine executable code; a second set of machine executable code; said first set of machine executable code and said second set of machine executable code having means for executing a like non-reversible function; and said first set of machine executable code having: means for establishing an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value; means for transmitting to said second set of machine executable code: a password calculated by fewer iterations of said non- reversible function on said stored seed value than used to calculate said reference value; and the quantity of said fewer iterations; and means for storing said quantity of said fewer iterations with said first set of machine executable code.
33. A system of authentication as claimed in claim 32 wherein said means for transmitting comprises: means for transmitting to said second set of machine executable code: a password calculated by a predetermined number of fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said predetermined number of fewer iterations; and said means for storing comprises: means for storing said predetermined number of fewer iterations with said first set of machine executable code. 58
34. A system of authentication as claimed in claim 33 wherein said means for transmitting comprises: means for transmitting to said second set of machine executable code: a password calculated by one fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value; and the quantity of said one fewer iterations; and said means for storing comprises: means for storing said quantity of said one fewer iterations with said first set of machine executable code.
35. A system of authentication as claimed in claim 34 wherein said first set of machine executable code comprises: means for transmitting to said second set of machine executable code a new initial value calculated by at least one iteration of said non-reversible function on a new seed value.
36. A system of authentication as claimed in claim 35 comprising: a first computer having means for executing said first set of machine executable code; a second computer having means for executing and said second set of machine executable code; and a communication network linking said first and second computers, wherein each means for transmitting comprises means for transmitting via said communication network.
37. A system for authenticating communication comprising: a first set of machine executable code; a second set of machine executable code; said first set of machine executable code and said second set of machine executable code having means for executing a like non-reversible function; and said second set of machine executable code being having: means for receiving from said first set of machine executable code: 59
a password calculated by fewer iterations of said non- reversible function on said stored seed value than used to calculate said reference value; and the quantity of said fewer iterations; means for responding to said non-reversible function operating upon said password being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code; and means for storing said password as said reference value.
38. A system of authentication as claimed in claim 37 wherein said means for responding comprises means for responding to said non-reversible function operating upon said password a predetermined number of iterations being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
39. A system of authentication as claimed in claim 38 wherein said means for responding comprises means for responding to said non-reversible function operating upon said password by one iteration being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
40. A system of authentication as claimed in claim 39 wherein said second set of machine executable code further comprises means for responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value.
41. A system of authentication as claimed in claim 40 comprising: a first computer having means for executing said first set of machine executable code; a second computer having means for executing and said second set of machine executable code; and 60
a communication network linking said first and second computers, wherein each means for transmitting comprises means for transmitting via said communication network.
PCT/CA1999/000633 1998-08-14 1999-07-14 Internet authentication technology WO2000010286A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP99928969A EP1105999A2 (en) 1998-08-14 1999-07-14 Internet authentication technology
CA002340742A CA2340742A1 (en) 1998-08-14 1999-07-14 Internet authentication technology
AU45970/99A AU4597099A (en) 1998-08-14 1999-07-14 Internet authentication technology

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/134,731 US20020002678A1 (en) 1998-08-14 1998-08-14 Internet authentication technology
US09/134,731 1998-08-14

Publications (2)

Publication Number Publication Date
WO2000010286A1 WO2000010286A1 (en) 2000-02-24
WO2000010286B1 true WO2000010286B1 (en) 2000-03-30

Family

ID=22464732

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA1999/000633 WO2000010286A1 (en) 1998-08-14 1999-07-14 Internet authentication technology

Country Status (5)

Country Link
US (1) US20020002678A1 (en)
EP (1) EP1105999A2 (en)
AU (1) AU4597099A (en)
CA (1) CA2340742A1 (en)
WO (1) WO2000010286A1 (en)

Families Citing this family (67)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IL128720A (en) 1999-02-25 2009-06-15 Cidway Technologies Ltd Method for certification of over the phone transactions
US6804778B1 (en) * 1999-04-15 2004-10-12 Gilian Technologies, Ltd. Data quality assurance
EP1132797A3 (en) 2000-03-08 2005-11-23 Aurora Wireless Technologies, Ltd. Method for securing user identification in on-line transaction systems
US7409543B1 (en) 2000-03-30 2008-08-05 Digitalpersona, Inc. Method and apparatus for using a third party authentication server
US7698565B1 (en) * 2000-03-30 2010-04-13 Digitalpersona, Inc. Crypto-proxy server and method of using the same
US20020004901A1 (en) * 2000-07-10 2002-01-10 See-Wai Yip Systems and methods for PKI-enabling applications using application-specific certificates
US20020066038A1 (en) * 2000-11-29 2002-05-30 Ulf Mattsson Method and a system for preventing impersonation of a database user
US20020095580A1 (en) * 2000-12-08 2002-07-18 Brant Candelore Secure transactions using cryptographic processes
BR0108119A (en) * 2000-12-11 2003-02-25 Ntt Docomo Inc Improvements to methods and appliances for conducting user authentication
WO2002048846A2 (en) * 2000-12-14 2002-06-20 Quizid Technologies Limited An authentication system
US6883095B2 (en) * 2000-12-19 2005-04-19 Singlesigon. Net Inc. System and method for password throttling
US20020122553A1 (en) * 2001-03-01 2002-09-05 International Business Machines Corporation Method and apparatus for lightweight rekeying of a master key in a single sign-on system
US7284267B1 (en) * 2001-03-08 2007-10-16 Mcafee, Inc. Automatically configuring a computer firewall based on network connection
US7512986B2 (en) 2001-03-28 2009-03-31 Nds Limited Digital rights management system and method
US7350078B1 (en) * 2001-04-26 2008-03-25 Gary Odom User selection of computer login
US8701170B1 (en) * 2001-05-11 2014-04-15 Kount Inc. System for secure enrollment and secure verification of network users by a centralized identification service
US7424615B1 (en) 2001-07-30 2008-09-09 Apple Inc. Mutually authenticated secure key exchange (MASKE)
GB0119629D0 (en) * 2001-08-10 2001-10-03 Cryptomathic As Data certification method and apparatus
US7287056B2 (en) * 2001-09-28 2007-10-23 Microsoft Corporation Dispatching notification to a device based on the current context of a user with the device
US7117529B1 (en) * 2001-10-22 2006-10-03 Intuit, Inc. Identification and authentication management
GB0126426D0 (en) * 2001-11-03 2002-01-02 Royal Holloway University Of L Authentication of a remote user to a host in a data communication system
GB0210692D0 (en) 2002-05-10 2002-06-19 Assendon Ltd Smart card token for remote authentication
WO2004008711A2 (en) * 2002-07-15 2004-01-22 Nokia Corporation An ipv6 address ownership authentification based on zero-knowledge identification protocols or based on one time password
US20040203595A1 (en) * 2002-08-12 2004-10-14 Singhal Tara Chand Method and apparatus for user authentication using a cellular telephone and a transient pass code
US20040078603A1 (en) * 2002-10-18 2004-04-22 Eiji Ogura System and method of protecting data
US7350077B2 (en) * 2002-11-26 2008-03-25 Cisco Technology, Inc. 802.11 using a compressed reassociation exchange to facilitate fast handoff
US7450722B2 (en) * 2002-12-13 2008-11-11 General Instrument Corporation Subset difference method for multi-cast rekeying
ITTO20030079A1 (en) * 2003-02-06 2004-08-07 Infm Istituto Naz Per La Fisi Ca Della Mater PROCEDURE AND SYSTEM FOR THE IDENTIFICATION OF A SUBJECT
JP2004334330A (en) * 2003-04-30 2004-11-25 Sony Corp Terminal appliance, provision server, electronic information use method, electronic information provision method, terminal appliance program, provision server program, intermediation program and storage medium
WO2005001653A2 (en) * 2003-06-24 2005-01-06 Corestreet, Ltd. Access control
EP1698197B1 (en) * 2003-12-24 2008-04-09 Telefonaktiebolaget LM Ericsson (publ) Authentication in a communication network
US7813718B2 (en) * 2003-12-24 2010-10-12 Telefonaktiebolaget Lm Ericsson (Publ) Authentication in a communication network
US7735120B2 (en) * 2003-12-24 2010-06-08 Apple Inc. Server computer issued credential authentication
US7584509B2 (en) * 2004-06-12 2009-09-01 Microsoft Corporation Inhibiting software tampering
US7721340B2 (en) * 2004-06-12 2010-05-18 Microsoft Corporation Registry protection
US8504665B1 (en) 2004-06-30 2013-08-06 Kaseya International Limited Management of a device connected to a remote computer using the remote computer to effect management actions
US7827547B1 (en) * 2004-06-30 2010-11-02 Kaseya International Limited Use of a dynamically loaded library to update remote computer management capability
US8200794B1 (en) 2004-06-30 2012-06-12 Kaseya International Limited Primitive functions for use in remote computer management
US7620707B1 (en) 2004-06-30 2009-11-17 Kaseya International Limited Remote computer management when a proxy server is present at the site of a managed computer
JP2006127273A (en) * 2004-10-29 2006-05-18 Fujitsu Ltd Operation management terminal program, operation management terminal device and relay program
JP4551202B2 (en) * 2004-12-07 2010-09-22 株式会社日立製作所 Ad hoc network authentication method and wireless communication terminal thereof
US7822972B2 (en) * 2005-04-05 2010-10-26 Mcafee, Inc. Remotely configurable bridge system and method for use in secure wireless networks
US7757274B2 (en) * 2005-04-05 2010-07-13 Mcafee, Inc. Methods and systems for exchanging security information via peer-to-peer wireless networks
US7606370B2 (en) * 2005-04-05 2009-10-20 Mcafee, Inc. System, method and computer program product for updating security criteria in wireless networks
US7761710B2 (en) 2005-04-05 2010-07-20 Mcafee, Inc. Captive portal system and method for use in peer-to-peer networks
US7840993B2 (en) * 2005-05-04 2010-11-23 Tricipher, Inc. Protecting one-time-passwords against man-in-the-middle attacks
US8181232B2 (en) * 2005-07-29 2012-05-15 Citicorp Development Center, Inc. Methods and systems for secure user authentication
US9768963B2 (en) 2005-12-09 2017-09-19 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
US7904946B1 (en) 2005-12-09 2011-03-08 Citicorp Development Center, Inc. Methods and systems for secure user authentication
US9002750B1 (en) 2005-12-09 2015-04-07 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
US20070220253A1 (en) * 2006-03-15 2007-09-20 Law Eric C W Mutual authentication between two parties using two consecutive one-time passwords
US20100031321A1 (en) 2007-06-11 2010-02-04 Protegrity Corporation Method and system for preventing impersonation of computer system user
US8549296B2 (en) * 2007-11-28 2013-10-01 Honeywell International Inc. Simple authentication of messages
US8397077B2 (en) 2007-12-07 2013-03-12 Pistolstar, Inc. Client side authentication redirection
US8424057B2 (en) 2007-12-28 2013-04-16 Ebay, Inc. Mobile anti-phishing
JP5272445B2 (en) * 2008-02-28 2013-08-28 富士通株式会社 Biometric authentication system, biometric authentication method, and biometric authentication program
US20090276839A1 (en) * 2008-05-02 2009-11-05 Fortknock Protection Llc Identity collection, verification and security access control system
US20100005515A1 (en) * 2008-07-01 2010-01-07 Bank Of America Systems and methods for associate to associate authentication
US8346924B1 (en) * 2008-12-02 2013-01-01 Dell Products L.P. Preconfiguration of wireless network access for portable devices
US8607057B2 (en) * 2009-05-15 2013-12-10 Microsoft Corporation Secure outsourced aggregation with one-way chains
US8904519B2 (en) * 2009-06-18 2014-12-02 Verisign, Inc. Shared registration system multi-factor authentication
JP2011077769A (en) * 2009-09-30 2011-04-14 Fujifilm Corp Vpn system and operation control method thereof
JP6050625B2 (en) * 2012-06-28 2016-12-21 サターン ライセンシング エルエルシーSaturn Licensing LLC Information processing apparatus and information processing method, computer program, and information communication system
CZ2015474A3 (en) * 2015-07-07 2017-02-08 Aducid S.R.O. The method of communication authentication of the authentication device and at least one authentication server using a local factor
GB201600447D0 (en) * 2016-01-11 2016-02-24 Osirium Ltd Password recovery
GB2575266A (en) * 2018-07-03 2020-01-08 Osirium Ltd A password management system and method for providing access to a password protected device
US11949672B2 (en) * 2022-01-31 2024-04-02 International Business Machines Corporation Authentication based on chain of strings generated from secret string

Also Published As

Publication number Publication date
WO2000010286A1 (en) 2000-02-24
AU4597099A (en) 2000-03-06
EP1105999A2 (en) 2001-06-13
US20020002678A1 (en) 2002-01-03
CA2340742A1 (en) 2000-02-24

Similar Documents

Publication Publication Date Title
WO2000010286B1 (en) Internet authentication technology
US5892828A (en) User presence verification with single password across applications
EP1081914B1 (en) Single sign-on for network system that includes multiple separately-controlled restricted access resources
EP0768595B1 (en) System and method for providing masquerade protection in a computer network using session keys
US6877095B1 (en) Session-state manager
US6668322B1 (en) Access management system and method employing secure credentials
CN101803272B (en) Authentication system and method
US6691232B1 (en) Security architecture with environment sensitive credential sufficiency evaluation
US5818936A (en) System and method for automically authenticating a user in a distributed network system
US6609198B1 (en) Log-on service providing credential level change without loss of session continuity
US7137007B2 (en) Device and method for authenticating user's access rights to resources
US7383570B2 (en) Secure authentication systems and methods
US7698736B2 (en) Secure delegation using public key authentication
US6986039B1 (en) Technique for synchronizing security credentials using a trusted authenticating domain
US8595143B2 (en) Maintaining privacy for transactions performable by a user device having a security module
US6986038B1 (en) Technique for synchronizing security credentials from a master directory, platform, or registry
US6895501B1 (en) Method and apparatus for distributing, interpreting, and storing heterogeneous certificates in a homogenous public key infrastructure
JPH1141230A (en) Method and system for authenticating user
KR20060040661A (en) System and method for authenticating clients in a client-server environment
Liu et al. A secure cookie protocol
CN113676452B (en) Replay attack resisting method and system based on one-time key
CA2286534A1 (en) Method for secure user access to multiple network accessible secure files
US6611916B1 (en) Method of authenticating membership for providing access to a secure environment by authenticating membership to an associated secure environment
Popescu et al. A security architecture for object-based distributed systems
Alecu et al. OpenID, a single sign-on solution for e-learning applications

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: B1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: B1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

B Later publication of amended claims
121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 2340742

Country of ref document: CA

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1999928969

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 1999928969

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1999928969

Country of ref document: EP