GB2608590A - Digital asset ownership authentication method and system - Google Patents

Digital asset ownership authentication method and system Download PDF

Info

Publication number
GB2608590A
GB2608590A GB2109282.0A GB202109282A GB2608590A GB 2608590 A GB2608590 A GB 2608590A GB 202109282 A GB202109282 A GB 202109282A GB 2608590 A GB2608590 A GB 2608590A
Authority
GB
United Kingdom
Prior art keywords
digital asset
timestamp
random data
encryption key
viewer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB2109282.0A
Other versions
GB202109282D0 (en
Inventor
John Ovenden Alan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB2109282.0A priority Critical patent/GB2608590A/en
Publication of GB202109282D0 publication Critical patent/GB202109282D0/en
Publication of GB2608590A publication Critical patent/GB2608590A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A method is provided for verifying the authenticity of ownership of a digital asset by a viewer thereof, which comprises the steps of: a] S11 generating a private encryption key and a public encryption key by the owner of the digital asset; b] S13 saving the public encryption key at an authentication system; c] S14 generating readable random data, wherein each instance of readable random data is associated with a timestamp of generation thereof; d] S15 encrypting the readable random data using the private encryption key to form encrypted data comprising the timestamp; e] S16 saving or indexing the encrypted data at the authentication system; f] using a viewer computing device, S17B displaying the readable random data with the digital asset to be verified; g] S18B using the public encryption key and displayed readable random data, decrypting the encrypted data to recover the timestamp; and h] S19 determining whether the timestamp is sufficiently valid to authenticate the ownership of the said digital asset to the viewer.

Description

Digital Asset Ownership Authentication Method and System The present invention relates to a method for verifying the authenticity of ownership of a digital asset by a viewer thereof, particularly but not necessarily exclusively for the verification of the authenticity of a website to avoid phishing attacks. The invention further 5 relates to a system configured to implement such a method.
It is important that viewers to websites are able to verify the ownership of a website, particularly when sensitive information is passed between themselves and the website. This is of crucial importance when performing online financial transactions. If trust between parties cannot be established, then there is an opportunity for a phishing attack by an intermediate bad actor. Phishing is a cybercrime in which a third-party purports to be a trusted provider for a user in order to obtain sensitive information. This is becoming an increasingly common approach for cybercriminals.
Many websites provide indications on their website that allow a secure symbol, such as a padlock, to be displayed by a trusted third-party source, such as the website browser operator. However, this is merely a check to confirm that the domain being accessed is has the correct and confirmed ownership. Websites may also use a logo which identifies the site as "trusted and scanned by" a third-party, but this is an extremely simple marking to replicate for cybercriminals.
The difficulty with any cybersecurity system is in ensuring trust when a third-party 20 authenticator is involved, since the third-party naturally introduces a further point of weakness which can be exploited by a cybercriminal. If an authenticated server is compromised, then the cybercriminal can act with impunity.
The object of the present invention is to provide a means of authenticating a website, and indeed any digital asset, which utilises an authentication system which would be 25 rendered inoperable if the authentication system were compromised.
According to a first aspect of the invention, there is provided a method for verifying the authenticity of ownership of a digital asset by a viewer thereof, the method comprising the steps of: a] generating a private encryption key and a public encryption key by the owner of the digital asset; b] saving the public encryption key at an authentication system; c] generating readable random data, wherein each instance of readable random data is associated with a timestamp of generation thereof; d] encrypting the readable random data using the private encryption key to form encrypted data comprising the timestamp; e] saving or indexing the encrypted data at the authentication system; f] using a viewer computing device, displaying the readable random data with the digital asset to be verified; g] using the public encryption key and displayed readable random data, decrypting the encrypted data to recover the timestamp; and h] determining whether the timestamp is sufficiently valid to authenticate the ownership of the said digital asset to the viewer.
The present method allows for a digital asset owner to utilise a third-party authentication system without the need to comprise their own private encryption key. Instead, an encrypted timestamped code is released, which can be unlocked with the public encryption key and the corresponding code which is associated with the digital asset. If the authentication system is compromised, then a viewer of the digital asset becomes incapable of obtaining a validation message, and thus the viewer becomes aware of the potential phishing risk.
Optionally, the authentication system may comprise a central authentication server.
A centralised authentication server streamlines the process for providing the continuous capacity to validate requests from user devices.
Preferably, during step e], the encrypted data may be saved directly onto the viewer computing device.
If the encrypted data is downloadable onto the viewer device, then advantageously, the viewer can validate the digital asset without necessarily having constant communication with the authentication system.
During step c], the readable random data may be generated periodically.
Periodic update to the readable random data has the benefit of reducing the risk of 25 outdated data being present on the system which could otherwise open the method up to phishing exploits.
In a preferred arrangement, during step c], the readable random data may be generated dynamically every few seconds.
Dynamic refreshing of the readable random data every few seconds further increases the security of the system since the intercepting of the code by another party is almost immediately negated once the data is refreshed.
The method may during step g], capture the displayed readable random data using an 5 image capture element of a further viewer computing device which is different to the said viewer computing device, the further viewer computing device communicating with the authentication system to allow the decryption to be performed.
The use of two user devices to attempt the validation process at the viewers end further decreases the risk of interception if there is, for example, any virus or malware present 10 on the viewer's own device which could be exploited for phishing.
Preferably, the digital asset may be a website.
The present system has been designed specifically with website authentication in mind, and to this end, it is preferred that the system be used for this purpose primarily.
Optionally, the readable random data may be provided as dynamically generated image 15 data.
Dynamically generated images are easily displayable on a website or similar digital asset, and as such, can be easily read by either a machine or human who may enter the randomly generated code into another piece of software for verification.
The readable random data may be provided as a machine-readable image.
Automatic machine-reading of the readable random data will smooth the process of authentication, as this may eliminate the need for the viewer to take additional action which might result in a mismatch between the timestamps and prevent authentication.
More than one readable random data type may be generated for the digital asset which has the same timestamp.
It is preferred that the option is provided that the readable random data be accessible to both humans and machines, which may either mean coding the readable random data in a legible form to both, or may alternatively mean providing different data types which are both displayed simultaneously.
Optionally, during step h], the timestamp may be deemed valid only if it is within one minute of a reference timestamp.
A timeframe of one minute has been found to be effective at preventing phishing whilst also providing sufficient time for the viewer to go through the authentication procedure.
Preferably, the timestamp is the Epoch as determined by the authentication system.
The use of Epoch time provides a consistent and verifiable base reading against which the timestamp is referenceable, directly from the authentication system.
According to a second aspect of the invention, there is provided a system configured to verify the authenticity of ownership of a digital asset by a viewer thereof, the system comprising: an authentication system; and a digital asset hosting system; wherein the authentication system and digital asset hosting system are communicable to generate a private encryption key and a public encryption key, the private encryption key being retained by the digital asset hosting system and the public encryption key being saved at the authentication system; wherein the digital asset hosting system is configured to generate readable random data, wherein each instance of readable random data is associated with a timestamp of generation thereof and encrypt the readable random data using the private encryption key to form encrypted data comprising the timestamp; and wherein, when the encrypted data is saved or indexed at the authentication system, a viewer of the digital asset at the digital asset hosting system is able to decrypt the encrypted data to recover the timestamp by using the public encryption key and displayed readable random data, and thereby authenticate the ownership of the said digital asset to the viewer if the timestamp is sufficiently valid.
The present system is configured in such a way that the authentication system, that is, the third-party system, never needs to have access to the private encryption key. Thus, 25 compromise of the authentication system does not provide false verifications to the viewer, obviating the risk of phishing.
Optionally, the authentication system may communicate with the digital asset hosting system via a portal operated by the authentication system.
The provision of a dedicated portal via which the private and public encryption keys can 30 be generated in a one-off process simplifies the initiation of the authentication process for the digital asset owner.
The invention will now be more particularly described, by way of example only, with reference to the accompanying drawings, in which: Figure 1 shows a flow diagram of a generalised embodiment of a method for verifying the authenticity of ownership of a digital asset by a viewer thereof in accordance 5 with the first aspect of the invention; Figure 2 shows a diagrammatic representation of a system for verifying the authenticity of ownership of a digital asset by a viewer thereof in accordance with the second aspect of the invention; and Figure 3 shows a flow diagram of a specific embodiment of a method for verifying 10 the authenticity of ownership of an exemplary website by a viewer thereof.
Referring to Figure 1, there is illustrated a general method of implementing the present invention referenced globally at 10.
The method 10 is begun by an owner of a digital asset, such as a website. The digital asset owner generates a public encryption key, at step S1, and a private encryption key, 15 at step S2, for the digital asset, and the public encryption key is saved, at step S3 to an authentication system 12, such as a central server.
This step is performed once by the owner of the digital asset, and may be conducted via a portal or entry website of the authentication system 12 which enables generation of the publica and private encryption key pair. The public encryption key is preferably saved along with identification data relating to the owner of the digital asset, for example, the owner's company logo, name, and/or identification number. This information may itself be encrypted, so that third-party authentication can be performed as to the source of the data provided.
The owner enables the generation of a time-dependent indicator for the digital asset, which thus identifies a time of viewing for the user. This preferably takes the form of readable random data, for instance, a human-readable string, or a machine-readable code or image. Multiple types of readable random data could be provided in order to permit authentication via either method. The use of specifically random data makes the readable random data extremely hard to forge by a phisher, adding a further layer of security. The readable random data preferably should be short whilst having a high degree of entropy.
In order to provide a barrier to phishing, the readable random data may be generated periodically, at step S4, which is associated with a timestamp of generation of the readable random data by the digital asset owner. The generation may be performed directly by a digital asset hosting system 14, such as a server, of the digital asset owner, or could be generated via a third-party device or API.
The digital asset owner then has the ability to encrypt, at step S5, the readable random data using their private encryption key which then generates encrypted data. The encrypted data includes the timestamp associated with the readable random data, with the timestamp forming a crucial part of the ownership verification process.
The encrypted data is saved or indexed, at step S6, to the authentication system 12 which thereby forms a secured repository with part of the verification information in an encrypted format. The viewer of the digital asset will have a means of accessing or downloading the encrypted data as part of the verification check, and this may be via connection to an authentication server of the authentication system 12, for instance, via a computer application on the viewer's local device.
In practice, the process for generating the encrypted data may not be performed periodically, but instead may be generated whenever there is a request for a new code received from the browser. In this instance, the digital asset's owner may retrieve the current Epoch, that is the number of seconds since 1 January 1900, to create a timestamp, generate the readable random data, retrieve a unique ID for the company which has been issued by the authentication system 12, and then encrypt the timestamp, readable random data, and unique ID to form the encrypted data.
The digital asset is displayed, at step S7, in a manner which allows the viewer to find it, and the display thereof is provided with the readable random data. For instance, this 25 could be in the form of a QR code appended to a website to be viewed.
All of the necessary components for verification are thus in place. The public encryption key is saved in a publicly accessible location. The encrypted data is provided in a secure but accessible location, which could be as a download to the viewer's local device. The readable random data is visible with the digital asset.
Ownership verification thus proceeds by decrypting, at step S8, the encrypted data using the public encryption key and the readable random data. This allows the timestamp to be recovered.
The verification is performed by determining, at step S9 whether the timestamp is valid. 5 This can be achieved by comparison of the timestamp with a reference timestamp, which may be that of the captured readable random data, or may be a system time of the authentication system 12. Regardless, if the timestamp is deemed to be adequate, for example, is within an allowable range relative to the reference timestamp, then the ownership of the digital asset is authenticated, and a corresponding message to the 10 viewer is provided.
Since the verification method is entirely dependent on the timestamp, using a dynamically generated readable random code, there is a vanishingly small possibility of interception of the verification by a phishing attack, and therefore the viewer can access the digital asset with a high degree of confidence.
Figure 2 shows an exemplary system, referenced at 20, which is capable of carrying out the method as described above, specifically for a digital asset in the form of a website 22.
The website owner produces the website 22 through their own digital asset hosting system 14 or website server system, and this is accessible via the internet, indicated by the communications node 24 in Figure 2. The website owner is able to generate the aforementioned public encryption key, private encryption key, and readable random data with timestamp. The website owner's digital asset hosting system 14 is identified as such, but it will be apparent that a wide range of website hosting options are available. The crucial aspect here is the separation of the website owner's digital asset hosting system 14 from the authentication system 12.
The public encryption key is saved to a publicly accessible location, such as the authentication system 12, as is the encrypted data once generated. There will be constant or near-constant communication with the authentication system 12 as the encrypted data is updated regularly.
It is not advisable for the authentication system 12 to generate the encrypted data, as this would result in the authentication system 12 having access to the private encryption key. This would compromise the entire security of the method 10 and system 20. The separation of the digital asset hosting system 14 from the authentication system 12 enables the private encryption key to be kept safe.
The website is itself displayed on a first user device 26, such as a desktop or laptop 5 computer at the viewer's location. The website 22 visibly displays the readable random data shown in the form of machine-readable code 28. The viewer, however, may have a computer application loaded onto a second user device 30, such as a smartphone, having an image capture device which allows for the reading and/or capture of the machine-readable code 28. It is the second user device 30 which here is communicable 10 with the authentication system 12 to conduct the authentication.
This could be achieved by sending the captured machine-readable code 28 to the authentication system 12, with the decryption of the encrypted data occurring there using the public encryption key and machine-readable code 28. Alternatively, the second user device 30 could download the encrypted data and public encryption key, and perform the decryption locally. This would then allow for the validation to occur without any need to reference back to the authentication system 12.
Whilst this system 20 is the preferred embodiment of the invention, it will be apparent that a browser plug-in or similar arrangement on the first user device 26 could negate the need to provide a separate computer application on a second user device 30.
The dataflow of the method 110 used in the system of Figure 2 is detailed in Figure 3, which identifies where different parts of the process may occur within the system.
Firstly, the generation of the private and public encryption keys is performed by the website owner, at step S11, and the public encryption key saved to the authentication system 12, at step S13.
The website owner performs the steps of periodic generation of the readable random data, here in the form of the machine-readable code 28, at step S14, and then encrypts the random readable data with the timestamp using the private encryption key, at step S15. The website 22 is generated, at step S1 7A, and displayed, at step S17B, with the machine-readable code 28 via the relevant hosting platform, so as to appear on the first user device 26. In the meantime, the encrypted data is sent to the authentication system 12, at step S16.
The second user device 30 is used to capture the machine-readable code 28, at step S18A. In the depicted embodiment, this is used to perform the decryption of the encrypted data at the authentication server 12, at step S18B, using the public encryption key, machine-readable code 28 transmitted from the second user device 30, to yield the decrypted timestamp.
Validation of the ownership using the timestamp is then performed, at step S19, preferably at the authentication system 12, and then the validation result displayed, at step S20, at the second user device 30. Sufficient validation may be if the timestamp is within one minute of a reference timestamp, such as the system clock of the authentication system 12.
As previously discussed, the system and method are design to permit the verification of a website for a visitor. However, it will be appreciated that the same system could be used in conjunction with all sorts of digital assets for the purpose of verification. For instance, digital contractual documents could be authenticated in this manner, as could secure emails or links. The system and method are not intended to be limited purely to the verification of websites.
It is therefore possible to provide a means of authenticating the ownership of a digital asset, typically a website, by providing a visible code on the site for display to a viewer thereto. The viewer is able to look up the code on an independent authentication system, which allows them to tell, with a high degree of certainty, that the website is genuine and not a phishing page.
The words 'comprises/comprising' and the words 'having/including' when used herein with reference to the present invention are used to specify the presence of stated features, integers, steps, or components, but do not preclude the presence or addition 25 of one or more other features, integers, steps, components, or groups thereof.
It is appreciated that certain features of the invention, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub-combination.
The embodiments described above are provided by way of examples only, and various other modifications will be apparent to persons skilled in the field without departing from the scope of the invention as defined herein.

Claims (14)

  1. Claims 1. A method for verifying the authenticity of ownership of a digital asset by a viewer thereof, the method comprising the steps of: a] generating a private encryption key and a public encryption key by the owner of the digital asset; b] saving the public encryption key at an authentication system; c] generating readable random data, wherein each instance of readable random data is associated with a timestamp of generation thereof; d] encrypting the readable random data using the private encryption key to form encrypted data comprising the timestamp; e] saving or indexing the encrypted data at the authentication system; f] using a viewer computing device, displaying the readable random data with the digital asset to be verified; g] using the public encryption key and displayed readable random data, decrypting the encrypted data to recover the timestamp; and h] determining whether the timestamp is sufficiently valid to authenticate the ownership of the said digital asset to the viewer.
  2. 2. A method as claimed in claim 1, wherein the authentication system is a central authentication server.
  3. 3. A method as claimed in claim 1 or claim 2, wherein, during step e], the encrypted data is saved directly onto the viewer computing device.
  4. 4. A method as claimed in any one of the preceding claims, wherein during step c], the readable random data is generated periodically.
  5. 5. A method as claimed in claim 4, wherein during step c], the readable random data is generated dynamically every few seconds. 30
  6. 6. A method as claimed in any one of the preceding claims, wherein, during step g], the displayed readable random data is captured using an image capture element of a further viewer computing device which is different to the said viewer computing device, the further viewer computing device communicating with the authentication system to allow the decryption to be performed.
  7. 7. A method as claimed in any one of the preceding claims, wherein the digital asset is a website.
  8. 8. A method as claimed in any one of the preceding claims, wherein the readable random data is provided as dynamically generated image data.
  9. 9. A method as claimed in claim 8, wherein the readable random data is provided as a machine-readable image.
  10. 10. A method as claimed in any one of the preceding claims, wherein more than one readable random data type is generated for the digital asset which has the same timestamp.
  11. 11. A method as claimed in any one of the preceding claims, wherein during step h], the timestamp is deemed valid only if it is within one minute of a reference timestamp.
  12. 12. A method as claimed in any one of the preceding claims, wherein the timestamp is the Epoch as determined by the authentication system.
  13. 13. A system configured to verify the authenticity of ownership of a digital asset by a viewer thereof, the system comprising: an authentication system; and a digital asset hosting system; wherein the authentication system and digital asset hosting system are communicable to generate a private encryption key and a public encryption key, the private encryption key being retained by the digital asset hosting system and the public encryption key being saved at the authentication system; wherein the digital asset hosting system is configured to generate readable random data, wherein each instance of readable random data is associated with a timestamp of generation thereof and encrypt the readable random data using the private encryption key to form encrypted data comprising the timestamp; and wherein, when the encrypted data is saved or indexed at the authentication system, a viewer of the digital asset at the digital asset hosting system is able to decrypt the encrypted data to recover the timestamp by using the public encryption key and displayed readable random data, and thereby authenticate the ownership of the said digital asset to the viewer if the timestamp is sufficiently valid.
  14. 14. A system as claimed in claim 13, wherein the authentication system communicates with the digital asset hosting system via a portal operated by the authentication system.
GB2109282.0A 2021-06-28 2021-06-28 Digital asset ownership authentication method and system Withdrawn GB2608590A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB2109282.0A GB2608590A (en) 2021-06-28 2021-06-28 Digital asset ownership authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2109282.0A GB2608590A (en) 2021-06-28 2021-06-28 Digital asset ownership authentication method and system

Publications (2)

Publication Number Publication Date
GB202109282D0 GB202109282D0 (en) 2021-08-11
GB2608590A true GB2608590A (en) 2023-01-11

Family

ID=77179622

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2109282.0A Withdrawn GB2608590A (en) 2021-06-28 2021-06-28 Digital asset ownership authentication method and system

Country Status (1)

Country Link
GB (1) GB2608590A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100725716B1 (en) * 2005-10-21 2007-06-07 한재호 Method and System on Internet Site Authentication Using Bar Code Technology
KR101455703B1 (en) * 2013-02-05 2014-11-03 라온시큐어(주) Method for verifying web site
US9887992B1 (en) * 2012-07-11 2018-02-06 Microstrategy Incorporated Sight codes for website authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100725716B1 (en) * 2005-10-21 2007-06-07 한재호 Method and System on Internet Site Authentication Using Bar Code Technology
US9887992B1 (en) * 2012-07-11 2018-02-06 Microstrategy Incorporated Sight codes for website authentication
KR101455703B1 (en) * 2013-02-05 2014-11-03 라온시큐어(주) Method for verifying web site

Also Published As

Publication number Publication date
GB202109282D0 (en) 2021-08-11

Similar Documents

Publication Publication Date Title
US6950523B1 (en) Secure storage of private keys
US7681033B2 (en) Device authentication system
US8756416B2 (en) Checking revocation status of a biometric reference template
US6931549B1 (en) Method and apparatus for secure data storage and retrieval
EP2519906B1 (en) Method and system for user authentication
US8051297B2 (en) Method for binding a security element to a mobile device
CN102077213B (en) Techniques for ensuring authentication and integrity of communications
KR102177848B1 (en) Method and system for verifying an access request
US8745394B1 (en) Methods and systems for secure electronic communication
US9225702B2 (en) Transparent client authentication
US20060095769A1 (en) System and method for initializing operation for an information security operation
US10263782B2 (en) Soft-token authentication system
TWI424726B (en) Method and system for defeating the man in the middle computer hacking technique
US20110202767A1 (en) Method and apparatus for pseudonym generation and authentication
WO2002035329A2 (en) Hidden link dynamic key manager
JP2008250931A (en) System for restoring distributed information, information utilizing device, and verification device
CN114244522B (en) Information protection method, device, electronic equipment and computer readable storage medium
US20220045848A1 (en) Password security hardware module
WO2008053279A1 (en) Logging on a user device to a server
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
CA2553081A1 (en) A method for binding a security element to a mobile device
CN109412799B (en) System and method for generating local key
KR20100008729A (en) A method for protecting from phishing attack
JP2007060581A (en) Information management system and method
CN110807210A (en) Information processing method, platform, system and computer storage medium

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)