JP5207965B2 - トークン共有システムおよび方法 - Google Patents
トークン共有システムおよび方法 Download PDFInfo
- Publication number
- JP5207965B2 JP5207965B2 JP2008510256A JP2008510256A JP5207965B2 JP 5207965 B2 JP5207965 B2 JP 5207965B2 JP 2008510256 A JP2008510256 A JP 2008510256A JP 2008510256 A JP2008510256 A JP 2008510256A JP 5207965 B2 JP5207965 B2 JP 5207965B2
- Authority
- JP
- Japan
- Prior art keywords
- token
- validation
- time password
- network address
- validation server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/40—User authentication by quorum, i.e. whereby two or more security principals are required
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Software Systems (AREA)
- Finance (AREA)
- Computing Systems (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Description
本発明の実施形態にしたがった中央トークンサービスインフラストラクチャは、例えば、ハードウェアトークン上に記憶および/またはハードウェアトークンによって実現される、証明書またはOTPのような、第2の要素の信用証明書を提供したり妥当性確認をしたりするために使用される。第2の要素を実現するトークンは、さまざまなアプリケーションおよび/またはウェブサイトのうちの任意のものにおいてアクティブ化されてもよい。アプリケーション自体のユーザデータベースにおいて、ユーザ名およびパスワードのような第1の要素をアプリケーションが管理することができる。トークンのアクティブ化の一部分として、アプリケーションは、ローカルユーザ名と、トークンシリアル番号のような共有される第2の要素のトークン識別子との間のマッピングを記憶することができる。
本発明の別の実施形態にしたがった分散型アーキテクチャを使用して、第2の要素の妥当性確認をすることができる。図2は、分散型バリデーションアーキテクチャの実施形態を示している。ISP204および銀行102は、インターネットのようなネットワーク104を通して、トークンルックアップサービス201に結合されている。ISP204はトークン記憶装置203を備えていてもよく、トークン記憶装置203はデータベースであってもよい。これは、トークン識別子を、予め計算されたOTPと、および/またはトークン識別子に関係付けられているトークン中に記憶されている1つ以上のシークレットと、および/またはトークンからのOTPを確認するのに必要とされる他の情報と相関付けるものである。この相関付けは、ISP204におけるワンタイムパスワードバリデーションサーバ205において実現されてもよい。
本発明の別の実施形態にしたがうと、Java(登録商標)セル電話機のような次世代移動体デバイス、ならびに、記憶およびアプリケーション能力を備えているPDA、ならびに、証明書を管理する何らかの形態のグラフィックインターフェイスに対して、クレデンシャルウォレットモデルに影響を及ぼす。この実施形態では、移動体デバイスは、第2の要素の信用証明書の複数のインスタンスを含むことが可能な「ウォレット」であってもよい。強力な認証を必要とする各サイトに対して、適切な1つまたは複数の信用証明書にアクセスすることができる。
Claims (5)
- 認証システムにおいて、
トークン識別子を有し、ワンタイムパスワードを発生させるトークンと、
ネットワークアドレスを有し、前記トークンによって発生された前記ワンタイムパスワードの妥当性確認をするワンタイムパスワードバリデーションサーバと、
前記トークン識別子を前記ワンタイムパスワードバリデーションサーバの前記ネットワークアドレスと相関付けるトークンルックアップサービスと、
対応するサービスプロバイダにアクセスするために、前記トークンによって発生されたワンタイムパスワードを認証する複数のリソースバリデーションサーバと
を具備し、
前記複数のリソースバリデーションサーバのそれぞれは、
前記トークンのユーザによって提供された少なくとも第1の認証要素の妥当性確認をし、
前記第1の要素の妥当性確認が成功した場合、前記ワンタイムパスワードバリデーションサーバの前記ネットワークアドレスに対するネットワークアドレス要求であって、前記トークン識別子を含むネットワークアドレス要求を前記トークンルックアップサービスに送り、
前記ネットワークアドレス要求への応答として、前記ネットワークアドレスを受け取り、
受け取った前記ネットワークアドレスを用いて、前記ワンタイムパスワードバリデーションサーバによって妥当性確認される前記ワンタイムパスワードを含むワンタイムパスワードバリデーション要求を前記ワンタイムパスワードバリデーションサーバに送る、認証システム。 - 前記トークンの前記ユーザによって提供された前記第1の認証要素は、ユーザ名を含む請求項1記載のシステム。
- 前記トークンの前記ユーザによって提供された前記第1の認証要素は、前記トークンの前記ユーザと前記リソースバリデーションサーバとの間で共有されるシークレットを含む請求項1記載のシステム。
- トークンルックアップサーバであって、
プロセッサと、
前記プロセッサに結合されているメモリと
を具備し、
前記プロセッサおよび前記メモリは、
ワンタイムパスワードバリデーションサーバのネットワークアドレスと前記ワンタイムパスワードバリデーションサーバに対応するトークンのトークン識別子とを記憶し、
複数のリソースバリデーションサーバのうちの1つのリソースバリデーションサーバから、前記トークンに対応する前記ワンタイムパスワードバリデーションサーバの前記ネットワークアドレスに対する要求であって、前記トークン識別子を含む要求を受け取り、
受け取った前記トークン識別子に対応する前記ネットワークアドレスを決定し、
前記要求に応答して、決定された前記ネットワークアドレスを送り、
前記ワンタイムパスワードバリデーションサーバは、前記トークン識別子に対応している前記トークンによって発生される前記ワンタイムパスワードの妥当性確認をし、
前記複数のリソースバリデーションサーバは、前記トークンによって発生された、対応するサービスプロバイダにアクセスするためのワンタイムパスワードを認証する、トークンルックアップサーバ。 - 認証する方法において、
複数のリソースバリデーションサーバのうちの1つのリソースバリデーションサーバにおいて、ユーザによって提供された少なくとも第1の認証要素、前記ユーザの保有するトークンのトークン識別子、及び前記トークンによって発生されたワンタイムパスワードを受け取る段階と、
前記リソースバリデーションサーバにおいて、少なくとも前記第1の認証要素の妥当性確認をする段階と、
前記第1の要素の妥当性確認が成功した場合、前記リソースバリデーションサーバから、ワンタイムパスワードバリデーションサーバのネットワークアドレスに対する要求をトークンルックアップサービスに送る段階と、
前記トークンルックアップサービスにおいて、前記ワンタイムパスワードバリデーションサーバの前記ネットワークアドレスに対する要求であって、前記トークン識別子を含む要求を受け取る段階と、
前記トークンルックアップサービスにおいて、前記ワンタイムパスワードバリデーションサーバと受け取った前記トークン識別子とに対応しているネットワークアドレスを決定する段階と、
前記要求に応答して、前記トークンルックアップサービスから、前記ネットワークアドレスを前記リソースバリデーションサーバに送る段階と、
前記リソースバリデーションサーバから、ワンタイムパスワードバリデーション要求を、受け取った前記ネットワークアドレスに対応するワンタイムパスワードバリデーションサーバに送る段階と、
前記ワンタイムパスワードバリデーションサーバにおいて、受け取った前記ワンタイムパスワードの妥当性確認をする段階と
を有し、
前記複数のリソースバリデーションサーバは、前記トークンによって発生された、対応するサービスプロバイダにアクセスするためのワンタイムパスワードを認証する、方法。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US67821405P | 2005-05-06 | 2005-05-06 | |
US60/678,214 | 2005-05-06 | ||
PCT/US2006/017404 WO2006121854A2 (en) | 2005-05-06 | 2006-05-05 | Token sharing system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2008541242A JP2008541242A (ja) | 2008-11-20 |
JP5207965B2 true JP5207965B2 (ja) | 2013-06-12 |
Family
ID=37397124
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2008510256A Active JP5207965B2 (ja) | 2005-05-06 | 2006-05-05 | トークン共有システムおよび方法 |
Country Status (8)
Country | Link |
---|---|
US (1) | US9185108B2 (ja) |
EP (1) | EP1883782B1 (ja) |
JP (1) | JP5207965B2 (ja) |
KR (1) | KR101281217B1 (ja) |
CN (1) | CN101218559A (ja) |
AU (1) | AU2006244447B2 (ja) |
CA (1) | CA2607562C (ja) |
WO (1) | WO2006121854A2 (ja) |
Families Citing this family (79)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101048898B (zh) * | 2004-10-29 | 2012-02-01 | 麦德托尼克公司 | 锂离子电池及医疗装置 |
AU2006244447B2 (en) | 2005-05-06 | 2011-08-18 | Symantec Corporation | Token sharing system and method |
DK1833219T3 (da) * | 2006-03-08 | 2014-11-10 | Monitise Ltd | Fremgangsmåder, apparat og software til anvendelse af en stafet til beregning af et tidsbegrænset password i mobiltelefon |
EP1999678A1 (en) * | 2006-03-29 | 2008-12-10 | Casio Computer Co., Ltd. | Identification information output device |
US9769158B2 (en) * | 2006-06-07 | 2017-09-19 | Red Hat, Inc. | Guided enrollment and login for token users |
US8775796B2 (en) | 2007-02-07 | 2014-07-08 | Nippon Telegraph And Telephone Corporation | Certificate authenticating method, certificate issuing device, and authentication device |
US8370913B2 (en) * | 2007-03-16 | 2013-02-05 | Apple Inc. | Policy-based auditing of identity credential disclosure by a secure token service |
US8151324B2 (en) | 2007-03-16 | 2012-04-03 | Lloyd Leon Burch | Remotable information cards |
US20090249430A1 (en) * | 2008-03-25 | 2009-10-01 | Novell, Inc. | Claim category handling |
US20090077118A1 (en) * | 2007-03-16 | 2009-03-19 | Novell, Inc. | Information card federation point tracking and management |
US20090228885A1 (en) * | 2008-03-07 | 2009-09-10 | Novell, Inc. | System and method for using workflows with information cards |
US20090178112A1 (en) * | 2007-03-16 | 2009-07-09 | Novell, Inc. | Level of service descriptors |
US20090077655A1 (en) * | 2007-09-19 | 2009-03-19 | Novell, Inc. | Processing html extensions to enable support of information cards by a relying party |
US20090077627A1 (en) * | 2007-03-16 | 2009-03-19 | Novell, Inc. | Information card federation point tracking and management |
US20090204622A1 (en) * | 2008-02-11 | 2009-08-13 | Novell, Inc. | Visual and non-visual cues for conveying state of information cards, electronic wallets, and keyrings |
US8954745B2 (en) | 2007-04-03 | 2015-02-10 | Alcatel Lucent | Method and apparatus for generating one-time passwords |
JP4663676B2 (ja) * | 2007-04-20 | 2011-04-06 | さくら情報システム株式会社 | ワンタイムパスワード装置およびシステム |
US20090031407A1 (en) * | 2007-07-24 | 2009-01-29 | Shaobo Kuang | Method and system for security check or verification |
US8839383B2 (en) * | 2007-08-20 | 2014-09-16 | Goldman, Sachs & Co. | Authentification broker for the securities industry |
US20090183246A1 (en) * | 2008-01-15 | 2009-07-16 | Authlogic Inc. | Universal multi-factor authentication |
US20090199284A1 (en) * | 2008-02-06 | 2009-08-06 | Novell, Inc. | Methods for setting and changing the user credential in information cards |
US8117648B2 (en) * | 2008-02-08 | 2012-02-14 | Intersections, Inc. | Secure information storage and delivery system and method |
US20090205035A1 (en) * | 2008-02-11 | 2009-08-13 | Novell, Inc. | Info card selector reception of identity provider based data pertaining to info cards |
US20090217368A1 (en) * | 2008-02-27 | 2009-08-27 | Novell, Inc. | System and method for secure account reset utilizing information cards |
US8079069B2 (en) * | 2008-03-24 | 2011-12-13 | Oracle International Corporation | Cardspace history validator |
US20090272797A1 (en) * | 2008-04-30 | 2009-11-05 | Novell, Inc. A Delaware Corporation | Dynamic information card rendering |
US20100011409A1 (en) * | 2008-07-09 | 2010-01-14 | Novell, Inc. | Non-interactive information card token generation |
US8438622B2 (en) * | 2008-07-10 | 2013-05-07 | Honesty Online, Llc | Methods and apparatus for authorizing access to data |
US20100031328A1 (en) * | 2008-07-31 | 2010-02-04 | Novell, Inc. | Site-specific credential generation using information cards |
US8032932B2 (en) * | 2008-08-22 | 2011-10-04 | Citibank, N.A. | Systems and methods for providing security token authentication |
US8561172B2 (en) * | 2008-08-29 | 2013-10-15 | Novell Intellectual Property Holdings, Inc. | System and method for virtual information cards |
US20100083000A1 (en) * | 2008-09-16 | 2010-04-01 | Validity Sensors, Inc. | Fingerprint Sensor Device and System with Verification Token and Methods of Using |
US20100095372A1 (en) * | 2008-10-09 | 2010-04-15 | Novell, Inc. | Trusted relying party proxy for information card tokens |
US8083135B2 (en) | 2009-01-12 | 2011-12-27 | Novell, Inc. | Information card overlay |
US8632003B2 (en) * | 2009-01-27 | 2014-01-21 | Novell, Inc. | Multiple persona information cards |
US20100251353A1 (en) * | 2009-03-25 | 2010-09-30 | Novell, Inc. | User-authorized information card delegation |
WO2010117329A1 (en) * | 2009-04-09 | 2010-10-14 | Nordic Edge Ab | Method and system for generating one-time passwords |
US9088414B2 (en) * | 2009-06-01 | 2015-07-21 | Microsoft Technology Licensing, Llc | Asynchronous identity establishment through a web-based application |
US8904519B2 (en) * | 2009-06-18 | 2014-12-02 | Verisign, Inc. | Shared registration system multi-factor authentication |
US20110083018A1 (en) * | 2009-10-06 | 2011-04-07 | Validity Sensors, Inc. | Secure User Authentication |
US9021601B2 (en) | 2009-10-23 | 2015-04-28 | Vasco Data Security, Inc. | Strong authentication token usable with a plurality of independent application providers |
US8850196B2 (en) | 2010-03-29 | 2014-09-30 | Motorola Solutions, Inc. | Methods for authentication using near-field |
GB201016084D0 (en) * | 2010-09-24 | 2010-11-10 | Pixelmags Inc | Authorization method |
JP5618883B2 (ja) * | 2011-03-28 | 2014-11-05 | 西日本電信電話株式会社 | 認証システム、認証連携装置、認証方法 |
US8590030B1 (en) * | 2011-04-14 | 2013-11-19 | Symantec Corporation | Credential seed provisioning system |
US8688589B2 (en) | 2011-04-15 | 2014-04-01 | Shift4 Corporation | Method and system for utilizing authorization factor pools |
US9256874B2 (en) | 2011-04-15 | 2016-02-09 | Shift4 Corporation | Method and system for enabling merchants to share tokens |
US9818111B2 (en) | 2011-04-15 | 2017-11-14 | Shift4 Corporation | Merchant-based token sharing |
US9485654B2 (en) | 2011-10-28 | 2016-11-01 | Samsung Electronics Co., Ltd. | Method and apparatus for supporting single sign-on in a mobile communication system |
EP3576343A1 (en) | 2011-12-27 | 2019-12-04 | INTEL Corporation | Authenticating to a network via a device-specific one time password |
JP5968077B2 (ja) * | 2012-05-22 | 2016-08-10 | キヤノン株式会社 | 情報処理装置、その制御方法、プログラム、及び画像処理装置 |
US8806599B2 (en) * | 2012-06-11 | 2014-08-12 | Symantec Corporation | Systems and methods for implementing multi-factor authentication |
US20130347075A1 (en) * | 2012-06-22 | 2013-12-26 | Tyfone, Inc. | Method and apparatus for secure consolidation of cloud services |
US9589399B2 (en) | 2012-07-02 | 2017-03-07 | Synaptics Incorporated | Credential quality assessment engine systems and methods |
JP2014026476A (ja) * | 2012-07-27 | 2014-02-06 | Dainippon Printing Co Ltd | 回収収容体およびそれを用いた認証システム |
US10540515B2 (en) | 2012-11-09 | 2020-01-21 | autoGraph, Inc. | Consumer and brand owner data management tools and consumer privacy tools |
US8806205B2 (en) | 2012-12-27 | 2014-08-12 | Motorola Solutions, Inc. | Apparatus for and method of multi-factor authentication among collaborating communication devices |
US8782766B1 (en) * | 2012-12-27 | 2014-07-15 | Motorola Solutions, Inc. | Method and apparatus for single sign-on collaboration among mobile devices |
US8955081B2 (en) * | 2012-12-27 | 2015-02-10 | Motorola Solutions, Inc. | Method and apparatus for single sign-on collaboraton among mobile devices |
CN103647645B (zh) * | 2013-11-05 | 2017-04-05 | 北京宏基恒信科技有限责任公司 | 多认证服务器的动态口令认证方法、系统和装置 |
WO2016109440A1 (en) * | 2014-12-31 | 2016-07-07 | Wrafl, Inc. | Secure computing for virtual environment and interactive experiences |
CN105847220A (zh) * | 2015-01-14 | 2016-08-10 | 北京神州泰岳软件股份有限公司 | 一种认证方法、系统和服务平台 |
US11456876B2 (en) * | 2015-03-26 | 2022-09-27 | Assa Abloy Ab | Virtual credentials and licenses |
US10091194B2 (en) | 2016-05-12 | 2018-10-02 | Bank Of America Corporation | Preventing unauthorized access to secured information systems using multi-device authentication techniques |
US10305891B2 (en) * | 2016-05-12 | 2019-05-28 | Bank Of America Corporation | Preventing unauthorized access to secured information systems using multi-device authentication techniques |
US10212152B2 (en) * | 2016-05-19 | 2019-02-19 | Sugarcrm Inc. | Advanced application security utilizing an application key |
WO2017210420A1 (en) * | 2016-06-01 | 2017-12-07 | Mastercard International Incorporated | Systems and methods for use in facilitating network transactions |
EP3465525A4 (en) * | 2016-06-02 | 2020-04-01 | AutoGraph, Inc. | INSTRUMENTS FOR MANAGING CONSUMER AND BRAND OWNERS 'DATA AND PRIVACY INSTRUMENTS FOR CONSUMERS |
US10607001B2 (en) * | 2016-06-29 | 2020-03-31 | Hancom Inc. | Web-based electronic document service apparatus capable of authenticating document editing and operating method thereof |
US20180047018A1 (en) * | 2016-08-15 | 2018-02-15 | Capital One Services, Llc | Browser extension for field detection and automatic population and submission |
US10498724B2 (en) * | 2016-12-22 | 2019-12-03 | Fujitsu Limited | Digital community system |
US10554641B2 (en) | 2017-02-27 | 2020-02-04 | International Business Machines Corporation | Second factor authorization via a hardware token device |
US10003464B1 (en) * | 2017-06-07 | 2018-06-19 | Cerebral, Incorporated | Biometric identification system and associated methods |
JP6647258B2 (ja) | 2017-09-11 | 2020-02-14 | Capy株式会社 | ユーザ認証方法、評価装置、プログラム、及びユーザ認証システム |
US11405375B2 (en) * | 2018-09-27 | 2022-08-02 | Lenovo (Singapore) Pte. Ltd. | Device and method for receiving a temporary credit token |
EP3881517A4 (en) | 2018-11-15 | 2022-01-12 | Visa International Service Association | RISK-SENSITIVE COLLABORATIVE AUTHENTICATION |
US11469894B2 (en) | 2019-05-20 | 2022-10-11 | Citrix Systems, Inc. | Computing system and methods providing session access based upon authentication token with different authentication credentials |
JP7395938B2 (ja) * | 2019-10-09 | 2023-12-12 | 富士フイルムビジネスイノベーション株式会社 | 情報処理装置、情報処理システム及びプログラム |
US20230137767A1 (en) * | 2021-10-28 | 2023-05-04 | Google Llc | Using co-located secondary devices to protect against cookie theft |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5544322A (en) * | 1994-05-09 | 1996-08-06 | International Business Machines Corporation | System and method for policy-based inter-realm authentication within a distributed processing system |
US5943423A (en) * | 1995-12-15 | 1999-08-24 | Entegrity Solutions Corporation | Smart token system for secure electronic transactions and identification |
US5930804A (en) * | 1997-06-09 | 1999-07-27 | Philips Electronics North America Corporation | Web-based biometric authentication system and method |
US6263446B1 (en) * | 1997-12-23 | 2001-07-17 | Arcot Systems, Inc. | Method and apparatus for secure distribution of authentication credentials to roaming users |
US6510236B1 (en) * | 1998-12-11 | 2003-01-21 | International Business Machines Corporation | Authentication framework for managing authentication requests from multiple authentication devices |
JP3872616B2 (ja) * | 1999-08-27 | 2007-01-24 | 財団法人九州システム情報技術研究所 | 共有鍵暗号型のicカードによるインターネット上のユーザー認証方式 |
FI19992343A (fi) | 1999-10-29 | 2001-04-30 | Nokia Mobile Phones Ltd | Menetelmä ja järjestely käyttäjän luotettavaksi tunnistamiseksi tietokonejärjestelmässä |
DE60024319T2 (de) * | 2000-02-08 | 2006-08-03 | Swisscom Mobile Ag | Vereinter einloggungsprozess |
JP2004524605A (ja) * | 2000-12-14 | 2004-08-12 | クィジッド テクノロジーズ リミテッド | 認証システム |
WO2003003321A2 (en) * | 2001-06-26 | 2003-01-09 | Enterprises Solutions, Inc. | Transaction verification system and method |
US7590859B2 (en) * | 2001-08-24 | 2009-09-15 | Secure Computing Corporation | System and method for accomplishing two-factor user authentication using the internet |
US7085840B2 (en) * | 2001-10-29 | 2006-08-01 | Sun Microsystems, Inc. | Enhanced quality of identification in a data communications network |
US6781920B2 (en) * | 2001-12-05 | 2004-08-24 | International Business Machines Corporation | Method for resolving meeting conflicts within an electronic calendar application |
US7996888B2 (en) * | 2002-01-11 | 2011-08-09 | Nokia Corporation | Virtual identity apparatus and method for using same |
US20050044385A1 (en) * | 2002-09-09 | 2005-02-24 | John Holdsworth | Systems and methods for secure authentication of electronic transactions |
US7349949B1 (en) * | 2002-12-26 | 2008-03-25 | International Business Machines Corporation | System and method for facilitating development of a customizable portlet |
US7359982B1 (en) * | 2002-12-26 | 2008-04-15 | International Business Machines Corporation | System and method for facilitating access to content information |
JP2004342088A (ja) | 2003-04-21 | 2004-12-02 | Sony Corp | 端末機器認証システム、端末機器、第1の振り分けサーバ、振り分けシステム、サービスサーバ、第2の振り分けサーバ、端末機器方法、第1の振り分け方法、振り分け方法、サービス提供方法、サービスサーバ方法、第1の振り分け方法、第2の振り分け方法、端末機器プログラム、第1の振り分けプログラム、振り分けプログラム、サービスサーバプログラム、第2の振り分けプログラム、及び記憶媒体 |
US7370195B2 (en) * | 2003-09-22 | 2008-05-06 | Microsoft Corporation | Moving principals across security boundaries without service interruption |
US7762470B2 (en) * | 2003-11-17 | 2010-07-27 | Dpd Patent Trust Ltd. | RFID token with multiple interface controller |
AU2006244447B2 (en) | 2005-05-06 | 2011-08-18 | Symantec Corporation | Token sharing system and method |
-
2006
- 2006-05-05 AU AU2006244447A patent/AU2006244447B2/en not_active Ceased
- 2006-05-05 EP EP06759151.1A patent/EP1883782B1/en active Active
- 2006-05-05 CN CNA2006800246984A patent/CN101218559A/zh active Pending
- 2006-05-05 US US11/418,227 patent/US9185108B2/en not_active Expired - Fee Related
- 2006-05-05 KR KR1020077028558A patent/KR101281217B1/ko active IP Right Grant
- 2006-05-05 JP JP2008510256A patent/JP5207965B2/ja active Active
- 2006-05-05 CA CA2607562A patent/CA2607562C/en not_active Expired - Fee Related
- 2006-05-05 WO PCT/US2006/017404 patent/WO2006121854A2/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
CA2607562A1 (en) | 2006-11-16 |
KR101281217B1 (ko) | 2013-07-02 |
US9185108B2 (en) | 2015-11-10 |
CN101218559A (zh) | 2008-07-09 |
KR20080012946A (ko) | 2008-02-12 |
JP2008541242A (ja) | 2008-11-20 |
CA2607562C (en) | 2016-07-12 |
EP1883782A4 (en) | 2013-01-23 |
WO2006121854A2 (en) | 2006-11-16 |
EP1883782A2 (en) | 2008-02-06 |
AU2006244447A1 (en) | 2006-11-16 |
EP1883782B1 (en) | 2014-10-15 |
AU2006244447B2 (en) | 2011-08-18 |
WO2006121854A3 (en) | 2008-01-17 |
US20070016943A1 (en) | 2007-01-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5207965B2 (ja) | トークン共有システムおよび方法 | |
Lux et al. | Distributed-ledger-based authentication with decentralized identifiers and verifiable credentials | |
US7591008B2 (en) | Client authentication using multiple user certificates | |
US20070150942A1 (en) | Centralized identity verification and/or password validation | |
US10250589B2 (en) | System and method for protecting access to authentication systems | |
US20190166112A1 (en) | Protecting against malicious discovery of account existence | |
Gupta et al. | An identity based access control and mutual authentication framework for distributed cloud computing services in IoT environment using smart cards | |
KR20040049272A (ko) | 네트워크 위치의 하위 위치에 대한 사용자의 인증을 위한방법 및 시스템 | |
US20080256617A1 (en) | Centralized Identity Verification and/or Password Validation | |
Chalaemwongwan et al. | A practical national digital ID framework on blockchain (NIDBC) | |
US7428637B1 (en) | Dynamic authentication and initialization method | |
Casey et al. | An interoperable architecture for usable password-less authentication | |
US20150143129A1 (en) | Secure mobile identity | |
Binu et al. | A mobile based remote user authentication scheme without verifier table for cloud based services | |
Pavlovski et al. | Unified framework for multifactor authentication | |
EP2530618B1 (en) | Sign-On system with distributed access | |
Halpin et al. | Federated identity as capabilities | |
Abhishek et al. | A comprehensive study on two-factor authentication with one time passwords | |
Rifa-Pous | A secure mobile-based authentication system for e-banking | |
Pravinbhai | Implementation of multi-tier authentication technique for single-sign on access of cloud services | |
Gupta et al. | Prompt and Secure Data Storage and Recovery System | |
Olmsted | Secure autonomous process communication | |
KR101066729B1 (ko) | 네트워크 위치의 하위 위치에 대한 사용자의 인증을 위한 방법 및 시스템 | |
Singh | A secure and reliable authentication mechanism for users of microsoft cardspace framework | |
Shah et al. | User-oriented identity management model for web-services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20090428 |
|
RD03 | Notification of appointment of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7423 Effective date: 20090904 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A821 Effective date: 20090904 |
|
RD04 | Notification of resignation of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7424 Effective date: 20091104 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20111207 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20120104 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20120404 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20120411 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20120426 |
|
A02 | Decision of refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A02 Effective date: 20120821 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20121221 |
|
A911 | Transfer to examiner for re-examination before appeal (zenchi) |
Free format text: JAPANESE INTERMEDIATE CODE: A911 Effective date: 20130107 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20130122 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20130219 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20160301 Year of fee payment: 3 |
|
R150 | Certificate of patent or registration of utility model |
Free format text: JAPANESE INTERMEDIATE CODE: R150 Ref document number: 5207965 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |