US20030110381A1 - One-time logon method for distributed computing systems - Google Patents
One-time logon method for distributed computing systems Download PDFInfo
- Publication number
- US20030110381A1 US20030110381A1 US10/081,551 US8155102A US2003110381A1 US 20030110381 A1 US20030110381 A1 US 20030110381A1 US 8155102 A US8155102 A US 8155102A US 2003110381 A1 US2003110381 A1 US 2003110381A1
- Authority
- US
- United States
- Prior art keywords
- password
- commercial service
- service system
- business system
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Definitions
- the present invention relates to a login authentication technique that allows a user who is using a business system to use a commercial service system safely and enables multiple users who are using the business system to share an account of the commercial service system.
- the intranet business system performs login authentication to enable processing in accordance with the user's official authority. However, if a service via the Internet is charged, the login authentication is required for utilization of the service. The following requirements are provided for utilization of these multiple systems.
- a method for transferring a special key generated in accordance with a protocol arranged between a business system and a service system to a client (terminal) is considered so that the commercial service can directly be used from the client.
- a fixed user ID and a password in the normal login authentication cannot be used as the key.
- utilization of what is called a one-time password is considered.
- the prototype of the one-time password is a Lamport's Hash algorithm, and is described in ‘Password Authentication with Insecure Communication’ by Leslie Lamport of “Communications of the ACM, Volume 24, Issue 11 (November 1981)”, pages 770 to 772.
- the first problem is that because communication is performed between the business system and the service system in accordance with the Lamport's hash algorithm, the communication needs to be performed multiple times between the business system and the service system, thereby increasing the load of the business system.
- the second problem is that only one hash value is stored at the service side and one account cannot be used by multiple persons at the same time.
- An object of the present invention is to provide a login authentication method for reducing traffic and enabling concurrent utilization of one account by the multiple persons and its implementation system.
- the traffic can be reduced. Further, according to the method described in claim 2 or 3, all passwords have previously been sent to the commercial service system, multiple persons can perform login processing at the same time.
- FIG. 1 is a general drawing of a processing method according to one example of the present invention.
- FIG. 2 is a block diagram of the password list of the present invention.
- FIG. 3 is a general drawing of the processing method in the accounting information of the present invention.
- FIG. 1 shows a general drawing of a processing method according to one example of the present invention.
- a business system 1 there are a business system 1 and a client 3 (terminal or computer) that a user uses.
- the user logs in the business system 1 .
- the user also uses a service system that exists in an external commercial service site.
- a commercial service system has accounting information 41 every user to manage the user. The case where multiple users share and use this accounting information 41 is considered.
- a password list 40 is generated in a business system. There are N passwords in this password list 40 . Here, an individual password is assumed to be generated from a random number.
- This password list 40 is sent 500 to a service system 2 and stored in the password of the accounting information 41 . Further, each password stores a pair of flags that indicate whether this password is already used or unused. The initial value of this flag is unused.
- the user sends 501 a request for use of the commercial service system 2 from the client 3 that the user is using to the business system 1 .
- the business system 1 that received the request for use checks 502 a commercial service use authority of the user. If the use authority is provided, any password 401 is selected 503 from the password list 40 and returned 504 to a client.
- the selected password is eliminated from the password list or the line for the selected password is made blank.
- the client 3 sends 505 the returned password to the commercial service system 2 .
- the commercial service system 2 makes a comparison 506 with a password within the accounting information 41 , and permits login if a matching password ( 411 in this case) is provided. Further, the commercial service system 2 changes a flag paired with the used password to the used flag in order to nullify 507 the used password.
- login authentication processing can be performed by multiple users to one account at the same time by always allocating a different password to each user.
- Hash[n](r) 402 indicates the result in which the hash function is applied to r n times ( 402 ).
- a business system Prior to login authentication, a business system sends 500 the total applicable number of times N of the hash function and only Hash[N](r) to the service system 2 .
- each password stores the applicable number of times of the hash function and a pair of flags that indicate whether this password is already used or unused ( 412 ).
- the accounting information stores Hash [N](r), N, and only unused pair of flags.
- the password selection processing 503 of the business system 1 allocates a password sequentially from the password of which the applicable number of times n is high.
- the return processing 504 to a client also returns the password 402 and the applicable number of times n.
- the comparison processing 506 in the commercial service system 2 compares the result (Hash [N-n](password) in which a hash function was applied to the password Hash[n](r) sent from the client only for the part in which the applicable number of times n was subtracted from the total number of applicable times N and a numerical value of Hash[N](r), and permits login if they match.
- a user can use a business system and a commercial service system without needing to be aware of the system or service that the user is using.
- one account of the commercial service system can be shared by multiple persons.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Prior to authentication, a business system generates a password list and sends the password list to a commercial service system. A request for use of the commercial service system is sent from a terminal that a user is using to the business system. In response to this, the business system that received the request for use checks the request for use of a commercial service use authority of the user. A password is selected from the password list and returned to the terminal. The terminal sends the returned password to the commercial service system. The commercial service system compares the password with a password in accounting information including the password list. If they match, login is permitted and the used password is nullified.
Description
- The present invention relates to a login authentication technique that allows a user who is using a business system to use a commercial service system safely and enables multiple users who are using the business system to share an account of the commercial service system.
- At present, a user frequently uses various commercial services via an intranet business system and the Internet at the same time. The intranet business system performs login authentication to enable processing in accordance with the user's official authority. However, if a service via the Internet is charged, the login authentication is required for utilization of the service. The following requirements are provided for utilization of these multiple systems.
- (1) When a user uses a commercial service system from inside an enterprise, the user needs not to be aware of the system or service that the user is using. That is, the login authentication of the commercial service system needs not to be performed explicitly.
- (2) Because in-house users who can use a commercial service system must be limited in accordance with their official authority, security concerning information (accounting) about login authentication needs also to be considered. That is, even if a password is leaked to another user, the password is rejected by the login authentication.
- (3) Because a business system that is already operating and a commercial service may be linked, a load on the business system is minimized.
- (4) Because it is mostly unrealistic from the standpoint of accounting that accounts for in-house users who use a commercial service are secured, multiple in-house users can share an account.
- To satisfy the requirement (1), a method for transferring a special key generated in accordance with a protocol arranged between a business system and a service system to a client (terminal) is considered so that the commercial service can directly be used from the client. In this case, to satisfy the requirement (2), a fixed user ID and a password in the normal login authentication cannot be used as the key. To realize the above login authentication function, utilization of what is called a one-time password is considered. The prototype of the one-time password is a Lamport's Hash algorithm, and is described in ‘Password Authentication with Insecure Communication’ by Leslie Lamport of “Communications of the ACM, Volume 24, Issue 11 (November 1981)”, pages 770 to 772.
- In a Lamport's hash algorithm, a password that will be used next is determined by inquiring an numerical value n that indicates how far the password was consumed and the service system side ought to store this n and only the corresponding hash value. However, there are the following two problems to apply this one-time password to the business system and the commercial service system.
- The first problem is that because communication is performed between the business system and the service system in accordance with the Lamport's hash algorithm, the communication needs to be performed multiple times between the business system and the service system, thereby increasing the load of the business system.
- The second problem is that only one hash value is stored at the service side and one account cannot be used by multiple persons at the same time.
- An object of the present invention is to provide a login authentication method for reducing traffic and enabling concurrent utilization of one account by the multiple persons and its implementation system.
- According to the method described in a first aspect of the present invention, because the communication that inquires how far a password has been used at present needs not to be performed, the traffic can be reduced. Further, according to the method described in
claim - FIG. 1 is a general drawing of a processing method according to one example of the present invention.
- FIG. 2 is a block diagram of the password list of the present invention.
- FIG. 3 is a general drawing of the processing method in the accounting information of the present invention.
- One embodiment of the present invention is described below.
- FIG. 1 shows a general drawing of a processing method according to one example of the present invention. In an enterprise, there are a
business system 1 and a client 3 (terminal or computer) that a user uses. The user logs in thebusiness system 1. Further, the user also uses a service system that exists in an external commercial service site. A commercial service system hasaccounting information 41 every user to manage the user. The case where multiple users share and use thisaccounting information 41 is considered. - Prior to login authentication, a
password list 40 is generated in a business system. There are N passwords in thispassword list 40. Here, an individual password is assumed to be generated from a random number. Thispassword list 40 is sent 500 to aservice system 2 and stored in the password of theaccounting information 41. Further, each password stores a pair of flags that indicate whether this password is already used or unused. The initial value of this flag is unused. When the user uses a commercial service, the user sends 501 a request for use of thecommercial service system 2 from theclient 3 that the user is using to thebusiness system 1. - The
business system 1 that received the request for use checks 502 a commercial service use authority of the user. If the use authority is provided, anypassword 401 is selected 503 from thepassword list 40 and returned 504 to a client. - To prevent that the selected password is allocated to a clients again, the selected password is eliminated from the password list or the line for the selected password is made blank.
- The
client 3 sends 505 the returned password to thecommercial service system 2. Thecommercial service system 2 makes acomparison 506 with a password within theaccounting information 41, and permits login if a matching password (411 in this case) is provided. Further, thecommercial service system 2 changes a flag paired with the used password to the used flag in order to nullify 507 the used password. - In a series of processing described above, login authentication processing can be performed by multiple users to one account at the same time by always allocating a different password to each user.
- The one embodiment was described above, but as a modification example of this example, an example when one-time password algorithm is modified and applied to a processing method of the present invention is described below.
- A second example in which the
password list 40 in a first example was replaced is described using the password list of FIG. 2. At this point, an individual password is generated by sequentially applying a hash function to an optional initial value r. Here, Hash[n](r) 402 indicates the result in which the hash function is applied to r n times (402). - Prior to login authentication, a business system sends500 the total applicable number of times N of the hash function and only Hash[N](r) to the
service system 2. - A third example in which the
accounting information 41 in the first example was replaced is described using the accounting information of FIG. 3. Here, each password stores the applicable number of times of the hash function and a pair of flags that indicate whether this password is already used or unused (412). In the initial state, the accounting information stores Hash [N](r), N, and only unused pair of flags. - When a request for use of a commercial service is received from a user, the
password selection processing 503 of thebusiness system 1 allocates a password sequentially from the password of which the applicable number of times n is high. - The
return processing 504 to a client also returns thepassword 402 and the applicable number of times n. Thecomparison processing 506 in thecommercial service system 2 compares the result (Hash [N-n](password) in which a hash function was applied to the password Hash[n](r) sent from the client only for the part in which the applicable number of times n was subtracted from the total number of applicable times N and a numerical value of Hash[N](r), and permits login if they match. - An example for reducing computational complexity of a hash function in the
commercial service system 2 is shown. Because thecomparison processing 506 in thecommercial service system 2 performs computation to which the hash function is applied multiple times, each intermediate result is added to theaccounting information 41. Here, when the computation is performed until the applicable number of times is set to m, the computation of the hash function results in Hash [m−n](password) and the result is compared with Hash [m](r). On this occasion, the intermediate result from the applicable number of times n to m is stored. Subsequently, in the compare processing of the password of which the applicable number of times is higher than n and lower than m, the hash function is not computed. - A user can use a business system and a commercial service system without needing to be aware of the system or service that the user is using.
- A business limit indicating that “Only a specific user can use a commercial service” can be satisfied safely.
- The traffic between the business system and the commercial service system can be reduced.
- Further, one account of the commercial service system can be shared by multiple persons.
- As a result, the traffic is reduced and the concurrent utilization of the one account by the multiple persons is enabled.
Claims (10)
1. A login authentication method of a user who uses a business system and a commercial service system, comprising the steps of:
sending a request for use of said commercial service system from a terminal that the user is using to said business system, when the user who logs in said business system uses said commercial service system, with respect to the user;
checking a commercial service use authority of the user, and returning selects one password from a password list created prior to authentication to said terminal, with respect to said business system that received the request of use;
sending the returned password to said commercial service system, with respect to said terminal; and
comparing the password with accounting information created prior to the authentication, permitting login when they match, and nullifying said used password, with respect to said commercial service system.
2. The login authentication method according to claim 1 , wherein said business system generates said password list using a random number, sends said password list to said commercial service system, and creates accounting information.
3. The login authentication method according to claim 1, wherein said commercial service system generates said accounting information using a random number, sends said accounting information to said business system, and creates said password list.
4. The login authentication method according to claim 1 ,
wherein said business system generates said password list using a numerical value to which an optional numerical value and a one-way function were applied sequentially, sends the applicable number of times of said one-way function and the numerical value of a sequentially applied final result to said commercial service system, and creates said accounting information, and
when use of a commercial service system is requested from said terminal, said business system returns a password and the applicable number of times of said one-way function to said terminal, compares the result in which said one-way function was applied to the password sent from said terminal only for a part in which the applicable number of times of said one-way function to said password was subtracted from the applicable number of times of said final result, with the numerical value of said final result in said accounting information when login permission in said commercial service system is determined, and permits login if they match.
5. The login authentication method according to claim 4 , wherein the numerical value of the sequentially applied result is retained when the login permission in said commercial service system is determined thereby to apply it to the result in which the numerical value was retained for the part of the applicable number of times of said one-way function of the retained result was subtracted from the applicable number of times of said one-way function of a determining password.
6. A login authentication program of a user who uses a business system and a commercial service system, comprising the steps of:
sending a request for use of said commercial service system from said terminal that the user is using to said business system when the user who logs in said business system uses said commercial service system;
checking a commercial service use authority, selecting a password from a password list created prior to authentication, and returning the password to said terminal with respect to said business system;
sending the returned password to said commercial service system with respect to said terminal; and
comparing the password with accounting information created prior to authentication, permitting login when they match, and nullifying said used password with respect to said commercial service system.
7. The login authentication program according to claim 6 , further comprising the step of allowing said business system to generate said password list using a random number, send said password list to said commercial service system, and create said accounting information.
8. The login authentication program according to claim 6 , further comprising the step of allowing said commercial service system to generate said accounting information using a random number, send said accounting information to said business system, and create said password list.
9. The login authentication program according to claim 6 , further comprising the steps of:
allowing said business system to generate said password list using a value to which an optional value and a one-way function are applied sequentially, send the applicable number of times of said one-way function and a numerical value of the sequentially applied final result, and create said accounting information; and
allowing said business system to return a password and the applicable number of times of said one-way function to said terminal when use of a commercial service system is requested from said terminal, compare a result in which said one-way function was applied to the password sent from said terminal only for a part in which the applicable number of times of said one-way function for the password was subtracted from the applicable number of times of said final result, with the numerical value of said final result in said accounting information, and permit login if they match.
10. The login authentication program according to claim 9 , further comprising the step of retaining the value of the sequentially applied result when the login permission in said commercial service system is determined thereby to apply it to the result in which the numerical value was retained for the part in which the number of times of said one-way function of the retained result was subtracted from the applicable number of times of said one-way function of a determining password.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2001-376575 | 2001-12-11 | ||
JP2001376575A JP3899918B2 (en) | 2001-12-11 | 2001-12-11 | Login authentication method, its execution system, and its processing program |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030110381A1 true US20030110381A1 (en) | 2003-06-12 |
Family
ID=19184734
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/081,551 Abandoned US20030110381A1 (en) | 2001-12-11 | 2002-02-20 | One-time logon method for distributed computing systems |
US10/081,486 Expired - Fee Related US7136996B2 (en) | 2001-12-11 | 2002-02-20 | One-time logon method for distributed computing systems |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/081,486 Expired - Fee Related US7136996B2 (en) | 2001-12-11 | 2002-02-20 | One-time logon method for distributed computing systems |
Country Status (2)
Country | Link |
---|---|
US (2) | US20030110381A1 (en) |
JP (1) | JP3899918B2 (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090024848A1 (en) * | 2005-12-19 | 2009-01-22 | Nippon Telegraph And Telephone Corporation | Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium |
US20090034735A1 (en) * | 2004-03-17 | 2009-02-05 | Arcot Systems, Inc. | Auditing secret key cryptographic operations |
KR100982515B1 (en) | 2004-01-08 | 2010-09-16 | 삼성전자주식회사 | Apparatus and method for constraining the count of access to digital contents using a hash chain |
US20100250938A1 (en) * | 2009-03-31 | 2010-09-30 | Miodrag Potkonjak | Distributed generation of mutual secrets |
US20120227096A1 (en) * | 2011-03-04 | 2012-09-06 | Intercede Limited | Method and apparatus for transferring data |
US8800012B2 (en) | 2006-07-07 | 2014-08-05 | Nec Corporation | System and method for authentication in wireless networks by means of one-time passwords |
US20150089568A1 (en) * | 2013-09-26 | 2015-03-26 | Wave Systems Corp. | Device identification scoring |
US9154496B2 (en) * | 2013-09-25 | 2015-10-06 | Emc Corporation | Proactivation methods and apparatus for password-hardening systems |
US9230092B1 (en) * | 2013-09-25 | 2016-01-05 | Emc Corporation | Methods and apparatus for obscuring a valid password in a set of passwords in a password-hardening system |
US20160357970A1 (en) * | 2015-06-03 | 2016-12-08 | International Business Machines Corporation | Electronic personal assistant privacy |
US20180018467A1 (en) * | 2012-12-28 | 2018-01-18 | International Business Machines Corporation | Decrypting files for data leakage protection in an enterprise network |
US20190068571A1 (en) * | 2014-05-22 | 2019-02-28 | Alibaba Group Holding Limited | Method, apparatus, and system for providing a security check |
US10970384B2 (en) * | 2018-05-03 | 2021-04-06 | Proton World International N.V. | Authentication of an electronic circuit |
US11025615B2 (en) * | 2019-05-28 | 2021-06-01 | Bank Of America Corporation | Dynamic multi-device authentication and access control system |
US11316849B1 (en) * | 2019-04-04 | 2022-04-26 | United Services Automobile Association (Usaa) | Mutual authentication system |
US11444950B2 (en) * | 2020-04-24 | 2022-09-13 | Vmware, Inc. | Automated verification of authenticated users accessing a physical resource |
US11902276B2 (en) | 2019-11-07 | 2024-02-13 | Vmware, Inc. | Access to physical resources based through identity provider |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7412720B1 (en) * | 2001-11-02 | 2008-08-12 | Bea Systems, Inc. | Delegated authentication using a generic application-layer network protocol |
JP4079319B2 (en) * | 2002-12-25 | 2008-04-23 | インターナショナル・ビジネス・マシーンズ・コーポレーション | IDENTIFICATION INFORMATION GENERATION DEVICE, IDENTIFICATION INFORMATION RESOLUTION DEVICE, INFORMATION SYSTEM USING THEM, CONTROL METHOD AND PROGRAM THEREOF |
AU2004305800A1 (en) * | 2003-09-12 | 2005-03-31 | Emc Corporation | System and method providing disconnected authentication |
US7693797B2 (en) * | 2004-06-21 | 2010-04-06 | Nokia Corporation | Transaction and payment system security remote authentication/validation of transactions from a transaction provider |
JP4681873B2 (en) * | 2004-12-22 | 2011-05-11 | オリンパス株式会社 | External information recording medium and RFID system using the same |
JP4765572B2 (en) * | 2005-11-17 | 2011-09-07 | 村田機械株式会社 | Terminal device, time stamp management system, and time stamp management program |
WO2008025124A1 (en) * | 2006-08-29 | 2008-03-06 | Behruz Nader Daroga | Digital transmission system (dts) for computer security |
US7996885B2 (en) * | 2007-04-19 | 2011-08-09 | International Business Machines Corporation | Password application |
US20090327704A1 (en) * | 2008-06-27 | 2009-12-31 | Microsoft Corporation | Strong authentication to a network |
US8839357B2 (en) | 2010-12-22 | 2014-09-16 | Canon U.S.A., Inc. | Method, system, and computer-readable storage medium for authenticating a computing device |
US20130055379A1 (en) * | 2011-08-23 | 2013-02-28 | Research In Motion Limited | System, device and method for authentication |
US9213851B2 (en) * | 2012-12-12 | 2015-12-15 | Vmware, Inc. | Limiting access to a digital item |
US9213852B2 (en) | 2012-12-12 | 2015-12-15 | Vmware, Inc. | Limiting access to a digital item |
JP6040102B2 (en) * | 2013-06-04 | 2016-12-07 | 株式会社日立製作所 | Fraud information detection method and fraud information detection apparatus |
WO2015076835A1 (en) | 2013-11-25 | 2015-05-28 | Intel Corporation | Methods and apparatus to manage password security |
US10735198B1 (en) | 2019-11-13 | 2020-08-04 | Capital One Services, Llc | Systems and methods for tokenized data delegation and protection |
US20240028684A1 (en) * | 2022-07-21 | 2024-01-25 | Microsoft Technology Licensing, Llc | Authentication of users based on codes embedded in machine-readable items |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5060263A (en) * | 1988-03-09 | 1991-10-22 | Enigma Logic, Inc. | Computer access control system and method |
US5805803A (en) * | 1997-05-13 | 1998-09-08 | Digital Equipment Corporation | Secure web tunnel |
US20020144128A1 (en) * | 2000-12-14 | 2002-10-03 | Mahfuzur Rahman | Architecture for secure remote access and transmission using a generalized password scheme with biometric features |
US6993666B1 (en) * | 1997-08-27 | 2006-01-31 | Sonera Oyj | Method and apparatus for remotely accessing a password-protected service in a data communication system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5241594A (en) * | 1992-06-02 | 1993-08-31 | Hughes Aircraft Company | One-time logon means and methods for distributed computing systems |
JP2000259709A (en) | 1999-03-12 | 2000-09-22 | Bigbang Technology Ltd | System and method for managing electronic commertial transaction and recording medium |
US7020645B2 (en) * | 2001-04-19 | 2006-03-28 | Eoriginal, Inc. | Systems and methods for state-less authentication |
-
2001
- 2001-12-11 JP JP2001376575A patent/JP3899918B2/en not_active Expired - Fee Related
-
2002
- 2002-02-20 US US10/081,551 patent/US20030110381A1/en not_active Abandoned
- 2002-02-20 US US10/081,486 patent/US7136996B2/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5060263A (en) * | 1988-03-09 | 1991-10-22 | Enigma Logic, Inc. | Computer access control system and method |
US5805803A (en) * | 1997-05-13 | 1998-09-08 | Digital Equipment Corporation | Secure web tunnel |
US6993666B1 (en) * | 1997-08-27 | 2006-01-31 | Sonera Oyj | Method and apparatus for remotely accessing a password-protected service in a data communication system |
US20020144128A1 (en) * | 2000-12-14 | 2002-10-03 | Mahfuzur Rahman | Architecture for secure remote access and transmission using a generalized password scheme with biometric features |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100982515B1 (en) | 2004-01-08 | 2010-09-16 | 삼성전자주식회사 | Apparatus and method for constraining the count of access to digital contents using a hash chain |
US20090034735A1 (en) * | 2004-03-17 | 2009-02-05 | Arcot Systems, Inc. | Auditing secret key cryptographic operations |
US20090024848A1 (en) * | 2005-12-19 | 2009-01-22 | Nippon Telegraph And Telephone Corporation | Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium |
US20110072121A1 (en) * | 2005-12-19 | 2011-03-24 | Nippon Telegraph And Telephone Corporation | Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium |
US8533472B2 (en) * | 2005-12-19 | 2013-09-10 | Nippon Telegraph And Telephone Corporation | Terminal identification method, authentication method, authentication system, server, terminal, wireless base station, program, and recording medium |
US8848912B2 (en) * | 2005-12-19 | 2014-09-30 | Nippon Telegraph And Telephone Corporation | Terminal identification method, authentication method, authentication system, server, terminal, wireless base station, program, and recording medium |
US8800012B2 (en) | 2006-07-07 | 2014-08-05 | Nec Corporation | System and method for authentication in wireless networks by means of one-time passwords |
US20100250938A1 (en) * | 2009-03-31 | 2010-09-30 | Miodrag Potkonjak | Distributed generation of mutual secrets |
US8428254B2 (en) * | 2009-03-31 | 2013-04-23 | Empire Technology Development Llc | Distributed generation of mutual secrets |
US20120227096A1 (en) * | 2011-03-04 | 2012-09-06 | Intercede Limited | Method and apparatus for transferring data |
US10607016B2 (en) * | 2012-12-28 | 2020-03-31 | International Business Machines Corporation | Decrypting files for data leakage protection in an enterprise network |
US20180018467A1 (en) * | 2012-12-28 | 2018-01-18 | International Business Machines Corporation | Decrypting files for data leakage protection in an enterprise network |
US9230092B1 (en) * | 2013-09-25 | 2016-01-05 | Emc Corporation | Methods and apparatus for obscuring a valid password in a set of passwords in a password-hardening system |
US9154496B2 (en) * | 2013-09-25 | 2015-10-06 | Emc Corporation | Proactivation methods and apparatus for password-hardening systems |
US20150089568A1 (en) * | 2013-09-26 | 2015-03-26 | Wave Systems Corp. | Device identification scoring |
US9319419B2 (en) * | 2013-09-26 | 2016-04-19 | Wave Systems Corp. | Device identification scoring |
US10798081B2 (en) * | 2014-05-22 | 2020-10-06 | Alibaba Group Holding Limited | Method, apparatus, and system for providing a security check |
US20190068571A1 (en) * | 2014-05-22 | 2019-02-28 | Alibaba Group Holding Limited | Method, apparatus, and system for providing a security check |
US20160357970A1 (en) * | 2015-06-03 | 2016-12-08 | International Business Machines Corporation | Electronic personal assistant privacy |
US9977832B2 (en) * | 2015-06-03 | 2018-05-22 | International Business Machines Corporation | Electronic personal assistant privacy |
US10970384B2 (en) * | 2018-05-03 | 2021-04-06 | Proton World International N.V. | Authentication of an electronic circuit |
US11316849B1 (en) * | 2019-04-04 | 2022-04-26 | United Services Automobile Association (Usaa) | Mutual authentication system |
US11818125B1 (en) | 2019-04-04 | 2023-11-14 | United Services Automobile Association (Usaa) | Mutual authentication system |
US11025615B2 (en) * | 2019-05-28 | 2021-06-01 | Bank Of America Corporation | Dynamic multi-device authentication and access control system |
US11902276B2 (en) | 2019-11-07 | 2024-02-13 | Vmware, Inc. | Access to physical resources based through identity provider |
US11444950B2 (en) * | 2020-04-24 | 2022-09-13 | Vmware, Inc. | Automated verification of authenticated users accessing a physical resource |
Also Published As
Publication number | Publication date |
---|---|
US20030110401A1 (en) | 2003-06-12 |
JP3899918B2 (en) | 2007-03-28 |
JP2003178027A (en) | 2003-06-27 |
US7136996B2 (en) | 2006-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7136996B2 (en) | One-time logon method for distributed computing systems | |
US8510818B2 (en) | Selective cross-realm authentication | |
EP0762289B1 (en) | Method and system for securely controlling access to system resources in a distributed system | |
CN111416822B (en) | Method for access control, electronic device and storage medium | |
US9769137B2 (en) | Extensible mechanism for securing objects using claims | |
US9185105B2 (en) | System and method for single sign-on session management without central server | |
US6718470B1 (en) | System and method for granting security privilege in a communication system | |
US7845003B2 (en) | Techniques for variable security access information | |
US7865931B1 (en) | Universal authorization and access control security measure for applications | |
EP1625691B1 (en) | System and method for electronic document security | |
US8843648B2 (en) | External access and partner delegation | |
US20100077457A1 (en) | Method and system for session management in an authentication environment | |
US20080168539A1 (en) | Methods and systems for federated identity management | |
US8087070B2 (en) | Predictive method for multi-party strengthening of authentication credentials with non-real time synchronization | |
JP5723300B2 (en) | Server system, service providing server, and control method | |
US11799870B2 (en) | System and method for the management of multi-domain access credentials of a user able to access a plurality of domains | |
CN116032627A (en) | Unified authentication and authorization method and device based on micro-service architecture | |
MXPA04007410A (en) | Moving principals across security boundaries without service interruption. | |
EP1436966B1 (en) | A method of providing an access request to a same server based on a unique identifier | |
WO1999028805A2 (en) | Method and device in a data network for supplying services | |
US7530111B2 (en) | Write-access control system | |
CN107276965B (en) | Authority control method and device of service discovery component | |
CN115982692A (en) | Data management application method based on big data technology | |
CN117056898A (en) | Unified identity authentication system based on containerization platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: HITACHI, LTD., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:AOSHIMA, TATSUNDO;TASAKA, MITSUNOBU;TAKEDA, KEI;REEL/FRAME:012654/0910 Effective date: 20020204 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |