WO2001082555A2 - Methodes et dispositif d'authentification dynamique dans un reseau distribue - Google Patents

Methodes et dispositif d'authentification dynamique dans un reseau distribue Download PDF

Info

Publication number
WO2001082555A2
WO2001082555A2 PCT/US2001/013628 US0113628W WO0182555A2 WO 2001082555 A2 WO2001082555 A2 WO 2001082555A2 US 0113628 W US0113628 W US 0113628W WO 0182555 A2 WO0182555 A2 WO 0182555A2
Authority
WO
WIPO (PCT)
Prior art keywords
host
key
computer
client
lock key
Prior art date
Application number
PCT/US2001/013628
Other languages
English (en)
Other versions
WO2001082555A3 (fr
Inventor
Ron Karim
Original Assignee
Sun Microsystems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems, Inc. filed Critical Sun Microsystems, Inc.
Priority to EP01930857A priority Critical patent/EP1277324A2/fr
Priority to AU2001257354A priority patent/AU2001257354A1/en
Publication of WO2001082555A2 publication Critical patent/WO2001082555A2/fr
Publication of WO2001082555A3 publication Critical patent/WO2001082555A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the invention relates generally to computer systems. More particularly, methods and apparatus for providing dynamic authentication in a distributed network are disclosed. Specifically, in the realm of e-commerce, an authentication agent provides transaction security between an e-customer and an e-merchant.
  • a browser is an application program that provides a way to look at and interact with information on distributed computer networks such as the Internet.
  • a Web browser is a client program that uses the Hypertext Transfer Protocol (HTTP) to make requests of Web servers throughout the Internet on behalf of the browser user.
  • HTTP Hypertext Transfer Protocol
  • client side users i.e. "e-customers”
  • server side processors i.e., "e-sellers”
  • e-sellers server side processors
  • browsers In order to transact business in a Web-based environment, browsers typically execute Web commerce applications specifically designed to facilitate e-commerce transactions such as requesting quotes, selecting options and assembling components into complex bundles, and placing orders.
  • Fig. 1 illustrates an exemplary implementation of a distributed network 100 that utilizes a Kerberos type security system in order to provide transaction security.
  • the network of computers 100 includes a client computer 102 used by an e-customer 104 to conduct an e- commerce transaction with an e-merchant 106 coupled to a merchant server 108.
  • the e-customer 104 will access a particular e-merchant's web page by first issuing a web page request in the form of a URL.
  • the merchant server 108 provides an HTTP response in the form of an HTML page generally consisting of the "expected" interface page used by the e-customer 104 to enter a particular e-commerce transaction, such as, for example, placing a purchase order.
  • the e-customerl04 must provide secure data such as a credit card number, social security number, and the like that must be protected from unauthorized access.
  • Kerberos security system that resides in a Kerberos server 110 is typically used. It should be noted that in the example shown the Kerberos server 110 resides in a single Kerberos server but can nonetheless be a distributed type server computer.
  • a Kerberos "ticket” is required.
  • the e-customer 104 must first request authentication from an Authentication Server (AS) 114.
  • AS Authentication Server
  • the AS 114 creates what is referred to as a "session key” 116 (which is also an encryption key) that is typically based upon a requestor supplied password and a random value that represents the requested service (i.e., the particular e-merchant 106).
  • the session key 116 is effectively a "ticket-granting ticket”.
  • the client computer 102 sends the session key 116 to a ticket-granting server (TGS) 118.
  • TGS ticket-granting server
  • the TGS 118 then returns the encrypted 120 ticket to the client computer 102 which can now be provided with a particular transaction to the server computer 108 in a secure manner.
  • the merchant server either rejects the ticket 120 or accepts it and performs the completed the transaction 120.
  • the ticket 120 received from the TGS 116 is time-stamped providing the e-customer 104 the capability of making additional requests using the same ticket within a certain time period (typically, eight hours) without having to be re-authenticated.
  • a third party such as the Kerberos server introduces additional points where security can be breached.
  • the Kerberos server 110 or any components therein
  • the transaction between the e-merchant and the e-customer can not take place. Therefore, what is required is a method and apparatus for providing efficient, secure, and fault tolerant dynamic authentication in a distributed network environment.
  • a computer implemented method of providing a secure transaction between a client computer and a host computer in a distributed network is disclosed.
  • a host lock key and a host open key are generated where the host open key is stored in the host computer.
  • the host lock key is sent to the client computer where a client lock key is generated.
  • Secret data associated with the secure transaction is secured using the host lock key and the client lock key which is then retrieved at the host computer.
  • a system for dynamically authenticating a secure transaction between a client computer and a host computer in a distributed network includes, an authentication agent server coupled to the host computer provides a host lock key, a host open key, and an authentication agent, wherein the authentication agent server stores the host open key in the host computer and sends the authentication agent and the host lock key to the client computer in response to a client request.
  • the system also includes a decryptor block included in the host computer arranged to open the secure data vault using the merchant open key, wherein the merchant open key only resides in the host computer.
  • Fig. 1 shows a conventional Kerberos-type security system implemented in a distributed network of computers.
  • Fig. 2 illustrates a browser/server system in accordance with an embodiment of the invention is shown.
  • Fig. 3 illustrates a secured data vault in accordance with an embodiment of the invention.
  • Fig. 4 is a flowchart detailing a process for conducting a secure transaction over a distributed network of computers in accordance with an embodiment of the invention.
  • Fig. 5 is a flowchart detailing a process as one implementation of generating an authentication agent of the process detailed in Fig. 4.
  • Fig. 6 is a flowchart detailing a process as one implementation of locking customer secure data of the process detailed in Fig. 4.
  • Fig. 7 is a flowchart detailing a process as one implementation of the merchant unlocking the secure data of the process detailed in Fig. 4.
  • Fig. 8 illustrates a computer system that can be employed to implement the present invention DETAILED DESCRIPTION OF THE EMBODIMENTS h the following description, frameworks and methods of providing dynamic authentication services in a distributed network environment are described, In addition, an apparatus embodied in a computer system that provides dynamic authentication in a distributed network is also described.
  • any distributed network can be suitably employed to implement any desired embodiment of the invention. It is one of the advantages of the invention that it is well suited for low bandwidth systems capable of executing client side applications.
  • Such low bandwidth systems include, but are not limited to virtual private networks, direct serial connections across telephone lines (“BBS systems”), and LANs and WANs regardless of network protocol.
  • HTTP HyperText Transfer Protocol
  • client i.e., client
  • URL universal resource locator
  • the system 200 includes a client (customer) computer 202 coupled to a server (merchant) computer 204.
  • the merchant computer 204 is part of a distributed interconnected computer network such as the Internet, but can also be part of a private wide or local area network (WAN/LAN) utilizing HTTP protocols, sometimes referred to as an intranet. It is one of the advantages of the invention that the interconnected computer network can be any low bandwidth system.
  • the client computer 202 utilizes the graphical user interface resources presented by a Web page (sometimes referred to as an HTML page) 206 resident in a browser 208, most of which are obtained by various HTTP requests.
  • a Web page sometimes referred to as an HTML page
  • the browser 208 When a user desires to download a particular HTML page from the server 204, the browser 208 generates an HTTP request 210.
  • the URL for the requested page includes information related both to the location of the server computer 204, and to the location within the server computer 204 where the requested page is located.
  • an authentication agent server 212 residing in, or coupled to, the merchant computer 204 generates a merchant lock key 214 and a merchant open key 216.
  • the merchant open key 216 is private since it is only stored in the server 204 and is not at any time "on the wire"(i.e., transmitted over the network).
  • the merchant lock key 214 is attached to an authentication agent 216 by the authentication agent server 212 as an HTTP response.
  • the HTTP response takes the form of an HTML page generally consisting of the "expected" interface page and the authentication agent 216, which, preferably, is transparent to the e-customer 104.
  • the authentication agent 216 can form a visual interface so as to be provide the customer 104 with the capability of providing secure data or other information related to the transaction.
  • the authentication agent 216 takes the form of an embedded client-side application such as for example a Java applet.
  • Java applets are generally small programs that can be sent along with a Web page to a browser to execute interactive animations, immediate calculations, or other simple tasks using the computing resources of the client without having to send a request back for processing on the server, hi Java based systems, therefore, the authentication agent 216 takes the form of a Java based authentication applet 218. Once all required user load time components are available, the authentication agent applet 218 can then proceed in processing user supplied inputs in the particularized context of the received data and any API extension code during what is referred to as a sub-application.
  • a user session will consist of a series of different sub-applications as, for example, a user navigates the application interface and interacts with the different sections each with its own particularized UI and data.
  • the authentication agent applet 218 verifies the customer 104 and generates what is referred to as a customer lock key 220.
  • the secure data vault 226 includes a secure data field 300 (usually a social security number, a credit card number, etc.) secured by both a customer lock key 302 and a merchant lock key 304.
  • a secure data field 300 usually a social security number, a credit card number, etc.
  • any unauthorized entity such as a hacker
  • the merchant open key is also required and is never made public, the probability of successfully obtaining the secured (or secret) data is very low.
  • the authentication agent applet 218 attaches the appropriate transaction data field 222 (such as color, size, weight), etc to the secure data vault 226 to form a transaction request 228.
  • the client computer 2202 then transmits the transaction request 228 to the merchant server 204 for further processing.
  • the merchant server 204 retrieves the stored merchant open key 216.
  • the merchant server 204 opens the secure data vault 226 by using the combination of the merchant open key 216 and the customer open key 220 based upon the selected algorithm 230.
  • the merchant server 204 confirms the identity of the e-customer 104 and proceeds to retrieve the secret data • 224 that is then used to complete the transaction.
  • Fig. 4 is a flowchart detailing a process 400 for conducting a secure transaction over a distributed network of computers in accordance with an embodiment of the invention.
  • the process 400 begins at 402 by an e-customer downloading a particular e-merchant's webpage, part of that is an interface that the e- customer uses to initiate a transaction at 404.
  • an authentication agent server instantiates an authentication agent at 406 and sends the authentication agent to the customer' client computer at 408.
  • the authentication agent then verifies the customer at 410, and if verified at 412, the authentication agent locks the customer's secure data at 414 into a data vault. If, however, the customer is not verified at 412, then processing stops.
  • the client computer attaches the appropriate transaction data fields to the secured data vault at 416 and sends the transaction data and secured data vault to the merchant at 418.
  • the merchant server retrieves the secured data from the secured data vault at 420 and then proceeds to complete the transaction at 422.
  • Fig. 5 is a flowchart detailing a process 500 as one implementation of generating an authentication agent 406 of the process 400 detailed in Fig. 4.
  • the process 500 begins at 502 by the, authentication agent server loading merchant attribute data.
  • merchant attribute data is used to identify the particular merchant associated with the authentication agent server.
  • attribute data can include specific information such as a merchant ID number, location, etc.
  • the authentication agent server creates a merchant open/lock keyset at 504 based, in part, upon the particular merchant attribute data previously loaded.
  • the merchant open key is then stored at the merchant site It 506 and is not put on the wire therefore substantially eliminating the possibility of unauthorized acquisition of the merchant open key.
  • the merchant lock key is then attached to the authentication agent in preparation for being sent to the client computer at 408.
  • Fig. 6 is a flowchart detailing a process 600 as one implementation of locking customer secure data 414 of the process 400 detailed in Fig. 4.
  • the process 600 begins at 602 by the authentication agent generating a customer open key.
  • the secure customer data is then retrieved at 604 while at 606 a secure data vault is instantiated.
  • the secure data is locked in the secure data vault with both the customer lock key and the merchant lock key in preparation for being attached to particular transaction datafields at 416.
  • Fig. 7 is a flowchart detailing a process 700 as one implementation of the merchant unlocking the secure data 418 of the process 400 detailed in Fig. 4.
  • the process 700 begins at 702 by the merchant server retrieving the stored (and private) merchant open key.
  • the authentication agent uses the merchant lock key to select an appropriate decryption algorithm at 704. Once an appropriate decryption algorithm is selected, the authentication agent opens the locked secured data vault at 706 using both the customer open key and the merchant open key based upon the selected decryption algorithm.
  • the merchant retrieves the unlocked secured data.
  • Fig. 8 illustrates a computer system 800 that can be employed to implement the present invention.
  • the computer system 800 or, more specifically, CPUs 802 may be arranged to support a virtual machine, as will be appreciated by those skilled in the art.
  • ROM acts to transfer data and instructions uni-directionally to the CPUs 802, while RAM is used typically to transfer data and instructions in a bi-directional manner.
  • CPUs 802 may generally include any number of processors.
  • Both primary storage devices 804, 806 may include any suitable computer-readable media.
  • a secondary storage medium 808, which is typically a mass memory device, is also coupled bi-directionally to CPUs 802 and provides additional data storage capacity.
  • the mass memory device 808 is a computer- readable medium that may be used to store programs including computer code, data, and the like.
  • mass memory device 808 is a storage medium such as a hard disk or a tape which generally slower than primary storage devices 804, 806.
  • Mass memory storage device 808 may take the form of a magnetic or paper tape reader or some other well-known device. It will be appreciated that the information retained within the mass memory device 808, may, in appropriate cases, be incorporated in standard fashion as part of RAM 806 as virtual memory.
  • a specific primary storage device 804 such as a CD-ROM may also pass data uni-directionally to the CPUs 802.
  • CPUs 802 are also coupled to one or more input/output devices 810 that may include, but are not limited to, devices such as video monitors, track balls, mice, keyboards, microphones, touch-sensitive displays, transducer card readers, magnetic or paper tape readers, tablets, styluses, voice or handwriting recognizers, or other well-known input devices such as, of course, other computers.
  • CPUs 802 optionally may be coupled to a computer or telecommunications network, e.g. , an Internet network or an intranet network, using a network connection as shown generally at 812. With such a network connection, it is contemplated that the CPUs 802 might receive information from the network, or might output information to the network in the course of performing the above-described method steps.
  • Such information which is often represented as a sequence of instructions to be executed using CPUs 802, may be received from and outputted to the network, for example, in the form of a computer data signal embodied in a carrier wave.
  • the above-described devices and materials will be familiar to those of skill in the computer hardware and software arts.
  • Such low bandwidth systems include, but are not limited to virtual private networks, direct serial connections across telephone lines (“BBS systems”), and LANs and WANs regardless of network protocol.
  • BSS systems direct serial connections across telephone lines
  • LANs and WANs regardless of network protocol.

Abstract

Cette invention concerne des méthodes et un dispositif d'authentification dynamique dans un réseau distribué (200). Selon cette méthode, un serveur d'agent d'authentification (212) faisant partie d'un ordinateur hôte (204) fournit une clé de verrouillage pour vendeur (214) et une clé d'ouverture pour vendeur (216), cette clé (216) étant stockée localement. La clé de verrouillage pour vendeur (214) s'utilise conjointement avec une clé de verrouillage pour client (220) fournie par un ordinateur client (202) pour enfermer des données secrètes (224) sur un client particulier dans un coffre-fort de données (226). Ce coffre-fort (226) est ensuite couplé à des données de transaction (222). Au cours de ce processus, l'ordinateur hôte (204) déverrouille le coffre (226) au moyen de la clé d'ouverture pour vendeur (216) utilisée conjointement avec la clé de verrouillage pour client (220) et d'un algorithme (230) associé à la clé de verrouillage pour vendeur (214).
PCT/US2001/013628 2000-04-26 2001-04-26 Methodes et dispositif d'authentification dynamique dans un reseau distribue WO2001082555A2 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP01930857A EP1277324A2 (fr) 2000-04-26 2001-04-26 Methodes et dispositif d'authentification dynamique dans un reseau distribue
AU2001257354A AU2001257354A1 (en) 2000-04-26 2001-04-26 Method and apparatus for dynamic authentication in a distributed network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US55922800A 2000-04-26 2000-04-26
US09/559,228 2000-04-26

Publications (2)

Publication Number Publication Date
WO2001082555A2 true WO2001082555A2 (fr) 2001-11-01
WO2001082555A3 WO2001082555A3 (fr) 2002-06-20

Family

ID=24232806

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/013628 WO2001082555A2 (fr) 2000-04-26 2001-04-26 Methodes et dispositif d'authentification dynamique dans un reseau distribue

Country Status (3)

Country Link
EP (1) EP1277324A2 (fr)
AU (1) AU2001257354A1 (fr)
WO (1) WO2001082555A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7590983B2 (en) * 2002-02-08 2009-09-15 Jpmorgan Chase & Co. System for allocating computing resources of distributed computer system with transaction manager

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999005813A2 (fr) * 1997-07-23 1999-02-04 Visto Corporation Systeme et procede d'utilisation d'une mini-application d'authentification pour identifier et authentifier un utilisateur dans un reseau informatique
US5870544A (en) * 1997-10-20 1999-02-09 International Business Machines Corporation Method and apparatus for creating a secure connection between a java applet and a web server

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999005813A2 (fr) * 1997-07-23 1999-02-04 Visto Corporation Systeme et procede d'utilisation d'une mini-application d'authentification pour identifier et authentifier un utilisateur dans un reseau informatique
US5870544A (en) * 1997-10-20 1999-02-09 International Business Machines Corporation Method and apparatus for creating a secure connection between a java applet and a web server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JERMAN-BLAZIC B ET AL: "A tool for support of key distribution and validity certificate check in global Directory service" COMPUTER NETWORKS AND ISDN SYSTEMS, NORTH HOLLAND PUBLISHING. AMSTERDAM, NL, vol. 28, no. 5, 1 March 1996 (1996-03-01), pages 709-717, XP004006597 ISSN: 0169-7552 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7590983B2 (en) * 2002-02-08 2009-09-15 Jpmorgan Chase & Co. System for allocating computing resources of distributed computer system with transaction manager

Also Published As

Publication number Publication date
WO2001082555A3 (fr) 2002-06-20
AU2001257354A1 (en) 2001-11-07
EP1277324A2 (fr) 2003-01-22

Similar Documents

Publication Publication Date Title
US10425405B2 (en) Secure authentication systems and methods
US7650491B2 (en) Method and system for controlled distribution of application code and content data within a computer network
US6170017B1 (en) Method and system coordinating actions among a group of servers
US7043455B1 (en) Method and apparatus for securing session information of users in a web application server environment
KR100268095B1 (ko) 데이터통신시스템
EP1081914B1 (fr) Enregistrement unique dans un réseau qui contient plusieurs ressources à accès limité controllées séparement
US20010039535A1 (en) Methods and systems for making secure electronic payments
EP1839224B1 (fr) Procede et systeme de liaison securisee de profil d'identifiant de nom de registre
US7565330B2 (en) Secure online transactions using a captcha image as a watermark
EP0940960A1 (fr) Authentification entre serveurs
US9069869B1 (en) Storing on a client device data provided by a user to an online application
WO2005048087A1 (fr) Systeme et procede permettant de prevenir une usurpation d'identite au moyen d'un equipement informatique securise
EA001825B1 (ru) Способ и система защиты обработки активных транзакций
US7735121B2 (en) Virtual pad
EP1046976B1 (fr) Méthode et appareil pour permettre à un utilisateur d'authentifier un système avant la présentation d'informations privilégiées
Romao et al. Secure electronic payments based on mobile agents
WO2001082555A2 (fr) Methodes et dispositif d'authentification dynamique dans un reseau distribue
US20100005515A1 (en) Systems and methods for associate to associate authentication
Dos Santos et al. Safe areas of computation for secure computing with insecure applications
JPH10322325A (ja) 暗号認証方式

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2001930857

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001930857

Country of ref document: EP

NENP Non-entry into the national phase in:

Ref country code: JP