WO2012156785A1 - Systèmes et procédés pour authentifier un utilisateur sur la base d'un dispositif, sans mot de passe mais au moyen d'un chiffrement - Google Patents

Systèmes et procédés pour authentifier un utilisateur sur la base d'un dispositif, sans mot de passe mais au moyen d'un chiffrement Download PDF

Info

Publication number
WO2012156785A1
WO2012156785A1 PCT/IB2011/053540 IB2011053540W WO2012156785A1 WO 2012156785 A1 WO2012156785 A1 WO 2012156785A1 IB 2011053540 W IB2011053540 W IB 2011053540W WO 2012156785 A1 WO2012156785 A1 WO 2012156785A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic device
encryption
user input
single level
unique key
Prior art date
Application number
PCT/IB2011/053540
Other languages
English (en)
Inventor
Gurudatt SHENOY
Original Assignee
Shenoy Gurudatt
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenoy Gurudatt filed Critical Shenoy Gurudatt
Publication of WO2012156785A1 publication Critical patent/WO2012156785A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Definitions

  • TITLE Systems and Methods for device based password-less user authentication using encryption
  • the present invention relates to the field of encryption for data security or user identity protection or user authentication, in network based activities.
  • firewalls For protecting the private or confidential data, a number of techniques have been developed such as firewalls, Intrusion Detection System and data encryption.
  • One of the said techniques i.e. data encryption, a cryptographic technique, is a popular method of ensuring strong protection of data, and can be employed for user authentication or identification. Encryption can also be used for protection and security of data stored or processed at a host server level.
  • a user is required to provide multi-level user input wherein a first level user input may be as a user name or user ID, and a second level user input such as a password, which may or may not be encrypted by the host server or service provider.
  • the passwords and any data by the user or associated to the user is then usually saved or stored in what is commonly known as host server.
  • host server Often web sites or other networks dealing with secure data, use various mechanisms to protect this content.
  • SSL Secure Socket Layer
  • Mechanisms like SSL protect data in transit by encrypting it using a certain algorithm or cipher, and then the data is decrypted as soon as it reaches the web server and then the data is stored in the host server.
  • many web servers store sensitive data in an unencrypted or weakly encrypted form, in the host server or any associated or backup server. As a result, the database and the server could be an easy target for hackers.
  • mechanisms like SSL protects transitory data in the network, it alone does not and would not protect data once it reaches a web site and while it resides on the associated web servers.
  • the password can be deciphered or decrypted using advanced techniques, once any hacker gets access to a server or storage device where data is stored, processed or transmitted, or associated port or program or code of such storage device.
  • Some of the common methods used by hackers for decryption without limitation are brute force password detection attack, use of trojans or viruses, phishing, social engineering password attacks, port scanning or spoofing, javascript injection attacks. This is the reason why there have been several instances where hackers have broken into web server databases, thereby compromising many crucial data like credit card numbers, passwords, and private data among others.
  • two or multi-level user input can sometimes create hassles for a user, wherein the user may be using different passwords which creates confusion or error during any activity or transaction. It would be in the user's interest if the need of a password is eliminated totally, which is an important advantage provided by the present invention. This benefit also extends to a service provider or an enterprise or a host, as they do not have to store the password or manage it, which can greatly reduce cost and memory requirements.
  • certain additional external devices such as digital tokens or cards or dongle are provided to a user for additional security, which may become a liability for the user and also cause inconvenience.
  • the present invention eliminates the need of such extra or additional devices.
  • the systems of the present invention makes provisions for encryption based on the user's personal electronic device such as user's own mobile device or computer etc, which reduces inconvenience and also highly increase security because the device cannot be misused in the same manner as a password or electronic data can be since passwords can be virtually transferred and duplicated easily while a device cannot be.
  • the said electronic device is lost or stolen or damaged the user will almost immediately know about such a scenario, while if a password is stolen or copied, it is possible that the user may not know it for a long period of time, or may not know about the scenario at all. Also, this can largely discourage false claims about lost passwords or changed passwords as the electronic device if lost or changed will come to immediate knowledge of the person supposedly possessing or linked to the device, and an immediate intimation of the same would be expected.
  • the present invention also aims to overcome this drawback of the current state of art and aims to provide a user friendly mechanism including systems and methods for hassle free and convenient storage of data or access of data.
  • the present invention in its various embodiments addresses the above, and other possible drawbacks and limitations of the currently used systems and methods relating to the field of user authentication, user identity protection and data access.
  • An aspect of the invention provides systems and methods for user authentication or identification in network based activities, wherein the authentication is done using a code derived from a single level user input and a unique key generated in connection with a user electronic device, preferably in real time.
  • the system thereby eliminates the requirement of a user to enter a conventional two or multi-level user input such as a user name and password, and thus provides a password-less authentication system, which means that the user need not input or remember a second level user input which is popularly known as a password.
  • Another unique feature or aspect of the invention is that neither the single level user input nor the said unique key derived is stored anywhere and thus cannot be stolen, manipulated, copied, extracted or used in any form or manner whatsoever.
  • the said code is derived using one or more encryption techniques or algorithms and uses a system defined combination of the single level user input and a unique key generated in connection with the user electronic device in real time.
  • the unique key is generated based on the properties or programs or functions of the user electronic device.
  • the computer program or software used for the identification or authentication of the user and the encryption or code preparation may be hereinafter referred to as 'encryption and identification program'.
  • FIG 1. is an illustrative example of the system diagram for the present invention involving a single user
  • FIG 2. is an illustrative example of the system diagram for the present invention involving two users.
  • FIG 3. represents a set of non-exhaustive and indicative components of the encryption mechanism in accordance one or more embodiment of the present invention.
  • FIG 4. represents an indicative system flow chart of an embodiment of the present invention.
  • the present invention in a preferred embodiment provides systems and methods for user authentication or identification in network based activities, wherein the authentication is done using a code derived from a single level user input and a unique key generated in connection with a user electronic device, preferably in real time.
  • the system thereby eliminates the requirement of a user to enter a conventional two or multi-level user input such as a user name and password, and thus provides an optional password-less authentication system, which means that the user need not input or remember a 'second level user input which is popularly known as a password'.
  • Another unique feature of the invention in accordance to the preferred embodiment is that neither the single level user input nor the said unique key derived is stored anywhere and thus cannot be stolen, manipulated, copied, extracted or used in any form or manner whatsoever.
  • the said code is derived using one or more encryption techniques or algorithms and uses a system defined combination of the single level user input and a unique key generated in connection with the user electronic device in real time.
  • the unique key is generated based on the properties or programs or functions of the user electronic device.
  • the computer program or software used for the identification or authentication of the user and the encryption or code preparation may be hereinafter referred to as 'encryption and identification program'.
  • a system of the present invention provides for an encryption mechanism which generates an encryption code, wherein the encryption mechanism comprises of:
  • the encryption code is made by using a suitable combination involving both single level user input component and the electronic device based unique key component by encrypting both of the said components in one of the following ways or any combination thereof.
  • the one or more processing units of the encryption mechanism may use the encryption algorithm for encryption or generation of an encryption code, or a processing unit may generate the electronic device based unique key component using device identity or device property.
  • the one or more storage unit of the encryption mechanism may store one or more encryption algorithms, or a storage unit may store a component temporarily, or a storage unit may store an encrypted component temporarily, or a storage unit may store any data or metadata associated with a component or encrypted component temporarily.
  • the single level user input component and the electronic device based unique key component may be deleted or removed from a storage unit instantaneously after temporary storage.
  • the electronic device based unique key component or the electronic device based unique key component is not stored in any data storage device or server.
  • the single level user input component or the encrypted single level user input component is not stored in any data storage device or server.
  • a hacker is prevented from unauthorized access to data because the decryption or reverse engineering of encryption is only possible using the said electronic device using which the encryption code is generated, and is not possible using any other device.
  • This will also prevent a hacker or unauthorized entity from wrongful authentication or identification as the both the single level user input component and electronic device based unique key component is required for generating the encryption code which is required for granting access or validation in case of authentication or identification.
  • a method for providing secured encryption for password- less user authentication comprising:
  • the single level user input and the single level user input component are the same.
  • the single level user input and the single level user input component are the same.
  • the electronic device may be registered or indexed with the encryption and identification program.
  • the electronic device may meet certain predetermined parameters such as but not limited to having licensed version of software or operating system of the device, or an original device itself.
  • multiple devices can be registered or indexed with the encryption and identification program, and one or more of these devices can be used either individually or in combination thereof for using the systems and methods of the present invention.
  • multiple levels of authentication may be used in addition to the preferred embodiment such as but not limited to domain name level identification, host server based identification and any other suitable identification mechanism.
  • the encryption and identification program may be used for encryption of one or more forms of data or packets of data or metadata wherein the host server shall act as the user electronic device.
  • a user may attempt to access, use, control, transfer, replace, delete, damage, add or modify any form or quantity of data or metadata. If any hacker or unauthorized entity attempts to wrongfully act as a user in such a case and attempts to wrongfully get authenticated or identified, the attempt will be futile.
  • biometric or voice detection mechanisms in addition to online or digital identification mechanisms, other mechanism such as but not limited to biometric or voice detection mechanisms may be used in accordance with the present invention.
  • the encryption systems and methods may be implemented in one or more hardware, software or a combination thereof.
  • the algorithm or logic or program or code associated with encryption systems and methods may be maintained in a device which is separate from the device or server in which the encryption systems and methods are enabled.
  • the systems and methods of the present invention can be used and made applicable for any online or network based activities such as but not limited to monetary transactions, online shopping, social networks, emails, chatting, on-line gaming sessions, messaging, multimedia-conferencing, application-sharing, e-voting, group-ware & collaboration, blogging, or any combination thereof.
  • the algorithm used for encryption may have the following formula:
  • ALG ALG1 (opl) ALG2 (op2) ALG3 .... (opN) ALG N+ i ,
  • ALG stands for an algorithm which may be a single set of instruction that may be enabled using a computer language
  • Op' stands for a functional operator including but not limited to logical operator or mathematical operator or comparative operator or string based operator, data and time operators.
  • the encryption algorithm may be different for different electronic devices.
  • any action or process related to the systems and methods in accordance with the present invention may execute entirely on a user's computing device, partly on a user's computing device, as a stand-alone software package, partly on a user's computing device and partly on a remote computing device or entirely on the remote computer or a server.
  • a user input is anything or any data or metadata provided by a user actively and with the user's knowledge in the form of one or more alphabets or characters or any string or any computer program or any computer file
  • the single level user input may be stored but the unique key derived is not stored anywhere.
  • the systems and methods of the present invention may involve and provide methods to run self check, trouble shooting or program debugging.
  • the original unique key generated in connection with a user electronic device is stored by an authorized entity such as but not limited to government authorities, tax or auditing authorities or legally permitted authorities, in an authorized device or server, wherein the original unique key is encrypted and a second unique key is generated in connection with the said authorized device or server, and a new code is derived using combination of both the original unique key and the second unique key.
  • an authorized entity such as but not limited to government authorities, tax or auditing authorities or legally permitted authorities
  • the original unique key is encrypted and a second unique key is generated in connection with the said authorized device or server, and a new code is derived using combination of both the original unique key and the second unique key.
  • the systems of the present invention in an embodiment are made accessible through a portal or an interface which is a part of, or may be connected to, the internet or World Wide Web or any similar portal, wherein the portals or interfaces are accessed by one or more of users through an electronic device, whereby the user may send and receive data to the portal or interface which gets stored in at least one memory device or at least one data storage device or at least one server, and utilises at least one processing unit.
  • the portal or interface in combination with one or more of memory device, data storage device, processing unit and serves, form an embedded computing setup, and may be used by, or used in, one or more of a computer program product.
  • the embedded computing setup and optionally one or more of a computer program product, in relation with, and in combination with the said portal or interface forms one of the systems of the invention.
  • Typical examples of a portal or interface may be selected from but is not limited to a website, an executable software program or a software application.
  • a user is any person, machine or software that uses or accesses one or more of the systems or methods of the present invention.
  • a user includes an automated computer program and a robot.
  • the term 'encryption' means the process of converting digital information into a new form using a key or a code or a program, wherein the new form is unintelligible or indecipherable to a user or a thief or a hacker or a spammer.
  • the term 'encryption' includes encoding, compressing, or any other translating of the digital content.
  • the encryption of the digital media content is performed in accordance with an encryption/decryption algorithm.
  • the encryption/decryption algorithm utilized is not hardware dependent and may change depending on the digital content. For example, a different algorithm may be utilized for different websites or programs.
  • the term 'encryption' further includes one or more aspects of authentication, entitlement, data integrity, access control, confidentiality, segmentation, information control, and combinations thereof.
  • the said code may have a combination of numeric or alphanumeric or symbolic characters used for protected and restricted access provided to a user to one or more digital systems or function or data, provided after necessary authentication or identification of the user.
  • the encryption mechanism can be used by enabling a plugin or application or an icon or a bookmark on a website or a software or any graphical user input that is used for the systems and methods in accordance with the present invention.
  • a computer program product embodied in a computer readable medium enables an encryption mechanism that generates an encryption code, wherein the encryption mechanism comprises of
  • the encryption code is made by using a suitable combination involving both single level user input component and the electronic device based unique key component by encrypting both of the said components.
  • the encryption mechanism further comprises of one or more components which can be combined with one or more of other components of the mechanism in any combination, in an encrypted or unencrypted state, to generate an encryption key.
  • an electronic device for the purpose of this invention is selected from any device capable of processing or representing data to a user and providing access to a network or any system similar to the internet, wherein the electronic device may be selected from but not limited to, personal computers, mobile phones, laptops, palmtops, portable media players and personal digital assistants.
  • the properties or programs or functions of a user electronic device may be selected from but is not limited to one or more of Internet Browser Properties, IP addresses, MAC addresses, Electronic Serial Numbers (ESNs), CPU number, globally unique identifier (GUID), universally unique identifier (UUID), International Mobile Equipment Identity or IMEI, IMEISV IMEI software version Mobile Equipment Identifier (ME ID), International Mobile Subscriber Identity (IMSI number), MSISDN ('Mobile Subscriber ISDN Number' OR Mobile Station International ISDN Number), Mobile Equipment Identifier (MEID), server properties, and any other property or programs or functions or numbers which may be associated with a user electronic device.
  • Internet Browser Properties IP addresses, MAC addresses, Electronic Serial Numbers (ESNs), CPU number, globally unique identifier (GUID), universally unique identifier (UUID), International Mobile Equipment Identity or IMEI, IMEISV IMEI software version Mobile Equipment Identifier (ME ID), International Mobile Subscriber Identity (IMSI number), MSISDN ('Mobile Subscriber ISDN Number' OR
  • the systems and methods of the present invention provides or enables a user interface which may allow commands for a command line interface and/or a graphical user interface (GUI) enabling a user to create, modify and delete data or metadata or program or logic or algorithm or parameters associated with encryption method or encryption program or encryption language.
  • GUI graphical user interface
  • the system may involve software updates or software extensions or additional software applications.
  • any form of internet security such as but not limited to, a firewall or antivirus or antimalware or registry protection can be used by a user in the same or different electronic device either simultaneously or separately, along with the systems or methods of the present invention.
  • one or more user can be blocked or denied access or be required to reattempt access, to one or more of the aspects of the invention.
  • a user may have a system to record or send alert or be informed in case any other user is accessing the user's electronic device remotely.
  • the systems and methods of the invention may simultaneously involve more than one user or more than one data storage device or more than one host server or any combination thereof.
  • the systems and methods of the present invention are used to prevent or restrict hacking or related phenomenon such as but not limited to phishing, man in the middle attack, inside jobs, rogue access points, back door access, use of viruses and worms, use of trojan horses, denial of service attack, sniffing, spoofing, ransomware or any combination thereof.
  • a user may enter or communicate a first level user input through any suitable input device or input mechanism such as but not limited to a keyboard, a mouse, a joystick, a touchpad, a virtual keyboard, a virtual data entry user interface, a virtual dial pad, a software or a program, a scanner, a remote device, a microphone, a webcam, a camera, a fingerprint scanner, a cave, pointing stick
  • a suitable input device or input mechanism such as but not limited to a keyboard, a mouse, a joystick, a touchpad, a virtual keyboard, a virtual data entry user interface, a virtual dial pad, a software or a program, a scanner, a remote device, a microphone, a webcam, a camera, a fingerprint scanner, a cave, pointing stick
  • a decrypting process or decryption mechanism is used in addition to the systems and methods of the present invention to enable authentication.
  • the term network means a system allowing interaction between two or more electronic devices, and includes any form of inter/intra enterprise environment such as the world wide web, Local Area Network (LAN) , Wide Area Network (WAN) , Storage Area Network (SAN) or any form of Intranet.
  • LAN Local Area Network
  • WAN Wide Area Network
  • SAN Storage Area Network
  • the systems and methods can be practised using any electronic device which may be connected to one or more of other electronic device with wires or wirelessly which may use technologies such as but not limited to, Bluetooth, WiFi, Wimax. This will also extend to use of the aforesaid technologies to provide single level user input or electronic device based unique key or both.
  • the systems and methods can be practised using any electronic device which may contain or may be infected by one or more of an undesirable software such as but not limited to a virus, or a Trojan, or a worm, malware, spyware, adware, scareware, crimeware, rootkit or any combination thereof.
  • an undesirable software such as but not limited to a virus, or a Trojan, or a worm, malware, spyware, adware, scareware, crimeware, rootkit or any combination thereof.
  • the described embodiments may be implemented as a system, method, apparatus or article of manufacture using standard programming and/or engineering techniques related to software, firmware, hardware, or any combination thereof.
  • the described operations may be implemented as code maintained in a "computer readable medium", where a processor may read and execute the code from the computer readable medium.
  • a computer readable medium may comprise media such as magnetic storage medium (e.g., hard disk drives, floppy disks, tape, etc.), optical storage (CD-ROMs, DVDs, optical disks, etc.), volatile and non-volatile memory devices (e.g., EEPROMs, ROMs, PROMs, RAMs, DRAMs, SRAMs, Flash Memory, firmware, programmable logic, etc.), etc.
  • the code implementing the described operations may further be implemented in hardware logic (e.g., an integrated circuit chip, Programmable Gate Array (PGA), Application Specific Integrated Circuit (ASIC), etc.). Still further, the code implementing the described operations may be implemented in "transmission signals", where transmission signals may propagate through space or through a transmission media, such as an optical fibre, copper wire, etc.
  • the transmission signals in which the code or logic is encoded may further comprise a wireless signal, satellite transmission, radio waves, infrared signals, Bluetooth, etc.
  • the transmission signals in which the code or logic is encoded is capable of being transmitted by a transmitting station and received by a receiving station, where the code or logic encoded in the transmission signal may be decoded and stored in hardware or a computer readable medium at the receiving and transmitting stations or devices.
  • An "article of manufacture” comprises computer readable medium, hardware logic, and/or transmission signals in which code may be implemented.
  • a device in which the code implementing the described embodiments of operations is encoded may comprise a computer readable medium or hardware logic.
  • computer program code for carrying out operations or functions or logic or algorithms for aspects of the present invention may be written in any combination of one or more programming languages which are either already in use or may be developed in future, such as but not limited to Java, Smalltalk, C++, C, Foxpro, Basic, HTML, PHP, SQL, Javascript, COBOL, Extensible Markup Language (XML), Pascal, Python, Ruby, Visual Basic .NET, Visual C++, Visual C# .Net, Python, Delphi, VBA, Visual C++ .Net, Visual FoxPro, YAFL, XOTcl, XML, Wirth, Water, Visual DialogScript, VHDL, Verilog, UML, Turing, TRAC, TOM, Tempo, Tcl-Tk, T3X, Squeak, Specification, Snobol, Smalltalk, S-Lang, Sisal, Simula, SGML, SETL, Self, Scripting, Scheme, Sather, SAS, Ruby, RPG, Rigal, Rexx, Regular Expressions, Reflective
  • the data storage unit or data storage device is selected from a set of but not limited to USB flash drive (pen drive), memory card, optical data storage discs, hard disk drive, magnetic disk, magnetic tape data storage device, data server and molecular memory.
  • a user first registers his username (first level user input) on a website using his mobile phone (electronic device). The next time and on occasions in future, the user while accessing the website will be required to enter only the username and no password, if the user is using the same mobile.
  • This is enabled by the encryption mechanism of the present invention which uses the single level user input and an electronic device based unique key. The access thus cannot be made by any hacker since there is no password or second level user input involved and it is not possible to hack using any other device except the user linked electronic device.
  • the user is provided with the convenience of not remembering a password all the time and is also increasing data, information or authentication linked security.
  • a user registers his mobile (first electronic device) and his personal computer (second electronic device) to use the encryption mechanism of the present invention.
  • the user enables the second device to avoid loss of access or any other problem in case of loss or damage or theft of the first electronic device.
  • the encryption mechanism uses a suitable combination of the user's username, user's electronic device based unique key, the domain name of the host website for generating the encryption code.
  • the encryption mechanism uses a suitable combination of the user's username, user's electronic device based unique key, and the domain name of the host website for generating the encryption code.
  • the encryption mechanism uses a suitable combination of the user's username, user's electronic device based unique key, the domain name of the host website, and the host server based unique key for generating the encryption code.
  • This kind of a system is very strong and largely eliminates the chances of the man in the middle attack.
  • a host server uses the encryption mechanism of the present invention.
  • the electronic device based unique key is allowed to be mapped and stored by a legally authorized authority such as the government department.
  • the said electronic device based unique key is then encrypted and stored in another server using the encryption mechanism of the present invention where the second server acts as the electronic device for generating the second encryption code.
  • a website provides an icon or plugin in their interface which allows a user to login or use the website through the systems or methods of the present invention, or the user may use a conventional username password system as an optional second mode of using the website.
  • FIG. 1 represents an illustrative example of a system diagram for the present invention involving a single user.
  • a user (2) uses his electronic device (1) to access data through the internet or network interface (5), wherein the data is stored in a data storage device or a server (4). The access to the said data is given only after authentication is done involving the Encryption Mechanism (3) in accordance to the various embodiments of the invention. Also, the data could be accessed through a cloud computing interface (6) which may be connected to multiple servers (4', 4", 4" ').
  • the user (2) may also register or use a second electronic device ( ) to use the system according to the present illustrative example.
  • FIG. 2 represents an illustrative example of a system diagram for the present invention involving two users (2,2').
  • the example of FIG 2. may be considered as an extension of Fig.1, wherein in addition to the various components of Fig. 1 a second user (2') is present wherein the second user (2') uses a server (4) itself as the electronic device in accordance of the invention, or optionally uses another electronic device to control the server (not shown in the figure).
  • Figure 3 or FIG. 3 represents a set of non-exhaustive and indicative components of the encryption mechanism (3) in accordance one or more embodiment of the present invention including an Electronic device based unique key component (7), a Single level user input (8), an Encryption Algorithm (9), a Processing unit (10), a Storage Unit (11), an Encryption Code (12).
  • the Encryption algorithm (9) uses a combination of the Electronic device based unique key component (7) and the Single level user input (8) to generate an Encryption Code (12).
  • the Encryption algorithm (9) is stored in the Storage unit (11) and is processed, executed or enabled using the Processing Unit (10).
  • FIG 4. represents an indicative system flow chart of an embodiment of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

Dans l'un de ses modes de réalisation préférés, la présente invention se rapporte à des systèmes et à des procédés d'authentification ou d'identification d'utilisateurs dans des activités basées sur des réseaux. L'invention est caractérisée en ce que l'authentification ou l'identification est réalisée au moyen d'un code dérivé à partir d'une entrée utilisateur à un seul niveau et d'une clé unique générée en rapport avec un dispositif électronique d'utilisateur, de préférence en temps réel. Le système selon l'invention supprime ainsi la nécessité pour un utilisateur de saisir une entrée utilisateur classique à deux niveaux ou plus comme, par exemple, un nom d'utilisateur et un mot de passe. La solution technique de la présente invention est ainsi apte à proposer un système d'authentification sans mot de passe.
PCT/IB2011/053540 2011-05-13 2011-08-09 Systèmes et procédés pour authentifier un utilisateur sur la base d'un dispositif, sans mot de passe mais au moyen d'un chiffrement WO2012156785A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN1464/MUM/2011 2011-05-13
IN1464MU2011 2011-05-13

Publications (1)

Publication Number Publication Date
WO2012156785A1 true WO2012156785A1 (fr) 2012-11-22

Family

ID=47176355

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2011/053540 WO2012156785A1 (fr) 2011-05-13 2011-08-09 Systèmes et procédés pour authentifier un utilisateur sur la base d'un dispositif, sans mot de passe mais au moyen d'un chiffrement

Country Status (1)

Country Link
WO (1) WO2012156785A1 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363087A (zh) * 2014-11-19 2015-02-18 深圳市中兴移动通信有限公司 加解密方法和装置
CN104683354A (zh) * 2015-03-24 2015-06-03 武汉理工大学 一种基于标识的动态口令系统
US9338652B1 (en) 2014-11-13 2016-05-10 International Business Machines Corporation Dynamic password-less user verification
US9571282B1 (en) * 2012-04-03 2017-02-14 Google Inc. Authentication on a computing device
CN107276748A (zh) * 2017-06-01 2017-10-20 贵州师范大学 一种汽车的无钥匙进入与启动系统的密钥导出方法
US10110598B2 (en) 2013-02-05 2018-10-23 Google Llc Authorization flow initiation using short-range wireless communication
US10136315B2 (en) 2014-04-17 2018-11-20 Guang Gong Password-less authentication system, method and device
US10158489B2 (en) 2015-10-23 2018-12-18 Oracle International Corporation Password-less authentication for access management
US10164971B2 (en) 2015-10-22 2018-12-25 Oracle International Corporation End user initiated access server authenticity check
US10225283B2 (en) 2015-10-22 2019-03-05 Oracle International Corporation Protection against end user account locking denial of service (DOS)
US10250594B2 (en) 2015-03-27 2019-04-02 Oracle International Corporation Declarative techniques for transaction-specific authentication
US10257205B2 (en) 2015-10-22 2019-04-09 Oracle International Corporation Techniques for authentication level step-down
US10686781B1 (en) * 2013-12-24 2020-06-16 Affirm Inc. System and method for passwordless logins

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060198514A1 (en) * 2001-10-01 2006-09-07 Jorn Lyseggen System, portable device and method for digital authenticating, crypting and signing by generating short-lived cryptokeys
CN101146261A (zh) * 2007-10-19 2008-03-19 吕利勇 一种电子媒体数字保护的实现方法
CN101969446A (zh) * 2010-11-02 2011-02-09 北京交通大学 一种移动商务身份认证方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060198514A1 (en) * 2001-10-01 2006-09-07 Jorn Lyseggen System, portable device and method for digital authenticating, crypting and signing by generating short-lived cryptokeys
CN101146261A (zh) * 2007-10-19 2008-03-19 吕利勇 一种电子媒体数字保护的实现方法
CN101969446A (zh) * 2010-11-02 2011-02-09 北京交通大学 一种移动商务身份认证方法

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9800573B1 (en) 2012-04-03 2017-10-24 Google Inc. Authentication on a computing device
US10764278B2 (en) 2012-04-03 2020-09-01 Google Llc Authentication on a computing device
US10097539B2 (en) 2012-04-03 2018-10-09 Google Llc Authentication on a computing device
US9571282B1 (en) * 2012-04-03 2017-02-14 Google Inc. Authentication on a computing device
US10652234B2 (en) 2013-02-05 2020-05-12 Google Llc Authorization flow initiation using short-term wireless communication
US10148647B1 (en) 2013-02-05 2018-12-04 Google Llc Authorization flow initiation using short-term wireless communication
US10708259B2 (en) 2013-02-05 2020-07-07 Google Llc Authorization flow initiation using short-term wireless communication
US10243950B2 (en) 2013-02-05 2019-03-26 Google Llc Authorization flow initiation using short-term wireless communication
US10110598B2 (en) 2013-02-05 2018-10-23 Google Llc Authorization flow initiation using short-range wireless communication
US10686781B1 (en) * 2013-12-24 2020-06-16 Affirm Inc. System and method for passwordless logins
US11870773B2 (en) 2013-12-24 2024-01-09 Affirm, Inc. System and method for passwordless logins
US10136315B2 (en) 2014-04-17 2018-11-20 Guang Gong Password-less authentication system, method and device
US9338652B1 (en) 2014-11-13 2016-05-10 International Business Machines Corporation Dynamic password-less user verification
CN104363087A (zh) * 2014-11-19 2015-02-18 深圳市中兴移动通信有限公司 加解密方法和装置
CN104683354B (zh) * 2015-03-24 2017-09-22 武汉理工大学 一种基于标识的动态口令系统
CN104683354A (zh) * 2015-03-24 2015-06-03 武汉理工大学 一种基于标识的动态口令系统
US10250594B2 (en) 2015-03-27 2019-04-02 Oracle International Corporation Declarative techniques for transaction-specific authentication
US10834075B2 (en) 2015-03-27 2020-11-10 Oracle International Corporation Declarative techniques for transaction-specific authentication
US10225283B2 (en) 2015-10-22 2019-03-05 Oracle International Corporation Protection against end user account locking denial of service (DOS)
US10257205B2 (en) 2015-10-22 2019-04-09 Oracle International Corporation Techniques for authentication level step-down
US10164971B2 (en) 2015-10-22 2018-12-25 Oracle International Corporation End user initiated access server authenticity check
US10666643B2 (en) 2015-10-22 2020-05-26 Oracle International Corporation End user initiated access server authenticity check
US10735196B2 (en) 2015-10-23 2020-08-04 Oracle International Corporation Password-less authentication for access management
US10158489B2 (en) 2015-10-23 2018-12-18 Oracle International Corporation Password-less authentication for access management
CN107276748B (zh) * 2017-06-01 2020-04-03 贵州师范大学 一种汽车的无钥匙进入与启动系统的密钥导出方法
CN107276748A (zh) * 2017-06-01 2017-10-20 贵州师范大学 一种汽车的无钥匙进入与启动系统的密钥导出方法

Similar Documents

Publication Publication Date Title
US20140068270A1 (en) Systems And Methods For Device Based Secure Access Control Using Encryption
WO2012156785A1 (fr) Systèmes et procédés pour authentifier un utilisateur sur la base d'un dispositif, sans mot de passe mais au moyen d'un chiffrement
CN109923548B (zh) 通过监管进程访问加密数据实现数据保护的方法、系统及计算机程序产品
US8954758B2 (en) Password-less security and protection of online digital assets
US9614839B2 (en) Secure computer architectures, systems, and applications
EP3970040B1 (fr) Atténuation de logiciel rançonneur dans des applications intégrées isolées
US8621214B2 (en) Document encryption and decryption
Khrais Highlighting the vulnerabilities of online banking system
US11140150B2 (en) System and method for secure online authentication
US20100125891A1 (en) Activity Monitoring And Information Protection
Lee et al. Reverse‐safe authentication protocol for secure USB memories
Sidheeq et al. Utilizing trusted platform module to mitigate botnet attacks
US10623400B2 (en) Method and device for credential and data protection
CN111382422A (zh) 在非法访问用户数据的威胁下更改账户记录的密码的系统和方法
Singh et al. High Performance Computing (HPC) Data Center for Information as a Service (IaaS) Security Checklist: Cloud Data Governance.
Utakrit Review of browser extensions, a man-in-the-browser phishing techniques targeting bank customers
US20140259105A1 (en) System and method for securely accessing data through web applications
Sharma et al. Smartphone security and forensic analysis
Kim et al. Security analysis and bypass user authentication bound to device of windows hello in the wild
Lee et al. Analysis on manipulation of the mac address and consequent security threats
US20240070303A1 (en) File Encapsulation Validation
Duarte A Survey of Android Attacks Detection Techniques
Ramakic et al. Data protection in microcomputer systems and networks
Sheikh et al. Attacks
Riaz et al. Analysis of Web based Structural Security Patterns by Employing Ten Security Principles

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11865690

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11865690

Country of ref document: EP

Kind code of ref document: A1