WO2015027298A1 - Proxy system with integrated identity management - Google Patents

Proxy system with integrated identity management Download PDF

Info

Publication number
WO2015027298A1
WO2015027298A1 PCT/AU2014/050207 AU2014050207W WO2015027298A1 WO 2015027298 A1 WO2015027298 A1 WO 2015027298A1 AU 2014050207 W AU2014050207 W AU 2014050207W WO 2015027298 A1 WO2015027298 A1 WO 2015027298A1
Authority
WO
WIPO (PCT)
Prior art keywords
proxy server
session
secure
secure proxy
data
Prior art date
Application number
PCT/AU2014/050207
Other languages
French (fr)
Inventor
Jonathon Blackford
Original Assignee
Keyless Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2013903323A external-priority patent/AU2013903323A0/en
Application filed by Keyless Pty Ltd filed Critical Keyless Pty Ltd
Publication of WO2015027298A1 publication Critical patent/WO2015027298A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations

Definitions

  • Pro y servers and their ability to allow users to interact with the Internet through a second computer are well known in the art. There are many reasons for this includin but not limited to added security and privacy. However, these servers traditionally do nothing more than supply a pass-through capabilities that allows the initiating computer to interact with third party computers.
  • the described invention is designed to address these issues.
  • Figure 1 Main components of the example embodiment Figure 2 - Detail of key components of the example embodiment Figure 3 - A control process of the example embodiment
  • Figure 1 discloses the key components of the example embodiment.
  • A. user using a computer 12 wishes to conduct secure interactions with other computers 14 over the internet 1 1.
  • To establish a secure connection a user browses to a secure proxy service 13 on the computer they -are using 12,
  • the secure proxy service page displays a three dimensional barcode that uniquely identifies the connection session in use by the user 18.
  • the user then uses a smart device 10 that has been linked to the identity of the user to read the three dimensional barcode using the devices camera 1 .
  • the ability to link a smart device such as a smart phone to a user is known in the art.
  • the session identity is decoded from the three dimensional barcode and the unique identity of the user from identifying information previously gathered regarding the users smart device 10 i then linked to the current connection session being conducted on the computer the user is using 12.
  • a secure proxy session 15 is opened up by the secure proxy service 13 and secure access 16 to third party computers 14 is provided for the duration of the connected session.
  • the proxy service 1.3 also provides a username and password management service explained in figure 2. This enables a user who has successfully made a secure connection between their computer 12 and the proxy server 13 to have secure information such as their usemarnes and passwords managed so that they are injected into page and other requests handled by the proxy server 13 negating the need for the user t enter confidential information such as usemarnes and passwords on the device 12 they are using.
  • Figure 2 discloses details of how a secure proxy server with username and password management would operate.
  • a users device 20 would send a request to view a log-on page that allows the user to connect to a. third party server or site 22 on the Internet.
  • a secure third part web site or serve would require secure data suc as a username and password to obtain access to the site.
  • the third party server 22 in turn returns the code for a page to allow the user to log on to the server 22.
  • the proxy server 21 detects that it has a stored username and password to allow the user to connect to the chosen server 22. Rather than pre-populating the returned page 29 with the correct username and password, a replacement filler non-working username and password 28 is added the code displayed to the user 30 for them to use as part of their log on. procedure for the third party site 22,
  • the page load request 24 is intercepted by the secure proxy 21 and a real useffiame and password 25 are injected into the request.
  • the combined request 24 with real, username and password 25 are then sent 26 to the third party server 22 to obtain access to the site.
  • Figure 3 discloses a control process that could be used with the example embodiment.
  • a user using a computer 41 may wish to start a secure connection using the secure proxy service 42.
  • the site 42 Upon browsing to the secure proxy site for identity verification 44, the site 42 displays a unique identifier for the users session in the form of a three dimensional barcode 45 which is displayed on the users computer screen 41,
  • the use then uses smart device such a a smart phone 40 that is linked to the user to read the three dimensional barcode 46 using the devices camera and three dimension barcode decoding software.
  • the decoded session information and the identity of the device is transmitted to the secure proxy server 42 over the Internet to establish the users identity.
  • the secure proxy server 42 sets up a secure proxy session to allow secure browsing or interaction with third party sites 48.
  • a user using their computer 41 may wish to connect to a site or web page that requires identity verification 49.
  • the secure proxy server 42 checks to see if there is a stored copy of the users username and or password for that site or page 50. If there is, the log-on page for that site is di played to the user 51 using a filler or ⁇ -working username and password, and these are injected into the page shown to the user.
  • the user submits the log-on page with non-working username and password data 53.
  • the log-on request is intercepted 54 by the secure proxy server 42 and the working username and password is injected into the request 54.
  • the access request with working username and password is accepted 55 by the third party site 43 and access is granted allowing browsing of secure pages and data 56.
  • the secure proxy server 42 stores the real working username and password for future attempts to access the site by the user 60.
  • the secure proxy service is used to substitute or inject usemames and passwords as needed as a user navigates to secure third party sites.
  • An aitemative embodiment could use the secure proxy server to store and re-inject any kind of secure information or data as needed including but not limited to credit card details and secure PFN's.
  • the example embodiment contains the secure proxy functionality on a server running proxy and security applications.
  • An alternative embodiment could use any form factor for the supply of similar services including but not limited to firmware, a web service, or an application .
  • the service could run on any kind of intermediary device or even as a service on the same device or as the one being used by the user.
  • An alternative embodiment could also run the secure proxy as. a service that is part of a third party server that a person may wish to visit. For example Amazon could use a three dimensional barcode system to allow secure log on to the site by Amazon customers.
  • Another alternative embodiment could, use a combination of servers and the users de vice or devices to supply the functionality of the disclosed invention .
  • the example embodiment discloses a user using a computer and. a camera enabled smart device to initiate a secure session with a secure proxy server.
  • An alternative embodiment could use any combination of computing device where a three dimensional barcode can be shared between the device being used to access secure web sites and a second device known to be linked to a verified user with the capability Of capturing a three dimensional barcode and combining the resultant, session ID with the unique ID of the user supplied by the second device.
  • the example embodiment uses a system of sharing a three dimensional barcode to verify the identity of a user before allowing a secure session using a secure proxy server.
  • An alternative embodiment could use any means of identity verification to establish a secure session, including hut not limited to a traditional username and password log-on, using other camera, radio, or audio communication methods of data exchange, out of band venficadon system such as SMS password exchange, biometric or similar.
  • Another alternative embodiment could allow a smart device such as a smart phone to conduct a secure session using a mobile browser or application by- using known identity verification technologies including but not limited to out of band password exchange such as SMS password retrieval. Such an alternative embodiment would not require a second device under the users control to establish a secure proxy session.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides an improved proxy server configured to allow for increased security for users as a result of not requiring users to enter authentication and other sensitive data into an untrusted or only partially trusted terminal and also reducing the transmission of authentication or other sensitive data via untrusted or only partially trusted computer network connections. The proxy server performs this task by receiving and securely storing said authentication or other sensitive data prior to the use of the untrusted or partially trusted terminal and/or network connection, and then modifying communications between the user of the proxy server and the party the user wishes to communicate with such that the authentication or other sensitive data is received at a destination as intended by the user.

Description

PROXY SYSTEM WITH INTEGRATED IDENTITY MANAGEMENT
Invented, by Jonathan Blackford
Background
Pro y servers and their ability to allow users to interact with the Internet through a second computer are well known in the art. There are many reasons for this includin but not limited to added security and privacy. However, these servers traditionally do nothing more than supply a pass-through capabilit that allows the initiating computer to interact with third party computers.
The use of such a service from a low security or possibly compromised device, such as an Internet Cafe computer, does not address a major issue of security and privacy, namely to disallow the detection and copying of secret data such as usernames and passwords.
In fact, with the wide and varied methods for stealing and retrievin secure information including usernames and passwords it is desirable that the identity of a user be determined without typing, entering or storin these important pieces of data on any computer device that may be suspected of being compromised or otherwi se in use in a situation where the security of the device being used is in question.
The described invention is designed to address these issues.
Drawings
Figure 1 - Main components of the example embodiment Figure 2 - Detail of key components of the example embodiment Figure 3 - A control process of the example embodiment
Description and Operation
Figure 1 discloses the key components of the example embodiment. A. user using a computer 12 wishes to conduct secure interactions with other computers 14 over the internet 1 1. To establish a secure connection a user browses to a secure proxy service 13 on the computer they -are using 12,
The secure proxy service page displays a three dimensional barcode that uniquely identifies the connection session in use by the user 18. The user then uses a smart device 10 that has been linked to the identity of the user to read the three dimensional barcode using the devices camera 1 . The ability to link a smart device such as a smart phone to a user is known in the art.
The session identity is decoded from the three dimensional barcode and the unique identity of the user from identifying information previously gathered regarding the users smart device 10 i then linked to the current connection session being conducted on the computer the user is using 12.
Once the identit of the user is verified usin the above technique a secure proxy session 15 is opened up by the secure proxy service 13 and secure access 16 to third party computers 14 is provided for the duration of the connected session. In addition to the standard service of providing proxy connections, the proxy service 1.3 also provides a username and password management service explained in figure 2. This enables a user who has successfully made a secure connection between their computer 12 and the proxy server 13 to have secure information such as their usemarnes and passwords managed so that they are injected into page and other requests handled by the proxy server 13 negating the need for the user t enter confidential information such as usemarnes and passwords on the device 12 they are using.
Figure 2 discloses details of how a secure proxy server with username and password management would operate. During a secure session which the user would have already initiated, a users device 20 would send a request to view a log-on page that allows the user to connect to a. third party server or site 22 on the Internet. Typically a secure third part web site or serve would require secure data suc as a username and password to obtain access to the site.
The third party server 22 in turn returns the code for a page to allow the user to log on to the server 22. As the code is retrieved 27 from the third party server, the proxy server 21. detects that it has a stored username and password to allow the user to connect to the chosen server 22. Rather than pre-populating the returned page 29 with the correct username and password, a replacement filler non-working username and password 28 is added the code displayed to the user 30 for them to use as part of their log on. procedure for the third party site 22, When the user decides to submit their logon form 23, the page load request 24 is intercepted by the secure proxy 21 and a real useffiame and password 25 are injected into the request. The combined request 24 with real, username and password 25 are then sent 26 to the third party server 22 to obtain access to the site.
The result is that during the normal course of using a computer to connect to third party computers through the secure proxy service, secure information such as a users username and password need not be typed or displayed on a users computer thereby removing all opportunity for monitorin or copying of this secure information.
Figure 3 discloses a control process that could be used with the example embodiment. A user using a computer 41 may wish to start a secure connection using the secure proxy service 42. Upon browsing to the secure proxy site for identity verification 44, the site 42 displays a unique identifier for the users session in the form of a three dimensional barcode 45 which is displayed on the users computer screen 41,
The use then uses smart device such a a smart phone 40 that is linked to the user to read the three dimensional barcode 46 using the devices camera and three dimension barcode decoding software.
The decoded session information and the identity of the device is transmitted to the secure proxy server 42 over the Internet to establish the users identity. Once verified the secure proxy server 42 sets up a secure proxy session to allow secure browsing or interaction with third party sites 48. Subsequently during the same session a user using their computer 41 may wish to connect to a site or web page that requires identity verification 49. On selecting the site or page to visit, the secure proxy server 42 checks to see if there is a stored copy of the users username and or password for that site or page 50. If there is, the log-on page for that site is di played to the user 51 using a filler or ηόη-working username and password, and these are injected into the page shown to the user.
Subsequently the user submits the log-on page with non-working username and password data 53. The log-on request is intercepted 54 by the secure proxy server 42 and the working username and password is injected into the request 54. As a result the access request with working username and password is accepted 55 by the third party site 43 and access is granted allowing browsing of secure pages and data 56.
If secure informatio for a requested site 49 is not stored 50 on the secure proxy server 42, a copy of the log-on page is retrieved from the third party server 58 43 and then shown to the user with blank username and password fields 57, The- user then uses their working username and pas-sword 5 to connect to the site.
During communication of the user's username and password to the third party server 43 the secure proxy server 42 stores the real working username and password for future attempts to access the site by the user 60.
Subsequently the real working username and password is submitted to the third party server 61 , access is granted, and browsing of secure pages and data is allowed 62. Alternative Embodiments
iii the example embodiment the secure proxy service is used to substitute or inject usemames and passwords as needed as a user navigates to secure third party sites. An aitemative embodiment could use the secure proxy server to store and re-inject any kind of secure information or data as needed including but not limited to credit card details and secure PFN's.
The example embodiment contains the secure proxy functionality on a server running proxy and security applications. An alternative embodiment could use any form factor for the supply of similar services including but not limited to firmware, a web service, or an application . The service could run on any kind of intermediary device or even as a service on the same device or as the one being used by the user. An alternative embodiment could also run the secure proxy as. a service that is part of a third party server that a person may wish to visit. For example Amazon could use a three dimensional barcode system to allow secure log on to the site by Amazon customers. Another alternative embodiment could, use a combination of servers and the users de vice or devices to supply the functionality of the disclosed invention .
The example embodiment discloses a user using a computer and. a camera enabled smart device to initiate a secure session with a secure proxy server. An alternative embodiment could use any combination of computing device where a three dimensional barcode can be shared between the device being used to access secure web sites and a second device known to be linked to a verified user with the capability Of capturing a three dimensional barcode and combining the resultant, session ID with the unique ID of the user supplied by the second device. The example embodiment uses a system of sharing a three dimensional barcode to verify the identity of a user before allowing a secure session using a secure proxy server. An alternative embodiment could use any means of identity verification to establish a secure session, including hut not limited to a traditional username and password log-on, using other camera, radio, or audio communication methods of data exchange, out of band venficadon system such as SMS password exchange, biometric or similar. Another alternative embodiment could allow a smart device such as a smart phone to conduct a secure session using a mobile browser or application by- using known identity verification technologies including but not limited to out of band password exchange such as SMS password retrieval. Such an alternative embodiment would not require a second device under the users control to establish a secure proxy session.

Claims

The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows:
1. A secure proxy server, acting as an intermediary between two or more parties attempting to be engaged in one or more data transmission sessions, whereby the secure proxy server is configured t send authentication or other sensitive data from one party within the session to another party within the session, without the authentication or other- sensitive data having been provided to the secure prox server during that, session, but instead having been provided in a prior data transmission session.
2. The secure proxy server recited in claim 1 configured to provide placeholder data to one of the parties in (he data transmission session, instead of the said authentication or other sensitive data.
3. The secure proxy server recited in claim 1 working in conjunction with a second proxy server located at the site of the party wid in the data
transmission session who was responsible for initiating the data transmission session, whereby the second proxy server is configured to route request from the initiating party in the data transmission .session, and the request's associated responses, via the secure proxy server based on configuration which allows it to detect a high probability that the request will be modified by the secure proxy server such that the request will include authentication or other sensitive data in the request by the time the request is received by the intended recipient, regardless of whether said authentication or other sensitive data was provided in the original request.
4. The secure proxy server recited in claim 1 configured- so that selected sensitive data provided by a non -initiating party in a data transfer session, intended for the initiating party in the data transfer session, is not sent to the initia ing party at an point during the data transfer session, but is instead added to requests made by the initia ing party in the d ta tran fer se sion by the secure proxy server, where said requests are made afte the sensitive data has been provided by the non-initiating party.
5. The secure proxy server recited in claim 1 where said authentication or
sensitive data is explicitly of the type typically manually entered by the initiating party within the data transmissio session.
6. The secure proxy server recited in. claim 1 whereby the secure proxy server is not co-located with any of the parties within the data transmission session.
7. The secure proxy server recited in claim 1 whereby authentication with the secure prox server is via a out-of-band channel
8. The secure proxy server recited in claim i whereby authentication with the secure proxy server is via use of n additional device not party to the said data sharing session as a result of data exchange between the secure proxy server and the additional device which utilises the camera, radio, or microphone on said additional device.
9. The secure proxy server recited in claim 1 whereby authentication with the secure proxy server is via the use of a. one-time-use password
10. The secure proxy server recited in claim 1 whereby the parties in the data transmission session tha did not initiate the data transmission are providing data using the HTTP, SPDY, or HTTPS protocols.
11. Any and all combinations of claims 1 to 10.
PCT/AU2014/050207 2013-09-01 2014-09-03 Proxy system with integrated identity management WO2015027298A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2013903323A AU2013903323A0 (en) 2013-09-01 Proxy system with integrated username and password management
AU2013903323 2013-09-01

Publications (1)

Publication Number Publication Date
WO2015027298A1 true WO2015027298A1 (en) 2015-03-05

Family

ID=52585314

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2014/050207 WO2015027298A1 (en) 2013-09-01 2014-09-03 Proxy system with integrated identity management

Country Status (1)

Country Link
WO (1) WO2015027298A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US20090049183A1 (en) * 2007-08-13 2009-02-19 Thompson Tony E Method of Client-Side Form Authentication
US20130167208A1 (en) * 2011-12-22 2013-06-27 Jiazheng Shi Smart Phone Login Using QR Code

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US20090049183A1 (en) * 2007-08-13 2009-02-19 Thompson Tony E Method of Client-Side Form Authentication
US20130167208A1 (en) * 2011-12-22 2013-06-27 Jiazheng Shi Smart Phone Login Using QR Code

Similar Documents

Publication Publication Date Title
US9537861B2 (en) Method of mutual verification between a client and a server
AU2013272182B2 (en) Enterprise triggered 2CHK association
CA2875563C (en) Enchanced 2chk authentication security with query transactions
EP3525395B1 (en) Resource locators with keys
US11831680B2 (en) Electronic authentication infrastructure
US9264420B2 (en) Single sign-on for network applications
US20130205360A1 (en) Protecting user credentials from a computing device
EP2747369A1 (en) A system and method of dynamic issuance of privacy preserving credentials
EP1713227A1 (en) System and Method for providing user's security when setting-up a connection over insecure networks
CN101897166A (en) Systems and methods for establishing a secure communication channel using a browser component
MX2008011277A (en) Digipass for the web-functional description.
US20170187708A1 (en) Service provider initiated additional authentication in a federated system
CN105591744A (en) Network real-name authentication method and system
CN103368831B (en) A kind of anonymous instant communicating system identified based on frequent visitor
Sun et al. OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
EP1713230A1 (en) System and method for providing user's security when setting-up a connection over insecure networks
WO2004099949A1 (en) Web site security model
CN113892105A (en) Computer system and method including HTML browser authorization
WO2015027298A1 (en) Proxy system with integrated identity management
KR101879842B1 (en) User authentication method and system using one time password
Nguyen SMS_OTP

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14841097

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14841097

Country of ref document: EP

Kind code of ref document: A1