MY172974A - A system and method for authentication using non-reusable random generated mobile sms key - Google Patents

A system and method for authentication using non-reusable random generated mobile sms key

Info

Publication number
MY172974A
MY172974A MYPI2012003210A MYPI2012003210A MY172974A MY 172974 A MY172974 A MY 172974A MY PI2012003210 A MYPI2012003210 A MY PI2012003210A MY PI2012003210 A MYPI2012003210 A MY PI2012003210A MY 172974 A MY172974 A MY 172974A
Authority
MY
Malaysia
Prior art keywords
authentication
user
database
user information
sms key
Prior art date
Application number
MYPI2012003210A
Inventor
Rashidah Haron Galoh
Chong Seak Sea
Kang Siong Ng
Hon Loon WONG
Maniam DHARMADHARSHNI
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Priority to MYPI2012003210A priority Critical patent/MY172974A/en
Priority to PCT/MY2013/000125 priority patent/WO2014011027A1/en
Publication of MY172974A publication Critical patent/MY172974A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The system and method of the present invention proposes user authentication using non reusable random generated mobile SMS key while retaining user privacy. The system of the present invention comprising at least one user (101) with user mobile phone (106); at least one web application (104); at least one authentication service provider (103); at least one authentication server (102); and at least one database (105). The at least one authentication server (102) further comprising at least one authentication interface module (201); at least one authentication verification module (202); at least one SMS key generation module (203); at least one SMS gateway (204); and at least one database interface module (205). The methodology of the present invention comprises steps of requesting user information for authentication (302); authenticating user information (304); returning authentication status to web application (310); and performing authorization by granting access to user upon successful user authenticat ion (312). Authentication of user information comprises steps of computing hash value (DK1) based on user information (402); searching database for matching hash value (DK1) (404); and generating new mobile SMS key (K2) upon locating matching record in database (406) after mobile SMS key (K1) has been authenticated in the current transaction.
MYPI2012003210A 2012-07-13 2012-07-13 A system and method for authentication using non-reusable random generated mobile sms key MY172974A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
MYPI2012003210A MY172974A (en) 2012-07-13 2012-07-13 A system and method for authentication using non-reusable random generated mobile sms key
PCT/MY2013/000125 WO2014011027A1 (en) 2012-07-13 2013-07-05 A system and method for authentication using non-reusable random generated mobile sms key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
MYPI2012003210A MY172974A (en) 2012-07-13 2012-07-13 A system and method for authentication using non-reusable random generated mobile sms key

Publications (1)

Publication Number Publication Date
MY172974A true MY172974A (en) 2019-12-16

Family

ID=48980247

Family Applications (1)

Application Number Title Priority Date Filing Date
MYPI2012003210A MY172974A (en) 2012-07-13 2012-07-13 A system and method for authentication using non-reusable random generated mobile sms key

Country Status (2)

Country Link
MY (1) MY172974A (en)
WO (1) WO2014011027A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301316A (en) * 2014-10-13 2015-01-21 中国电子科技集团公司第二十八研究所 A single sign-on system and its implementation method
ES2835873T3 (en) 2015-08-24 2021-06-23 Huawei Tech Co Ltd Security authentication method, configuration method and related device
CN115632847B (en) * 2022-10-13 2025-11-28 深圳市信丰伟业科技有限公司 Encryption method, system, equipment and storage medium for firmware upgrade

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2663256A1 (en) * 2006-09-15 2008-03-20 Comfact Ab Method and computer system for ensuring authenticity of an electronic transaction

Also Published As

Publication number Publication date
WO2014011027A1 (en) 2014-01-16

Similar Documents

Publication Publication Date Title
EP3780543A1 (en) Blockchain cross-chain authentication method and system, and server and readable storage medium
CN102300182B (en) Short-message-based authentication method, system and device
TWI797056B (en) Method and apparatus for supporting multi-user cluster authentication
CN102448061B (en) Method and system for preventing phishing attack on basis of mobile terminal
PH12018502092A1 (en) Method and device for registering biometric identity and authenticating biometric identity
CN110830471B (en) OTP (one time password) verification method, server, client and computer-readable storage medium
MY203124A (en) Wireless network connection method and apparatus, and storage medium
TW201405459A (en) Login verification method, client, server and system
RU2016104765A (en) PROCESSING PROTECTED REMOTE PAYMENT TRANSACTIONS
CN104753881A (en) WebService security certification access control method based on software digital certificate and timestamp
WO2015023341A3 (en) Secure authorization systems and methods
IN2013MU03727A (en)
GB201204398D0 (en) Method for authenticating a transaction
CN103095733A (en) Keyword cipher text retrieval method for cloud storage
CN105262779A (en) Identity authentication method, device and system
MX2015015140A (en) User authentication.
CN105243542B (en) A method for dynamic electronic certificate authentication
MX383704B (en) METHOD, DEVICE, SERVER AND SYSTEM FOR AUTHENTICATING A USER.
WO2012112640A4 (en) On-line membership verification utilizing an associated organization certificate
MX2013014618A (en) Method and apparatus for authenticating users of a hybrid terminal.
CN104717063A (en) Software security protection method of mobile terminal
CN104506527A (en) Multidimensional information pointer platform and data access method thereof
CN103312499A (en) Identity authentication method and system
CN103684797A (en) Subscriber and subscriber terminal equipment correlation authentication method and system
CN104994115B (en) A kind of login authentication method and system