MY177380A - A system and method for protection of user authentication against capture-and-replay attacks - Google Patents
A system and method for protection of user authentication against capture-and-replay attacksInfo
- Publication number
- MY177380A MY177380A MYPI2013004482A MYPI2013004482A MY177380A MY 177380 A MY177380 A MY 177380A MY PI2013004482 A MYPI2013004482 A MY PI2013004482A MY PI2013004482 A MYPI2013004482 A MY PI2013004482A MY 177380 A MY177380 A MY 177380A
- Authority
- MY
- Malaysia
- Prior art keywords
- user
- authentication
- context
- credentials
- dependent
- Prior art date
Links
- 238000000034 method Methods 0.000 title abstract 4
- 230000001419 dependent effect Effects 0.000 abstract 4
- 230000003993 interaction Effects 0.000 abstract 3
- 238000012795 verification Methods 0.000 abstract 3
- 230000010354 integration Effects 0.000 abstract 2
- 230000005540 biological transmission Effects 0.000 abstract 1
- 230000001681 protective effect Effects 0.000 abstract 1
- 238000013517 stratification Methods 0.000 abstract 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a system (1 00, 200) and method (300) for protection of user authentication against at least single instance of capture-and-replay attacks, by means of input and processing of user credentials on a client-side user interface (UI), and subsequent transmission to a server undertaking credential authentication. The system (100, 200) and method (300) of the present invention utilizes credentials which are context dependent as inputs into ZK integration function which is additionally applicable as an interaction in two actions: firstly, between user and trusted platform, and secondly between trusted platform and client terminal, as similarly protective of user authentication against capture-and-replay attacks. The user submits credentials as an act of authentication based on context of interest (31 0) as deemed correct by user. Optional verification of the submitted context-dependent credential (320) on the client terminal or trusted platform follows. The method (300) involves ZK integration of the context-dependent credential (330) followed by verification of the authenticator (340), such that unauthorised interception of credentials as submitted does not necessarily result in capability of intercepting party to undertake fraudulent authentication. Verification of user-to-server authentication interaction as being correct is additionally dependent on independent determination by server of context of interest, which might include specification and stratification of time and/or location of the authentication interaction. Figure 3
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| MYPI2013004482A MY177380A (en) | 2013-12-12 | 2013-12-12 | A system and method for protection of user authentication against capture-and-replay attacks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| MYPI2013004482A MY177380A (en) | 2013-12-12 | 2013-12-12 | A system and method for protection of user authentication against capture-and-replay attacks |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| MY177380A true MY177380A (en) | 2020-09-14 |
Family
ID=79183471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| MYPI2013004482A MY177380A (en) | 2013-12-12 | 2013-12-12 | A system and method for protection of user authentication against capture-and-replay attacks |
Country Status (1)
| Country | Link |
|---|---|
| MY (1) | MY177380A (en) |
-
2013
- 2013-12-12 MY MYPI2013004482A patent/MY177380A/en unknown
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2018256309A1 (en) | Systems and methods for device verification and authentication | |
| EP4343591A3 (en) | Authentication system using secure multi-party computation | |
| SG10201901366WA (en) | Key exchange through partially trusted third party | |
| PH12018502087A1 (en) | Systems and methdos for providing block chain-based multifactor personal identity verification | |
| EP4542932A3 (en) | Blockchain-implemented method and system | |
| HK1258980A1 (en) | Method and system for user authentication with improved security | |
| MX356841B (en) | Operation authorization method and device. | |
| MX361152B (en) | Provisioning drm credentials on a client device using an update server. | |
| TW201612787A (en) | Network authentication method for secure electronic transactions | |
| PH12019501168A1 (en) | Service control and user identity authentication based on virtual realtiy | |
| WO2016175914A3 (en) | Transaction signing utilizing asymmetric cryptography | |
| FI20155763A7 (en) | Method for securing the authenticity of a certificate By using SSL protocol over an encrypted Internet connection with a web page | |
| MX2017008651A (en) | Method and apparatus for securing a mobile application. | |
| MX383704B (en) | METHOD, DEVICE, SERVER AND SYSTEM FOR AUTHENTICATING A USER. | |
| MY172715A (en) | System and method enabling multiparty and multi level authorizations for accessing confidential information | |
| WO2017019201A8 (en) | Cryptographic assurances of data integrity for data crossing trust boundaries | |
| BR112016017947A2 (en) | METHOD IMPLEMENTED BY COMPUTER, ACCESS DEVICE, AND SYSTEM | |
| BR112017003018A2 (en) | secure provision of an authentication credential | |
| WO2012069263A3 (en) | Method for authorizing access to protected content | |
| WO2015023341A3 (en) | Secure authorization systems and methods | |
| WO2014151730A3 (en) | Identity escrow management for minimal disclosure credentials | |
| IN2014MU00771A (en) | ||
| EP4271017A3 (en) | Secured home network | |
| MY184704A (en) | A system and method for authenticating a user based on user behaviour and environmental factors | |
| NZ722177A (en) | System and method for communicating credentials |