CA2552987A1 - Security system and method - Google Patents
Security system and method Download PDFInfo
- Publication number
- CA2552987A1 CA2552987A1 CA002552987A CA2552987A CA2552987A1 CA 2552987 A1 CA2552987 A1 CA 2552987A1 CA 002552987 A CA002552987 A CA 002552987A CA 2552987 A CA2552987 A CA 2552987A CA 2552987 A1 CA2552987 A1 CA 2552987A1
- Authority
- CA
- Canada
- Prior art keywords
- server
- user
- authentication
- computing device
- remote
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract 12
- 238000010200 validation analysis Methods 0.000 claims 2
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
A security system and method is provided. In an embodiment, a personal integrated circuit ("PIC"), is provided that can be presented to a laptop computer. The PIC includes a digital certificate personal to an authorized user and is operable to automatically install the certificate on the laptop computer once presented into the computer and once the user enters a valid password respective to the PIC. At this point, the laptop presents the certificate to a server via a network, and the certificate is checked for validity. If valid, the user is then permitted to log into the server. Having logged into the server, the user can remain logged in even as the PIC is removed and presented to different computing devices that are also able to connect to the server via the network. Typically, the user is only able to access the server through the computing device to which the PIC is attached.
The user is automatically logged out of the server after a predefined period of inactivity or according to such other criteria as may be desired.
The user is automatically logged out of the server after a predefined period of inactivity or according to such other criteria as may be desired.
Claims (29)
1. A system for providing secure access to a computing resource comprising:
a computing device accessible to a user after a local authentication of said user; and, an authentication server connectable to said computing device via a connection after said local authentication and operable to provide access to said computing resource after a remote authentication of said user, said server further operable to maintain said remote authentication after said user has terminated said local authentication such that after said user re-establishes local authentication said server provides access to said resource.
a computing device accessible to a user after a local authentication of said user; and, an authentication server connectable to said computing device via a connection after said local authentication and operable to provide access to said computing resource after a remote authentication of said user, said server further operable to maintain said remote authentication after said user has terminated said local authentication such that after said user re-establishes local authentication said server provides access to said resource.
2. The system of claim 1 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
3. The system of claim 1 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
4. The system of claim 1 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device and via a second connection that is earned through said computing device.
5. The system of claim 1 wherein said server and said device are further operable to encrypt communications over said connection while access is provided to said resource.
6. The system of claim 5 wherein said encrypted communications are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
7. The system of claim 1 wherein said resource is a virtual private network that connects to said server.
8. The system of claim 1 wherein said server terminates said remote authentication if said user fails to re-establish local authentication within a predefined period of time.
9. The system of claim 1 wherein said remote authentication includes receipt and validation of a digital certificate respective to said user that is loadable onto said computing device.
10. The system of claim 1 wherein said remote authentication includes receipt of a userid and password respective to said user that is received by said computing device and transmitted to said server.
11. An authentication server for connection with a computing device that is accessible to a user after a local authentication of said user, said authentication server connectable to said computing device via a connection after said local authentication and operable to provide access to said computing resource after a remote authentication of said user, said server further operable to maintain said remote authentication after said user has terminated said local authentication such that after said user re-establishes local authentication said server provides access to said resource.
12. The server of claim 11 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
13. The server of claim 11 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
14. The server of claim 11 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device and via a second connection that is carried through said computing device.
15. The server of claim 11 wherein said server and said device are further operable to encrypt communications over said connection while access is provided to said resource.
16. The server of claim 15 wherein said encrypted communications are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
17. The server of claim 11 wherein said resource is a virtual private network that connects to said server.
18. The server of claim 11 wherein said server terminates said remote authentication if said user fails to re-establish local authentication within a predefined period of time.
19. The server of claim 11 wherein said remote authentication includes receipt .and validation of a digital certificate respective to said user that is loadable onto said computing device.
20. The server of claim 11 wherein said remote authentication includes receipt of a userid and password respective to said user that is received by said computing device and transmitted to said server.
21. A method of providing secure access to a computing resource comprising the steps of:
performing a local authentication of a user at a computing device;
performing a remote authentication at an authentication server connectable to said computing device via a connection after said local authentication;
providing access to said computing resource via said authentication server after said remote authentication; and, maintaining said remote authentication after said user has terminated said local authentication.
performing a local authentication of a user at a computing device;
performing a remote authentication at an authentication server connectable to said computing device via a connection after said local authentication;
providing access to said computing resource via said authentication server after said remote authentication; and, maintaining said remote authentication after said user has terminated said local authentication.
22. The method of claim 21 comprising the additional step of re-establishing said access when said user re-establishes said local authentication.
23. The method of claim 21 comprising the additional step of terminating said remote authentication if said user fails to re-establish said local authentication within a predefined period of time.
24. The method of claim 22 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
25. The method of claim 22 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
26. The method of claim 21 wherein said server and said device are operable to encrypt communications over said connection while access is provided to said resource.
27. The method of claim 25 wherein said encrypted communications are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
28. The method of claim 25 wherein said resource is a virtual private network that connects to said server.
29. A method of providing secure access to a computing resource comprising:
sending a digital certificate from a computing device to a server;
receiving a remote user authentication at said server from said computing device and determining if said remote user authentication is valid;
terminating said method if said user authentication is not valid;
generating security keys at said server and delivering a requisite portion of those keys to said computing device;
conducting communications between said server and said computing device using said security keys; and, maintaining said remote user authentication when said computing device disconnects from said server.
sending a digital certificate from a computing device to a server;
receiving a remote user authentication at said server from said computing device and determining if said remote user authentication is valid;
terminating said method if said user authentication is not valid;
generating security keys at said server and delivering a requisite portion of those keys to said computing device;
conducting communications between said server and said computing device using said security keys; and, maintaining said remote user authentication when said computing device disconnects from said server.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CA2004/000455 WO2005093542A1 (en) | 2004-03-26 | 2004-03-26 | Security system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2552987A1 true CA2552987A1 (en) | 2005-10-06 |
CA2552987C CA2552987C (en) | 2013-05-28 |
Family
ID=34957163
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2552987A Expired - Fee Related CA2552987C (en) | 2004-03-26 | 2004-03-26 | Security system and method |
Country Status (3)
Country | Link |
---|---|
US (1) | US7861081B2 (en) |
CA (1) | CA2552987C (en) |
WO (1) | WO2005093542A1 (en) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100677152B1 (en) * | 2004-11-17 | 2007-02-02 | 삼성전자주식회사 | Method for transmitting content in home network using user-binding |
US9454657B2 (en) | 2004-12-03 | 2016-09-27 | Bce Inc. | Security access device and method |
FR2899749B1 (en) * | 2006-04-07 | 2008-07-04 | Groupe Ecoles Telecomm | IDENTITY PROTECTION METHOD, DEVICES, AND CORRESPONDING COMPUTER PROGRAM PRODUCT |
US8352999B1 (en) * | 2006-07-21 | 2013-01-08 | Cadence Design Systems, Inc. | Method for managing data in a shared computing environment |
US7929513B2 (en) * | 2006-10-30 | 2011-04-19 | At&T Intellectual Property I, Lp | Wireless local area network access points, end-point communication devices, and computer program products that generate security alerts based on characteristics of interfering signals and/or connection messages |
EP1944714A1 (en) * | 2007-01-10 | 2008-07-16 | Jaycrypto Limited | Method and systems for providing the authenticity of a client to a server |
JP5094187B2 (en) * | 2007-04-11 | 2012-12-12 | キヤノン株式会社 | Information processing apparatus, information processing apparatus control method, storage medium, and program |
KR100966073B1 (en) * | 2007-10-15 | 2010-06-28 | 한국전자통신연구원 | Apparatus and method for managing terminal users |
US8204180B1 (en) * | 2008-08-08 | 2012-06-19 | Intervoice Limited Partnership | Systems and methods for preventing sensitive information from being communicated into a non-secure environment |
US8316459B2 (en) * | 2009-12-02 | 2012-11-20 | Yazamtech Ltd. | Secure transference of data between removable media and a security server |
US8984621B2 (en) | 2010-02-27 | 2015-03-17 | Novell, Inc. | Techniques for secure access management in virtual environments |
US20130031619A1 (en) * | 2011-07-25 | 2013-01-31 | Lenovo (Singapore) Pte. Ltd. | Remote authentication screen locker for a mobile device |
JP6048089B2 (en) * | 2011-12-26 | 2016-12-21 | 株式会社リコー | Information processing apparatus and program |
US9275218B1 (en) | 2012-09-12 | 2016-03-01 | Emc Corporation | Methods and apparatus for verification of a user at a first device based on input received from a second device |
US9280645B1 (en) * | 2012-11-15 | 2016-03-08 | Emc Corporation | Local and remote verification |
US9948614B1 (en) * | 2013-05-23 | 2018-04-17 | Rockwell Collins, Inc. | Remote device initialization using asymmetric cryptography |
GB2533348B (en) * | 2014-12-17 | 2021-07-07 | Arm Ip Ltd | Management of relationships between a device and a service provider |
KR101853544B1 (en) * | 2016-05-24 | 2018-04-30 | 주식회사 케이티 | Apparatus and method for controlling the line |
WO2021230636A1 (en) * | 2020-05-11 | 2021-11-18 | Samsung Electronics Co., Ltd. | System and method for certificate based authentication for tethering |
Family Cites Families (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5742756A (en) * | 1996-02-12 | 1998-04-21 | Microsoft Corporation | System and method of using smart cards to perform security-critical operations requiring user authorization |
US5960085A (en) * | 1997-04-14 | 1999-09-28 | De La Huerga; Carlos | Security badge for automated access control and secure data gathering |
US6189105B1 (en) * | 1998-02-20 | 2001-02-13 | Lucent Technologies, Inc. | Proximity detection of valid computer user |
US6092202A (en) * | 1998-05-22 | 2000-07-18 | N*Able Technologies, Inc. | Method and system for secure transactions in a computer system |
US7228429B2 (en) * | 2001-09-21 | 2007-06-05 | E-Watch | Multimedia network appliances for security and surveillance applications |
US7111324B2 (en) * | 1999-01-15 | 2006-09-19 | Safenet, Inc. | USB hub keypad |
US7272723B1 (en) * | 1999-01-15 | 2007-09-18 | Safenet, Inc. | USB-compliant personal key with integral input and output devices |
DE60029217T2 (en) | 1999-05-21 | 2007-05-31 | International Business Machines Corp. | METHOD AND DEVICE FOR INITIALIZING SAFE CONNECTIONS BETWEEN AND BETWEEN ONLY CUSTOMIZED CORDLESS EQUIPMENT |
US6497656B1 (en) * | 2000-02-08 | 2002-12-24 | General Electric Company | Integrated wireless broadband communications network |
US7111060B2 (en) * | 2000-03-14 | 2006-09-19 | Aep Networks, Inc. | Apparatus and accompanying methods for providing, through a centralized server site, a secure, cost-effective, web-enabled, integrated virtual office environment remotely accessible through a network-connected web browser |
JP2002024464A (en) * | 2000-07-07 | 2002-01-25 | Nec Corp | System and method for selling ticket with ic card, and recording medium |
WO2002023359A1 (en) | 2000-09-12 | 2002-03-21 | Mitsubishi Denki Kabushiki Kaisha | Device operation permitting/authenticating system |
WO2002027628A2 (en) * | 2000-09-29 | 2002-04-04 | Jill Fallon | Systems and methods for a personal, universal, integrated organizer for legacy planning and storage |
US6819219B1 (en) * | 2000-10-13 | 2004-11-16 | International Business Machines Corporation | Method for biometric-based authentication in wireless communication for access control |
NO20005440L (en) * | 2000-10-27 | 2002-04-29 | Ericsson Telefon Ab L M | Package-based personal equipment arrangements and practices |
US6763315B2 (en) * | 2000-11-29 | 2004-07-13 | Ensure Technologies, Inc. | Method of securing access to a user having an enhanced security proximity token |
US7440572B2 (en) * | 2001-01-16 | 2008-10-21 | Harris Corportation | Secure wireless LAN device and associated methods |
US20020123325A1 (en) * | 2001-03-01 | 2002-09-05 | Cooper Gerald M. | Method and apparatus for increasing the security of wireless data services |
US20020129285A1 (en) * | 2001-03-08 | 2002-09-12 | Masateru Kuwata | Biometric authenticated VLAN |
US7047405B2 (en) * | 2001-04-05 | 2006-05-16 | Qualcomm, Inc. | Method and apparatus for providing secure processing and data storage for a wireless communication device |
US7302571B2 (en) * | 2001-04-12 | 2007-11-27 | The Regents Of The University Of Michigan | Method and system to maintain portable computer data secure and authentication token for use therein |
US6937135B2 (en) * | 2001-05-30 | 2005-08-30 | Hewlett-Packard Development Company, L.P. | Face and environment sensing watch |
US20030034877A1 (en) * | 2001-08-14 | 2003-02-20 | Miller Brett E. | Proximity detection for access control |
US20030093663A1 (en) * | 2001-11-09 | 2003-05-15 | Walker Jesse R. | Technique to bootstrap cryptographic keys between devices |
US7222361B2 (en) * | 2001-11-15 | 2007-05-22 | Hewlett-Packard Development Company, L.P. | Computer security with local and remote authentication |
US20030149874A1 (en) * | 2002-02-06 | 2003-08-07 | Xerox Corporation | Systems and methods for authenticating communications in a network medium |
US7080404B2 (en) * | 2002-04-01 | 2006-07-18 | Microsoft Corporation | Automatic re-authentication |
US7624437B1 (en) * | 2002-04-02 | 2009-11-24 | Cisco Technology, Inc. | Methods and apparatus for user authentication and interactive unit authentication |
US7299364B2 (en) * | 2002-04-09 | 2007-11-20 | The Regents Of The University Of Michigan | Method and system to maintain application data secure and authentication token for use therein |
US7529933B2 (en) * | 2002-05-30 | 2009-05-05 | Microsoft Corporation | TLS tunneling |
US7920827B2 (en) * | 2002-06-26 | 2011-04-05 | Nokia Corporation | Apparatus and method for facilitating physical browsing on wireless devices using radio frequency identification |
US7761904B2 (en) * | 2002-09-30 | 2010-07-20 | Harris Corporation | Removable cryptographic ignition key system and method |
US7440573B2 (en) * | 2002-10-08 | 2008-10-21 | Broadcom Corporation | Enterprise wireless local area network switching system |
US6810480B1 (en) * | 2002-10-21 | 2004-10-26 | Sprint Communications Company L.P. | Verification of identity and continued presence of computer users |
AU2003286013A1 (en) * | 2002-11-18 | 2004-06-15 | Hipaat Inc. | A method and system for access control |
US7240361B2 (en) * | 2003-01-31 | 2007-07-03 | Qwest Communications International Inc. | Systems and methods for controlled transmittance in a telecommunication system |
-
2004
- 2004-03-26 CA CA2552987A patent/CA2552987C/en not_active Expired - Fee Related
- 2004-03-26 WO PCT/CA2004/000455 patent/WO2005093542A1/en active Application Filing
- 2004-06-04 US US10/860,247 patent/US7861081B2/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
US20050216747A1 (en) | 2005-09-29 |
WO2005093542A1 (en) | 2005-10-06 |
CA2552987C (en) | 2013-05-28 |
US7861081B2 (en) | 2010-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2552987A1 (en) | Security system and method | |
KR102424055B1 (en) | Apparatus and Method for Providing API Authentication using Two API Tokens | |
CN107251035B (en) | Account recovery protocol | |
US8800013B2 (en) | Devolved authentication | |
US7100054B2 (en) | Computer network security system | |
CA2742705C (en) | Method and system protecting against identity theft or replication abuse | |
WO2017197974A1 (en) | Biometric characteristic-based security authentication method, device and electronic equipment | |
US10298561B2 (en) | Providing a single session experience across multiple applications | |
US8769289B1 (en) | Authentication of a user accessing a protected resource using multi-channel protocol | |
US7757275B2 (en) | One time password integration with Kerberos | |
CN108476226A (en) | application program authorization method, terminal and server | |
CN109417553A (en) | The attack using leakage certificate is detected via internal network monitoring | |
US20090158033A1 (en) | Method and apparatus for performing secure communication using one time password | |
CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
US20070156836A1 (en) | System and method for electronic chat identity validation | |
KR101028882B1 (en) | System and method for providing user authentication one time password using a wireless mobile terminal | |
KR20110126124A (en) | Transforming static password systems to become 2-factor authentication | |
CN102970299A (en) | File safe protection system and method thereof | |
JP2003188885A5 (en) | ||
WO2016155220A1 (en) | Single sign-on method, system and terminal | |
CN110225050A (en) | The management method of JWT token | |
JP2010072976A5 (en) | ||
EP2926527B1 (en) | Virtual smartcard authentication | |
JP2004528624A (en) | A device for pre-authenticating a user using a one-time password | |
CN112910867B (en) | Double verification method for trusted equipment to access application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20220328 |