CA2552987A1 - Security system and method - Google Patents

Security system and method Download PDF

Info

Publication number
CA2552987A1
CA2552987A1 CA002552987A CA2552987A CA2552987A1 CA 2552987 A1 CA2552987 A1 CA 2552987A1 CA 002552987 A CA002552987 A CA 002552987A CA 2552987 A CA2552987 A CA 2552987A CA 2552987 A1 CA2552987 A1 CA 2552987A1
Authority
CA
Canada
Prior art keywords
server
user
authentication
computing device
remote
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002552987A
Other languages
French (fr)
Other versions
CA2552987C (en
Inventor
Tet Hin Yeap
William G. O'brien
Dafu Lou
Ren Xiaoli
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BCE Inc
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2552987A1 publication Critical patent/CA2552987A1/en
Application granted granted Critical
Publication of CA2552987C publication Critical patent/CA2552987C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

A security system and method is provided. In an embodiment, a personal integrated circuit ("PIC"), is provided that can be presented to a laptop computer. The PIC includes a digital certificate personal to an authorized user and is operable to automatically install the certificate on the laptop computer once presented into the computer and once the user enters a valid password respective to the PIC. At this point, the laptop presents the certificate to a server via a network, and the certificate is checked for validity. If valid, the user is then permitted to log into the server. Having logged into the server, the user can remain logged in even as the PIC is removed and presented to different computing devices that are also able to connect to the server via the network. Typically, the user is only able to access the server through the computing device to which the PIC is attached.
The user is automatically logged out of the server after a predefined period of inactivity or according to such other criteria as may be desired.

Claims (29)

1. A system for providing secure access to a computing resource comprising:
a computing device accessible to a user after a local authentication of said user; and, an authentication server connectable to said computing device via a connection after said local authentication and operable to provide access to said computing resource after a remote authentication of said user, said server further operable to maintain said remote authentication after said user has terminated said local authentication such that after said user re-establishes local authentication said server provides access to said resource.
2. The system of claim 1 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
3. The system of claim 1 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
4. The system of claim 1 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device and via a second connection that is earned through said computing device.
5. The system of claim 1 wherein said server and said device are further operable to encrypt communications over said connection while access is provided to said resource.
6. The system of claim 5 wherein said encrypted communications are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
7. The system of claim 1 wherein said resource is a virtual private network that connects to said server.
8. The system of claim 1 wherein said server terminates said remote authentication if said user fails to re-establish local authentication within a predefined period of time.
9. The system of claim 1 wherein said remote authentication includes receipt and validation of a digital certificate respective to said user that is loadable onto said computing device.
10. The system of claim 1 wherein said remote authentication includes receipt of a userid and password respective to said user that is received by said computing device and transmitted to said server.
11. An authentication server for connection with a computing device that is accessible to a user after a local authentication of said user, said authentication server connectable to said computing device via a connection after said local authentication and operable to provide access to said computing resource after a remote authentication of said user, said server further operable to maintain said remote authentication after said user has terminated said local authentication such that after said user re-establishes local authentication said server provides access to said resource.
12. The server of claim 11 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
13. The server of claim 11 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
14. The server of claim 11 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device and via a second connection that is carried through said computing device.
15. The server of claim 11 wherein said server and said device are further operable to encrypt communications over said connection while access is provided to said resource.
16. The server of claim 15 wherein said encrypted communications are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
17. The server of claim 11 wherein said resource is a virtual private network that connects to said server.
18. The server of claim 11 wherein said server terminates said remote authentication if said user fails to re-establish local authentication within a predefined period of time.
19. The server of claim 11 wherein said remote authentication includes receipt .and validation of a digital certificate respective to said user that is loadable onto said computing device.
20. The server of claim 11 wherein said remote authentication includes receipt of a userid and password respective to said user that is received by said computing device and transmitted to said server.
21. A method of providing secure access to a computing resource comprising the steps of:
performing a local authentication of a user at a computing device;
performing a remote authentication at an authentication server connectable to said computing device via a connection after said local authentication;
providing access to said computing resource via said authentication server after said remote authentication; and, maintaining said remote authentication after said user has terminated said local authentication.
22. The method of claim 21 comprising the additional step of re-establishing said access when said user re-establishes said local authentication.
23. The method of claim 21 comprising the additional step of terminating said remote authentication if said user fails to re-establish said local authentication within a predefined period of time.
24. The method of claim 22 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
25. The method of claim 22 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
26. The method of claim 21 wherein said server and said device are operable to encrypt communications over said connection while access is provided to said resource.
27. The method of claim 25 wherein said encrypted communications are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
28. The method of claim 25 wherein said resource is a virtual private network that connects to said server.
29. A method of providing secure access to a computing resource comprising:
sending a digital certificate from a computing device to a server;
receiving a remote user authentication at said server from said computing device and determining if said remote user authentication is valid;
terminating said method if said user authentication is not valid;
generating security keys at said server and delivering a requisite portion of those keys to said computing device;
conducting communications between said server and said computing device using said security keys; and, maintaining said remote user authentication when said computing device disconnects from said server.
CA2552987A 2004-03-26 2004-03-26 Security system and method Expired - Fee Related CA2552987C (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2004/000455 WO2005093542A1 (en) 2004-03-26 2004-03-26 Security system and method

Publications (2)

Publication Number Publication Date
CA2552987A1 true CA2552987A1 (en) 2005-10-06
CA2552987C CA2552987C (en) 2013-05-28

Family

ID=34957163

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2552987A Expired - Fee Related CA2552987C (en) 2004-03-26 2004-03-26 Security system and method

Country Status (3)

Country Link
US (1) US7861081B2 (en)
CA (1) CA2552987C (en)
WO (1) WO2005093542A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100677152B1 (en) * 2004-11-17 2007-02-02 삼성전자주식회사 Method for transmitting content in home network using user-binding
US9454657B2 (en) 2004-12-03 2016-09-27 Bce Inc. Security access device and method
FR2899749B1 (en) * 2006-04-07 2008-07-04 Groupe Ecoles Telecomm IDENTITY PROTECTION METHOD, DEVICES, AND CORRESPONDING COMPUTER PROGRAM PRODUCT
US8352999B1 (en) * 2006-07-21 2013-01-08 Cadence Design Systems, Inc. Method for managing data in a shared computing environment
US7929513B2 (en) * 2006-10-30 2011-04-19 At&T Intellectual Property I, Lp Wireless local area network access points, end-point communication devices, and computer program products that generate security alerts based on characteristics of interfering signals and/or connection messages
EP1944714A1 (en) * 2007-01-10 2008-07-16 Jaycrypto Limited Method and systems for providing the authenticity of a client to a server
JP5094187B2 (en) * 2007-04-11 2012-12-12 キヤノン株式会社 Information processing apparatus, information processing apparatus control method, storage medium, and program
KR100966073B1 (en) * 2007-10-15 2010-06-28 한국전자통신연구원 Apparatus and method for managing terminal users
US8204180B1 (en) * 2008-08-08 2012-06-19 Intervoice Limited Partnership Systems and methods for preventing sensitive information from being communicated into a non-secure environment
US8316459B2 (en) * 2009-12-02 2012-11-20 Yazamtech Ltd. Secure transference of data between removable media and a security server
US8984621B2 (en) 2010-02-27 2015-03-17 Novell, Inc. Techniques for secure access management in virtual environments
US20130031619A1 (en) * 2011-07-25 2013-01-31 Lenovo (Singapore) Pte. Ltd. Remote authentication screen locker for a mobile device
JP6048089B2 (en) * 2011-12-26 2016-12-21 株式会社リコー Information processing apparatus and program
US9275218B1 (en) 2012-09-12 2016-03-01 Emc Corporation Methods and apparatus for verification of a user at a first device based on input received from a second device
US9280645B1 (en) * 2012-11-15 2016-03-08 Emc Corporation Local and remote verification
US9948614B1 (en) * 2013-05-23 2018-04-17 Rockwell Collins, Inc. Remote device initialization using asymmetric cryptography
GB2533348B (en) * 2014-12-17 2021-07-07 Arm Ip Ltd Management of relationships between a device and a service provider
KR101853544B1 (en) * 2016-05-24 2018-04-30 주식회사 케이티 Apparatus and method for controlling the line
WO2021230636A1 (en) * 2020-05-11 2021-11-18 Samsung Electronics Co., Ltd. System and method for certificate based authentication for tethering

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5742756A (en) * 1996-02-12 1998-04-21 Microsoft Corporation System and method of using smart cards to perform security-critical operations requiring user authorization
US5960085A (en) * 1997-04-14 1999-09-28 De La Huerga; Carlos Security badge for automated access control and secure data gathering
US6189105B1 (en) * 1998-02-20 2001-02-13 Lucent Technologies, Inc. Proximity detection of valid computer user
US6092202A (en) * 1998-05-22 2000-07-18 N*Able Technologies, Inc. Method and system for secure transactions in a computer system
US7228429B2 (en) * 2001-09-21 2007-06-05 E-Watch Multimedia network appliances for security and surveillance applications
US7111324B2 (en) * 1999-01-15 2006-09-19 Safenet, Inc. USB hub keypad
US7272723B1 (en) * 1999-01-15 2007-09-18 Safenet, Inc. USB-compliant personal key with integral input and output devices
DE60029217T2 (en) 1999-05-21 2007-05-31 International Business Machines Corp. METHOD AND DEVICE FOR INITIALIZING SAFE CONNECTIONS BETWEEN AND BETWEEN ONLY CUSTOMIZED CORDLESS EQUIPMENT
US6497656B1 (en) * 2000-02-08 2002-12-24 General Electric Company Integrated wireless broadband communications network
US7111060B2 (en) * 2000-03-14 2006-09-19 Aep Networks, Inc. Apparatus and accompanying methods for providing, through a centralized server site, a secure, cost-effective, web-enabled, integrated virtual office environment remotely accessible through a network-connected web browser
JP2002024464A (en) * 2000-07-07 2002-01-25 Nec Corp System and method for selling ticket with ic card, and recording medium
WO2002023359A1 (en) 2000-09-12 2002-03-21 Mitsubishi Denki Kabushiki Kaisha Device operation permitting/authenticating system
WO2002027628A2 (en) * 2000-09-29 2002-04-04 Jill Fallon Systems and methods for a personal, universal, integrated organizer for legacy planning and storage
US6819219B1 (en) * 2000-10-13 2004-11-16 International Business Machines Corporation Method for biometric-based authentication in wireless communication for access control
NO20005440L (en) * 2000-10-27 2002-04-29 Ericsson Telefon Ab L M Package-based personal equipment arrangements and practices
US6763315B2 (en) * 2000-11-29 2004-07-13 Ensure Technologies, Inc. Method of securing access to a user having an enhanced security proximity token
US7440572B2 (en) * 2001-01-16 2008-10-21 Harris Corportation Secure wireless LAN device and associated methods
US20020123325A1 (en) * 2001-03-01 2002-09-05 Cooper Gerald M. Method and apparatus for increasing the security of wireless data services
US20020129285A1 (en) * 2001-03-08 2002-09-12 Masateru Kuwata Biometric authenticated VLAN
US7047405B2 (en) * 2001-04-05 2006-05-16 Qualcomm, Inc. Method and apparatus for providing secure processing and data storage for a wireless communication device
US7302571B2 (en) * 2001-04-12 2007-11-27 The Regents Of The University Of Michigan Method and system to maintain portable computer data secure and authentication token for use therein
US6937135B2 (en) * 2001-05-30 2005-08-30 Hewlett-Packard Development Company, L.P. Face and environment sensing watch
US20030034877A1 (en) * 2001-08-14 2003-02-20 Miller Brett E. Proximity detection for access control
US20030093663A1 (en) * 2001-11-09 2003-05-15 Walker Jesse R. Technique to bootstrap cryptographic keys between devices
US7222361B2 (en) * 2001-11-15 2007-05-22 Hewlett-Packard Development Company, L.P. Computer security with local and remote authentication
US20030149874A1 (en) * 2002-02-06 2003-08-07 Xerox Corporation Systems and methods for authenticating communications in a network medium
US7080404B2 (en) * 2002-04-01 2006-07-18 Microsoft Corporation Automatic re-authentication
US7624437B1 (en) * 2002-04-02 2009-11-24 Cisco Technology, Inc. Methods and apparatus for user authentication and interactive unit authentication
US7299364B2 (en) * 2002-04-09 2007-11-20 The Regents Of The University Of Michigan Method and system to maintain application data secure and authentication token for use therein
US7529933B2 (en) * 2002-05-30 2009-05-05 Microsoft Corporation TLS tunneling
US7920827B2 (en) * 2002-06-26 2011-04-05 Nokia Corporation Apparatus and method for facilitating physical browsing on wireless devices using radio frequency identification
US7761904B2 (en) * 2002-09-30 2010-07-20 Harris Corporation Removable cryptographic ignition key system and method
US7440573B2 (en) * 2002-10-08 2008-10-21 Broadcom Corporation Enterprise wireless local area network switching system
US6810480B1 (en) * 2002-10-21 2004-10-26 Sprint Communications Company L.P. Verification of identity and continued presence of computer users
AU2003286013A1 (en) * 2002-11-18 2004-06-15 Hipaat Inc. A method and system for access control
US7240361B2 (en) * 2003-01-31 2007-07-03 Qwest Communications International Inc. Systems and methods for controlled transmittance in a telecommunication system

Also Published As

Publication number Publication date
US20050216747A1 (en) 2005-09-29
WO2005093542A1 (en) 2005-10-06
CA2552987C (en) 2013-05-28
US7861081B2 (en) 2010-12-28

Similar Documents

Publication Publication Date Title
CA2552987A1 (en) Security system and method
KR102424055B1 (en) Apparatus and Method for Providing API Authentication using Two API Tokens
CN107251035B (en) Account recovery protocol
US8800013B2 (en) Devolved authentication
US7100054B2 (en) Computer network security system
CA2742705C (en) Method and system protecting against identity theft or replication abuse
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
US10298561B2 (en) Providing a single session experience across multiple applications
US8769289B1 (en) Authentication of a user accessing a protected resource using multi-channel protocol
US7757275B2 (en) One time password integration with Kerberos
CN108476226A (en) application program authorization method, terminal and server
CN109417553A (en) The attack using leakage certificate is detected via internal network monitoring
US20090158033A1 (en) Method and apparatus for performing secure communication using one time password
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
US20070156836A1 (en) System and method for electronic chat identity validation
KR101028882B1 (en) System and method for providing user authentication one time password using a wireless mobile terminal
KR20110126124A (en) Transforming static password systems to become 2-factor authentication
CN102970299A (en) File safe protection system and method thereof
JP2003188885A5 (en)
WO2016155220A1 (en) Single sign-on method, system and terminal
CN110225050A (en) The management method of JWT token
JP2010072976A5 (en)
EP2926527B1 (en) Virtual smartcard authentication
JP2004528624A (en) A device for pre-authenticating a user using a one-time password
CN112910867B (en) Double verification method for trusted equipment to access application

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20220328