Abstract: A method for authenticating a user on a user device with an authentication phase that includes: displaying a page of an authentication server in an internet browser, initiating an authentication process via this page to authenticate the user to a server remote from the user device, supplying to the user device a proof of authentication from the remote server, and opening an access session to the user device using this proof of authentication. Embodiments of the invention may include a computer program and an authentication system implementing such a method.

Abstract: The invention relates to an access management method comprising, in response to a request to access a local application (23) hosted on a second network (10): if the second network (10) is connected to a first network (8): receiving the access request by a master module (4) connected to the first network (8); determining, by the master module (4), access confirmation or denial data for access to the local application; and transmitting the determined access confirmation or denial data from the master module to the local application (23) otherwise: receiving the access request by a satellite module (6) connected to the second network (10); determining, by the master module (6), access confirmation or denial data for access to the local application (23); and transmitting the determined access confirmation or denial data from the satellite module to the local application (23).

Abstract: The invention relates to a device and a method for authenticating a user utilizing an internet access client (10) for accessing remote resources of a computer infrastructure, said access comprising a first authentication (130) of the internet access client (10) and a second authentication (140) of the user of the internet access client (10). The method includes sending (132), to a token security module (21), by the internet access client (10), a client certificate (220), said client certificate (220) being associated with items of identification information of the internet access client (10); and receiving (133), by the internet access client (10), an authentication token (210) generated by the token security module when the client certificate (220) sent has been verified by the token security module.

Abstract: The invention relates to a method for creating a communication channel between a local application executed in a local network and a remote SaaS application. The method includes generating an SSL access point and associating the SSL access point to a communication port with the SaaS application. The method also includes generating, by a proxy, a local IDAAS proxy, located in the local network, and an SSL connection associated with the SSL access point and associated with a port for communicating with the local application in the local network. The invention also relates to a method and a system for communicating between the local application and the SaaS application.

Abstract: The invention relates to a method of authenticating, with an identity-as-a-service (IDAAS) server, a user of a plurality of users of a computer network. The method includes providing identification data for the user in an authentication web page of the IDAAS server, and validating an authentication request by verifying the identification data. The verifying is performed by another user, called a certifier, that is selected from the plurality of users of the computer network known to the IDAAS server and using the IDAAS server. The invention also relates to a computer program and an IDAAS server implementing such a method.

Abstract: The invention includes a method for authenticating a user located in a computer network including an internal authentication of the user with an identification server of the computer network with a user identifier and a user device. The method includes transmission of an authentication request by the user device to an IDAAS server external to the computer network. The method includes an external authentication of the user by the IDAAS server, including transmission of a first message that includes an event identifier associated with the user device by the IDAAS server to a web server of the computer network. The external authentication also includes recovery of the user identifier by the web server, and transmission of a second message that includes the user identifier to authenticate the user by the web server to the IDAAS server. The invention also includes a computer program and an authentication system implementing the method.

Abstract: A method performs a strong authentication using a mobile terminal and the capability of the user, as proof of an identity. The mobile terminal allows an authentication to be established by communicating with a proxy authentication server and a notification server. These communications are initiated by an authentication server, used for the authentication. Throughout the authentication, the authentication server remains masked by the proxy authentication server. The only interface between the authentication server and the rest of the world is the proxy authentication server.

Abstract: Disclosed is a method for authenticating a user by user identifier and associated graphical password. The graphical password includes a sequence of several images belonging to a group of images. The user provides a user identifier to an application, and graphically selects a sequence of several images in this group of images, the image order being randomly displayed by the application with each authentication of the user. The application identifies the position of each selected image in the sequence, establishes the correspondence between the sequence of the positions and the sequence of the identifiers of the selected images, compares the sequence of the selected images identifiers with the registered sequence, the application being the only entity able to establish this correspondence and/or the application being the only entity able to make this comparison, and authenticates the user if the comparison is positive but refuses authentication for negative comparison.

Abstract: A method for authenticating a user on a user device with an authentication phase that includes: displaying a page of an authentication server in an internet browser, initiating an authentication process via this page to authenticate the user to a server remote from the user device, supplying to the user device a proof of authentication from the remote server, and opening an access session to the user device using this proof of authentication. Embodiments of the invention may include a computer program and an authentication system implementing such a method.

Abstract: A method for archiving data relative to a user equipped with an electronic apparatus and having a user account on a server including a database, the method including: transmitting the data relative to the user from an electronic device to the server; storing the data relative to the user in a first container of the database of the server; generating, by the server, a temporary reference associated with the first container of the database; transmitting the temporary reference from the server to the electronic apparatus; accessing the data relative to the user from the electronic apparatus, a connection between the electronic apparatus and the server having been established previously.

Abstract: The invention relates to a device and a method for authenticating a user utilizing an internet access client (10) for accessing remote resources of a computer infrastructure, said access comprising a first authentication (130) of the internet access client (10) and a second authentication (140) of the user of the internet access client (10). The method includes sending (132), to a token security module (21), by the internet access client (10), a client certificate (220), said client certificate (220) being associated with items of identification information of the internet access client (10); and receiving (133), by the internet access client (10), an authentication token (210) generated by the token security module when the client certificate (220) sent has been verified by the token security module.

Abstract: A method performs a strong authentication using a mobile terminal and the capability of the user, as proof of an identity. The mobile terminal allows an authentication to be established by communicating with a proxy authentication server and a notification server. These communications are initiated by an authentication server, used for the authentication. Throughout the authentication, the authentication server remains masked by the proxy authentication server. The only interface between the authentication server and the rest of the world is the proxy authentication server.

Abstract: Disclosed is a method for authenticating a user by user identifier and associated graphical password. The graphical password includes a sequence of several images belonging to a group of images. The user provides a user identifier to an application, and graphically selects a sequence of several images in this group of images, the image order being randomly displayed by the application with each authentication of the user. The application identifies the position of each selected image in the sequence, establishes the correspondence between the sequence of the positions and the sequence of the identifiers of the selected images, compares the sequence of the selected images identifiers with the registered sequence, the application being the only entity able to establish this correspondence and/or the application being the only entity able to make this comparison, and authenticates the user if the comparison is positive but refuses authentication for negative comparison.

Abstract: A method for managing a data center that includes racks arranged in aisles, includes guiding an operator, by a mobile terminal, to a desired device of a rack. The guiding step includes: indicating, on a screen of the mobile terminal, a route to follow to arrive near the device; once the operator is near the device, reading, by a reading application of the mobile terminal, an electronic marker pattern placed on a first rack facing the operator to determine if the operator is facing the rack including the desired device; if not, repeating the reading operation on the rack directly adjacent to the first rack; once the rack is identified, reading, by the reading application of the mobile terminal, an optical marker pattern placed on the rack so as to obtain a height reference and thus locate the desired device; and acting upon the desired device using the mobile terminal.

Abstract: A method (M) for controlling access to a production system (SIP) of a computer system not connected to an information system (SIC), includes: A) an initial phase of enrolling a user via a terminal (1) in the production system (SIP), which includes: a) providing a private encrypted key (Cph) associated with each account of the user in the production system (SIP); b) the terminal transmitting the encrypted private key (Cph) to the information system and the system (SIC) registering the encrypted private key; B) for each request to access the production system, a phase of authentication by the production system, which includes: the terminal of the user recovering a challenge (QRCb) generated by the production system, that only the encrypted key stored in the information system makes it possible to solve, the key only being capable of being obtained after the terminal has been authenticated by the information system.

Abstract: A method for managing user accounts in an application of an application provider, includes: receiving a request for proof of authentication to authenticate a user attempting to access the application, the user being registered with an identity provider having a trust relationship with the application provider; obtaining, from a local database, user data including authentication data and access rights data; authenticating the user by the authentication data; determining the user right to access the application, by the access rights data; determining the existence or absence of a user account associated with the user, by querying an external database managed by the application provider; if the user has the right to access the application and there is no user account associated with the user: triggering provisioning of the user account at an entity, generating a proof of authentication associated with the user, sending the proof of authentication to the application provider.

Abstract: A method for archiving data relative to a user equipped with an electronic apparatus and having a user account on a server including a database, the method including: transmitting the data relative to the user from an electronic device to the server; storing the data relative to the user in a first container of the database of the server; generating, by the server, a temporary reference associated with the first container of the database; transmitting the temporary reference from the server to the electronic apparatus; accessing the data relative to the user from the electronic apparatus, a connection between the electronic apparatus and the server having been established previously.

Abstract: A method for managing a data center that includes racks arranged in aisles, includes guiding an operator, by a mobile terminal, to a desired device of a rack. The guiding step includes: indicating, on a screen of the mobile terminal, a route to follow to arrive near the device; once the operator is near the device, reading, by a reading application of the mobile terminal, an electronic marker pattern placed on a first rack facing the operator to determine if the operator is facing the rack including the desired device; if not, repeating the reading operation on the rack directly adjacent to the first rack; once the rack is identified, reading, by the reading application of the mobile terminal, an optical marker pattern placed on the rack so as to obtain a height reference and thus locate the desired device; and acting upon the desired device using the mobile terminal.

Abstract: A method for managing user accounts in an application of an application provider, includes: receiving a request for proof of authentication to authenticate a user attempting to access the application, the user being registered with an identity provider having a trust relationship with the application provider; obtaining, from a local database, user data including authentication data and access rights data; authenticating the user by the authentication data; determining the user right to access the application, by the access rights data; determining the existence or absence of a user account associated with the user, by querying an external database managed by the application provider; if the user has the right to access the application and there is no user account associated with the user: triggering provisioning of the user account at an entity, generating a proof of authentication associated with the user, sending the proof of authentication to the application provider.

Abstract: A method (M) for controlling access to a production system (SIP) of a computer system not connected to an information system (SIC), includes: A) an initial phase of enrolling a user via a terminal (1) in the production system (SIP), which includes: a) providing a private encrypted key (Cph) associated with each account of the user in the production system (SIP); b) the terminal transmitting the encrypted private key (Cph) to the information system and the system (SIC) registering the encrypted private key; B) for each request to access the production system, a phase of authentication by the production system, which includes: the terminal of the user recovering a challenge (QRCb) generated by the production system, that only the encrypted key stored in the information system makes it possible to solve, the key only being capable of being obtained after the terminal has been authenticated by the information system.