Abstract: A software system that has an embedded browser, an authenticator and a data channel module where the authenticator is adapted to authenticate a user, to authenticate a data channel and to bind the user authentication with the authenticated channel is disclosed. The authenticator is further adapted to communicate with the user via a graphical user interface of the embedded browser using graphical and control primitives of the authenticator and/or using a stand-alone graphical user interface of the authenticator, and the data channel module is adapted to communicate with service provider servers via a secure protocol, to communicate with the embedded browser and to communicate with the authenticator. A method of authentication using this system increases security and user comfort when accessing services and data requiring authentication is also disclosed.

Abstract: An authentication system for use with personal electronic identity gadgets of at least one user of services in that the personal electronic identity gadgets are configured to authenticate to a main service provider and are configured to trigger synchronization of data storages of service providers. The system has a data storage of an authentication system server component of at least one main service provider. The data storage is synchronizable with data storage(s) of server component(s) of at least one other service provider, either directly or via personal electronic identity gadgets, and the authentication system server component of the at least one main service provider is configured for mapping personal electronic identity gadgets to the account of the user of services. The system offers an authentication method that allows to recover from emergencies and/or increase the user comfort and/or increase security.

Abstract: An authentication system for use with personal electronic identity gadgets of at least one user of services in that the personal electronic identity gadgets are configured to authenticate to a main service provider and are configured to trigger synchronization of data storages of service providers. The system has a data storage of an authentication system server component of at least one main service provider. The data storage is synchronizable with data storage(s) of server component(s) of at least one other service provider, either directly or via personal electronic identity gadgets, and the authentication system server component of the at least one main service provider is configured for mapping personal electronic identity gadgets to the account of the user of services. The system offers an authentication method that allows to recover from emergencies and/or increase the user comfort and/or increase security.

Abstract: The invention provides a method for mapping at least two authentication devices to a user account using an authentication server, where each authentication device connects to the authentication server using a secured communication channel; their mapping to the user account is recorded on the authentication server, and, when a transfer of data between the authentication devices mapped to the user account occurs, the data is passed over from the first authentication device to the authentication server using a secured communication channel and from the authentication server to another authentication device mapped to the account of said user using a secured communication channel, where the aforesaid secured communication channel is created by the second authentication device. This procedure allows the use of a single personal local authentication factor for multiple authentication devices and increases the security of authentication of devices with authentication servers.

Abstract: A method of authenticating the communication of an authentication device and at least one authentication server using a local factor with creation of secret information shared by the authentication device and the authentication server; the reference information is derived from the secret information shared by the authentication device and the authentication server, where the manner of derivation is the same on the authentication device and on the authentication server; furthermore, the authentication device creates transformed reference information by means of cryptographic transformation from the reference information, where the local factor chosen and entered by the user or obtained from a medium or from the surrounding environment is used as an input in this cryptographic transformation, and where only the transformed reference information is stored on the authentication device and only the reference information is stored on the authentication server.

Abstract: A method of securing authentication in electronic communication between at least one user authentication mechanism and at least one server authentication mechanism, wherein primary authentication is performed in the first step, and during the primary authentication a secondary authentication secret is created and shared between the user authentication and the server authentication mechanisms and is valid only for the given authentication transaction, and the secondary authentication secret is subsequently used as an input for a cryptographic transformation performed by the user authentication mechanism separately on each authentication vector element while creating the first authentication vector product, wherein authentication vector (AV) is an ordered set of authentication vector elements (AVE)(i)), wherein the first authentication vector product is transferred from the user authentication mechanism to the server authentication mechanism and is evaluated by the server authentication mechanism using the seco

Abstract: A method of establishing protected electronic communication, secure transfer and processing of information among three or more subjects in which, at first, a first secure authenticated channel is created using an authentication system between a first subject and a second subject, and this channel is used by the first subject, in co-operation with the second subject, to create an authentication object stored on the second subject and provided with authentication object methods, whereas the first subject configures methods of authentication object by assigning to each method of the authentication object a rights control information for at least one other subject and optionally also a rights control information for the first subject to use at least one method of the authentication object, and then the first secure authenticated channel is closed.

Abstract: The solution provides a method of secret information entering into an electronic digital device by a user via the input/output device, when the electronic digital device assigns a multimedia information designed for interaction containing the elements (1) is such a way that their relation to control elements of the electronic digital device is variable between individual displays. Then, the user selects elements (1) of multimedia information designed for interaction assigned to elements (2) of secret information in an order corresponding with the order of elements (2) of secret information, so by selecting the elements (1) of multimedia information designed for interaction the user selects the elements (2) of secret information in given order.

Abstract: The invention solves the way of authentication of secured data channel between two sides (A, B) when there is at first established a non-authenticated protected data channel (1), with ending (3) of the data channel (1) on the first side (A) and ending (4) of the data channel (1) on the other side (B) and with target application (7) on the first side (A) and target application (8) on the other side (B), while the endings (3) and (4) have a non-authenticated shared secret (5), consequently, on both sides (A, B) of the data channel (1) there are calculated the data derived from non-authenticated shared secret (5), then the data derived from the non-authenticated shared secret (5) are passed via external communication means out of the data channel (1) to two sides (11, 12) of the external authentication system (2), which consequently performs authentication of communicating sides (A, B) including authentication of the data channel (1).

Abstract: The invention provides a method for mapping at least two authentication devices to a user account using an authentication server, where each authentication device connects to the authentication server using a secured communication channel; their mapping to the user account is recorded on the authentication server, and, when a transfer of data between the authentication devices mapped to the user account occurs, the data is passed over from the first authentication device to the authentication server using a secured communication channel and from the authentication server to another authentication device mapped to the account of said user using a secured communication channel, where the aforesaid secured communication channel is created by the second authentication device. This procedure allows the use of a single personal local authentication factor for multiple authentication devices and increases the security of authentication of devices with authentication servers.

Abstract: A method of authenticating the communication of an authentication device and at least one authentication server using a local factor with creation of secret information shared by the authentication device and the authentication server; the reference information is derived from the secret information shared by the authentication device and the authentication server, where the manner of derivation is the same on the authentication device and on the authentication server; furthermore, the authentication device creates transformed reference information by means of cryptographic transformation from the reference information, where the local factor chosen and entered by the user or obtained from a medium or from the surrounding environment is used as an input in this cryptographic transformation, and where only the transformed reference information is stored on the authentication device and only the reference information is stored on the authentication server.

Abstract: A method of establishing protected electronic communication, secure transfer and processing of information among three or more subjects in which, at first, a first secure authenticated channel is created using an authentication system between a first subject and a second subject, and this channel is used by the first subject, in co-operation with the second subject, to create an authentication object stored on the second subject and provided with authentication object methods, whereas the first subject configures methods of authentication object by assigning to each method of the authentication object a rights control information for at least one other subject and optionally also a rights control information for the first subject to use at least one method of the authentication object, and then the first secure authenticated channel is closed.

Abstract: A method of securing authentication in electronic communication between at least one user authentication mechanism and at least one server authentication mechanism, wherein primary authentication is performed in the first step, and during the primary authentication a secondary authentication secret is created and shared between the user authentication and the server authentication mechanisms and is valid only for the given authentication transaction, and the secondary authentication secret is subsequently used as an input for a cryptographic transformation performed by the user authentication mechanism separately on each authentication vector element while creating the first authentication vector product, wherein authentication vector (AV) is an ordered set of authentication vector elements (AVE)(i)), wherein the first authentication vector product is transferred from the user authentication mechanism to the server authentication mechanism and is evaluated by the server authentication mechanism using the seco

Abstract: The solution provides a method of secret information entering into an electronic digital device by a user via the input/output device, when the electronic digital device assigns a multimedia information designed for interaction containing the elements (1) is such a way that their relation to control elements of the electronic digital device is variable between individual displays. Then, the user selects elements (1) of multimedia information designed for interaction assigned to elements (2) of secret information in an order corresponding with the order of elements (2) of secret information, so by selecting the elements (1) of multimedia information designed for interaction the user selects the elements (2) of secret information in given order.

Abstract: The invention solves the way of authentication of secured data channel between two sides (A, B) when there is at first established a non-authenticated protected data channel (1), with ending (3) of the data channel (1) on the first side (A) and ending (4) of the data channel (1) on the other side (B) and with target application (7) on the first side (A) and target application (8) on the other side (B), while the endings (3) and (4) have a non-authenticated shared secret (5), consequently, on both sides (A, B) of the data channel (1) there are calculated the data derived from non-authenticated shared secret (5), then the data derived from the non-authenticated shared secret (5) are passed via external communication means out of the data channel (1) to two sides (11, 12) of the external authentication system (2), which consequently performs authentication of communicating sides (A, B) including authentication of the data channel (1).