Abstract: A method for detecting an attack on a communications channel, while authenticating a user of a client device at a server or peer-to-peer or multi-peer connection is provided. The method includes: monitoring the line latency, as detected by a rapid-fire exchange of a nominal number of bytes and comparing the round trip reply latency to expected values, forming keys created by collecting information regarding the hardware, software, connection speed, or network information related to the client device or biometric information related to the user, encrypting data, using a computer microprocessor associated with the client device, with the subset of characters of the username or password, one-time-use password, or collected information, transmitting the encrypted data from the client device to the server via a network link therebetween, and decrypting the data, at the server, using a server-side copy of the username, password, and collected information.
Abstract: A user of a client device establishes a secure connection to a server (or other) device without using public keys or third-party certification by entering only a subset of characters in a username associated with the user and a one-time-use password at the client device; an application on the client device collects information regarding the hardware, software, or network information related to the client device or biometric information related to the user. Data sent between the client and server is encrypted (and thereafter transmitted) using, the subset of characters, one-time-use password, and collected information. Communications between the client and server may be monitored to detect a man-in-the-middle attacker, and a security strength may be varied accordingly.
Abstract: A user of a client device establishes a secure connection to a server (or other) device without using public keys or third-party certification by entering only a subset of characters in a username associated with the user and a one-time-use password at the client device; an application on the client device collects information regarding the hardware, software, or network information related to the client device or biometric information related to the user. Data sent between the client and server is encrypted (and thereafter transmitted) using the subset of characters, one-time-use password, and collected information. Communications between the client and server may be monitored to detect a man-in-the-middle attacker, and a security strength may be varied accordingly.