Abstract: A user device comprising a processor configured to enable a mnemonic based digital signature scheme for user authentication that is based on a combination of one or more secrets and one or more actions implemented on the user device and associated with the secrets, and a device input system coupled to the processor and configured to detect the actions implemented on the user device. Also disclosed is an apparatus comprising a processor configured to implement a mnemonic based digital signature for authenticating a user, a device input system configured to enable the mnemonic based digital signature, and a memory unit configured to store input data that is used to recognize the mnemonic based digital signature, wherein the mnemonic based digital signature comprises a secret, an action associated with the secret and implemented using the device input system, and a cue associated with the action.

Abstract: The embodiments of the present disclosure disclose a method and apparatus for reducing the parameter transmission bandwidth. The parameter sender reduces the values of the parameters before sending the parameters to the parameter receiver. This scheme reduces the bandwidth consumed during parameter transmission, thus makes the transmission more efficient. The embodiment of the present disclosure also discloses a method for key exchange. This method reduces the values of the transmission parameters before sending the transmission parameters. This saves the bandwidth compared with the protocol in the prior art. Besides, the embodiment of the present disclosure discloses a system for key exchange. The parameter sender sends the transmission parameters to the bandwidth processing unit.

Abstract: A system and a method for security authentication, in which a biometric authentication subsystem in the security authentication system receives a biometric certificate held by the user and the user's biometric information from a user terminal; the biometric certificate contains the user's biometric template or the storage address of the biometric template; next, the biometric authentication subsystem authenticates the biometric certificate, performs matching between the biometric information and the biometric template, and generates the identity authentication result. The invention can also combine biometric authentication with PMI privilege authentication, so as to enhance security of identity authentication in PMI and widen applicability of biometric authentication.

Abstract: The embodiments of the present disclosure disclose an authentication method, a system, a server, and a user node are disclosed herein. The method includes: generating, by a server, a server session key according to the identity information, at least one login information parameter, and the validity period included in the login information, generating at least one session key parameter of a user node according to the generator point of the algebraic curve, and sending at least one session key parameter of the user node to the user node; generating, by the user node, a user node session key according to at least one session key parameter of the user node; performing, by the server and the user node, mutual authentication according to the session keys. The authentication solution under the present disclosure is simple and practicable, and is also applicable to authenticating the user node in a grid computing platform.

Abstract: A user device comprising a processor configured to enable a mnemonic based digital signature scheme for user authentication that is based on a combination of one or more secrets and one or more actions implemented on the user device and associated with the secrets, and a device input system coupled to the processor and configured to detect the actions implemented on the user device. Also disclosed is an apparatus comprising a processor configured to implement a mnemonic based digital signature for authenticating a user, a device input system configured to enable the mnemonic based digital signature, and a memory unit configured to store input data that is used to recognize the mnemonic based digital signature, wherein the mnemonic based digital signature comprises a secret, an action associated with the secret and implemented using the device input system, and a cue associated with the action.

Abstract: The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication center, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

Abstract: A system and method for generating analog-digital mixed chaotic signal and an encryption communication method thereof are provided. In the system and method, the complementarity between continuous chaotic systems (12, 22) and digital chaotic systems (11, 21) are reasonably utilized. In specific, the digital chaotic systems, which are separated from each other, control the local continuous chaotic systems respectively, so as to enable the continuous chaotic systems, which are also separated from each other, to stably and synchronously work for a long time. Thus, there is no need to transmit the synchronizing signal, and as a result the anti-attack capability is increased effectively. Further, the continuous chaotic systems disturb the local digital chaotic systems to prevent the digital chaotic systems from degradation. This compensates the drawbacks of digital chaotic systems.

Abstract: The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

Abstract: The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

Abstract: A correlative reacting system and a method for implementing security update of mobile station. The correlative reacting system includes a security correlative agent at a terminal side and a security correlative server at a network side communicated with the security correlative agent via an air interface. In the present invention, the correlative reacting system performs an information interaction with the mobile station, controls the mobile station to carry out an automatic security update. The automatic security update includes automatic downloading and installation, update of the security correlative agent, and automatic recovery of the insecurity factors of the mobile station and the like.

Abstract: The present invention discloses a method and system for remote password based authentication using smart cards for accessing a communications network. The disclosed method does not require a remote authentication sever to maintain a table of passwords for all users. The disclosed method and system also support mutual authentication. It not only prevents the illegal use of system resources by an impersonator, the user can also authenticate the identity of the remote authentication server.

Abstract: A bidirectional authentication method, a system, and a network device, that relates to network information security are provided. The method may include: a network device configured to generate an inspection parameter according to a public key of the peer network device and a private key of the network device, the public key and the private key of the network device being generated according to an identifier of the network device. The network device may perform reciprocal authentication according to the inspection parameter generated by the network device and an inspection parameter sent by the peer network device. A system and a network device for bidirectional authentication are also provided herein. As such, extra calculation caused by certificate authentication may be reduced, and thus provide a more secure and reliable system having a simplified key management.

Abstract: A system and method for generating analog-digital mixed chaotic signal and an encryption communication method thereof are provided. In the system and method, the complementarity between continuous chaotic systems (12, 22) and digital chaotic systems (11, 21) are reasonably utilized. In specific, the digital chaotic systems, which are separated from each other, control the local continuous chaotic systems respectively, so as to enable the continuous chaotic systems, which are also separated from each other, to stably and synchronously work for a long time. Thus, there is no need to transmit the synchronizing signal, and as a result the anti-attack capability is increased effectively. Further, the continuous chaotic systems disturb the local digital chaotic systems to prevent the digital chaotic systems from degradation. This compensates the drawbacks of digital chaotic systems.

Abstract: The present invention discloses a method and system for authentication. The method for authentication includes: acquiring the privilege security level corresponding to a client-end; inquiring the identity security level corresponding to the privilege security level according to an established relation of association between privilege security level and identity security level; determining the authentication parameters for identity authentication according to the identity security level; performing identity authentication on the client-end using the authentication parameters; and obtaining an authentication result. The identity authentication and privilege authentication are combined, and identity authentication is performed according to the identity security level in accord with the privilege security level so that rules of identity authentication can be adjusted, and the flexibility of the process of authentication may be improved.

Abstract: The embodiments of the present disclosure disclose a method and apparatus for reducing the parameter transmission bandwidth. The parameter sender reduces the values of the parameters before sending the parameters to the parameter receiver. This scheme reduces the bandwidth consumed during parameter transmission, thus makes the transmission more efficient. The embodiment of the present disclosure also discloses a method for key exchange. This method reduces the values of the transmission parameters before sending the transmission parameters. This saves the bandwidth compared with the protocol in the prior art. Besides, the embodiment of the present disclosure discloses a system for key exchange. The parameter sender sends the transmission parameters to the bandwidth processing unit.

Abstract: The embodiments of the present disclosure disclose an authentication method, a system, a server, and a user node are disclosed herein. The method includes: generating, by a server, a server session key according to the identity information, at least one login information parameter, and the validity period included in the login information, generating at least one session key parameter of a user node according to the generator point of the algebraic curve, and sending at least one session key parameter of the user node to the user node; generating, by the user node, a user node session key according to at least one session key parameter of the user node; performing, by the server and the user node, mutual authentication according to the session keys. The authentication solution under the present disclosure is simple and practicable, and is also applicable to authenticating the user node in a grid computing platform.

Abstract: The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

Abstract: Methods and systems for implementing authentication on information security are disclosed, and the process includes: receiving from a user an access request which carries an attribute certificate, wherein the attribute certificate includes an extension identifier for indicating a biometric certificate associated with the attribute certificate; acquiring the biometric certificate, determining, according to the extension identifier, whether the acquired biometric certificate is associated with the attribute certificate carried in the access request; if the biometric certificate is associated with the attribute certificate, acquiring biometric feature data of the user, and performing identity authentication based on the biometric feature data and the biometric certificate; performing privilege authentication based on the attribute certificate; and controlling the access based on the results of the identity authentication and privilege authentication.

Abstract: The present invention discloses a method and system for remote password based authentication using smart cards for accessing a communications network. The disclosed method does not require a remote authentication sever to maintain a table of passwords for all users. The disclosed method and system also support mutual authentication. It not only prevents the illegal use of system resources by an impersonator, the user can also authenticate the identity of the remote authentication server.

Abstract: A system and a method for security authentication, in which a biometric authentication subsystem in the security authentication system receives a biometric certificate held by the user and the user's biometric information from a user terminal; the biometric certificate contains the user's biometric template or the storage address of the biometric template; next, the biometric authentication subsystem authenticates the biometric certificate, performs matching between the biometric information and the biometric template, and generates the identity authentication result. The invention can also combine biometric authentication with PMI privilege authentication, so as to enhance security of identity authentication in PMI and widen applicability of biometric authentication.