Techniques for authentication via a mobile device are provided. A mobile device is pre-registered for website authentication services. A user encounters a website displaying an embedded code as an image alongside a normal login process for that website. The image is identified by the mobile device, encrypted and signed by the mobile device and sent to a proxy. The proxy authenticates the code and associates it with the website. Credentials for the user are provided to the website to automatically authenticate the user for access to the website bypassing the normal login process associated with the website.

The present invention discloses methods for effective network-security inspection in virtualized environments, the methods including the steps of: providing a data packet, embodied in machine-readable signals, being sent from a sending virtual machine to a receiving virtual machine via a virtual switch; intercepting the data packet by a sending security agent associated with the sending virtual machine; injecting the data packet into an inspecting security agent associated with a security virtual machine via a direct transmission channel which bypasses the virtual switch; forwarding the data packet to the security virtual machine by employing a packet-forwarding mechanism; determining, by the security virtual machine, whether the data packet is allowed for transmission; upon determining the data packet is allowed, injecting the data packet back into the sending security agent via the direct transmission channel; and forwarding the data packet to the receiving virtual machine via the virtual switch.

A device, system and method for fast and secure Proxy Re-Encryption (PRE) using key switching. A first user is assigned first encryption and decryption keys and a second user is assigned second encryption and decryption keys. First encrypted data encrypted with the first encryption key may be re-encrypted using a proxy re-encryption key to simultaneously switch encryption keys by adding the second encryption key and cancelling the first encryption key by the first decryption key to transform the first encrypted data encrypted by the first encryption key to second encrypted data encrypted by the second encryption key, without decrypting the underlying data. The second user may be the sole system device that possesses the (e.g., private) second decryption key to decrypt the second encrypted data.

A request to access a destination device associated may be received from a user device. The request may comprise a digital certificate. The digital certificate may comprise a public key of the user device. A distributed ledger address of the user device may be determined by applying a deterministic function to the public key of the user device. A distributed ledger entry may be created on a distributed ledger. The distributed ledger entry may comprise the address of the user device. Based on the distributed ledger entry, access to the destination device may be granted to the user device.

There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message.

Embodiments of the present application provide an identity authentication method, business server, authentication server and identity authentication system. According to some embodiments, the method includes acquiring a first user identification code corresponding to a client when a data interaction request sent by the client is received, sending the first user identification code to the authentication server, acquiring an intermediate number corresponding to the first user identification code from the authentication server, sending the intermediate number to the client for a client-side user to initiate a call request to the intermediate number using a telephone communication network, receiving an authentication result of the identity authentication from the authentication server according to the call request, and processing the data interaction request according to the authentication result. The identity authentication method of embodiments of the present application improves the reliability and security of identity authentication.

One aspect relates to a communication protocol for communicating between one or more entities, such as devices, hosts or any other system capable of communicating over a network. A protocol is provided that allows communication between entities without a priori knowledge of the communication protocol. In such a protocol, for example, information describing a data structure of the communication protocol is transferred between communicating entities. Further, an authentication protocol is provided for providing bidirectional authentication between communicating entities. In one specific example, the entities include a master device and a slave device coupled by a serial link. In another specific example, the communication protocol may be used for performing unbalanced transmission between communicating entities.

Methods, systems, and devices are provided for authenticating API messages using PKI-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to verify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing.

The present invention relates to a biometric identification method of an entity comprising computation of a matching value between biometric data of an entity u and reference biometric data u, by application of a function F to said biometric data by performing a non-interactive, publicly verifiable computation method comprising: representation of said function in the form of an arithmetic circuit converted into a polynomial representation, and generation of keys, determination of matching value by evaluating the arithmetic circuit having the biometric data of the entity and the reference biometric data as inputs, generation of proof of correction of the computation execution of the matching values, verification of said received proof, representation of said function comprising encoding of an integer k>1 of binary integers of a vector of a biometric datum on at least one input wire of the circuit, and the function F comprising at least m scalar products, if the divider m is equal to 2 or 3, evaluation of the circuit iteratively comprises computation of each of the m scalar products by means of N/km multiplication operators, storage and summation of m results of computations of said scalar products and if the divider m is greater than or equal to 4, evaluation of the circuit iteratively comprises computation of each of the m scalar products by alternatively using a first or a second sub-circuit to compute the sum of the scalar product of the values of the input wires of this sub-circuit and of a value stored in a storage memory of the other sub-circuit.

The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.