Methods and systems described herein authenticate a user and help secure transaction. A display screen presents images that are difficult for malware to recognize but a person can recognize. In at least one embodiment, a person communicates transaction information using visual images received from the service provider system. In at least one embodiment, a user selects a sequence of visual images as a means of authenticating the user and logging into a financial account or other corporate account. In some embodiments, methods and systems are provided for determining whether to grant access, by generating and displaying visual images on a screen that the user can recognize, and select. In an embodiment, a user presses his or her finger or fingers on a display screen to select images as a method for authenticating and protecting communication from malware. In an embodiment, non-determinism in hardware helps unpredictably vary the image selected, the image location, generate noise in the image, or change the shape or texture of the image. In some embodiments, visual image authentication helps Alice and Bob detect if Eve has launched a man-in-the-middle attack on their key exchange.

The present application relates to networking technologies, communication cube technologies, and, more particularly, to methods, apparatus, techniques, and means for communication security, encryption, and privacy in network communications.

Methods and apparatuses are described for decentralized authorization of user access requests in a distributed service architecture. A gateway node receives a user access request from a remote computing device. The gateway generates a signed and encrypted access token based upon the user access request using an authorization service node and a key management service node. The gateway transmits the access token, the user access request, and a security certificate received from the authorization service to a security proxy node of a microservice container. The security proxy validates the certificate and the access token. The security proxy decrypts the access token using a public key from the certificate, and determines user authorization to access a service endpoint node based upon the decrypted token. The security proxy transmits the user access request to the service endpoint, which provides the remote device with access to services based upon the user access request.

A method of authenticating a user. The method comprises the step of sending an authentication request to a remote authentication device and generating a first piece of authentication information. A mobile device receives the first piece of authentication information from either an access terminal or the remote authentication device. The mobile device of the user generating a second piece of authentication information which is at least partially based on the received first piece of authentication information. The second piece of authentication information is sent to the remote authentication devices and the second piece of authentication information validated. If the second piece of authentication information is successfully validated an authentication signal is generated.

A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

A method (400) for accessing one or more service processes (222) of service (250) includes executing at least one service enclave (220) and executing an enclave sandbox (200) that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel (210) to the at least one service enclave interfacing with the one or more service processes, and communicate program calls (302) to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.

There is provided an information processing apparatus including a processor that generates a plurality of pieces of authority information for obtaining user information classified into a plurality of categories, in which the processor generates the authority information to correspond to each of a plurality of the categories.

Methods include establishing a transport layer security connection between the client and a server that provides the web service, identifying at least one cryptographic key for communication with the web service in the connection, closing the connection and communicating between the client and the web service using a web service token that is signed and encrypted according to the identified at least one cryptographic key. Communicating between the client and the web service using a web service token may not require creation of a new transport layer security connection. Further embodiments provide a computer configured to perform operations as described above and computer-readable medium storing instructions that, when executed by a computer, perform operations as described above.

A system may be disclosed in the present disclosure, comprising: an interface service unit configured to perform at least one of sending data to or receiving data from one or more users via a user interface; and a transmission unit including: a blockchain adaptor configured to transmit data to a plurality of different types of blockchains, via a blockchain interface, according to data format and communication mode requirements of each of the plurality of different types of blockchains and a transmission controller configured to trigger a smart contract running on a blockchain of the plurality different types of blockchains via the blockchain interface, and control a data transmission under instructions from the smart contract, wherein the data transmission is based on data received from the user interface.

Embodiments of the present disclosure provide a secure communication method, a client and a non-public server. The secure communication method includes: generating a set of destination addresses of a non-public server based on an IPv6 prefix of the non-public server, and a signature string and a user ID of a client, wherein the signature string is obtained by signing an IPv6 address and the user ID of the client based on a private key of the client; initiating a set of connection request to the non-public server based on a set of communication connections containing the set of destination addresses, for the non-public server to determine a public key corresponding to a user ID based on the user ID in the set of destination addresses, verifying the set of communication connections based on the public key, and establishing communication when the verification of the set of communication connections passes.