公开(公告)号：MY172974A

公开(公告)日：2019-12-16

申请号：MYPI2012003210

申请日：2012-07-13

Applicant: MIMOS BERHAD

Inventor： GALOH RASHIDAH HARON ,  SEA CHONG SEAK ,  NG KANG SIONG ,  WONG HON LOON ,  DHARMADHARSHNI MANIAM

IPC: H04L29/06 ,  H04W12/06

Abstract: The system and method of the present invention proposes user authentication using non reusable random generated mobile SMS key while retaining user privacy. The system of the present invention comprising at least one user (101) with user mobile phone (106); at least one web application (104); at least one authentication service provider (103); at least one authentication server (102); and at least one database (105). The at least one authentication server (102) further comprising at least one authentication interface module (201); at least one authentication verification module (202); at least one SMS key generation module (203); at least one SMS gateway (204); and at least one database interface module (205). The methodology of the present invention comprises steps of requesting user information for authentication (302); authenticating user information (304); returning authentication status to web application (310); and performing authorization by granting access to user upon successful user authenticat ion (312). Authentication of user information comprises steps of computing hash value (DK1) based on user information (402); searching database for matching hash value (DK1) (404); and generating new mobile SMS key (K2) upon locating matching record in database (406) after mobile SMS key (K1) has been authenticated in the current transaction.

公开(公告)号：MY178949A

公开(公告)日：2020-10-23

申请号：MYPI2015702497

申请日：2015-07-30

Applicant: MIMOS BERHAD

Inventor： LEE KAY WIN ,  ALWYN GOH ,  NG KANG SIONG ,  DHARMADHARSHNI MANIAM ,  GALOH RASHIDAH HARON

Abstract: A system (100, 200) for authentication comprises a client application (102) of a client device for user to access, a client authentication provider (103) which controls user access and protects the client application (102) from unauthenticated access and is configured to determine (S420) whether the client device is online or offline, and a server authentication requestor (104) for performing the online user authentication. A method for authentication, the method comprising the steps of determining, whether a client application (102) of a client device is online, in response to a determination that the client device is online, authenticating user based on an authentication parameter demonstrated by the user through an online user authentication service performed by a server authentication requestor (104), in response to a determination that the client device is offline, authenticating user based on an authentication parameter demonstrated by the user through an offline local authentication service by validating against the downloaded authentication token of the user.

公开(公告)号：MY175074A

公开(公告)日：2020-06-04

申请号：MYPI2013004236

申请日：2013-11-25

Applicant: MIMOS BERHAD

Inventor： SEA CHONG SEAK ,  NOR IZYANI DAUD ,  GALOH RASHIDAH BINTI HARON ,  NG KANG SIONG ,  DHARMADHARSHNI MANIAM ,  WONG HON LOON

Abstract: Secure transaction log is used as an audit trail mechanism as said secure logging system is a centralized system that logs all application transactions from different servers wherein it provides an authentication method for client to login to the logging system and an authorization method to verify that only registered servers are able to record and view data to or from the storage. The system comprising at least one client platform (102); at least one application platform (104) and at least one storage device (106) having capacity for storing information. The at least one client platform (102) further comprising at least one user token (102a) for identifying user credentials; and at least one physical machine (102c) for processing client transaction while the at least one application platform (104) further comprising log information which at least comprises a set of data containing user credentials, server identity, IP address, server distinguish name and timestamp; and at least one secure transaction web service (104a, 104b) for validating client transaction and processing log data. To enable secure transaction log for server logging, the general methodology of the present invention comprising steps of obtaining user credentials to authenticate client for server logging (202); logging into server for transaction log (204); and enabling viewing of logging information of authorized users to record and view information to or from at least one storage. Further, storage information is protected and secured by using hash function (716) wherein hash function is used for authorization of user (718) to ensure that only validated user is able to log in or retrieve log information to and from said storage.