公开(公告)号：MY177380A

公开(公告)日：2020-09-14

申请号：MYPI2013004482

申请日：2013-12-12

Applicant: MIMOS BERHAD ,  MIMOS BERHAD

Inventor： POH GEONG SEN ,  ALWYN GOH ,  NG KANG SIONG

Abstract: The present invention relates to a system (1 00, 200) and method (300) for protection of user authentication against at least single instance of capture-and-replay attacks, by means of input and processing of user credentials on a client-side user interface (UI), and subsequent transmission to a server undertaking credential authentication. The system (100, 200) and method (300) of the present invention utilizes credentials which are context dependent as inputs into ZK integration function which is additionally applicable as an interaction in two actions: firstly, between user and trusted platform, and secondly between trusted platform and client terminal, as similarly protective of user authentication against capture-and-replay attacks. The user submits credentials as an act of authentication based on context of interest (31 0) as deemed correct by user. Optional verification of the submitted context-dependent credential (320) on the client terminal or trusted platform follows. The method (300) involves ZK integration of the context-dependent credential (330) followed by verification of the authenticator (340), such that unauthorised interception of credentials as submitted does not necessarily result in capability of intercepting party to undertake fraudulent authentication. Verification of user-to-server authentication interaction as being correct is additionally dependent on independent determination by server of context of interest, which might include specification and stratification of time and/or location of the authentication interaction. Figure 3

公开(公告)号：MY178949A

公开(公告)日：2020-10-23

申请号：MYPI2015702497

申请日：2015-07-30

Applicant: MIMOS BERHAD

Inventor： LEE KAY WIN ,  ALWYN GOH ,  NG KANG SIONG ,  DHARMADHARSHNI MANIAM ,  GALOH RASHIDAH HARON

Abstract: A system (100, 200) for authentication comprises a client application (102) of a client device for user to access, a client authentication provider (103) which controls user access and protects the client application (102) from unauthenticated access and is configured to determine (S420) whether the client device is online or offline, and a server authentication requestor (104) for performing the online user authentication. A method for authentication, the method comprising the steps of determining, whether a client application (102) of a client device is online, in response to a determination that the client device is online, authenticating user based on an authentication parameter demonstrated by the user through an online user authentication service performed by a server authentication requestor (104), in response to a determination that the client device is offline, authenticating user based on an authentication parameter demonstrated by the user through an offline local authentication service by validating against the downloaded authentication token of the user.

公开(公告)号：MY185855A

公开(公告)日：2021-06-14

申请号：MYPI2013003730

申请日：2013-10-11

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH

IPC: G09C5/00

Abstract: The present invention relates to a method for visual authentication (112) of high-entropy parameters by means of multi-step progressive visualization on a receiving application by a user, more particularly to allow machine-to-human authentication, which is unaddressed in existing solutions and security protocol frameworks. One of the advantages of the present invention is that it provides for representation of long high-entropy codewords as perceptually significant visual images on graphical displays. These codewords occur in the context of cryptographic protocols, and typically range in length from 128 to 1024-bits. By computing representation at more detailed scales of resolution in progressive steps, this allows human visual inspection which is both secure, effective and ergonomic. Another advantage of the method of the present invention is that it computes visually simple (and therefore ergonomic) representations at each step of progressive computation, with the complexity of visualization process (as would necessarily arise from entropy content of cryptographic codewords) dispersed over the multiple steps of progression. This provides for the user to determine whether visualised cryptographic input is authentic by means of a process which can range from simple to exhaustive, with the level of thoroughness proportional to number of user interactions with the particular visualization object. Authentication of the input codeword would be accomplished by means of comparing test visualization against reference visualization at each progressive step, the latter of which is executed on platform deemed to be trustworthy by the user.(Figure 1)

公开(公告)号：MY169097A

公开(公告)日：2019-02-18

申请号：MYPI2014702902

申请日：2014-10-01

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  POH GEONG SEN ,  MOESFA SOEHEILA MOHAMAD ,  CHOONG KHONG NENG

Abstract: The present invention provides a method for secure network establishment, via authentication of single-use passwords, or equivalent credentials, between a plurality of nodes (602, 702) undertaking a basic embodiment (602), a hardened embodiment (702) and a mixture of both basic and hardened embodiments. In the basic embodiment, particular node is designated a trusted party (601) with the method comprising previous provision, by the trusted party (501), of a single-use public key (612, 613) for use by any node in plurality thereof to confirm present use of a single-use password or credential (621) as subject to acknowledgment (624) by the trusted party in present instance of secure connectivity; verification (631) by any node in plurality thereof of such acknowledgement; and then independent computation of a session-key (632) also by any node in plurality thereof, with which to establish present instance of secure connectivity by means of Zero-Knowledge (ZK) integration of presently applicable password; previously received single-use public-key; and further provision, by the trusted party, of a subsequent single-use public-key for use by any node in the plurality thereof to confirm use of a subsequent single-use password or credential (523), as presently unknown, for a subsequent instance of secure connectivity. In the hardened embodiment, the method further comprises reciprocal previous provision, by particular node in plurality thereof, of a single-use public-key (717, 718) for use to undertake commitment (740) prior to establishment of present instance of secure connectivity by means of Zero-Knowledge (ZK) integration of presently applicable password or credential; previously transmitted single-use public-key; fine-grained context of commitment; and further provision, by particular node undertaking commitment, of a subsequent single-use public-key to undertake commitment in relation to subsequent instance of secure connectivity. Trusted party is able, by means of undertaking verification (750) of such commitments as received from plurality of nodes, to detect replay of passwords or credentials, or alternatively misuse of node-associated private-keys, by an unauthorized node seeking to participate in present instance of secure connectivity; and thereafter to undertake sanction, on such node that had attempted replay of password or credential, or misuse of private-key.

公开(公告)号：MY191774A

公开(公告)日：2022-07-14

申请号：MYPI2016001442

申请日：2016-08-05

Applicant: MIMOS BERHAD

Inventor： LATIFAH BINTI MAT NEN ,  ALWYN GOH ,  LESLIE TIONG CHING OW ,  LEE KAY WIN ,  NG KANG SIONG

IPC: G06F21/32 ,  G06K9/00 ,  G10L17/00

Abstract: The system and method of the present invention for biometric authentication is based on challenge response interaction. In particular, the present invention relates to liveness establishment of a biometric authentication system based on challenge and response interaction using an apparatus attached to client platform. The system of the present invention comprising a user (112) which will be verified by utilizing face recognition authentication; a client device (114) comprising of a web browser (116) equipped with a response processor (108) and face detector (110) for capturing and detecting user facial images from visual input (114) and listening to speech obtained from audio input (112) and decode said speech into a response for authentication; an authentication server (116) for issuing challenge test, verifying user?s response and comparing user?s response based on specification of challenge-response interaction provided by user; and a storage (114) for storing at least user secret parameter and face template. The authentication server (116) for issuing challenge test, verifying user?s response and comparing user?s response based on specification of challenge-response interaction provided by user further comprising a challenge issuer (118); a response verifier (110); and a face recognition module (112). The present invention incorporates random challenge and response integrated with facial and speech recognition which provides for user to key in secret pattern and secret number prior to voicing out the result of the operation between random numbers combined with the keyed in secret number. The most illustrative drawing is FIG 2.

公开(公告)号：MY172134A

公开(公告)日：2019-11-14

申请号：MYPI2013004237

申请日：2013-11-25

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  SEA CHONG SEAK ,  NG KANG SIONG

IPC: H04L29/06

Abstract: Cryptographic interactions for authentication and authorization is mediated by means of visual inputs (via camera) and outputs (graphical display) using visual channel as out-of-band (OOB) medium for cryptographic handshaking based on strong public-key protocols. The system comprising at least one out-of-band (OOB) channel which allows machine to machine and machine to user interaction using same input and output devices; and bidirectional actions which comprises at least one or both entities computing and transmitting action parameter at remote entity. The at least one out-of-band (OOB) channel is deployed for entirety of interaction sequences in different phases of the system which allows machine to machine and machine to user interaction that adopts visual codes of cryptographic parameters. The general methodology of the present invention comprising steps of initializing interaction between entities (202); computing action through ZK integration of commitment of entity credentials on challenge (204) upon obtaining password from user (206); encoding cryptographic codeword used in computing actions (208) into machine readable visual representation to be displayed (210); decoding received barcodes from other interacting entities (214) into internal representations (212); synchronizing computation on each entity (216); determining if outcome of computation is correct (218); presenting outcome as image-based visualization if computation is correct (222, 224); and transmitting said image-based visualization with equivalent computation of other entity (228) as perceptible images on visual outputs (232). Cryptographic interactions of the present invention fully utilize visual inputs and outputs capabilities without having requirement of additional hardware tokens, and without external connectivity or TTP (trusted third party) involvement provided trusted device associated with user of interest is capable of undertaking the necessary computations

公开(公告)号：MY191618A

公开(公告)日：2022-07-04

申请号：MYPI2017705186

申请日：2017-12-29

Applicant: MIMOS BERHAD

Inventor： PU CHUAN HSIAN ,  SAZZAD HOSSAIN ,  ALWYN GOH ,  AHMAD SYARIF MUNALIH ,  SEYEDVAHID DIANAT

IPC: G07C9/00

Abstract: The present invention provides a system and method for physical access control by utilizing challenge response interaction. The present invention comprising at least one Authenticator Component (102) for online registration of user?s credential or offline registration of user?s credentials; at least one User Registration Server (106) for registration of user?s credential and for generating user-specific credential; at least one Access Control Component (504) for communication with the Authenticator Component (102) during challenge response authentication; at least one Access Control Registration Server (502) for registration of Access Control Component (504) and for generating component lock-specific credential; at least one Access Control Authentication Server (700) for verification of outcome resulted from challenge response authentication between the Authentication Component (102) and Access Control Component (504); and at least one Authentication Server (108) for authentication of user to access a physical device upon receipt of confirmation from the Access Control Authentication Server (700). In the present invention, a secure physical access control is provided by issuing challenge or by questioning user who wishes to gain access to the secure passage. User is able to authenticate user?s identity through response or `answer? originating from user?s mobile device as authenticator through mutually agreed cryptographic computations. The most illustrative drawing is FIG. 1.0.

公开(公告)号：MY188082A

公开(公告)日：2021-11-16

申请号：MYPI2015700997

申请日：2015-03-27

Applicant: MIMOS BERHAD

Inventor： MOESFA SOEHEILA MOHAMAD ,  ALWYN GOH ,  LEE KAY WIN

IPC: H04L9/32 ,  H04L9/00 ,  H04L29/06

Abstract: The present invention provides a method and system for a one time user-to-user delegation. The system comprises a delegation token generation module (112), an application server (106), an authentication server (102) and an authorization server (104). The method comprises the delegator (110) generating a delegation token and transmitting the token to a delegatee, the application server (106) verifying validity of a delegation token, the application server (106) then enquires authorization of a delegator (110) from the authorization server (104); and upon receiving authorization from the authorization server (104), the application server (106) executes a task or allows the delegatee to perform the task and removes the task entry from the delegation table (118).

公开(公告)号：MY161491A

公开(公告)日：2017-04-14

申请号：MYPI2013004450

申请日：2013-12-10

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH

IPC: H04L9/08

Abstract: A method for the authentication (200,300) of at least two entities and establishment of a secure communications channel between the entities is provided. The method comprises: computation (210, 310) of zero knowledge, ZK commitments by the entities based on parameters implicity derived from the authentication or explicity generated by the entities; transmission (220,320) of the commitments by the entities to one anothe, verification ( 240,340) by the entities that the commitment are correct and correctly associated with their respective entity; and conclusion of the authentication process and establishment of the secure communications channel; characterised in that at least one of the entities applies a private-key to compute its associated commitment or alternatively directed at a specific other entity, wherein the use of private-key associated with sending entity is verifiable by means of corresponding public-key in the prior possession of the receiving entity.

公开(公告)号：MY190705A

公开(公告)日：2022-05-11

申请号：MYPI2016001225

申请日：2016-06-30

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  LATIFAH BINTI MAT NEN ,  LESLIE TIONG CHING OW ,  AHMAD SYARIF MUNALIH ,  LEE KAY WIN

IPC: G06K9/00

Abstract: The present invention provides a framework for integration of biometric recognition methodologies of variable computation cost. The system of the present invention comprises a Detection Module (102) which captures images through a camera from a user and detects biometric data through a browser at the client platform; an Image Processing Module (104a and 104b) which enhances the quality of ROI images through relatively fast and relatively slow processing which will enhance the quality of biometric image; a Feature Extraction Module (106a and 106b) which extracts facial features by means of multiple methods which range from relatively computation-inexpensive to relatively computation- expensive from enhanced ROI images; a Feature Matching Module (108a and 108b) which calculated distances between the multiple feature vectors previously extracted and the multiple feature vector which has been stored in database; and an Authentication Module (110) which combines multiple distance scores obtained from Feature Matching process in order to undertakes decision of acceptance or rejection of user based on submission of applicable video-stream. In the present invention, biometric data is captured by means of an apparatus (i.e. camera) attached to the client platform. Upon capturing biometric data by utilizing camera, the processes of biometric detection, signal processing and feature extraction are executed. Concurrent execution of expensive and inexpensive computation would respectively result in relatively slow and relatively fast computation of the biometric feature vectors associated with the user of interest. The present invention allows integration of these relatively fast and slow assessments of biometric authenticity, and also for multiple progressive assessments based on the relative speed of these computations. (The most illustrative drawing is FIG. 1.0.)