公开(公告)号：MY177380A

公开(公告)日：2020-09-14

申请号：MYPI2013004482

申请日：2013-12-12

Applicant: MIMOS BERHAD ,  MIMOS BERHAD

Inventor： POH GEONG SEN ,  ALWYN GOH ,  NG KANG SIONG

Abstract: The present invention relates to a system (1 00, 200) and method (300) for protection of user authentication against at least single instance of capture-and-replay attacks, by means of input and processing of user credentials on a client-side user interface (UI), and subsequent transmission to a server undertaking credential authentication. The system (100, 200) and method (300) of the present invention utilizes credentials which are context dependent as inputs into ZK integration function which is additionally applicable as an interaction in two actions: firstly, between user and trusted platform, and secondly between trusted platform and client terminal, as similarly protective of user authentication against capture-and-replay attacks. The user submits credentials as an act of authentication based on context of interest (31 0) as deemed correct by user. Optional verification of the submitted context-dependent credential (320) on the client terminal or trusted platform follows. The method (300) involves ZK integration of the context-dependent credential (330) followed by verification of the authenticator (340), such that unauthorised interception of credentials as submitted does not necessarily result in capability of intercepting party to undertake fraudulent authentication. Verification of user-to-server authentication interaction as being correct is additionally dependent on independent determination by server of context of interest, which might include specification and stratification of time and/or location of the authentication interaction. Figure 3

公开(公告)号：MY167500A

公开(公告)日：2018-09-04

申请号：MYPI20064270

申请日：2006-10-03

Applicant: MIMOS BERHAD

Inventor： NG KANG SIONG ,  LEE KAY WIN

IPC: G06F17/30 ,  G06F17/00

Abstract: A SYSTEM (10) FOR INTERACTING WITH A SERVER (30) FROM A WEB BROWSER WITHOUT MANUAL INTERVENTION, THE SYSTEM COMPRISING: A WEB PAGE (20) THAT IS DIVIDED INTO A FIRST (21) AND SECOND FRAME (22) IN RESPONSE TO A USER REQUEST, THE FIRST FRAME (21) CONTAINING A FORM (40) FOR SUBMISSION TO THE SERVER (30), AND THE SECOND FRAME (22) CONTAINING AN APPLET (24) TO ACCESS LOCAL RESOURCES AND A SCRIPT (23) TO INTERFACE WITH THE APPLET (24); WHEREIN UNTIL THE USER REQUEST IS FULFILLED, REPEATING: INVOKING THE SCRIPT (23) FROM THE FIRST FRAME (21) TO CALL (203) A METHOD FOR THE APPLET (24) TO PERFORM A PREDETERMINED OPERATION ACCESSING LOCAL RESOURCES, THE EXECUTION OF THE PREDETERMINED OPERATION RETURNING AT LEAST ONE VALUE TO BE STORED IN AT LEAST ONE VARIABLE OF THE SCRIPT (23); UPDATING THE FORM (40) BY ASSIGNING THE AT LEAST ONE VALUE FROM THE AT LEAST ONE VARIABLE INTO AT LEAST ONE FIELD OF THE FORM (40); AND SUBMITTING THE UPDATED FORM TO THE SERVER (30).

公开(公告)号：MY165297A

公开(公告)日：2018-03-21

申请号：MYPI20091524

申请日：2009-04-15

Applicant: MIMOS BERHAD

Inventor： NG KANG SIONG ,  GALOH RASHIDAH HARON ,  SEA CHONG SEAK ,  TAN FUI BEE ,  WAN AHMAD ZAINIE WAN MOHAMAD

IPC: G06F12/00

Abstract: THE PRESENT INVENTION RELATES TO A SYSTEM (100) AND METHOD FOR PERFORMING SECURE DESTRUCTION OF TEMPORARY FILES. THE PRESENT SYSTEM (100) AND METHOD INCLUDES CREATING A MAIN COMPARTMENT (104) AND A TEMPORARY COMPARTMENT (110) FOR PROVIDING A FIRST VIRTUAL COMPUTING ENVIRONMENT AND A SECOND VIRTUAL COMPUTING ENVIRONMENT TO HOST AT LEAST ONE OPERATING SYSTEM (102, 108) AND A PLURALITY OF APPLICATIONS (106, 112). MOREOVER, THE PRESENT SYSTEM (100) AND METHOD INSTRUCTS AN INSTALLATION TO THE TEMPORARY COMPARTMENT (112) FROM ONE OF THE PLURALITY OF APPLICATIONS (106) IN THE MAIN COMPARTMENT (104). FURTHER, THE PRESENT SYSTEM (100) AND METHOD DESTROYS A PLURALITY OF TEMPORARY FILES (114) GENERATED BY ONE OF THE PLURALITY OF APPLICATIONS (112) OF THE TEMPORARY COMPARTMENT FOR VIEWING A GRANTED AUTHORIZATION PROCESS. FURTHERMORE, THE PRESENT SYSTEM (100) AND METHOD INCLUDES COMMUNICATING FROM THE MAIN COMPARTMENT (104) TO THE TEMPORARY COMPARTMENT (110) FOR PROVIDING AN INSTRUCTION PATH TO PERFORM A SET OF FUNCTIONAL OPERATIONS TO CREATE AND DESTROY THE MAIN COMPARTMENT (104) OR THE TEMPORARY COMPARTMENT (110) USING A COMMUNICATION LINK. THE MOSI ILLUSTRATIVE DRAWING:

公开(公告)号：MY186786A

公开(公告)日：2021-08-20

申请号：MYPI2015702118

申请日：2015-06-23

Applicant: MIMOS BERHAD

Inventor： POH GEONG SEN ,  MOESFA SOEHEILA MOHAMAD ,  ALWYN GOH ,  NG KANG SIONG

IPC: G06F21/00 ,  H04L9/00

Abstract: The present invention relates to a method and system for data privacy in a scenario where a data owner (100) wishes to outsource storage of data to multiple remote data storage providers (110) in a private manner, in such a way that every data storage provider (110) only stores partial data of a document. This means no one data storage provider (110) is able to learn the content of any one or more documents outsourced among the data storage providers (110). Existing solutions mainly considered the problem of a data owner submitting storage of data to one data storage provider, for both single-keyword and conjunctive keyword searches. Given today the availability of various data storage providers, the present invention provides solution utilizing different index information in the form of tables and index query mechanisms for the case of direct segmentation and outsourcing with minimal involvement of the data storage providers (110). (Figure 1)

公开(公告)号：MY186315A

公开(公告)日：2021-07-08

申请号：MYPI2014702934

申请日：2014-10-03

Applicant: MIMOS BERHAD ,  SUNWAY UNIV

Inventor： ALWYN GOH ,  NG KANG SIONG ,  LEE KAY WIN ,  LATIFAH MAT NEN ,  DAVID NGO CHEK LING

IPC: G06F21/32 ,  H04L9/32

Abstract: The present invention provides a method of ZK masking and encoding on biometric data in discretised vector representation. The method comprises encoding (150) of a biometric vector-stream, as comprises a sequence of biometric vector-frames, during an authentication interaction between a client sub-system (220) and a server sub-system (240), wherein encoding of any particular biometric vector-frame is different from any other biometric vector-frame in vector-stream of interest; secure transmission of such an encoded biometric vector-stream as originating from a particular user of interest (210) operating the client (220) to the server (240); and then decoding (160) at the server (240) of the encoded biometric vector-stream as received from the client (220); further comprising limitation in capability of server (240) to undertake such decoding by subject to correct demonstrationng of private PKC credential corresponding to public credential stipulated by the user (210) during the authentication interaction. The method further comprises masking (140) of the biometric vector-stream such as to have no effect on subsequent biometric distance measurement (170); and further comprising masking function that is identically applicable on test biometric vectors and reference biometric vectors; and is dependent on a valuation of masking key, such valuation as presumed secret and exclusive to user of interest, and as further arises from output of one-way function acting on inputs inclusive, without limitation, of public credentials of server, and private credentials of user.

公开(公告)号：MY184944A

公开(公告)日：2021-04-30

申请号：MYPI2014702046

申请日：2014-07-24

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  NG KANG SIONG ,  SEA CHONG SEAK ,  THILLAI RAJ T RAMANATHAN

IPC: H04L9/08 ,  H04L9/32

Abstract: The present invention discloses a method and system for computation and verification of authentication parameters between two entities, an originating entity and a receiving entity, which in the embodiment of interest comprises a server (100), a client interface thereof (110), a human user (120) and a trusted system (130) deemed as such by the human user. The method comprises the user (120) authenticating the server (100) by visual comparison of an authentication code in numeric, symbolic, graphical or visual-interactive form computed by the server (100) in comparison to a plurality of reference codes computed on the trusted system (130); and reciprocally the server (100) authenticating the user (120) subsequent to transcription or transfer of an authentication code, as computed and displayed on the trusted system (130), to the client interface (110) and thenceforth to the server (100),by means of comparison of the test code to a plurality of reference codes computed on the server (100). The method of computation and verification of the authentication codes as aforesaid are by means of zero knowledge (ZK) transformation of time, location or service-specific information; with measurement or determination of time or location information as independently undertaken on server (100) and trusted system (130). The most illustrative drawing: FIGURE 1

公开(公告)号：MY184704A

公开(公告)日：2021-04-18

申请号：MYPI2014702836

申请日：2014-09-26

Applicant: MIMOS BERHAD

Inventor： KHAIRUL AZMI BIN ABU BAKAR ,  NG KANG SIONG ,  ALWYN GOH ,  BONG CHIN WEI ,  DEREK WILLIAM HOLTBY

IPC: H04L9/32

Abstract: The present invention relates to a system and method for authenticating a user based on user behaviour and environmental factors. The system (100) allows the user to access to an application server by evaluating the trust value of environmental and user behaviour factors. The system (100) comprises a Client Platform (101), an Authentication Gateway (102), an Authentication Server (103), an Application Server (104), and a Trust Engine (105). (Figure 1)

公开(公告)号：MY191774A

公开(公告)日：2022-07-14

申请号：MYPI2016001442

申请日：2016-08-05

Applicant: MIMOS BERHAD

Inventor： LATIFAH BINTI MAT NEN ,  ALWYN GOH ,  LESLIE TIONG CHING OW ,  LEE KAY WIN ,  NG KANG SIONG

IPC: G06F21/32 ,  G06K9/00 ,  G10L17/00

Abstract: The system and method of the present invention for biometric authentication is based on challenge response interaction. In particular, the present invention relates to liveness establishment of a biometric authentication system based on challenge and response interaction using an apparatus attached to client platform. The system of the present invention comprising a user (112) which will be verified by utilizing face recognition authentication; a client device (114) comprising of a web browser (116) equipped with a response processor (108) and face detector (110) for capturing and detecting user facial images from visual input (114) and listening to speech obtained from audio input (112) and decode said speech into a response for authentication; an authentication server (116) for issuing challenge test, verifying user?s response and comparing user?s response based on specification of challenge-response interaction provided by user; and a storage (114) for storing at least user secret parameter and face template. The authentication server (116) for issuing challenge test, verifying user?s response and comparing user?s response based on specification of challenge-response interaction provided by user further comprising a challenge issuer (118); a response verifier (110); and a face recognition module (112). The present invention incorporates random challenge and response integrated with facial and speech recognition which provides for user to key in secret pattern and secret number prior to voicing out the result of the operation between random numbers combined with the keyed in secret number. The most illustrative drawing is FIG 2.

公开(公告)号：MY172974A

公开(公告)日：2019-12-16

申请号：MYPI2012003210

申请日：2012-07-13

Applicant: MIMOS BERHAD

Inventor： GALOH RASHIDAH HARON ,  SEA CHONG SEAK ,  NG KANG SIONG ,  WONG HON LOON ,  DHARMADHARSHNI MANIAM

IPC: H04L29/06 ,  H04W12/06

Abstract: The system and method of the present invention proposes user authentication using non reusable random generated mobile SMS key while retaining user privacy. The system of the present invention comprising at least one user (101) with user mobile phone (106); at least one web application (104); at least one authentication service provider (103); at least one authentication server (102); and at least one database (105). The at least one authentication server (102) further comprising at least one authentication interface module (201); at least one authentication verification module (202); at least one SMS key generation module (203); at least one SMS gateway (204); and at least one database interface module (205). The methodology of the present invention comprises steps of requesting user information for authentication (302); authenticating user information (304); returning authentication status to web application (310); and performing authorization by granting access to user upon successful user authenticat ion (312). Authentication of user information comprises steps of computing hash value (DK1) based on user information (402); searching database for matching hash value (DK1) (404); and generating new mobile SMS key (K2) upon locating matching record in database (406) after mobile SMS key (K1) has been authenticated in the current transaction.

公开(公告)号：MY172134A

公开(公告)日：2019-11-14

申请号：MYPI2013004237

申请日：2013-11-25

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  SEA CHONG SEAK ,  NG KANG SIONG

IPC: H04L29/06

Abstract: Cryptographic interactions for authentication and authorization is mediated by means of visual inputs (via camera) and outputs (graphical display) using visual channel as out-of-band (OOB) medium for cryptographic handshaking based on strong public-key protocols. The system comprising at least one out-of-band (OOB) channel which allows machine to machine and machine to user interaction using same input and output devices; and bidirectional actions which comprises at least one or both entities computing and transmitting action parameter at remote entity. The at least one out-of-band (OOB) channel is deployed for entirety of interaction sequences in different phases of the system which allows machine to machine and machine to user interaction that adopts visual codes of cryptographic parameters. The general methodology of the present invention comprising steps of initializing interaction between entities (202); computing action through ZK integration of commitment of entity credentials on challenge (204) upon obtaining password from user (206); encoding cryptographic codeword used in computing actions (208) into machine readable visual representation to be displayed (210); decoding received barcodes from other interacting entities (214) into internal representations (212); synchronizing computation on each entity (216); determining if outcome of computation is correct (218); presenting outcome as image-based visualization if computation is correct (222, 224); and transmitting said image-based visualization with equivalent computation of other entity (228) as perceptible images on visual outputs (232). Cryptographic interactions of the present invention fully utilize visual inputs and outputs capabilities without having requirement of additional hardware tokens, and without external connectivity or TTP (trusted third party) involvement provided trusted device associated with user of interest is capable of undertaking the necessary computations