公开(公告)号：MY177380A

公开(公告)日：2020-09-14

申请号：MYPI2013004482

申请日：2013-12-12

Applicant: MIMOS BERHAD ,  MIMOS BERHAD

Inventor： POH GEONG SEN ,  ALWYN GOH ,  NG KANG SIONG

Abstract: The present invention relates to a system (1 00, 200) and method (300) for protection of user authentication against at least single instance of capture-and-replay attacks, by means of input and processing of user credentials on a client-side user interface (UI), and subsequent transmission to a server undertaking credential authentication. The system (100, 200) and method (300) of the present invention utilizes credentials which are context dependent as inputs into ZK integration function which is additionally applicable as an interaction in two actions: firstly, between user and trusted platform, and secondly between trusted platform and client terminal, as similarly protective of user authentication against capture-and-replay attacks. The user submits credentials as an act of authentication based on context of interest (31 0) as deemed correct by user. Optional verification of the submitted context-dependent credential (320) on the client terminal or trusted platform follows. The method (300) involves ZK integration of the context-dependent credential (330) followed by verification of the authenticator (340), such that unauthorised interception of credentials as submitted does not necessarily result in capability of intercepting party to undertake fraudulent authentication. Verification of user-to-server authentication interaction as being correct is additionally dependent on independent determination by server of context of interest, which might include specification and stratification of time and/or location of the authentication interaction. Figure 3

公开(公告)号：MY185855A

公开(公告)日：2021-06-14

申请号：MYPI2013003730

申请日：2013-10-11

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH

IPC: G09C5/00

Abstract: The present invention relates to a method for visual authentication (112) of high-entropy parameters by means of multi-step progressive visualization on a receiving application by a user, more particularly to allow machine-to-human authentication, which is unaddressed in existing solutions and security protocol frameworks. One of the advantages of the present invention is that it provides for representation of long high-entropy codewords as perceptually significant visual images on graphical displays. These codewords occur in the context of cryptographic protocols, and typically range in length from 128 to 1024-bits. By computing representation at more detailed scales of resolution in progressive steps, this allows human visual inspection which is both secure, effective and ergonomic. Another advantage of the method of the present invention is that it computes visually simple (and therefore ergonomic) representations at each step of progressive computation, with the complexity of visualization process (as would necessarily arise from entropy content of cryptographic codewords) dispersed over the multiple steps of progression. This provides for the user to determine whether visualised cryptographic input is authentic by means of a process which can range from simple to exhaustive, with the level of thoroughness proportional to number of user interactions with the particular visualization object. Authentication of the input codeword would be accomplished by means of comparing test visualization against reference visualization at each progressive step, the latter of which is executed on platform deemed to be trustworthy by the user.(Figure 1)

公开(公告)号：MY169097A

公开(公告)日：2019-02-18

申请号：MYPI2014702902

申请日：2014-10-01

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  POH GEONG SEN ,  MOESFA SOEHEILA MOHAMAD ,  CHOONG KHONG NENG

Abstract: The present invention provides a method for secure network establishment, via authentication of single-use passwords, or equivalent credentials, between a plurality of nodes (602, 702) undertaking a basic embodiment (602), a hardened embodiment (702) and a mixture of both basic and hardened embodiments. In the basic embodiment, particular node is designated a trusted party (601) with the method comprising previous provision, by the trusted party (501), of a single-use public key (612, 613) for use by any node in plurality thereof to confirm present use of a single-use password or credential (621) as subject to acknowledgment (624) by the trusted party in present instance of secure connectivity; verification (631) by any node in plurality thereof of such acknowledgement; and then independent computation of a session-key (632) also by any node in plurality thereof, with which to establish present instance of secure connectivity by means of Zero-Knowledge (ZK) integration of presently applicable password; previously received single-use public-key; and further provision, by the trusted party, of a subsequent single-use public-key for use by any node in the plurality thereof to confirm use of a subsequent single-use password or credential (523), as presently unknown, for a subsequent instance of secure connectivity. In the hardened embodiment, the method further comprises reciprocal previous provision, by particular node in plurality thereof, of a single-use public-key (717, 718) for use to undertake commitment (740) prior to establishment of present instance of secure connectivity by means of Zero-Knowledge (ZK) integration of presently applicable password or credential; previously transmitted single-use public-key; fine-grained context of commitment; and further provision, by particular node undertaking commitment, of a subsequent single-use public-key to undertake commitment in relation to subsequent instance of secure connectivity. Trusted party is able, by means of undertaking verification (750) of such commitments as received from plurality of nodes, to detect replay of passwords or credentials, or alternatively misuse of node-associated private-keys, by an unauthorized node seeking to participate in present instance of secure connectivity; and thereafter to undertake sanction, on such node that had attempted replay of password or credential, or misuse of private-key.

公开(公告)号：MY178949A

公开(公告)日：2020-10-23

申请号：MYPI2015702497

申请日：2015-07-30

Applicant: MIMOS BERHAD

Inventor： LEE KAY WIN ,  ALWYN GOH ,  NG KANG SIONG ,  DHARMADHARSHNI MANIAM ,  GALOH RASHIDAH HARON

Abstract: A system (100, 200) for authentication comprises a client application (102) of a client device for user to access, a client authentication provider (103) which controls user access and protects the client application (102) from unauthenticated access and is configured to determine (S420) whether the client device is online or offline, and a server authentication requestor (104) for performing the online user authentication. A method for authentication, the method comprising the steps of determining, whether a client application (102) of a client device is online, in response to a determination that the client device is online, authenticating user based on an authentication parameter demonstrated by the user through an online user authentication service performed by a server authentication requestor (104), in response to a determination that the client device is offline, authenticating user based on an authentication parameter demonstrated by the user through an offline local authentication service by validating against the downloaded authentication token of the user.

公开(公告)号：MY191774A

公开(公告)日：2022-07-14

申请号：MYPI2016001442

申请日：2016-08-05

Applicant: MIMOS BERHAD

Inventor： LATIFAH BINTI MAT NEN ,  ALWYN GOH ,  LESLIE TIONG CHING OW ,  LEE KAY WIN ,  NG KANG SIONG

IPC: G06F21/32 ,  G06K9/00 ,  G10L17/00

Abstract: The system and method of the present invention for biometric authentication is based on challenge response interaction. In particular, the present invention relates to liveness establishment of a biometric authentication system based on challenge and response interaction using an apparatus attached to client platform. The system of the present invention comprising a user (112) which will be verified by utilizing face recognition authentication; a client device (114) comprising of a web browser (116) equipped with a response processor (108) and face detector (110) for capturing and detecting user facial images from visual input (114) and listening to speech obtained from audio input (112) and decode said speech into a response for authentication; an authentication server (116) for issuing challenge test, verifying user?s response and comparing user?s response based on specification of challenge-response interaction provided by user; and a storage (114) for storing at least user secret parameter and face template. The authentication server (116) for issuing challenge test, verifying user?s response and comparing user?s response based on specification of challenge-response interaction provided by user further comprising a challenge issuer (118); a response verifier (110); and a face recognition module (112). The present invention incorporates random challenge and response integrated with facial and speech recognition which provides for user to key in secret pattern and secret number prior to voicing out the result of the operation between random numbers combined with the keyed in secret number. The most illustrative drawing is FIG 2.

公开(公告)号：MY172134A

公开(公告)日：2019-11-14

申请号：MYPI2013004237

申请日：2013-11-25

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  SEA CHONG SEAK ,  NG KANG SIONG

IPC: H04L29/06

Abstract: Cryptographic interactions for authentication and authorization is mediated by means of visual inputs (via camera) and outputs (graphical display) using visual channel as out-of-band (OOB) medium for cryptographic handshaking based on strong public-key protocols. The system comprising at least one out-of-band (OOB) channel which allows machine to machine and machine to user interaction using same input and output devices; and bidirectional actions which comprises at least one or both entities computing and transmitting action parameter at remote entity. The at least one out-of-band (OOB) channel is deployed for entirety of interaction sequences in different phases of the system which allows machine to machine and machine to user interaction that adopts visual codes of cryptographic parameters. The general methodology of the present invention comprising steps of initializing interaction between entities (202); computing action through ZK integration of commitment of entity credentials on challenge (204) upon obtaining password from user (206); encoding cryptographic codeword used in computing actions (208) into machine readable visual representation to be displayed (210); decoding received barcodes from other interacting entities (214) into internal representations (212); synchronizing computation on each entity (216); determining if outcome of computation is correct (218); presenting outcome as image-based visualization if computation is correct (222, 224); and transmitting said image-based visualization with equivalent computation of other entity (228) as perceptible images on visual outputs (232). Cryptographic interactions of the present invention fully utilize visual inputs and outputs capabilities without having requirement of additional hardware tokens, and without external connectivity or TTP (trusted third party) involvement provided trusted device associated with user of interest is capable of undertaking the necessary computations

公开(公告)号：MY190705A

公开(公告)日：2022-05-11

申请号：MYPI2016001225

申请日：2016-06-30

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  LATIFAH BINTI MAT NEN ,  LESLIE TIONG CHING OW ,  AHMAD SYARIF MUNALIH ,  LEE KAY WIN

IPC: G06K9/00

Abstract: The present invention provides a framework for integration of biometric recognition methodologies of variable computation cost. The system of the present invention comprises a Detection Module (102) which captures images through a camera from a user and detects biometric data through a browser at the client platform; an Image Processing Module (104a and 104b) which enhances the quality of ROI images through relatively fast and relatively slow processing which will enhance the quality of biometric image; a Feature Extraction Module (106a and 106b) which extracts facial features by means of multiple methods which range from relatively computation-inexpensive to relatively computation- expensive from enhanced ROI images; a Feature Matching Module (108a and 108b) which calculated distances between the multiple feature vectors previously extracted and the multiple feature vector which has been stored in database; and an Authentication Module (110) which combines multiple distance scores obtained from Feature Matching process in order to undertakes decision of acceptance or rejection of user based on submission of applicable video-stream. In the present invention, biometric data is captured by means of an apparatus (i.e. camera) attached to the client platform. Upon capturing biometric data by utilizing camera, the processes of biometric detection, signal processing and feature extraction are executed. Concurrent execution of expensive and inexpensive computation would respectively result in relatively slow and relatively fast computation of the biometric feature vectors associated with the user of interest. The present invention allows integration of these relatively fast and slow assessments of biometric authenticity, and also for multiple progressive assessments based on the relative speed of these computations. (The most illustrative drawing is FIG. 1.0.)

公开(公告)号：MY186786A

公开(公告)日：2021-08-20

申请号：MYPI2015702118

申请日：2015-06-23

Applicant: MIMOS BERHAD

Inventor： POH GEONG SEN ,  MOESFA SOEHEILA MOHAMAD ,  ALWYN GOH ,  NG KANG SIONG

IPC: G06F21/00 ,  H04L9/00

Abstract: The present invention relates to a method and system for data privacy in a scenario where a data owner (100) wishes to outsource storage of data to multiple remote data storage providers (110) in a private manner, in such a way that every data storage provider (110) only stores partial data of a document. This means no one data storage provider (110) is able to learn the content of any one or more documents outsourced among the data storage providers (110). Existing solutions mainly considered the problem of a data owner submitting storage of data to one data storage provider, for both single-keyword and conjunctive keyword searches. Given today the availability of various data storage providers, the present invention provides solution utilizing different index information in the form of tables and index query mechanisms for the case of direct segmentation and outsourcing with minimal involvement of the data storage providers (110). (Figure 1)

公开(公告)号：MY186315A

公开(公告)日：2021-07-08

申请号：MYPI2014702934

申请日：2014-10-03

Applicant: MIMOS BERHAD ,  SUNWAY UNIV

Inventor： ALWYN GOH ,  NG KANG SIONG ,  LEE KAY WIN ,  LATIFAH MAT NEN ,  DAVID NGO CHEK LING

IPC: G06F21/32 ,  H04L9/32

Abstract: The present invention provides a method of ZK masking and encoding on biometric data in discretised vector representation. The method comprises encoding (150) of a biometric vector-stream, as comprises a sequence of biometric vector-frames, during an authentication interaction between a client sub-system (220) and a server sub-system (240), wherein encoding of any particular biometric vector-frame is different from any other biometric vector-frame in vector-stream of interest; secure transmission of such an encoded biometric vector-stream as originating from a particular user of interest (210) operating the client (220) to the server (240); and then decoding (160) at the server (240) of the encoded biometric vector-stream as received from the client (220); further comprising limitation in capability of server (240) to undertake such decoding by subject to correct demonstrationng of private PKC credential corresponding to public credential stipulated by the user (210) during the authentication interaction. The method further comprises masking (140) of the biometric vector-stream such as to have no effect on subsequent biometric distance measurement (170); and further comprising masking function that is identically applicable on test biometric vectors and reference biometric vectors; and is dependent on a valuation of masking key, such valuation as presumed secret and exclusive to user of interest, and as further arises from output of one-way function acting on inputs inclusive, without limitation, of public credentials of server, and private credentials of user.

公开(公告)号：MY184944A

公开(公告)日：2021-04-30

申请号：MYPI2014702046

申请日：2014-07-24

Applicant: MIMOS BERHAD

Inventor： ALWYN GOH ,  NG KANG SIONG ,  SEA CHONG SEAK ,  THILLAI RAJ T RAMANATHAN

IPC: H04L9/08 ,  H04L9/32

Abstract: The present invention discloses a method and system for computation and verification of authentication parameters between two entities, an originating entity and a receiving entity, which in the embodiment of interest comprises a server (100), a client interface thereof (110), a human user (120) and a trusted system (130) deemed as such by the human user. The method comprises the user (120) authenticating the server (100) by visual comparison of an authentication code in numeric, symbolic, graphical or visual-interactive form computed by the server (100) in comparison to a plurality of reference codes computed on the trusted system (130); and reciprocally the server (100) authenticating the user (120) subsequent to transcription or transfer of an authentication code, as computed and displayed on the trusted system (130), to the client interface (110) and thenceforth to the server (100),by means of comparison of the test code to a plurality of reference codes computed on the server (100). The method of computation and verification of the authentication codes as aforesaid are by means of zero knowledge (ZK) transformation of time, location or service-specific information; with measurement or determination of time or location information as independently undertaken on server (100) and trusted system (130). The most illustrative drawing: FIGURE 1