Entries |
Document | Title | Date |
20080201578 | Computer security using visual authentication - A physical token to the user in the form of a unique card having a grid of images thereon. Each column and row of images has a unique text string of text. In addition, each user knows a special image, not necessarily present on the token card, on which one particular point or zone functions as an extra authentication feature. Users may be queried for a username, then shown a random one of the images on their card, and asked for the row text string plus column text string identifying the image. Users are also prompted to select their particular point or zone within their known special image, which is displayed, among a jumble of other images, by the computer system requesting authorization, such display serving to authenticate the computer system to the user. The system may be combined with password protection and methods to identify a user's machine. | 08-21-2008 |
20080215887 | CARD AUTHENTICATION SYSTEM - A card authentication system. In one embodiment, the invention relates to a method for authenticating a data card having an intrinsic magnetic characteristic and recorded data on the data card, the method including reading information from the data card, the data card information including the intrinsic magnetic characteristic and the recorded data on the data card, encrypting the data card information, sending the encrypted data card information, receiving the encrypted data card information, decrypting a portion of the encrypted data card information, the portion including the intrinsic magnetic characteristic, generating a score indicative of a degree of correlation between the intrinsic magnetic characteristic of the data card information and a stored value, and determining an authenticity of the data card based at least in part on the score. | 09-04-2008 |
20080222417 | Method, System, And Apparatus For Nested Security Access/Authentication With Media Initiation - The disclosure details a nested security access system that manages access points/verification requests to create a series of layered security applications for securing access/user identification data. The NSA system works in coordination with an access point/verification module to generate a series of instructions as a login/verification module that may be executed locally. The login/verification module is executed by the access point/verification module to create a system user access/verification data entry form. Depending on the implementation, the access point/verification module may be configured to accept typed text or clicked image access/verification data, token access/verification data or selected image sequence access/verification data. The process of selected image sequence access involves the system user selecting a series of images that represent individual elements of a password without having to type the information into a data entry form. | 09-11-2008 |
20080229107 | Token-Based Dynamic Key Distribution Method for Roaming Environments - A method for establishing a new security association between a mobile node and a network source, the method comprising creating a first token comprising a security association between a network source and a mobile node, the first token being encrypted using a first key known to the mobile node and a first trust authority within a home network associated with the mobile node, and creating a second token comprising the same security association between the network source and the mobile node, the second token being encrypted using a second key known to the first trust authority and a second trust authority associated with the network source, wherein the first token and the second token are sent to the second trust authority using a chain of trust infrastructure. | 09-18-2008 |
20080229108 | PRIVATE INFORMATION EXCHANGE IN SMART CARD COMMERCE - A method, system and computer program product for private information exchange in smart card commerce is disclosed. The method includes, in response to determining that an item of biometric data received on a biometric reader corresponds to an authorized user, unlocking a communication channel on a communication port, exchanging public keys between the user and authorized point of sale, receiving an information request from an external point of sale machine across the communication channel, decrypting an information request and parsing a data token. In response to determining that private data has been requested in the information request, a user is prompted for authorization to release the private information, and private information exchange in smart card commerce is performed by, in response to the user pressing a yes button on the smart card, placing an encrypted copy of the private data in the public area of the smart card for transmission across the communication channel to the external point of sale machine. | 09-18-2008 |
20080282088 | AUTHENTICATED NONVOLATILE MEMORY SIGNING OPERATIONS - A wireless device includes a nonvolatile memory that handles the task of securely performing integrity checks that do not expose the authentication private key externally. The system security architecture installs and associates private keys with the nonvolatile memory to create a secure execution environment resistant to virus attack. The nonvolatile memory provides integrity checks of nonvolatile memory data and generates signatures for data provided by the memory. | 11-13-2008 |
20090013187 | Secure Storage Device For Transfer Of Digital Camera Data - A secure storage device with the external dimensions of a PCMCIA card, for securing digital camera data at the acquisition stage. Original digital camera data is saved in the memory of the secure storage device which has the capability of performing one or more security functions, including encryption, creation of an authentication file, adding data to the image data such as fingerprinting, and adding secure annotations such as separate data included in an image-header. The device prepares original authentication data from original digital camera data, and encrypts and stores both the original authentication data and the original image data. The use of the device includes downloading the original image data to a first computer, and encrypted original authentication data to a second computer. The second computer can be programmed with software whereby the encrypted original authentication data can be decrypted by a user having a key. The software then allows the user to prepare corresponding second authentication data from second image data of questionable authenticity. If the second authentication data is the same as the original authentication data, the questionable second image data is deemed to be an accurate copy of the original image data. | 01-08-2009 |
20090031131 | Token-Based Management System for PKI Personalization Process - A system for token-based management of a PKI personalization process includes a token request and management system (TRMS) configured to gather request information from a requestor; and a token personalization system (TPS) configured to personalize a hardware token such that usage of the hardware token is constrained by the request information. A method for token-based management of a PKI personalization process includes: requesting a hardware token; personalizing a hardware token such that the hardware token is confined to operation within limiting parameters; binding the hardware token to a workstation which is configured receive the hardware token and use credentials within the hardware token to request and download PKI data from a PKI server, the workstation being further configured to personalize an end user product by loading the PKI data into internal memory contained within the end user product; and monitoring usage of the hardware token and the PKI data. | 01-29-2009 |
20090044015 | SYSTEM AND METHOD FOR MANAGING SONIC TOKEN VERIFIERS - A hand-held token can be operated to generate an acoustic signal representing the digital signature generated by a private key of a public key/private key pair. Verifiers that might be located at, e.g. buildings, in vehicles, at bank ATMs, etc. receive the signal and retrieve the corresponding public key to selectively grant access authorization to components served by the verifiers. Methods and systems permit adding and removing a token from the access list of a verifier. Other methods and systems enable the token to be used with several verifiers that are nearby each other, such as might be the case with multiple vehicles owned by the same user and parked nearby each other, without more than one verifier being operated to grant access. | 02-12-2009 |
20090100265 | Communication System and Authentication Card - One of the objects of the present invention is to provide a communication system in which biometrics can be utilized without leaking to a third person so that a strict personal authentication can be conducted. The communication system includes, storing a correspondence table in a card, storing a reference password which is formed by converting a part of biometrics of an authorized user in the card by using the correspondence table, reading a part of biometrics of a user by the card, converting a part of the biometrics of the user into a password by the card using the correspondence table, and checking the password against the reference password by the card, wherein the card and the user are authenticated if a the password and the reference password match in the step of checking. | 04-16-2009 |
20090138717 | System and method for over the air communication authentication using a service token - A system and method are described for securing over the air communications between a service and a communication device. For example, one embodiment of a method for creating a security token on a communication device for communication between the communication device and a service includes combining a device identification of the communication device with a device capability to create a device information, the device capability known by the service. The method further includes encrypting the device information. | 05-28-2009 |
20090199003 | SMART CARD AND METHOD FOR USING A SMART CARD - The invention provides as smart card, a secured client with a smart card and a method for use in a smart card. The smart card is configured for counting ECMs associated to a particular portion of the content stream and storing loyalty points on the smart card. This enables e.g. counting of ECMs related to advertisements. Watching advertisements results in earning loyalty points that can be used to watch television programs for free. | 08-06-2009 |
20090199004 | SYSTEM AND METHOD FOR SELF-AUTHENTICATING TOKEN - A secure token, possibly in the form of a smartcard, has a smart window with smart materials such as an electrophoretic or an electrochromic layer or assembly. When authenticated, such as by using biometrics or a password, the smart window layer is electronically pulsed, thereby transforming the once opaque layer to transparent and revealing information printed under, on or over the layer, or vice versa, transforming once transparent laminate to opaque and obfuscating printed information. In another embodiment, when the smart window layer is electronically pulsed to transform the once opaque laminate to transparent, a timer is started. At the end of a certain amount of time, the smart window layer is pulsed a second time, thereby transforming the layer back from transparent to opaque. | 08-06-2009 |
20090199005 | AUTHENTICATION DEVICE, MOBILE TERMINAL, AND AUTHENTICATION METHOD - The security of an IC card is improved by managing success and failure in authentication individually for each terminal program. An IC card includes a random number generation section, a source authentication section, and a process execution section. Upon receipt of a message of type “1”, the random number generation section generates a random number n, and stores it in a random number storage section by associating the random number n with a source included in the message. Upon receipt of a message of type “2” from the source and in a case where the random number n corresponding to the source is stored, the source authentication section collates a value m calculated from an authentication key held by the IC card and the random number n with a value m included in the message of type “2”. When both values agree, upon receipt of a message of type “3” from the source, the process execution section executes a process in accordance with a type of the message. | 08-06-2009 |
20090217045 | PHYSICAL SECRET SHARING AND PROOFS OF VICINITY USING PUFS - The present invention relates to a method of creating challenge-response pairs, a method of authenticating a plurality of physical tokens, a system for creating challenge-response pairs and a device for authenticating a plurality of physical tokens. A basic idea of the invention is to interconnect a plurality of physical tokens ( | 08-27-2009 |
20090217046 | METHOD AND APPARATUS FOR THE SECURE IDENTIFICATION OF THE OWNER OF A PORTABLE DEVICE - An authentication system is provided that includes a portable device and a decryption node. An individual uses the portable device, such as a portable device like a cell phone to compute a challenge and a response. The challenge and response is sent to a decryption node. In response, the decryption node computes a presumed response and compares the presumed response to the response of the portable device, in order to authenticate the individual associated with the portable device. | 08-27-2009 |
20090271629 | WIRELESS PAIRING CEREMONY - A security token is coupled to a computer and is available for use by both local and remote processes for on-demand response to a challenge. To minimize the security risk of an unattended session, the challenge may be issued to verify the presence of the token. When the token has a user interface, it may be used in conjunction with the computer to require that a user also participate in transferring displayed data between the token and computer. This helps to ensure that not only the token, but the user are both present at the computer during operation. For the most sensitive operations, such a confirmation may be required with each data submission. | 10-29-2009 |
20090282253 | NETWORK HELPER FOR AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A network helper is provided that assists verifiers in executing a puzzle-based protocol for authentication of a token. A token stores a secret key and one or more puzzle-generating algorithms. The helper stores a plurality of puzzles associated with a particular token. When requested to do so by a verifier, the helper provides a plurality of pseudorandomly selected puzzles for the token to a verifier. The puzzles are encoded with information that is used between the verifier and token to establish a secured symmetric key. The verifier selects one or a few of the encoded puzzles and breaks them by a brute force attack. Because the helper does not know which puzzles have been selected, it has to break all puzzles to attempt to figure out the symmetric key. However, if a large number of puzzles are utilized, say millions, then breaking all of them becomes a computationally prohibitive task. | 11-12-2009 |
20090282254 | TRUSTED MOBILE PLATFORM ARCHITECTURE - In an embodiment, an apparatus includes one or more cryptographic units. The apparatus also includes a memory to store one or more data encryption keys and an associated header for the one or more data encryption keys. The associated header defines which of the one or more cryptographic units are to use the data encryption key. | 11-12-2009 |
20090319793 | PORTABLE DEVICE FOR USE IN ESTABLISHING TRUST - A portable device for use in establishing trust including a communications module for communicating with a host machine; embedded trusted data; a virtual machine module for instantiating a virtual machine on the host machine; and a security module for including a secure application in the virtual machine to perform an attestation process using the embedded trust data to authenticate the host machine. | 12-24-2009 |
20100017613 | DUAL USAGE SMART CARD OF CPU AND LOGICAL ENCRYPTION AND ITS DATA SYNCHRONIZATION METHOD - A dual usage smart card of CPU and logical encryption and its data synchronization method. Said method comprises that a CPU command processing module controls an accessing control module for the logical encryption storage region to read the data in the logical encryption storage region to a data format conversion module; said data format conversion module transmits the data to the CPU control storage region; the CPU command processing module controls the CPU control storage region again to transmit the data of CPU card to the accessing control module for the logical encryption storage region through the data format conversion module; and said accessing control module for the logical encryption storage region writes the data of CPU card into the logical encryption storage region. | 01-21-2010 |
20100031045 | METHODS AND SYSTEM AND COMPUTER MEDIUM FOR LOADING A SET OF KEYS - The present technique relates to a method for authenticating a user of at least one electronic terminal. The method includes receiving a first unique value for loading into the at least one electronic terminal via an input module. The method includes storing internally the first unique value for authorizing the user of the at least one electronic terminal using a memory module. The method generates a second unique value for saving internally into the memory module using a random process module. The method generates an encrypted third unique value and sending to a host by encrypting the second unique value using the first unique value. | 02-04-2010 |
20100058063 | FUZZY BIOMETRICS BASED SIGNATURES - The present invention relates to a method and a device of verifying the validity a digital signature based on biometric data. A basic idea of the invention is that a verifier attains a first biometric template of the individual to be verified, for instance by having the individual provide her fingerprint via an appropriate sensor device. Then, the verifier receives a digital signature and a second biometric template. The verifier then verifies the digital signature by means of using either the first or the second biometric template as a public key. The attained (first) biometric template of the individual is compared with the received (second) biometric template associated with the signature and if a match occurs, the verifier can be confident that the digital signature and the associated (second) biometric template have not been manipulated by an attacker for impersonation purposes. | 03-04-2010 |
20100077216 | METHOD FOR ENHANCING NETWORK APPLICATION SECURITY - A method for securing communications between a server and an application downloaded over a network onto a client of the server is disclosed. A first request is received from the client, and in response a session credential security token is generated and sent to the client. A second request is received from the client to download the application and includes the value of the session credential security token. The server verifies that the value of the session credential security token is valid and, if so, generates a second security token that is tied to the session credential security token. The second token is embedded in application code and then the application code is sent to the client. A subsequent request for data from the application running on the client includes the value of the session credential security token and the value of the embedded security token. Verification of validity of the values of the session credential security token and the second security token received with the data request then occurs at least in part by determining that the values are cryptographically tied to one another. Upon verification, the requested data is sent to the client. | 03-25-2010 |
20100115280 | METHOD OF COMMUNICATIONS AND COMMUNICATION NETWORK INTRUSION PROTECTION METHODS AND INTRUSION ATTEMPT DETECTION SYSTEM - A method, system and computer readable medium for protecting a communications device connected to a communications system against an unauthorized intrusion, including providing a variable identifier to the communications device and entities authorized access thereto. The variable identifier is provided to a user address book and assigned with a permanent identifier and the permanent identifier, but not the variable identifier, is available to a user. The presence or absence of the correct variable identifier is sensed during an attempt to access the communications device for granting or denying access to the communications device. A new variable identifier is periodically provided to the communications device and to the authorized entities and to the user address book and assigned with the permanent identifier, wherein the permanent identifier, but not the new variable identifier, is available to the user. | 05-06-2010 |
20100146279 | METHOD AND SYSTEM FOR COMMUNICATION BETWEEN A USB DEVICE AND A USB HOST - A secure portable electronic device for providing secure services when used in conjunction with a host computer having a central processing unit use two hardware device protocols readily supported by computer operating systems. Other systems and methods are disclosed. | 06-10-2010 |
20100153729 | METHOD OF AUTHENTICATING PRINTER CONSUMABLE - A method for authenticating a printer consumable in which an encrypted random number and its first signature are passed from a printer authentication chip to a consumable authentication chip, in the consumable chip: the encrypted random number and first signature are decrypted; a second signature of the random number is calculated and compared with the first signature to produce a match at which a first number produced by encrypting the random number and a memory vector is passed to the printer chip, and in the printer chip, a second number is produced by encrypting the random number and memory vector and compared with the first number to produce a match and valid consumable chip, or a mismatch and invalid consumable chip. The memory vector comprises updatable consumable state data whose manner of updating is protected by requiring clearing of the memory vector when change of the updating manner is attempted. | 06-17-2010 |
20100161990 | IVR CALL ROUTING USING ENCRYPTED DATA - A token representing encrypted data is used to initiate a call routing strategy based on receipt of the token. The call routing strategy is configured to initiate a query. Decrypted data associated with the encrypted data may be accessed to determine a data relationship based on the query. | 06-24-2010 |
20100191972 | Method and Apparatus for Providing Secure Document Distribution - A system for providing secure document distribution is disclosed. The system includes an application configured to: allow an author to create a document, allow the author to secure the document using an access code, wherein the access code is needed to gain access to the document, encrypt the access code, and forward a message to a recipient, wherein the message includes the document and the encrypted access code, a terminal configured to: allow the recipient to open the message, and generate an image, the image having information embedded therein, the embedded information including the encrypted access code, and a portable device configured to: allow the recipient to capture the image, store predetermined information, wherein the predetermined information is usable to decrypt the encrypted access code, capture input information from the recipient, the input information to be used to ensure that the recipient is authorized to use the portable device, extract the information embedded in the image, decrypt the encrypted access code using the predetermined information, and generate an output, the output including the access code. The terminal is further configured to receive the output generated by the portable device and evaluate the output to determine if the correct access code needed for access to the document is provided. | 07-29-2010 |
20100211791 | HARDWARE MULTIMEDIA ENDPOINT AND PERSONAL COMPUTER - A hardware multimedia endpoint is located on an adapter card of a personal computer system and comprises an interface for interfacing to the computer system and a processor for receiving cryptographic information from the computer, for processing the cryptographic information and for outputting cryptographic information to the computer. This exchange of cryptographic information is performed such that an authentication procedure with a third party, which is different from the computer, is established for the purpose of decrypting encrypted media content. | 08-19-2010 |
20100250943 | METHOD FOR SECURITY IN ELECTRONICALLY FUSED ENCRYPTION KEYS - A method for electronically fused encryption key security includes inserting a plurality of inverters between a bank of security fuses and a fuse sense logic module. The method also includes sensing an activated set of the bank of security fuses and the plurality of inverters. The method further includes comparing the sensed activated set of the bank of security fuses and the plurality of inverters with a software key to determine whether at least a substantial match is made. | 09-30-2010 |
20100250944 | INFORMATION PROCESSING APPARATUS, AUTHENTICATION DEVICE, AND RECORDING MEDIUM - An information processing apparatus includes a first signing unit which digitally signs device information and environment information, a first generator which generates a first digital envelope as data including the signed device information and the signed environment information, a second signing unit which digitally signs biometric authentication information and the first digital envelope, a second generator which generates a second digital envelope as data including the signed biometric authentication information and the signed first digital envelope, a transmitter which transmits the second digital envelope, and a receiver which receives authentication results. | 09-30-2010 |
20100250945 | PRIVACY-ENHANCED E-PASSPORT AUTHENTICATION PROTOCOL - A passport authentication protocol provides for encryption of sensitive data such as biometric data and transfer of the encryption key from the passport to the authentication authority to permit comparison to a reference value. | 09-30-2010 |
20100262830 | AUTHENTICATION DEVICE, AUTHENTICATION METHOD, AND PROGRAM BACKGROUND OF THE INVENTION - Provided is an authentication device which includes a register in which a first-bit or a second-bit different from the first-bit is stored, m first determination units for determining whether input information and authentication information match, and for storing the first-bit in the register if a result of the determination is TRUE and for storing the second-bit in the register if FALSE, (N−m) second determination units for determining whether input information and authentication information do not match, and for storing the first-bit in the register if a result of the determination is TRUE and for storing the second-bit in the register if FALSE, and an authentication determination unit for determining that an authentication is established, in case the first-bit is stored in the register by a determination process by every first determination unit and the second-bit is stored in the register by a determination process by every second determination unit. | 10-14-2010 |
20100293381 | VERIFICATION OF PORTABLE CONSUMER DEVICES - Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display. | 11-18-2010 |
20100313027 | PIN Servicing - A smart card ( | 12-09-2010 |
20100318801 | METHOD AND SYSTEM FOR PROTECTING REAL ESTATE FROM FRADULENT TITLE CHANGES - A method of effecting secure communication over a network begins by interfacing a hardware token with a computer host. The hardware token includes security software and communication software stored thereon. The security software is stored in a memory of the hardware token. The computer host has a memory distinct from the hardware token memory. The authenticity of the security software is determined on the hardware token. Upon successful validation of the authenticity of the security software on the hardware token, the authenticity of the communication software is determined by loading the security software from the hardware token memory into the computer host memory and executing the loaded security software from the computer host memory. After successful validation of the authenticity of the communication software, the computer host facilitates communication between the hardware token and a remote computer by executing the communication software from the computer host memory. | 12-16-2010 |
20100318802 | SYSTEMS AND METHODS FOR ESTABLISHING A SECURE COMMUNICATION CHANNEL USING A BROWSER COMPONENT - A system for providing a secure channel for communication comprises a client comprising a browser, a secure server and a browser component installed on the client that enables a user to establish a connection with the secure server, the browser component configured to generate a first token. The secure server is configured to generate a second token, and wherein the client is provided with access to the secure server upon verification of the first token and the second token. | 12-16-2010 |
20100332837 | WEB APPLICATION SECURITY FILTERING - User inputs and/or Uniform Resource Identifier (URI), historically and popularly referred to as Universal Resource Locator (URL), requests in a content description language are passed through a security service (Web application firewall or a reverse Web proxy server) that is placed in front of Web application servers in order to protect the servers from hacking attempts. For validating Webform user inputs and/or URI requests and parameters the content description language is enriched by the security service with additional security tokens that are dynamically created based on the content being transferred. The user receives the information and returns input with the security tokens. The security service can then verify all provided user input data against the constraints described in the corresponding security token. As a result, the method may block the HTTP request or create log messages or notification events in reaction to violations of the user input data compared to the constraints in the security token. | 12-30-2010 |
20110010552 | Authentication token with incremental key establishment capacity - The present invention relates to the field of strong authentication tokens and more specifically to methods and apparatus employing cryptographic key establishment protocols for such strong authentication tokens. | 01-13-2011 |
20110055573 | SUPPORTING FLEXIBLE USE OF SMART CARDS WITH WEB APPLICATIONS - A web browser for communicating with an application at an application server, a smart card driver for accessing a smart card reader, a client agent monitoring events at the browser as a result of interaction between the browser and the application and a set of access profiles. The client agent is controlled by an access profile that defines a trigger event and an action to be performed by the client agent in response to an occurrence of the event. | 03-03-2011 |
20110055574 | LOCALIZED NETWORK AUTHENTICATION AND SECURITY USING TAMPER-RESISTANT KEYS - The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two. | 03-03-2011 |
20110099377 | COMPACT SECURITY DEVICE WITH TRANSACTION RISK LEVEL APPROVAL CAPABILITY - The present invention relates to the field of securing electronic transactions and more specifically to methods to indicate and verify the approval of the risk level of a transaction and to apparatuses for generating transaction risk level approval codes. | 04-28-2011 |
20110099378 | DIGITAL BROADCASTING SYSTEM AND METHOD OF PROCESSING DATA IN DIGITAL BROADCASTING SYSTEM - A method for controlling a DTV located in one independent space among physically-separated independent spaces includes receiving an AP-card WEP key value recorded in a storage of a compact wireless device, receiving the WEP key value corresponding to an AP card of the DTV from a management server, comparing the WEP key value from the compact wireless device with the WEP key value from the management server, transmitting first general wireless device ID from the general wireless device to the compact wireless device if the WEP key values are identical, receiving an Internet service accept packet from the compact wireless device if at least one second general wireless device ID recorded in the storage area of the compact wireless device is identical to the first general wireless device ID, and controlling the general wireless device to use an Internet service through the AP card of the DTV. | 04-28-2011 |
20110113251 | METHOD FOR IMPROVING NETWORK APPLICATION SECURITY AND SYSTEM THEREOF - The invention, related to information security field, discloses a method for improving network application security and a system thereof. The method comprises that client terminal application generates protocol message and disassembles the protocol message to plural IP packets and sends the plural IP packets; network filter driver receives and caches the plural IP packets and assembles the plural IP packets to obtain the protocol message and determines whether critical information is in the protocol message; if so, the network filter driver sends the protocol message to a smart key device; the smart key device analyzes the protocol message to obtain the critical information and sends the critical information to the user for confirming, if the user confirms that the critical information is correct, the network smart key device signs the protocol message and returns the signature data, the network filter driver generates new protocol message according to the signature data and the protocol message and disassembles the new protocol message to plural IP packets and sends the plural IP packets to the server via network card driver; if the user confirms that the critical information is not correct or no confirmation is received from user in predetermined time period, the smart key device performs exceptional operation. The system comprises a smart key device and network filter driver of client terminal computer. With compatibility and usability, the invention enhances network application security without modifying the client terminal. | 05-12-2011 |
20110131416 | MULTIFACTOR VALIDATION OF REQUESTS TO THW ART DYNAMIC CROSS-SITE ATTACKS - An apparatus and a method for validating requests to thwart cross-site attacks is described. A user identifier token, a request identifier token, and a timestamp, are generated at a web application of a server. A Message Authentication Code (MAC) value is formed based on the user identifier token, the request identifier token, and the timestamp using a secret key of the web application. Names of the form elements are enciphered. Fake form elements can also be added to the dynamic form. The entire page also can be enciphered. The dynamic form is sent with the MAC value and the time stamp to a client. A completed form comprising a returned MAC value and a returned timestamp is received from the client. The completed form is validated at the server based on the returned MAC value and the returned timestamp. | 06-02-2011 |
20110154043 | SYSTEMS AND METHODS FOR CRYPTOGRAPHICALLY ENHANCED AUTOMATIC BLACKLIST MANAGEMENT AND ENFORCEMENT - Embodiments relate to systems and methods for the management and enforcement of blacklists of counterfeited, cloned or otherwise unauthenticated devices. In an embodiment, a system comprises an accessory comprising an authentication chip including data signed by a private verification key, the data including a unique identifier related to the accessory, and a device comprising a public verification key forming a verification key pair with the private verification key and an identifier list, the device configured to read the data from the authentication chip, compare the unique identifier with the identifier list, and reject the accessory if the unique identifier is found in the identifier list. | 06-23-2011 |
20110173451 | METHOD AND SYSTEM TO PROVIDE FINE GRANULAR INTEGRITY TO DIGITAL DATA - A method and system to generate fine granular integrity to huge volumes of data in real time at a very low computational cost. The invention proposes a scalable system that can receive different digital data from multiple sources and generates integrity streams associated to the original data. This invention provides full guarantees for data integrity: order of data logged cannot be altered and content cannot be modified neither added nor deleted without detection. | 07-14-2011 |
20110185178 | COMMUNICATION METHOD OF AN ELECTRONIC HEALTH INSURANCE CARD WITH A READING DEVICE - The invention relates to a communication method of an electronic health insurance card ( | 07-28-2011 |
20110191589 | PREVENTING THE USE OF MODIFIED RECEIVER FIRMWARE IN RECEIVERS OF A CONDITIONAL ACCESS SYSTEM - The invention enables the shared secret, which is used for encrypting the communication of CWs from a smartcard to a receiver, to cover at least a part of a binary image of firmware that is executing in the receiver. Preferably the shared secret covers the entire binary image of the firmware. Hereto, data from one or more predefined firmware memory locations are read, the set of data forming the shared secret. | 08-04-2011 |
20110197067 | SECURE TELEMETRIC LINK - A communications protocol is used to provide data privacy, message integrity, message freshness, and user authentication to telemetric traffic, such as to and from implantable medical devices in a body area network. In certain embodiments, encryption, message integrity, and message freshness are provided through use of token-like nonces and ephemeral session-keys derived from device identification numbers and pseudorandom numbers. | 08-11-2011 |
20110213981 | REVOCATION OF A BIOMETRIC REFERENCE TEMPLATE - A system, method and program product for generating a biometric reference template revocation message on demand. The method includes generating, using a biometric reference template revocation engine, a biometric reference template revocation message and loading the biometric reference template revocation engine onto a secure portable device for generating on demand of the individual the biometric reference template revocation message. | 09-01-2011 |
20110246777 | System and Method for Managing Security Key Architecture in Multiple Security Contexts of a Network Environment - A scheme for managing security key architecture in a network environment where a user equipment (UE) device can engage in multiple security contexts depending on the access technology. In one embodiment, when multiple security contexts are engaged and different sets of authentication vectors are created, an adapter component of the UE device manages potential interference that may be caused among the different sets of the authentication vectors as to where they are stored and which authentication vectors are used for service handovers. | 10-06-2011 |
20110307699 | TOKEN FOR SECURING COMMUNICATION - In general, the invention relates to a method for performing a command on a token. The method includes receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender, and making a first determination that the sender is allowed to send commands to the token. The method further includes, based on the first determination, generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), making a second determination that the first CAMD and the second CAMD match, and based on the second determination, performing the command by the token. | 12-15-2011 |
20110314288 | CIRCUIT, SYSTEM, DEVICE AND METHOD OF AUTHENTICATING A COMMUNICATION SESSION AND ENCRYPTING DATA THEREOF - Disclosed is a circuit, system, device and method for authentication and/or encryption, which is based on the characteristics and/or management of One Time Programming (OTP) Non Volatile Memory (NVM) that may prevent the ability to alter, modify, mimic or otherwise use an identification string/code for attaining false authentication and/or falsely decrypting encrypted data. | 12-22-2011 |
20120017089 | CRYPTOGRAPHIC TOKEN WITH LEAK-RESISTANT KEY DERIVATION - Methods and apparatuses for increasing the leak-resistance of cryptographic systems are disclosed. A cryptographic token maintains secret key data based on a top-level key. The token can produce updated secret key data using an update process that makes partial information that might have previously leaked to attackers about the secret key data no longer usefully describe the new updated secret key data. By repeatedly applying the update process, information leaking during cryptographic operations that is collected by attackers rapidly becomes obsolete. Thus, such a system can remain secure against attacks involving analysis of measurements of the device's power consumption, electromagnetic characteristics, or other information leaked during transactions. Transactions with a server can be secured with the token. | 01-19-2012 |
20120084565 | CRYPTOGRAPHIC DEVICE THAT BINDS AN ADDITIONAL AUTHENTICATION FACTOR TO MULTIPLE IDENTITIES - Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact. | 04-05-2012 |
20120096271 | Remote Access to Hosted Virtual Machines By Enterprise Users - An end user of an enterprise is enabled to receive secure remote presentation access to the assigned virtual machines in a hosted public cloud through the cloud provider's virtualization hosts and remote presentation gateway. Thus an enterprise administrator may purchase computing capacity from the cloud provider and further sub-divide the purchased computing capacity among enterprise end users. The cloud provider need not create shadow accounts for each end user of the enterprise. The cloud provider AD and the enterprise AD do not need to trust each other. The cloud provider also need not expose host information to the tenants. Authorization may be provided by using a combination of a custom authorization plug-in at the terminal services gateway and an indirection listener component at the virtualization host. The host details may also be abstracted when the client connects to the remote presentation gateway so as to protect the fabric from attack and enabling the tenant virtual machines to freely move across the cloud provider's virtualization hosts. | 04-19-2012 |
20120124378 | METHOD FOR PERSONAL IDENTITY AUTHENTICATION UTILIZING A PERSONAL CRYPTOGRAPHIC DEVICE - A method for personal identity authentication utilizing a personal cryptographic device initially provides a personal cryptographic device storing a client key from a host system and a device serial number. Next, the personal cryptographic device is connected to the host system. Thereafter, unique user information is inputted via the personal cryptographic device. Then, the unique user information and the device serial number are encrypted and sent to the host system for authentication and for requesting key information. The personal cryptographic device receives and decrypts encrypted key information with the client key, and changes the client key using the key information. | 05-17-2012 |
20120144201 | SECURE ELEMENT AUTHENTICATION - Secure element authentication techniques are described. In implementations, a confirmation is received that an identity of a user has been physically verified using one or more physical documents. One or more credentials that are usable to authenticate the user are caused to be stored in a secure element of a mobile communication device of the user, the secure element implemented using tamper-resistant hardware. | 06-07-2012 |
20120185695 | Methods and Systems for Scalable Distribution of Protected Content - A computerized device can implement a content player to access a content stream using a network interface, the content stream comprising encrypted content and an embedded license comprising a content key encrypted according to a global key accessible by the content player. The content player determines whether a token meeting an authorization condition is present and uses the global key to decrypt the content key only if such a token is present. The authorization condition may be evaluated at least in part based on data included in the content stream. The authorization condition can include presence of a token having a content ID matching a corresponding ID in the license; presence of a token with a correct device ID; presence of a token signed according to a digital signature identified in the licenses; and/or presence of a token that is unexpired, with expiration evaluated based on a time-to-live indicator in the token. | 07-19-2012 |
20120210135 | CLIENT-BASED AUTHENTICATION - Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed. | 08-16-2012 |
20120221859 | STRONG AUTHENTICATION TOKEN WITH ACOUSTIC DATA INPUT - Strong authentication tokens for generating dynamic security values having an acoustical input interface for acoustically receiving input data are disclosed. The tokens may also include an optical interface for receiving input data and may have a selection mechanism to select either the acoustical or the optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device. The acoustic signal received by the token may be modulated using a frequency shift keying modulation scheme using a plurality of coding frequencies to code the acoustical signal where each coding frequency may be an integer multiple of a common base frequency. | 08-30-2012 |
20120221860 | METHOD AND APPARATUS FOR ENCODING AND DECODING DATA TRANSMITTED TO AN AUTHENTICATION TOKEN - Methods and apparatus for encoding and decoding data transmitted acoustically and/or optically to strong authentication tokens to generate dynamic security values are disclosed. The tokens may also include a selection mechanism to select either an acoustical or an optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device. | 08-30-2012 |
20120324226 | TRANSACTION AUDITING FOR DATA SECURITY DEVICES - Data security devices are provided which store user data and interact with terminal devices to provide information about the stored user data. Security device has memory for storing user data, an interface for transmission of data communications connectable to a data communications network, and a controller. The controller processes a request from the terminal device for information about said user data by first generating a message. The message is generated to permit verification, using secret data, that the message was generated by the controller. The controller sends the message to the terminal device for communication to a publication entity for publication of the message. The controller then receives from the terminal device a cryptographic construction. The controller checks validity of the cryptographic construction for said message, and subsequent supply of the information requested about the user data to the terminal device is then dependent on said cryptographic construction. | 12-20-2012 |
20120324227 | System For Generating Fingerprints Based On Information Extracted By A Content Delivery Network Server - A dynamic multimedia fingerprinting system is provided. A user requests multimedia content from a Web cache server that verifies that the user is authorized to download the content. A custom fingerprint specific to the user is generated and dynamically inserted into the content as the content is delivered to the user. The custom fingerprint can be generated on the Web cache server or at the content provider's server. The system allows a content provider to specify where the custom fingerprint is inserted into the content or where the fingerprint is to replace a placeholder within the content. | 12-20-2012 |
20130013927 | Automated Entity Verification - Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code. | 01-10-2013 |
20130019100 | INTELLIGENT REMOTE DEVICE - An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction. | 01-17-2013 |
20130019101 | METHOD FOR CONFIGURING AND DISTRIBUTING ACCESS RIGHTS IN A DISTRIBUTED SYSTEM - The disclosure relates to a method and system for configuring and distributing access rights among intelligent devices within a distributed system. The distributed system includes a first intelligent device connected to further intelligent devices. Device-internal individual keys and a shared key are stored in the intelligent devices. A user account is created in the first device via a web client and is encrypted by the device-internal key of the first device and stored as a password file in the first device. Before being transmitted via the web client, the password file is encrypted by the shared key and the encrypted password file is transmitted to the further intelligent devices. The data stored in the encrypted password file are decrypted by the shared key. An encrypted storage of the password file is carried out by the device-internal key of the respective device. | 01-17-2013 |
20130024694 | TRANSACTION AUDITING FOR DATA SECURITY DEVICES - Data security devices are provided which store user data and interact with terminal devices to provide information about the stored user data. Security device has memory for storing user data, an interface for transmission of data communications connectable to a data communications network, and a controller. The controller processes a request from the terminal device for information about said user data by first generating a message. The message is generated to permit verification, using secret data, that the message was generated by the controller. The controller sends the message to the terminal device for communication to a publication entity for publication of the message. The controller then receives from the terminal device a cryptographic construction. The controller checks validity of the cryptographic construction for said message, and subsequent supply of the information requested about the user data to the terminal device is then dependent on said cryptographic construction. | 01-24-2013 |
20130046987 | Apparatus and Method for Performing End-to-End Encryption - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may receive a first token indicating that a first form of encryption has been performed and determine, based at least in part upon the first token, at least one token-based rule. The apparatus may determine, based at least in part upon the token-based rule, that a second form of encryption should be performed. The apparatus may receive a second token indicating that the second form of encryption has been performed and determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed. The apparatus may then generate a decision token representing the determination that access to the resource should be granted and transmit the decision token. | 02-21-2013 |
20130061055 | Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones - A virtual smartcard and methods for creating the same are provided. A virtual smartcard is a set of computer-implemented processes, associated with an individual, which simulate the behavior of a physical smartcard or other authentication token containing a hardware security module. In one embodiment, a computer receives credential data derived from the physical credential and authentication data pertinent to the individual such as a biometric imprint, and creates a virtual smartcard by storing the credential data in association with the authentication data in a network storage. The credential data may later be used for identification and encryption purposes upon the individual providing the authentication data to the network storage, even if the physical credential itself has been lost. Thus, the virtual smartcard provides a network-based method for backing up a passport, driver's license, credit card, public transportation card, or other such identification card or device. | 03-07-2013 |
20130159716 | METHOD FOR PERSONALIZING AN AUTHENTICATION TOKEN - An authentication token using a smart card that an organisation would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user. | 06-20-2013 |
20130191640 | INFORMATION SYSTEM AND METHOD INCORPORATING A PORTABLE DIGITAL MEDIA DEVICE - A method of reading a readable element, such as a two dimensional bar code or an RFID chip, that has encrypted information with a portable device, such as a digital media device or RFID reader, includes storing a decryption key in the portable device, and scanning the readable element with the portable device. The method further includes communicating with a remote server storing a decryption key database, validating the decryption key stored in the portable device, and decrypting information from the readable element using the portable device. The decrypted information may then be displayed. | 07-25-2013 |
20130198519 | STRONG AUTHENTICATION TOKEN WITH VISUAL OUTPUT OF PKI SIGNATURES - A handheld authentication device comprising a data processor and a display is adapted to: generate an input value; submit the input value to an asymmetric cryptographic operation; obtain the result of said asymmetric cryptographic operation; generate an authentication message substantially comprising the result of the asymmetric cryptographic operation; encode the authentication message into one or more images; and display these images on the display. A method for securing computer-based applications remotely accessed by a user comprises capturing images displayed on the display of an authentication device of the user whereby these images have been encoded with an authentication message generated by the authentication device and whereby the authentication message comprises the result of an asymmetric cryptographic operation on an input value; decoding the images to retrieve the authentication message; retrieving the result of the asymmetric cryptographic operation from the authentication message; verifying the authentication message. | 08-01-2013 |
20130262869 | CONTROL WORD PROTECTION - The invention enables a chip set of a receiver of a conditional access system to receive control words securely from a head-end system in the content delivery network. Hereto the chip set comprises means for processing an incoming message to obtain a virtual control word, and using the virtual control word to generate the control word used for descrambling content received from the content delivery network. The authenticity of incoming messages is verified, in the sense that content descrambling fails if an incoming message is not authentic. | 10-03-2013 |
20130290724 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 10-31-2013 |
20140019759 | Systems, Methods, and Computer Program Products for Secure Optimistic Mechanisms for Constrained Devices - Embodiments of the invention may provide for systems and methods for secure authentication. The systems and methods may include receiving, by a constrained device, a random string transmitted from a server; determining, by the constrained device, a responsive output by evaluating a first deterministic function based upon the received random string, a locally generated string and a first private key stored on the constrained device; and transmitting at least one portion of the responsive output and the locally generated string from the constrained device to a server. The systems and methods may also include determining, by the server, a validation output by evaluating a second deterministic function based upon the random string, the locally generated string, and a second private key of a plurality of private keys stored on the server; and authenticating the constrained device based upon the server matching the transmitted at least one portion of the responsive output to at least a portion of the validation output. | 01-16-2014 |
20140101453 | REAL IDENTITY AUTHENTICATION - A real identity biometric authentication device includes a USB thumb drive form factor, with a biometric sensor and designated device processor and stored instructions in firmware which perform authentication in a secure manner, independent of processing and storage resources on a host platform. The device and authentication process require biometric data and are secured against effects of malware or other security risks presented by applications running on the host platform. During an enrollment process, a unique encrypted enrollment biometric token is created using biometric data and uploaded securely to an authentication server. During an authentication process, the encrypted enrollment biometric token is downloaded to the real identity authentication device firmware and is decrypted on the device. The biometric data obtained from the decrypted data and is compared with live, real-time biometric data obtained from the user, for example, by a real-time fingerprint scan. If the real-time biometric data and the enrolled, decrypted biometric data match, the user is authenticated. | 04-10-2014 |
20140189359 | REMOTE AUTHENTICATION AND TRANSACTION SIGNATURES - Authentication devices and methods for generating dynamic credentials are disclosed. The authentication devices include a communication interface for communicating with a security device such as a smart card. A dynamic credential such as a one-time password (OTP) or a message authentication code (MAC) may be generated by receiving from a server an encrypted initialization seed encrypted with an asymmetric encryption algorithm using a public key of a public/private key pair, submitting the encrypted initialization seed to a security device, decrypting at the security device the encrypted initialization seed with a private key of the public/private key pair, returning the decrypted initialization seed to the authentication device, deriving at the authentication device a secret credential generation key from the decrypted initialization seed, and generating the dynamic credential by combining a dynamic variable with the secret credential generation key using a symmetric cryptographic dynamic credential generation algorithm. | 07-03-2014 |
20140195810 | SECURED METHOD FOR CONTROLLING THE OPENING OF LOCK DEVICES FROM MESSAGES IMPLEMENTING A SYMMETRICAL ENCRYPTION - A management site ( | 07-10-2014 |
20140215218 | SECURITY TOKEN AND SERVICE ACCESS SYSTEM - According to an aspect of the invention, a security token for facilitating access to a remote computing service via a mobile device is conceived, said security token comprising an NFC interface, a smart card integrated circuit and a smart card applet stored in and executable by said smart card integrated circuit, wherein the smart card applet is arranged to support a cryptographic challenge-response protocol executable by the mobile device. | 07-31-2014 |
20140223183 | Apparatus and Method for Securing Digital Data with a Security Token - A security token includes a wireless interface to communicate with a secured device. A cryptographic module generates cryptographic information, encrypts messages to the secured device, decrypts messages from the secured device and coordinates the encryption and decryption of data on the secured device. | 08-07-2014 |
20140237249 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-21-2014 |
20140237250 | Registration and Network Access Control - In embodiments of registration and network access control, an initially unconfigured network interface device can be registered and configured as an interface to a public network for a client device. In another embodiment, a network interface device can receive a network access request from a client device to access a secure network utilizing extensible authentication protocol (EAP), and the request is communicated to an authentication service to authenticate a user of the client device based on user credentials. In another embodiment, a network interface device can receive a network access request from a client device to access a Web site in a public network utilizing a universal access method (UAM), and the request is redirected to the authentication service to authenticate a user of the client device based on user credentials. | 08-21-2014 |
20140258726 | SMART CARD, ELECTRONIC DEVICE, AND PORTABLE ELECTRONIC DEVICE - According to an embodiment, a smart card includes a communication section, a generation part, a first record section and an erasure section. The communication section transmits and receives data with the external device. The generation section generates a session key according to the command which is received by the communication section and requires generation of a session key. The first record section stores the session key generated by the generation section. The erasure section erases the session key when a holding period of the session key stored in the first record section exceeds a threshold. | 09-11-2014 |
20140281552 | RECORDING MEDIUM - A recording medium is attachable to and detachable from an apparatus body, and is supplied with power from the apparatus body when it is attached to the apparatus body. This recording medium includes: an encryption/decryption control unit performing encryption and decryption of data transmitted from the apparatus body; an authentication control unit performing an authentication procedure for authenticating a password sent from the apparatus body; a non-volatile memory storing an encryption key to be used in the encryption/decryption control unit and the authentication password to be used for authentication in the authentication control unit, and having a data recording area for recording data encrypted by the encryption/decryption control unit; and a volatile memory for storing recorded-position information of data recorded in the data recording area of the non-volatile memory under an unauthenticated condition that the authentication procedure by the authentication control unit has not been performed. | 09-18-2014 |
20140298029 | CONTACTLESS SEED PROGRAMMING METHOD AND SYSTEM THEREOF - The invention discloses a contactless seed programming method, belonging to information security field. In the method, a seed programming device obtains a token ID of a dynamic token, obtains corresponding first seed data according to the token ID, communicates with the dynamic token contactlessly, obtains first seed data from the dynamic token, decrypts the first seed data so as to obtain second seed data, encrypts the second seed data with the first data so as to obtain third seed data and sends the third seed data to the dynamic token; and the dynamic token decrypts the seed and updates seed stored in itself. By the invention, programming operation is simplified and programming efficiency is improved by communicating with the dynamic token contactlessly and security is ensured by transferring the encrypted seed during communication between the programming device and the token. | 10-02-2014 |
20140298030 | COMPUTER ASSISTED NAME-BASED AGGREGATION SYSTEM FOR IDENTIFYING NAMES OF ANONYMIZED DATA, AS WELL AS A METHOD AND COMPUTER PROGRAM THEREOF - A computer assisted name-based aggregation system that acquires anonymized data from a plurality of service providing systems without obtaining the personal information, and identifies the name of the acquired anonymized data. The computer assisted name-based aggregation system transmits a transmission request that requests transmission of data, and a value that changes for each transmission request to the plurality of service providing systems; receives a set containing hash values created based on an identification number for controlling data and the aforementioned value, and the anonymized data specified by the identification number, from the plurality of service providing systems; and identifies the name of anonymized data specified by the hash value from the anonymized data received from each of the plurality of service providing systems. | 10-02-2014 |
20140344580 | SYSTEM AND METHOD FOR VARIABLE LENGTH ENCRYPTION - Systems and methods for performing a secure transaction provided. In one embodiment, the method includes: reading data on a command token, reading data on a token; encrypting the token data with a key; encrypting an authentication data with a clear text token data; and transmitting the encrypted authentication data with the encrypted token data to a remote device. | 11-20-2014 |
20150074412 | CRYPTOGRAPHIC STORAGE DEVICE CONTROLLER - A method of configuring a controller of a portable-computer-readable-medium for performing a cryptographic function, and a portable-computer-readable-medium configured by same, are disclosed. The portable-computer-readable-medium has memory means in which at least first and second data files are stored, each file starting at a respective Logical Block Address (LBA) of the memory means. A first code, for instance a private key, is written in the first file. A password is associated with the second file. The controller of the portable-computer-readable-medium is configured to perform a hash function upon input data to be written to the second file with the first code, write the output hash to at least the second LBA, increment the first code and write the incremented first code to the first LBA. | 03-12-2015 |
20150082042 | FIELD PROGRAMMABLE SMART CARD TERMINAL AND TOKEN DEVICE - A digital programmable smart card terminal device and token collectively known as the token device is disclosed. The token device comprises a field programmable token device which accepts a user's smart card. The combination of token device and smart card may then be used for a variety of applications that include user authentication, secure access, encryption. One specific application is that of an electronic wallet. In one embodiment, an electronic smart card terminal includes a smart card reader adapted to receive and communicate with a smart card having smart card data stored thereon; token personality logic programmed based on the smart card data as a token personality subsequent to insertion of the smart card in the smart card reader; and a communications mechanism for communicating authentication data derived from the token personality. Since the smart card terminal only gains its token personality when a smart card is inserted, manufacture and distribution of the terminal on a wide scale is possible. | 03-19-2015 |
20150134965 | Enhanced Secure Virtual Machine Provisioning - In a method of provisioning a virtual machine (VM) to a computing network ( | 05-14-2015 |
20150149782 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 05-28-2015 |
20150304851 | PORTABLE AUTHORIZATION DEVICE - A portable authorization device may include memory and at least one circuit. The memory may be configured to store an identifier and keys corresponding to services associated with the identifier. The at least one circuit may be configured to receive, from a service accessor device, a request to access one of the services. The at least one circuit may be configured to authenticate with the service using at least the identifier and the key for the service. After authenticating with the service, the at least one circuit may be configured to sign and/or encrypt the request based at least on the key for the service, and provide the signed and/or encrypted request to the service. In one or more implementations, the at least one circuit may be configured to facilitate with providing the service to the service accessor device when the service accessor device is granted access to the service. | 10-22-2015 |
20150326563 | PROVISIONING DRM CREDENTIALS ON A CLIENT DEVICE USING AN UPDATE SERVER - A method of provisioning DRM credentials on a client device, comprising receiving DRM credentials at an update server from a key generation system, the DRM credentials having been encrypted by the key generation system, receiving a DRM credential request from a client device, the DRM credential request comprising a digital signature, a device class certificate, and an authorization token, authenticating the DRM credential request by validating the digital signature and the device class certificate, extracting and validating the authorization token, and providing the DRM credentials to the client device. | 11-12-2015 |
20150334107 | APPARATUS AND METHOD FOR MANAGING USE OF SECURE TOKENS - A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed. | 11-19-2015 |
20150341339 | INFORMATION DISPLAY METHOD, TERMINAL, SECURITY SERVER AND SYSTEM - A self-moving tunnel support canopy includes front arch frame, rear arch frame, forward jack, and support jack disposed under the front arch frame. The front arch frame has front arch beams and front longitudinal beams longitudinally disposed along arch upper surfaces of front arch beams and coupled to all the front arch beams. The rear arch frame has rear arch beams and rear longitudinal beams longitudinally disposed along arch upper surfaces of the rear arch beams and coupled to all the rear arch beams. The front longitudinal beams and the rear arch beams are spacedly disposed, and a spacing is configured between the front arch beam and a front-adjacent rear arch beam. One end is coupled to the front arch frame, and the other end of the forward jack is coupled to the rear arch frame. The front arch beam and the rear arch beam are both arch-shaped beams. | 11-26-2015 |
20150365404 | System and Method for Binding a Smartcard and a Smartcard Reader - Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction. | 12-17-2015 |
20160014111 | System and Method for Protecting Train Event Data | 01-14-2016 |
20160044027 | AUTHENTICATED REMOTE PIN UNBLOCK - This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases are stored on a remote server during personalization. Likewise, the answers to the passphrases arc hashed and stored inside the security token for future comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token's serial number. A PIN unblock applet provides the administrative mechanism to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated. The administrative unblock shared secret is encrypted with the token's public key during transport to maximize security. | 02-11-2016 |
20160057135 | ACCESSING VIRTUAL DESKTOPS VIA IMAGE SCANNING - Image scanning and encoding technologies can be utilized to authenticate devices to virtual desktops and to transfer virtual desktop sessions between devices. One device (e.g., PC or laptop) may encode certain information into an image that is displayed on a display screen, while another mobile device equipped with a digital camera (e.g., mobile phone or tablet) can be used to scan the image on the display screen. Once the image is scanned, it can be decoded by the mobile device to get the information encoded in the image (e.g., device ID, session ID, etc.). The information obtained from the image can be used to authenticate a device or to transfer a virtual desktop session between the devices. | 02-25-2016 |
20160057136 | COMPUTER NETWORK SYSTEM WITH SINGLE-KEY QUICK SECURE LOGIN FUNCTION - A computer network system with single-key quick secure login includes an end-use intelligent communication device with a control interface; an account number and password management software, executed in the communication device, encrypting and saving the account number and password data entered by the user; a login key, located in the control interface, so as to obtain and send out the encrypted account number and password data by single-key operation; a decryption server, decrypting the encrypted account number and password data; and an application server, receiving the account number and password data decrypted by the decryption server. Therefore, when the user wants to log in the application server, he presses the login key, the encrypted account number and password can be sent to the decryption server for decryption, so as to prevent the hackers from stealing the data entered by the user, and the login is quick and more convenient. | 02-25-2016 |
20160087794 | COMBINED AUTHENTICATION AND ENCRYPTION - A system and methods are provided for establishing an authenticated and encrypted communication connection between two devices with at most two round-trip communications. During establishment of an initial authenticated, encrypted communication connection (or afterward), a first device (e.g., a server) provides the second device (e.g., a client) with a token (e.g., a challenge) that lives or persists beyond the current connection. After that connection is terminated and the second device initiates a new connection, it uses the token as part of the handshaking process to reduce the necessary round-trip communications to one. | 03-24-2016 |
20160127346 | MULTI-FACTOR AUTHENTICATION - The disclosed invention is a system and method that allows for authentication of a user to a network using a token. The user can use movements or gesture that are recorded by an accelerometer and the token interacts with a device and authenticates the user to the system. The token may be part of the device or stand alone. The various aspects of the present invention capture a novel design for an authentication token that authenticated the token and the user of the token. | 05-05-2016 |
20160134627 | SYSTEM FOR ESTABLISHING OWNERSHIP OF A SECURE WORKSPACE - The present application is directed to establishing ownership of a secure workspace (SW). A client device may provide a SW data structure (SWDS) to a SW configurator. A SWDS may comprise a hash of an original SW and a public key, and may be signed by a private key corresponding to the public key. The SW configurator may cause an execution container (EC) to be generated including a SW initiated using the SWDS. The client device may claim SW ownership using a request (signed by the private key) transmitted along with a copy of the public key. SW ownership may be determined by an ownership determination module that verifies the signature of the request using the public key received with the request, determines a hash of the received public key and compares the hash of the received public key to a hash of the public key in the SWDS. | 05-12-2016 |
20160156474 | ENHANCING RELIABILITY OF TRANSACTION EXECUTION BY USING TRANSACTION DIGESTS | 06-02-2016 |
20160182231 | System and Method for Cascading Token Generation and Data De-Identification | 06-23-2016 |