Entries |
Document | Title | Date |
20080209526 | System and method for personalized security signature - Embodiments of the present invention provide techniques for authenticating users based on personalized (i.e., user-provided) authentication data. In one set of embodiments, the personalized authentication data includes acoustic, image, and/or video data, but is exclusive of biometric data of the user. In this manner, existing acoustic, image, and video-based authentication interfaces/mechanisms may be leveraged, without the problems associated with verifying biometric data. In some embodiments, a user may enroll or register multiple pieces of personalized authentication data into an authentication system. The user may then select one piece of personalized authentication data for use by the system at a time of authentication. | 08-28-2008 |
20080209527 | METHOD FOR PORTABILITY OF INFORMATION BETWEEN MULTIPLE SERVERS - A method for verifying the authenticity of content created by one host for verification and portability to other hosts includes the steps of creating a data set containing data objects, establishing an authentication code system, authorizing the first host to modify the data set; establishing a valid authentication code for the first host in accordance with the authentication code system, modifying the data set by the first host, signing the data set using the authentication code for the first host, transferring the data set to a second host, determining whether the data set was modified by a host having authority to modify the data set by verifying the authentication code used to sign the data set, and then allowing transfer to and use of the modified data set by the second host so long as the data set was modified by a host having a valid authentication code. | 08-28-2008 |
20080209528 | Network identity management system and method - Users of Internet services (e.g., SKYPE messaging service, GOOGLETALK messaging service, AOL INSTANT MESSENGER messaging service, and MICROSOFT MESSENGER messaging service) that are initially identified using separate identifiers that may be associated with respective service providers (e.g., email addresses) can manage network identities using a single unified set of account information managed by a registry service. The registry authenticates the user's request(s) to bind a service provider identity to his or her personal registry user record by presenting a random challenge to the user which the registry must then receive back from the service provider corresponding to the identity being added. Later, the registry may authenticate itself to service providers using information received from a service provider application as the service provider application authenticates itself to the service provider. | 08-28-2008 |
20080222709 | Method for verification via information processing - Identification servers are small, perhaps embedded, systems that can be used as subsystems of a tracking and verification system. An identification server can obtain identification data when a trigger, called an identification event, occurs. The identification server can store the identification data in a database module with a key. The identification server can send a message containing the identification data or the key to a set of subscribing clients. Subscribing clients, such as a central database or a graphical user interface, are clients that subscribe to receive messages from the identification server. An identification server can trigger off of an identification message sent by another identification server. | 09-11-2008 |
20080229397 | Website log in system with user friendly combination lock - User friendly log in system for validation of user for entry into a website includes: (a) a plurality of user computers; (b) an internet; (c) a host server connected to the internet for connection to user computers; and (d) a website program hosted on the host server for a website that requires individual user security, for connecting each of the plurality of computers to the website available to the user computers, that includes an open log in field. The program has software for secured activity for receiving and recognizing a unique user identification from a user of a user computer to create a personal combination lock rule for a unique easy-to-remember user initialization input that includes a preset selection and operation of the intersection of a first randomly arranged challenge presentation and a second randomly arranged challenge presentation to obtain a selection solution. | 09-18-2008 |
20080229398 | FRAMEWORK AND TECHNOLOGY TO ENABLE THE PORTABILITY OF INFORMATION CARDS - When a user connects a pluggable card store to a machine, the machine plugs a pluggable card provider into a card provider registry. The pluggable card store can be an object portable to the user, or can be a remote store available via some connection, such as an FTP connection. The user can then use the information cards stored on the pluggable card store in a transaction. | 09-18-2008 |
20080229399 | Seamless Multiple Access Internet Portal - Multiple access internet portals are provided. A representative system, among others, includes a communication facility and a wireless internet server. The communication facility is operable to connect to a plurality of wireless devices through a mobile network. The wireless internet server is coupled to the communication facility and retrieves a personalized profile associated with a registered user an one of the plurality of wireless devices, and provides substantially similar personalized content to said at least one registered user on a variety of platforms associated with the wireless devices. Methods and other systems for multiple access portals are also provided. | 09-18-2008 |
20080235772 | Iterated password hash systems and methods for preserving password entropy - Methods and systems consistent with the invention provide a hash process for use in password authentication. For instance, in one embodiment, a method may include receiving password data and combining the password data with a salt value. The salt value may, for example, be a random number. The method may also include calculating a first hash value based on the combined password data and salt value. The method may further include calculating, in a second iteration, a second hash value based on the first hash value and the password. In exemplary implementations, the method may also iteratively calculate a new hash value by applying the output hash value of a previous iteration, in combination with the password data, to the hash function. The number of iterations may be determined by an iteration count. | 09-25-2008 |
20080244712 | SYSTEM AND METHOD FOR AUTHENTICATING A USER OF AN IMAGE PROCESSING SYSTEM - A system and method for authenticating a user of an image processing system. User credentials are received at an authentication device corresponding to an image processing device, and transmitted to a first server remote from the authentication device. The validity of the user credentials are judged by comparing the received user credentials to authentication information stored at the first server, and a result of the judging is transmitted to the image processing device. The image processing device then requests access to a second server remote from the image processing device, and the second server transmits a request for the user credentials to the first server. After receiving the user credentials from the first server, the second server performs user authentication. | 10-02-2008 |
20080244713 | METHOD FOR CONTROLLING ACCESS TO DIGITAL CONTENT - Method for utilizing digital content is provided. The method includes controlling a throughput rate for utilizing the digital content by an accessing system, wherein the throughput rate is associated with information related to the digital content stored as a file. | 10-02-2008 |
20080244714 | Secure RFID authentication system using non-trusted communications agents - The electronic Secure Authentication For Exchange Global Purchasing System (GPurs) facilitates interactions between customers and service/retail commercial enterprise whereby a Global Positioning System (GPS) like system is used to search, locate, reserve, schedule, order or purchase numerous products and services through a secure system that employs product encryption safeguards against counterfeit, diverted or pirated products, and to reserve, order or purchase services that meet quality standards. The GPurs system presents a digital graphical user interface to accept customer input, an audio interaction system speech recognition engine linked microphone or cellular telephone, a digital device interface that accepts textual input from a cellular telephone, PC, PDA, IPod, DVD controller, game controller, or an on-board automotive integrated computer or a wireless input system, to search, locate, reserve, schedule, order or purchase products and services. All GPurs data is stored and retrievable for later usage. | 10-02-2008 |
20080244715 | Method and apparatus for detecting and reporting phishing attempts - One embodiment of the present invention provides a system that facilitates detecting phishing, wherein phishing is an attempt to fraudulently acquire sensitive information by masquerading as a legitimate entity. The system operates by receiving data from a server at a client. Next, the system determines if an attribute (such as a visual appearance of a presentation) encoded in the data matches an attribute encoded in data provided by a known entity. If so, the system determines if other attributes in the data match attributes in the data provided by the known entity. If not, the system determines that the data comprises a phishing attempt. | 10-02-2008 |
20080244716 | TELECOMMUNICATION SYSTEM, TELECOMMUNICATION METHOD, TERMINAL THEREOF, AND REMOTE ACCESS SERVER THEREOF - Telecommunication system comprises a terminal and a relay device which relays a communication path established on a network by the terminal, wherein the relay device sends certification information based on a demand of the terminal and the terminal checks whether the certification information is correct or not and the terminal establishes a communication path on the network when the certification information is correct. | 10-02-2008 |
20080244717 | System and method for confirming identity and authority by a patient medical device - A system and method for confirming identity and authority by a patient medical device is provided. Master credentials are issued to a requesting device and a receiving device from an authorizing agent. The master credentials include the authorizing agent's public key and a digital signature of a root certification authority. Device credentials are issued to the requesting device from the authorizing agent. The device credentials include the requesting device's public key and the authorizing agent's digital, signature. Identification credentials are provided to the receiving device and include the device credentials and the requesting device's digital signature. The requesting device is authenticated. The authorizing agent's digital signature in the device credentials is checked using the authorizing agent's public key in the master credentials of the receiving device. The requesting device's digital signature in the identification credentials is checked using the requesting device's public key in the device credentials. | 10-02-2008 |
20080250478 | Wireless Public Network Access - Public access to a network is provided through wireless access points, which may simultaneously support secured network access; in preferred embodiments, the access points are routers (such as “WiFi” routers). Accordingly, a router is configured with a public access profile (or profiles), which may be selectively enabled or disabled. When enabled, the router sends out an identifier that can be used to associate a client device with a public (i.e., unauthenticated) access path through the router to a network. The router also sends out a conventional identifier that can be used to associate another client device with a secured (i.e., authenticated) access path through the router, where the public and secured access paths are usable simultaneously by clients of the router. | 10-09-2008 |
20080250479 | WORKFLOW EXECUTING APPARATUS AND CONTROL METHOD OF THE APPARATUS AND PROGRAM THEREOF - A workflow executing apparatus that executes processing in accordance with a workflow, the apparatus comprising: a workflow information storage section that stores workflow information describing the workflow; a transmission control section that transmits an e-mail during the process of the workflow to a user that requested that workflow, in accordance with the stored workflow information; and a workflow execution section that adds identification information of e-mails transmitted prior to the e-mail transmitted by the transmission control section to the stated e-mail and sends the e-mail. | 10-09-2008 |
20080256612 | Method and system for stateless validation - A method of validating parameters of a request from a Web client to a Web application. The validation rules are sent to a Web client, together with a response to a Web client. The parameters in a response are updated by the Web client. The updated parameters are sent in a subsequent request to the Web client, along with the validation rules. The updated parameters are validated using the validation rules in the request, thus achieving stateless validation. The validation rules are preferably digitally signed. | 10-16-2008 |
20080256613 | Voice print identification portal - Systems and methods providing for secure voice print authentication over a network are disclosed herein. During an enrollment stage, a client's voice is recorded and characteristics of the recording are used to create and store a voice print. When an enrolled client seeks access to secure information over a network, a sample voice recording is created. The sample voice recording is compared to at least one voice print. If a match is found, the client is authenticated and granted access to secure information. | 10-16-2008 |
20080256614 | NETWORK TERMINAL MANAGEMENT APPARATUS, METHOD AND PROGRAM - A network terminal management apparatus is able to manage terminals using a simple method, without the user feeling that convenience in terms of operability has been compromised. This network terminal management apparatus generates a list table of target tasks in which user terminal information is included, and sends the information of the list table to the user terminal. This enables the user to select desired target tasks from the displayed list table and enjoy services even with a multi-function processor having low operability. | 10-16-2008 |
20080263640 | Translation Engine for Computer Authorizations Between Active Directory and Mainframe System - The invention provides a method and system of implementing a high performance “non-RACF external security-manager product,” which maintains and translates a merged single source of authorizations to both mainframe and Microsoft Windows Active Directory (AD) systems. In one embodiment, a method comprises generating at a server computer access information for a mainframe computer indicative of mainframe authorization for a set of users, receiving from the mainframe computer information indicative of an authorization request, the information indicative of the authorization request identifying a user trying to access the mainframe computer, and sending at least a portion of the access information from the server computer to the mainframe computer, the portion of the access information including mainframe access information for the user. | 10-23-2008 |
20080263641 | APPARATUS FOR FACILITATING TRANSACTIONS BETWEEN THIN-CLIENTS AND MESSAGE FORMAT SERVICE (MFS)-BASED INFORMATION MANAGEMENT SYSTEM (IMS) APPLICATIONS - An apparatus is disclosed for facilitating conversational and non-conversational transactions between thin-clients and MFS-based IMS applications. The apparatus stores conversation attributes associated with a conversational transaction between a thin-client and an MFS-based IMS application, the conversation attributes comprising connection information and conversation-specific information. Next, one or more transaction messages from the thin-client are preprocessed based on a transaction message type. The stored conversation attributes are updated in response changes in the conversation attributes caused by the one or more transaction messages. Then, a conversation output message is formatted for the thin-client. The apparatus may include a security module that authenticates user, a connection module that establishes a connection with an MFS-based IMS application, a state module that preserves and maintains conversation attributes, and a control module to process a transaction message having one or more transaction message types. | 10-23-2008 |
20080271126 | Pre-authenticated calling for voice applications - Architecture for providing pre-authenticated information from an endpoint for subsequently authenticating a device and/or user associated with the previously-authenticated information. A pre-authentication module of the architecture can be a trust component as part of an application that facilitates the utilization of user information and/or endpoint information in a media session protocol message to replace information that would otherwise be gathered via a dialog. In the context of IP-based voice communications, a call can be made from a client that is pre-authenticable, and no longer requires that an IP-based telephone interact with the phone user to facilitate sign-on. | 10-30-2008 |
20080276305 | Systems, Methods and Computer-Readable Media for Regulating Remote Access to a Data Network - A system, which comprises an authorization controller operable for regulating establishment of user sessions over a data network; a processing subsystem operable for monitoring the user sessions and applying a walled garden policy, wherein application of the walled garden policy respectively associates each user in a certain subset of users with a respective walled garden selected from a common plurality of walled gardens; and a database for storing, in association with each said user in the certain subset of users, a respective identifier corresponding to the respectively associated walled garden. The authorization controller is further operable for responding to receipt of an access request identifying a particular user in the certain subset of users and received from a communication endpoint by (I) consulting the database to identify the walled garden respectively associated with said particular user and (II) directing the communication endpoint to said walled garden respectively associated with said particular user. | 11-06-2008 |
20080276306 | Implicit Authentication to Computer Resources and Error Recovery - A method for implicit authorization to a computer resource includes defining a behavioral signature including a plurality of defined computer actions known to an authorized user of the computer resource. A first performed computer action of a user is registered. The first performed computer action is compared with a first defined computer action of the plurality of defined computer actions, wherein, if the first performed computer action and the first defined computer action match, an authentication state is changed from a first authentication state to a second authentication state. | 11-06-2008 |
20080282330 | BLUETOOTH DEVICE CONNECTION METHOD AND RELATED BLUETOOTH DEVICE - The present invention provides a bluetooth device connection method. The bluetooth device connection method includes: acquiring a device list, the device list at least records a bluetooth device; assigning a bluetooth device belonging to a target class in the device list as a target device; determining whether the target device authorizes a match password; and utilizing the match password to build a connection with the target device if the target device authorizes the match password. | 11-13-2008 |
20080289013 | TECHNIQUES FOR LOCAL PERSONALIZATION OF CONTENT - Techniques for the local personalization of content are presented. A content personalization service is dynamically pushed from a server environment to a client processing environment associated with a principal on demand. The content personalization service interjects itself between content that the principal attempts to view and access within the client processing environment and modifies and personalizes that content on behalf of the principal before the principal can view or access the content. | 11-20-2008 |
20080289014 | Scan-to-home method and system for the delivery of electronic documents to a user home directory - A method and system for efficiently and securely permitting a user to scan electronic documents from a remote multi-function device to a user's home directory. A user can be authenticated via the multi-function device and electronic credentials associated with the user generated, which are utilized to determine the user's home directory. The multi-function device can then produce a customized template that can be selected by the user when accessing rendering/scanning services. The user can then scan a document and electronically store such a document at the home directory via an SMB (Server Message Block) protocol. Home directories can either be determined via an LDAP (Lightweight Directory Access Protocol) or configured on a network interface via a default directory path and the user name. | 11-20-2008 |
20080295157 | Authentication Server With Link State Monitor and Credential Cache | 11-27-2008 |
20080295158 | SYSTEM AND METHOD TO ACCESS AND USE LAYER 2 AND LAYER 3 INFORMATION USED IN COMMUNICATIONS | 11-27-2008 |
20080301783 | Computer system - A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. Telemetry data is communicated between a data producing device and a data receiving device. The telemetry data sent from the data producing device is identified using the identity identifier of the data producing device. | 12-04-2008 |
20080301784 | Native Use Of Web Service Protocols And Claims In Server Authentication - Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use. | 12-04-2008 |
20080301785 | SYSTEMS, METHODS AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING ADDITIONAL AUTHENTICATION BEYOND USER EQUIPMENT AUTHENTICATION IN AN IMS NETWORK - A communication network provides access to a network service by providing an additional level of authentication beyond device level authentication. Operations include receiving a message at a Bootstrapping Server Function (BSF) from User Equipment (UE) that additional authentication beyond UE authentication is required for UE access to a network service, and performing an authentication protocol between the BSF and a Home Subscriber System (HSS) to authenticate an identity associated with the UE responsive to receiving the message. | 12-04-2008 |
20080301786 | Times 2 security system - A security system for determining whether a person is authorized to have access to a person, place or thing. The system has issued devices to authorized users that allow the user to answer multiple questions and that the correct answers may be time sensitive. The questions will ascertain whether the person has possession of an issued identification device. The system has a plurality of identification devices and each issued device has a plurality of addressable positions and each addressable position has an image and the image at one of the addressable positions on one of the assigned devices being different from the images at the same one of the addressable position on another one of the assigned devices. | 12-04-2008 |
20080301787 | IMS NETWORK IDENTITY MANAGEMENT - There is disclosed a manner of enabling secure communications between a UE (user equipment) device operating though a packet-switched network and a 3 | 12-04-2008 |
20080307513 | Verifying authenticity of instant messaging messages - A certificate registry system is configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates includes a respective Instant Messaging (IM) screen name information of the information provider. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located. | 12-11-2008 |
20080313717 | Communication-Address Issuing Apparatus, Communication-Mediating Apparatus, Communication-Mediating Method, Program, and Recording Medium - [Problem] To provide a communication-address issuing apparatus, a communication-mediating apparatus, and so on capable of enhancing the security level to prevent someone else from intercepting exchange of communication without permission. | 12-18-2008 |
20080313718 | SYSTEM AND METHOD FOR PROTECTION OF CREATIVE WORKS - The inventive method for protection of creative works is accomplished by creating a creative work, securing the creative work using biometric information of an author of the creative work, and restricting an access to the creative work to the author and select users, who are authorized by the author and whose biometric information is registered with a biometric security database. | 12-18-2008 |
20080313719 | Methods and Apparatus for Delegated Authentication - An authentication-delegating service implemented in an authentication server or other processing device is configured to receive a request from a relying party for delegated authentication information associated with a particular user, to determine a level of trust associated with the relying party, and to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. The delegated authentication information has the property that the user can be presently authenticated based on such information. The delegated authentication information may comprise, for example, at least one value derived from a one-time password or other authentication credential of the particular user. The authentication-delegating service may be graded to provide different types of delegated authentication information based on respective levels of trust that may be associated with relying parties. | 12-18-2008 |
20080320568 | CONTENT DISTRIBUTION AND EVALUATION PROVIDING REVIEWER STATUS - A content distribution system may be provided for reviewing content such as video games, music, movies, or the like that may be shared by the system. The content distribution system may receive a credential from a user and authenticate the user based on the credential to permit access to the system. The content distribution system may also receive content generated by the user if the user may be authenticated. The content distribution system may provide the received content to a content evaluation entity, for example. The content distribution system may receive a review for the content from the content review entity and then may determine whether the content passes a review process based on the review, for example. The content distribution system may provide additional access to the content if the content passes the review process. | 12-25-2008 |
20090007243 | METHOD FOR RENDERING PASSWORD THEFT INEFFECTIVE - A method for rendering a login theft ineffective includes detecting a submission of a first login request from the user's client to a Web site; redirecting the first login request to the traffic processor for copying at least one of the user supplied login fields; forwarding the first login request from the traffic processor to the site; requesting replacements of at least one of the user supplied login fields from the site; and replacing the at least one of user supplied login fields with at least one new corresponding login field(s) in the site. | 01-01-2009 |
20090007244 | METHOD AND SYSTEM FOR NOTIFICATION AND REQUEST PROCESSING - Embodiments of a method and system for notification and request processing are disclosed. A service request for a second application may be received from a first application. Authorization of the first application to send the service request to the second application through a user communication client may be verified. A provider communication identifier of the second application may be identified. The service request may be provided from the user communication client to a provider communication client associated with the provider communication identifier. | 01-01-2009 |
20090007245 | SYSTEM AND METHOD FOR CONTROLLED CONTENT ACCESS ON MOBILE DEVICES - A new approach enables a carrier, a validated user or a parent/guardian of the user to effectively moderate content displayed one a mobile device and navigates the web without the need to input URL addresses through the use of an integrated instant messenger/web browser operating on the mobile device. First, the identity of the user is validated when he/she is initiating access to instant messaging and/or web browsing. In the case where the user is an under-aged child, the identity of the user can be validated by his/her parent or legal guardian or principal of the school the child is attending. Once validated, the user can access and select from a set of websites that have been pre-selected or pre-approved for the user by the carrier, user, and in some cases parent or guardian of the user for easy and secure web browsing by the user on the mobile device. | 01-01-2009 |
20090013387 | SYSTEM AND METHOD FOR MANAGING DELIVERY OF INTERNET CONTENT - Disclosed are a system and method for managing delivery of pushed web content to communication devices. In an embodiment, the method comprises: uniquely identifying a communication device to which the pushed web content is to be delivered; establishing a pushed web content service linking the pushed web content to the communication device; receiving a pushed web content service request; and permitting delivery of content to the communication device via the pushed web content service based on verification of the identity of a trusted pushed web content provider. The method may further comprise uniquely identifying the pushed web content provider with an assignable unique pushed web content identification. | 01-08-2009 |
20090013388 | Method and system for protecting information on a computer system - A system and method for protecting sensitive information, for example, a user's personal information, stored on a database where the information is accessible via a communications network such as the Internet. An exemplary embodiment stores the sensitive information on an off-line server. The off-line server is connected to an on-line server. The on-line server is connected to the user via the Internet. The user interfaces with the on-line server, and at a scheduled time window, the sensitive information is made available to the on-line server by the off-line server. Outside of the time window, none of the sensitive information is kept on the on-line server. Thus by placing the sensitive information on-line for only limited periods of time the risk of compromise to the sensitive information is greatly reduced. | 01-08-2009 |
20090013389 | SWIFTTRAC JOB TRACKING SERVICE WITH GEOSPATIAL CAPABILITY - Many web sites often serve dynamic web pages based on dynamic data automatically fetched from a database. A service provider can provide authoring tools that enable customers to easily craft pages that include dynamic data. Job tracking and project management are examples of tasks that use dynamic data. A customer using the service provider's tools can easily create web pages for tracking jobs or managing projects. The tools provide for accessing geospatial information systems which are databases that attach data to specific locations. SwiftTrac is an Internet service providing customers with capabilities including job tracking and project management capabilities wherein elements of the project are tied to specific locations. Customers can easily and conveniently create trackers for projects and provide for personnel at remote locations to manipulate tracking data in conformance with each person's permission level. | 01-08-2009 |
20090019532 | COMMUNICATION SYSTEM - A communication system for providing instant messaging and presence services among users of a communications network. The system comprising a user subscribed to the service and arranged to send a plurality of requests, each request comprising a user identity corresponding to at least one user of a first set of users of the network. The system also comprising a server having an access point arranged to receive the requests from the user, and having a service element for providing the service and wherein a second set of users are subscribed to the service element. The system also having circuitry for checking which of the users in the second set match with the users in the first set. | 01-15-2009 |
20090019533 | METHOD AND SYSTEM FOR ENFORCING PASSWORD POLICY FOR AN EXTERNAL BIND OPERATION IN A DISTRIBUTED DIRECTORY - The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters. | 01-15-2009 |
20090025066 | SYSTEMS AND METHODS FOR FIRST AND SECOND PARTY AUTHENTICATION - First and second parties may be authenticated. After generating a challenge to the first party, two responses are received via the first party based on the challenge and two different keys. Two responses are also generated, and compared against the received responses. If the respective responses are verified, a confirmation is generated. | 01-22-2009 |
20090025067 | GENERIC EXTENSIBLE PRE-OPERATING SYSTEM CRYPTOGRAPHIC INFRASTRUCTURE - A cryptographic device protocol provides a generic interface allowing pre-OS applications to employ any of a variety of cryptographic devices within the pre-OS environment. The generic interface can be used independent of the specific cryptographic devices and is independent of the cryptographic or hashing algorithms used by each device. Cryptographic functions may be performed in the pre-OS environment by pre-OS applications communicating with cryptographic device drivers using the cryptographic device protocol that is independent of the cryptographic devices. Each cryptographic device may be identified by a unique device identifier and may have a number of keys available to it, with each key being identified by a unique key identifier. | 01-22-2009 |
20090025068 | Authentication enforcement at resource level - The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource. | 01-22-2009 |
20090025069 | MOBILE TERMINAL MAIL SYSTEM, MOBILE TERMINAL MAIL CONTROL METHOD, AND MOBILE TERMINAL MAIL CONTROL PROGRAM - The mobile terminal mail system includes a plurality of wireless communication networks having different communication speeds, a multi-access terminal including electronic mailer, and an electronic mailer activation server which is adapted to, when the multi-access terminal has connected to one of the wireless communication networks whose communication speed is equal to or greater than a fixed communication speed, activate an electronic mailer through the wireless communication network. | 01-22-2009 |
20090025070 | SYSTEM AND METHOD TO ENABLE SUBSCRIBER SELF-ACTIVATION OF WIRELESS DATA TERMINALS - A wireless telephone and messaging system provides Secure Immediate Wireless Access (SIWA) to wireless telephones onto existing wireless networks, such as GSM, CDMA, TDMA, and analog (AMPS). The SIWA protocol uses existing wireless network messaging to exchange information between wireless devices and a network server, referred to herein as an Intelligent service manger (ISM). The ISM acts as a gateway between wireless devices and wireless service provider, and provides the wireless devices with an immediate limited or unlimited access to the wireless network. The ISM can also deny access to the wireless network from unauthorized wireless devices. | 01-22-2009 |
20090037984 | AUTOMATED PASSWORD TOOL AND METHOD OF USE - A method of auto updating a password comprises opening a password file and a new password file and reading information from the password file including user ID type. The method applies the user ID type to a predetermined application type and executes password-updating logic to generate a new password for the application type. The method further updates the new password file with the new password for the predetermined application type. A system comprises at least one of a hardware component and a software component configured to read information from a password file including user ID type. The hardware component and/or software component is further configured to determine that the user ID type matches to an application type and to apply the user ID type to the matched application type. The hardware component and/or software component is further configured to generate a new password for the application type and to update the password file with the new password for the application type. | 02-05-2009 |
20090037985 | Automated Peer Authentication - An apparatus and methods are disclosed for performing peer authentication without the assistance of a human “guard.” In accordance with the illustrative embodiments, a peer is selected from a non-empty set of candidates at authentication time based on one or more of the following dynamic properties: the current geo-location of the user to be authenticated; the current geo-locations of the candidates; the current time; the contents of one or more directories (e.g., a telephone directory, an organizational chart or directory, etc.), the contents of one or more call logs; and the candidates' schedules. | 02-05-2009 |
20090037986 | Non-disclosing password entry method - A non-disclosing password entry method is achieved by displaying an ordered arrangement or matrix of characters such that an authorized user's password is predetermined from a subset of these characters. The characters in the display are associated with a randomly ordered set of patterns or colors as, for example, the character background in the display. Additionally there is provided a means for selecting each type of pattern or color. Rather than entering the password directly, the authorized user is authenticated by noting the background pattern or color associated with the first character of the password and then selecting that pattern or color. The process is repeated with each password character in sequence until all the characters have been selected. The authorized user is authenticated by verifying that the selected backgrounds are correct for each of the characters of the password. | 02-05-2009 |
20090037987 | Application Programming Interface for Implementing Directory Service Access Using Directory Service Markup Language - A set of DSML application programming interface (DSML API) functions is provided to facilitate the implementation of DSML-based directory service access. The DSML API includes a DSML document API class for building or accessing a DSML payload, and a DSML connection API class that handles connection and transport to a DSML server. To access a directory service, the client calls functions of the DSML document API class to generate a DSML request payload, and calls functions of the DSML connection API to transport a packet with the DSML request payload according to a pre-selected connection protocol, such as SOAP, to the DSML server for forwarding to the directory service. | 02-05-2009 |
20090044259 | MOBILITY DEVICE PLATFORM PARADIGM - A mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device. Further, the mobility device management server is operable to perform one or more mobility device management functions to provide encryption keys to cooperating mobility devices and to authenticate and verify cooperating mobility devices requesting web services from the mobility device management server. The mobility device management server and mobility device may further operate to perform authentication and verification using user identification and password information. | 02-12-2009 |
20090049531 | Coordinating credentials across disparate credential stores - Apparatus and methods are described for coordinating user credentials across multiple disparate credential stores. A synchronizing engine requests and receives past and present credential information from the disparate credential stores. Users indicate which, if any, of the credential information they desire to synch together. Upon common formatting of the credential information, comparisons reveal whether differences exist between the past and present versions. If differences exist, the information is updated. In this manner, users link together various passwords, keys or other secrets to maintain convenience from a single point of control, such as in a single-sign-on (SSO) environment, regardless of the disparateness of the stores. The reverse is also possible such that linked credentials are accessible from the multiple stores. Retrofitting existing SSO services is another feature as are computer program products and computing network interaction. User or enterprise policies are also used in governing these credentials. | 02-19-2009 |
20090049532 | METHOD, DEVICE AND SYSTEM FOR USER AUTHENTICATION ON PASSIVE OPTICAL NETWORK - The present invention relates to a method, a device and a system for user authentication on a PON. The method includes the following steps: an OLT receives a user authentication request initiated by an ONU, which carries a password ID; the OLT authenticates according to the user password ID reported by the ONU, and opens or closes a channel from the ONU to the network side according to the authentication result. The invention further discloses a PON and an OLT. According to the method for user authentication in the invention, user management and maintenance of PON may be easier and simpler, and terminal interchangeability and user security may be improved; moreover, after a user changes the ONU, the new ONU may also access the network using the password ID. | 02-19-2009 |
20090055906 | METHOD AND APPARATUS FOR EMBEDDED MEMORY SECURITY - A method and apparatus for protecting data in a memory block from unauthorized access. When writing or reading data to or from the memory block an error correction code (ECC) is used to calculate an ECC value, wherein the calculation of the ECC value is based on a combination of the data and a password provided to the memory block prior to reading or writing. In case the calculated ECC value does not match a stored ECC value a write or read error is signalled to the device requesting the operation. | 02-26-2009 |
20090064290 | Searching and replacing credentials in a disparate credential store environment - Apparatus and methods are described for searching and replacing user credentials in a multiple disparate credential store environment. Upon authentication of a user to change credentials, credential information of multiple disparate credential stores is searched. Upon population of search results, users indicate which of the credentials they desire to change and results are committed upon affirmative execution in a user interface dialog. In this manner, users locate their credential information, from whatever store, and change it in quantity or singularly from a single point of control. They can also fully understand how many passwords, secrets, keys, etc., they have over the many disparate stores available to them and affirmatively control their relationship to other credential information. Reversion of credential information to an earlier time is still another feature as is retrofitting existing SSO services. Computer program products and computing network interaction are also disclosed. | 03-05-2009 |
20090064291 | System and method for relaying authentication at network attachment - An information processing system for remote access computing comprising a network access server and a local authentication server is augmented with the capability for relaying authentication requests by tunneling interactions between the requesting client and an identity provider. | 03-05-2009 |
20090064292 | TRUSTED PLATFORM MODULE (TPM) ASSISTED DATA CENTER MANAGEMENT - Techniques for trusted platform module (TPM) assisted data center management are provided. A data center registers TPM remote attestations for physical processing environments of physical devices within a data center. Each time a physical processing environment is established; a new TPM remote attestation is generated and validated against the registered TPM remote attestation. Additionally, during registration other identifying information is supplied to the physical processing environments that permit each physical processing environment to be authenticated, validated, and controlled via unique identities. Inter-data center communication is established for sharing virtual processing environments and administrative operations are authenticated within each of the data centers perform any administrative operation is permitted to process within a particular data center. | 03-05-2009 |
20090070859 | Method and Apparatuses for Secure, Anonymous Wireless Lan (WLAN) Acess - A method and system for providing secure, anonymous access to a wireless local area network, including configuring an access point to drop packets except packets exhibiting an URL access protocol like HTTP and HTTPS, intercepting a URL access request by an access point from a mobile device via a web browser, re-directing the URL access request to a web server by the access point generating a security key by one of the access points and the web server, communicating the generated security key to the said web server securely by the access point or vice versa and setting the security key by the access point is described. A mobile device including means for forwarding a request for secure access to a wireless local area network via a URL access request, means for receiving a mobile code or a signal for displaying a security key and means for setting the security key is also described. | 03-12-2009 |
20090070860 | AUTHENTICATION SERVER, CLIENT TERMINAL FOR AUTHENTICATION, BIOMETRICS AUTHENTICATION SYSTEM, BIOMETRICS AUTHENTICATION METHOD, AND PROGRAM FOR BIOMETRICS AUTHENTICATION - A template sharing processing is performed between a first authentication server and a second authentication server. A client terminal generates two parameter differences, one of which is sent to the first authentication server, and the other to the second authentication server. The first authentication server transforms an already-registered template with the received parameter difference to create a temporary template and sends the temporary template to the second authentication server. The second authentication server transforms the received temporary template with the already-received parameter difference to create and register therein a further transformed template. A storage medium stores therein only a single master key for generating a parameter. | 03-12-2009 |
20090070861 | WIRELESSLY ACCESSING BROADBAND SERVICES USING INTELLIGENT CARDS - The present disclosure is directed to a system and method for wirelessly accessing broadband services using intelligent cards. In some implementations, a broadband service card includes a physical interface, a communication module, secure memory, and service module. The physical interface connects to a port of a consumer host device. The communication module wirelessly receives RF signals from and transmits RF signals to a wireless broadband network. The secure memory stores user credentials used to securely authenticate the card and access a service foreign to the consumer host device through the wireless broadband network independent of the consumer host device. The user credentials are associated with a broadband service provider. The service module accesses the foreign service using the user credentials in response to at least an event and transmits a service request to the broadband service provider using the wireless broadband core network. | 03-12-2009 |
20090077636 | AUTHORIZING NETWORK ACCESS BASED ON COMPLETED EDUCATIONAL TASK - In one embodiment, a method comprises authentication a user of a client device by a network access device; selectively sending an education assignment request to an authorization server, by the network access device, in response to receiving a request from a client device for access to a network and based on determining the user requires educational authorization to access the network, the education assignment request including an identifier for identifying the user; forwarding to the client device an educational assignment received from the authorization server for completion by the user of the client device; forwarding to the authorization server a response to the educational assignment and having been received from the client device; and selectively authorizing, by the network access device, the access to the network by the client device based on a received authorization message from the authorization server relative to the response to the educational assignment. | 03-19-2009 |
20090077637 | METHOD AND APPARATUS FOR PREVENTING PHISHING ATTACKS - The invention includes a method and apparatus for preventing phishing attacks. A first method, for informing a user that a remote server is valid, includes receiving a request for information available from the remote server where the request includes an identifier, obtaining a dynamic personal attribute associated with the user using the identifier, and propagating the dynamic personal attribute toward the user, wherein the dynamic personal attribute is adapted for use by the user in validating the remote server. The remote server may be a web server, an authentication server, or any other remote device with which the user may desire to authenticate. A second method, for informing a user that a received message is associated with a valid website, includes obtaining a dynamic personal attribute associated with a user, generating a message for the user where the message is adapted to enable the user to request a website and includes the dynamic personal attribute associated with the user, and propagating the message toward the user. The received message may be any type of message, such as an email message, an instant message, a text message, and the like. | 03-19-2009 |
20090077638 | Setting and synching preferred credentials in a disparate credential store environment - Apparatus and methods are described for using preferential credentials in an environment of multiple disparate credential stores. For at least two disparate credential stores, credential information is known, including a preferred credential indicated by a user. Upon indication of a desire to link another credential information to the preferred credential information, the two are mapped to one another. Users can sign-on, singularly, with the preferred credential information, and have access to both the disparate credential stores. A credential value can be shared by multiple credential ID's or one credential ID can be associated with multiple credential values thereby giving users the ability to cross-reference secrets and credentials for most efficiency. Default credentials are also possible as are retrofits for existing SSO services. Policy applications, computer program products and computing network interaction are other noteworthy features. | 03-19-2009 |
20090077639 | SYSTEM AND METHOD OF PROCESSING AN AUTHORING ASSIGNMENT - A system and method of processing an authoring assignment enable an authoring assignment to be requested, forwarded, created, modified, accepted, rejected, and published electronically. A request that an authoring assignment be completed may be created and communicated electronically using an authoring assignment processing system. The request may be received by one or more users that may process the assignment. A completed assignment may be forwarded for approval to the user that requested the assignment. The requestor may approve or reject the assignment. A notification may be transmitted, for example, via electronic mail, text message, phone call, facsimile, etc. to the user that created the assignment notifying the user that the assignment has been approved or rejected. The assignment may be forwarded to another user, published, or have another function performed thereon. The system and method may maintain a history of actions performed on the assignment and data relating to each of the actions. Notes and other documents may be attached to the authoring assignment. The request and assignment may be stored as proxy documents. The proxy documents may be converted to a final document upon acceptance of the assignment. The proxy documents contain metadata of the final document that enable the proxy document to act as the final document until the final document is created. | 03-19-2009 |
20090077640 | SYSTEM AND METHOD FOR VALIDATING USER IDENTIFICATION - A method for validating user identification includes the steps of: guiding a user to input a user ID through a login interface; comparing the user ID with original identifications stored in a database ( | 03-19-2009 |
20090083838 | Method and System For Assuring Security of a Transaction in a Telecommunicaiton Network - The invention relates to a method for a beneficiary to acquire a right to use a digital content in a contents distribution system comprising a commercial server ( | 03-26-2009 |
20090083839 | Fingerprint system and method for access control - A fingerprint method for access control includes the steps of: providing an application server ( | 03-26-2009 |
20090089863 | Secure tunnel performance using a multi-session secure tunnel - A method of communicating data over a network is provided. A secure tunnel may be implemented through the network between two computers. Performance limitations of the secure tunnel with a single session can be alleviated by establishing multiple sessions for the tunnel. | 04-02-2009 |
20090094686 | METHOD FOR BYPASSING PASSKEY EXCHANGE AND AUTHENTICATION PROCEDURES - A method and system thereof for establishing a wireless connection to a device while bypassing passkey exchange and authentication procedures. Passkeys are authenticated and exchanged with another device. At the user's discretion, the passkey for the other device can be stored in memory. In the case in which the passkey is stored, the other device is considered a “trusted device.” Subsequently, when a trusted device is discovered and selected, and a wireless connection to the trusted device is made, the passkey for the trusted device is automatically retrieved from memory. As such, it is not necessary for the user to manually input a passkey or for the devices to perform a passkey exchange and authentication procedure. | 04-09-2009 |
20090100507 | SYSTEM TO AUDIT, MONITOR AND CONTROL ACCESS TO COMPUTERS - An audit, monitor, and access control system for use with at least one user computer and at least one protected computer. The system includes first software to authenticate authorized access by a user computer. A server connection network adapter permits communication with a user computer. Second software is provided to authenticate authorized superuser access by a user computer. A client connection network adapter permits communication with a protected computer. All data transferred and all activity between user computers and protected computers is recorded. Additionally, all data transferred and all activity between the user computers and the protected computers is audited. | 04-16-2009 |
20090100508 | METHOD AND APPARATUS FOR THE SECURE IDENTIFICATION OF THE OWNER OF A PORTABLE DEVICE - An authentication system is provided that includes a portable device and a decryption node. An individual uses the portable device, such as a portable device like a cell phone to compute a challenge and a response. The challenge and response is sent to a decryption node. In response, the decryption node computes a presumed response and compares the presumed response to the response of the portable device, in order to authenticate the individual associated with the portable device. | 04-16-2009 |
20090106825 | SYSTEM AND METHOD FOR USER PASSWORD PROTECTION - A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method. | 04-23-2009 |
20090113527 | MOBILE AUTHENTICATION FRAMEWORK - Disclosed are apparatus and methods for associating a mobile device with a web service or a user account. A unique code is displayed on the mobile device. The unique code is associated with a user account or web service to be utilized with the mobile device. Instructions for a user to enter the unique code in an authentication process via an authentication portal of a management device are also displayed. After it is determined that a user has performed the authentication process, any user identification, which has been associated with the unique code, is then obtained from the management device. The obtained user identification is then stored for use by the mobile device. After user identification has been obtained and stored, the stored user identification is used for the mobile device to participate in an authentication process for authorizing the mobile device to utilize a web service or user account associated with the user identification. The authentication process is participated in by the mobile device without requiring input from the user during such authentication process. | 04-30-2009 |
20090113528 | TECHNIQUES FOR AUTHENTICATION VIA NETWORK CONNECTIONS - Techniques for authenticating network connections are provided. A client makes a request to connect to a server via a client service. The server delays the request to acquire a signature for the client service from the requesting client's environment. The signature is compared against a known and previously verified signature. When the two signatures match, the server permits the connection between the client and the service via the client service. When the two signatures do not match, the server denies the connection between the client and the server and does not permit the client service to process a request to make that connection. | 04-30-2009 |
20090113529 | Method and system for restricted biometric access to content of packaged media - A system, method, and user device for restricting access to the content of media over a network. Biometric information is collected and compared against pre-stored biometric information of a user to authenticate the identity of the user. The user then requests access to the content of a medium. Access is permitted to the requested content if the content is identified as content, or indicia identifying the content, that the user previously uploaded to the server. Access is denied to the requested content if the content is not identified as content, or indicia identifying the content, that the user previously uploaded to the server. | 04-30-2009 |
20090119756 | Credential Verification using Credential Repository - A credential repository securely stores user credentials. The credential repository may be accessed by multiple entities. Instead of having a user carry his credentials with him (e.g., on a credit card or driver's license, which can be lost or stolen), the user's credentials are retrieved from the credential repository for use in a transaction. A merchant or other entity requesting the transaction receives these retrieved credentials and uses them to verify the identity of the user who seeks to participate in the transaction. A time-to-live value may be associated with the retrieved credentials. Successful verification of the user's identity enables private or personal data of the user to be released to the merchant or other entity. Optionally, the user explicitly authorizes the release of the data. | 05-07-2009 |
20090119757 | Credential Verification using Credential Repository - A credential repository securely stores user credentials. The credential repository may be accessed by multiple entities. Instead of having a user carry his credentials with him (e.g., on a credit card or driver's license, which can be lost or stolen), the user's credentials are retrieved from the credential repository for use in a transaction. A merchant or other entity requesting the transaction receives these retrieved credentials and uses them to verify the identity of the user who seeks to participate in the transaction. A time-to-live value may be associated with the retrieved credentials. Successful verification of the user's identity enables private or personal data of the user to be released to the merchant or other entity. Optionally, the user explicitly authorizes the release of the data. | 05-07-2009 |
20090119758 | Transmitting Device, Transmitting and Receiving Device, Mobile Terminal Device, Transmitting Method, Transmission Program, Transmission and Reception Program, and Computer-Readable Recording Medium - The mail transmitting and receiving device ( | 05-07-2009 |
20090125989 | EXTENSION POINT APPLICATION AND CONFIGURATION OF A LOGIN MODULE - Embodiments of the present invention address deficiencies of the art in respect to applying application security to an extension point oriented application framework, and provide a novel and non-obvious method, system and computer program product for log-in module deployment and configuration in an extension point oriented application. In this regard, a method for log-in module deployment and configuration in an extension point oriented application can include installing a proxy to a login controller plug-in for the extension point oriented application, and proxying login module directives from an external security service to the login controller plug-in for the extension point oriented application. | 05-14-2009 |
20090125990 | WIRELESS E MAIL CONNECTIVITY - A method, system and software enable e-mails to be sent from a mobile wireless device on which an email client application is installed while roaming on any wireless IP network, without limitation due to the home ISP restrictions. This involves the steps of: automatically or manually configuring the roaming user's email client to deliver email locally on the mobile device; so intercepting emails sent by the e-mail client; determining if the currently connected network is on a predefined list; avoiding outgoing email server flooding; routing of the email through a dedicated secure SMTP server with SMTP authentication and encryption; and associating wireless network log-in credentials with SMTP authentication credentials in a secure and hidden manner. | 05-14-2009 |
20090125991 | SECURE MANAGEMENT OF AUTHENTICATION INFORMATION - A system, method and computer program product are provided for managing authentication information for a user. According to the method, a master digital key is received from the user, and authentication of the user is obtained based on the master digital key. There is received from the user a selection of one identity from among a plurality of identities that are stored for the user. Authentication information for the user is provided into an application or web page based on the one identity selected by the user. In one embodiment, the authentication information is provided by recognizing a web page for which authentication information is stored, and automatically filling the authentication information for the user into appropriate elements of the web page. | 05-14-2009 |
20090133105 | MULTI-MEDIUM WIDE AREA COMMUNICATION NETWORK - A communication network including a primary network, and an auxiliary network. The primary network includes wireless stations each able to transmit and receive data over the primary network, and bridge stations able to transmit and receive data both over the primary network and over the auxiliary network. The auxiliary network includes auxiliary stations and bridge stations each able to transmit and receive data over the auxiliary network. At each bridge station, the activity of other stations on both the primary network and the auxiliary network is monitored to establish the availability of intermediate stations for onward transmission of message data from an originating station to a destination station. Message data is transmitted from the originating station to the destination station via at least one opportunistically selected intermediate station, including at least one bridge station. | 05-21-2009 |
20090133106 | Authentication Frequency And Challenge Type Based On Environmental And Physiological Properties - An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.). | 05-21-2009 |
20090138946 | Provisioning a network appliance - A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and requesting and receiving a unique identifier from a service provider, where the unique identifier is used for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR with the unique identifier to the service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate. | 05-28-2009 |
20090138947 | Provisioning a network appliance - A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and generating a provisionally unique identifier from the network appliance for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR, the provisionally unique identifier, and information about the user login to a service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate. | 05-28-2009 |
20090144810 | METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION - A method and apparatus for providing authentication are disclosed. For example, the method receives a request from a customer to access a service via a first user endpoint device, and sends a first authentication request to the customer for first authentication information. The method then sends a second authentication request to the customer for second authentication information via a second user endpoint device if the first authentication information is received, wherein the first user endpoint device is different from the second user endpoint device. The method then enables the customer to proceed with accessing the service if the second authentication information is received. | 06-04-2009 |
20090144811 | CONTENT DELIVERY SYSTEM - The selection of video content to be delivered to a video reproducing terminal is enabled from a communication terminal with WEB function without exposing a user ID. When a terminal makes a transfer request of content data, a web server requests a delivery management server for a transfer ID. The delivery management server issues the transfer ID each time the request is made and transmits it to the web server. The web server transmits the content data to a delivery server. The delivery server stores the content data from the web server correspondingly to the transfer ID. When receiving a delivery request including a transfer ID inputted to a video reproducing terminal from the video reproducing terminal, the delivery server reads the content data corresponding to the received transfer ID, and transmits it to the video reproducing terminal. | 06-04-2009 |
20090144812 | ENTRY AUXILIARY APPARATUS, ENTRY AUXILIARY SYSTEM, ENTRY AUXILIARY METHOD AND ENTRY AUXILIARY PROGRAM - An entry auxiliary apparatus includes: an authentication entry detection unit, an adequacy determination unit and an entry auxiliary unit. The authentication entry detection unit detects a first authentication server URL included in data of a web page displayed. The adequacy determination unit compares the first authentication server URL with a second authentication server URL included in login information indicating an input history of authentication information and a third authentication server URL included in a service group. The service group, which includes a group of authentication server URLs locating authentication servers that authenticate with an identical authentication information, is related to the login information. The adequacy determination unit relates the login information to an adequacy level depending on a result of the comparison. The entry auxiliary unit assists input of authentication information into the web page based on the login information and the adequacy level. | 06-04-2009 |
20090144813 | METHOD TO CONTROL ACCESS BETWEEN NETWORK ENDPOINTS BASED ON TRUST SCORES CALCULATED FROM INFORMATION SYSTEM COMPONENT ANALYSIS - Signatures are generated for modules in a computer system. The signatures can be assembled into an integrity log. The signatures are compared with signatures in a database in an integrity validator. Once signatures are either validated or invalidated, a trust score can be generated. The trust score can then be used to determine whether the computer system should be granted access to a resource using a policy. | 06-04-2009 |
20090150980 | Management Control of Assets - Methods and systems for managing the issue or return of secure assets are disclosed. The methods and systems use biometric identification for assured security. | 06-11-2009 |
20090150981 | MANAGING USER ACCESS ENTITLEMENTS TO INFORMATION TECHNOLOGY RESOURCES - A computer implemented method, data processing system, and computer program product for logical management and provisioning of business applications within the framework of an identity management system. The illustrative embodiments providing an interface layer to map respective attributes, permissions, and resource accounts in a data repository needed to represent access to business applications via a managed service in the identity management system. The illustrative embodiments define user entitlements on a user account associated with the managed service. The illustrative embodiments provision user access to the business applications via the managed service in the identity management system upon user request. | 06-11-2009 |
20090150982 | APPARATUS AND METHOD FOR DOMAIN MANAGEMENT USING PROXY SIGNATURE - A domain management apparatus and method using a proxy signature is provided. A domain management apparatus which manages a device domain being a set of at least one user device, the apparatus including: a registration performing unit for performing a registration procedure for registering the domain management apparatus in a service providing apparatus; a license issuance authority receiving unit for receiving a license issuance authority for content use from the service providing apparatus; and a service providing unit for providing the at least one user device with a content service and a license generated by the license issuance authority. | 06-11-2009 |
20090158403 | METHOD AND SYSTEM FOR PERMITTING OR DENYING SERVICE - Aspects of the invention relate to a computer-implemented method and system of permitting or denying service for a user device of a user of a service in relation to a recipient, who is the counterparty, is proposed. The method is executed in a system configured for connecting to the user device. The system is configured for accessing a recipient requirement list of the recipient and a user profile of the user. The recipient requirement list comprises at least one criterion regarding an item of said user profile. A service request is received from the user device. The service request contains an identifier of the recipient. The recipient requirement list is traced on the basis of this identifier. Subsequently, it is checked whether an item of the user profile satisfies the at least one criterion of the traced recipient requirement list. Service is permitted if the item of the user profile satisfies said at least one criterion of said recipient requirement list. Service initiation or service establishment is denied if said item of said user profile does not satisfy said at least one criterion of said recipient requirement list. | 06-18-2009 |
20090158404 | APPARATUS, SYSTEM, AND METHOD FOR USER AUTHENTICATION BASED ON AUTHENTICATION CREDENTIALS AND LOCATION INFORMATION - A computer program product, apparatus, and system, are disclosed for user authentication based on authentication credentials and location information. A computer program product performs operations for such authentication. These operations of the computer program product include referencing past user location information in response to an authentication validation request and referencing current user location information. These operations also include determining a maximum allowable distance between an authentication attempt location associated with the authentication attempt location identifier and a past location associated with the past user interaction location identifier, and managing the authentication attempt, in response to determining that the physical authentication attempt location is outside the maximum allowable distance. The computer program product, apparatus, and system thereby reduce the possibility of identity theft by adding an element of location awareness to the authentication process. | 06-18-2009 |
20090158405 | SYSTEM AND METHODS FOR CREDENTIALING ON-LINE INFORMATION PROVIDERS - A method of credentialing network-based sources of information, commentary, and opinion is provided. The method includes receiving a request for recognition, the request received by a credential clearinghouse (CCH) from at least one credential-granting organization (CGO), and, in response to the request for recognition, granting recognition to the CGO if the CGO is determined by the CCH to satisfy a predetermined standard of credibility. The method further includes, after the CGO is granted recognition, receiving from a user entity a request for a credential granted by the CGO, and granting the credential if the user entity is determined to satisfy a predetermined set of credentialing benchmarks. Additionally, the method includes posting on a publicly-accessible data communications network site an object comprising at least one among information content, commentary, and opinion, the object being associated with the user entity and including an indicator indicating the grant of the credential. | 06-18-2009 |
20090158406 | PASSWORD RESET SYSTEM - A customer initiated password reset system resets user passwords on a variety of network entities, such as internal systems, allowing simultaneous reset with a minimum number of user specified passwords that nonetheless satisfy the password specifications of these internal systems. Thereby, the user avoids the tedium of logging into each of these systems, changing their password, logging out, etc., for each system with the likelihood of creating unique passwords for each system that have to be remembered. By further incorporating a score metric based upon how many character sets are touched, a required degree of complexity can be measured and enforced against the password specifications. Advantageously, a table-based approach to enforcing password reset against the multiple password specifications facilitates making and fielding updates. | 06-18-2009 |
20090165096 | DYNAMIC RADIUS - A system includes a remote authentication dial in user service (RADIUS) server in communication with a network access server. The network access server provides an authentication request to the RADIUS server. The authentication request includes at least a user identifier and a device identifier. The RADIUS server determines an authentication format utilized by the network access server based on the received authentication request. The system may also determine an authorization level to provide with an authentication response. | 06-25-2009 |
20090165097 | SINGLE SIGN-ON FOR OS BOOT IMAGE PROVISIONING AND OS LOGIN BASED ON USER IDENTITY - A method for single sign-one for operating system (OS) boot image provisioning and OS login based on user identity includes receiving authentication information from an information handling system (IHS) over a network. The authentication information is associated with a user. The authentication information is sent to network services. Boot image information is received from the network services. The boot image information is associated with a boot image and the authentication information. The boot image is provisioned to the IHS over the network, wherein the boot image includes an OS that is configured to read the authentication information from a shared memory region of the IHS and use the authentication information to auto-login the user to the OS. | 06-25-2009 |
20090165098 | METHOD OF AND SYSTEM FOR CONDUCTING A TRUSTED TRANSACTION AND/OR COMMUNICATION - A method of conducting a communication over a communication network. It comprises registering a user as a member user of a securing entity, the securing entity authenticating personal data of the member user via a trusted third party entity; sorting the personal data of the member user according to categories comprising identifying, non-identifying and semi-identifying data, non-identifying and semi-identifying data being correlated to identifying data by a sworn person, only non-identifying and/or semi-identifying data being requestable by any client entity during a transaction and/or a communication; archiving identifying data in a trusted third party entity; and electronically storing at least a part of semi-identifying data in a trusted third party entity database, and non-identifying data in a securing entity database. A system for conducting a communication over a communication network and a medium for storing processor instructions for controlling a system for communicating over a communication network are also disclosed. | 06-25-2009 |
20090165099 | PROVISIONING ACTIVE MANAGEMENT TECHNOLOGY (AMT) IN COMPUTER SYSTEMS - Active management technology (AMT) may be provisioned in a client device automatically, which may provide a secure connection between the provisioning server and the client device. The client device comprising the active management technology may support zero-touch provisioning and one-touch provisioning. | 06-25-2009 |
20090165100 | WEB PAGE SAFETY JUDGMENT SYSTEM - A user terminal displays on its display unit a target web page including an authentication information input field into which input authentication information is inputted by the user terminal. The user terminal judges first to third validity levels for a plurality of login history information by referring to a login information list and a service group information. The user terminal selects a corresponding process from a plurality of predetermined processes for the input authentication information based on existence or absence of the login history information in the first or second validity level and on a result of checking the input authentication information with login information in the login history information in the first to third validity levels. The user terminal executes the corresponding process. | 06-25-2009 |
20090172788 | TECHNIQUES FOR CREDENTIAL STRENGTH ANALYSIS VIA FAILED INTRUDER ACCESS ATTEMPTS - Techniques for credential strength analysis via failed intruder access attempts are presented. Intruders attempting to access a secure network with failed credentials are monitored. The failed credentials are retained and evaluated in view of previously recorded failed credentials. Credential policy is updated in response to the evaluation and intruder trends and sophistication levels are also predicted in response to the evaluation. | 07-02-2009 |
20090172789 | Policy Based, Delegated Limited Network Access Management - Policy-based, delegated limited network access management places day-to-day control of network access in the hands of authorized users, referred to as resource access administrators, selected for their business knowledge and ability to respond quickly to business events. Resource access administrators have the ability to respond, in the form of access decisions proposed by individuals with knowledge or, or responsibility for business processes and business partner relationships and shaped and pre-approved by network security specialists, referred to as network access administrators. This approach, therefore, reduces the cost, complexity, and delay (latency) associated with managing external network access without compromising network security. | 07-02-2009 |
20090172790 | DESIGN INFORMATION PROVIDING SYSTEM AND DESIGN INFORMATION PROVIDING SERVER - To provide a design information providing system equipped with a mechanism that does not allow continuation of manufacturing of products unless a patent license contract is concluded. | 07-02-2009 |
20090172791 | USER ACCESS METHOD AND SYSTEM - A user access method and system are provided. The method includes the following steps. After the connection between a terminal and an access network AN is disconnected, a media access control identifier MAC ID is preserved in a predetermined time period. If the terminal initiates an access to the AN within the predetermined time period, the MAC ID is used by the terminal for accessing the AN. The system of the present embodiment includes a terminal and an AN. According to the method and system, the access time initiated by the terminal is reduced, the access collision is avoided, and the system performance is greatly enhanced. | 07-02-2009 |
20090178122 | ASSOCIATING COMPUTING DEVICES WITH COMMON CREDENTIALS - Method and computer storage media for sharing resources between a plurality of computing devices associated with a common non-enterprise network. A common set of credentials is stored on at least two or more of a plurality of computing devices that reside behind a routing device and are associated through a common non-enterprise network. Upon storing the common set of credentials, each of the two or more of a plurality of computing devices create a local account that contains, at least, the common set of credentials. The common set of credentials allow for the sharing, among the two or more of the plurality of computing devices, of resource that reside on or are associated with the computing devices. | 07-09-2009 |
20090178123 | TRUSTED INTERNET IDENTITY - A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requester by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request. | 07-09-2009 |
20090183243 | USER AUTHORIZATION SYSTEM AND METHODS - A slot management system including a download and configuration server-based sub-system and method is disclosed for use with game devices, systems, and methods is provided to enable users to monitor, control, and modify game devices and other related activities. A computerized authorization system authorizes users access to the slot management system. | 07-16-2009 |
20090187978 | SECURITY AND AUTHENTICATIONS IN PEER-TO-PEER NETWORKS - A system and method for providing access to a secured data resource to a client on a peer-to-peer network. The system includes a content management server which receives and verifies a first request for access to a secured data resource from the client. If the first request is valid, the content management server generates a second request for access to the secured data resource which comprises peer-to-peer control information and information identifying the secured data resource, and which can additionally include a signature generated using a shared key. The content management transmits the second request to the client, which then retransmits the second request to a peer-to-peer control server. The control server receives the second request and validates it. Such validations can include validating the request with the shared key. If the second request is valid, the control server transmits instructions for accessing the secured data resource back to the client. | 07-23-2009 |
20090187979 | METHOD AND APPARATUS FOR GLOBAL UNIQUE IDENTIFIER, INCLUDING ID DATABASE - An entity can request the generation of a unique identifier to serve as a common identifier for the entity immune to changes in the entities contact information. A data base entry indexed at least in part by the unique identifier can be created for housing further contact information for the entity. The unique identifier can remain a constant focal point for contacting the entity or obtaining contact information about the entity. The entity can update contact information in the data base entry and as such, the unique identifier can be used to access current contact information. | 07-23-2009 |
20090199276 | Proxy authentication - A first application that is hosted by a first machine receives a login request from a user. The first application requests authentication verification from a second application that is hosted by a second machine. The first application authenticates the user if the user was authenticated by the second application, wherein the user can be authenticated by both the first application and the second application after having provided authentication credentials to one of the first application or the second application. | 08-06-2009 |
20090199277 | CREDENTIAL ARRANGEMENT IN SINGLE-SIGN-ON ENVIRONMENT - Apparatus and methods arrange user credentials on physical or virtual computing devices utilizing a single-sign-on framework. During use, a plurality of target environments exist for a user to logon to one or more applications thereof, including at least a personal and workplace environment. One or more roles of the user are identified per each target environment, such as a shopper in the personal environment and an engineer or manager in the workplace environment. The user has credentials per each role and are used to logon using a single-sign-on session to access the one or more applications. The credentials are stored in a secret store corresponding to the defined roles of the user per either the personal or workplace environment. Workplace policies defining the roles or synching credentials are other features as are establishing default roles or retrofitting existing SSO services. Computer program products and computing interaction are also disclosed. | 08-06-2009 |
20090205024 | SYSTEM AND METHOD FOR DYNAMIC LAYER 2 WHOLESALE - Methods and systems consistent with the present invention provide a dynamic mechanism to support wholesale access for broadband subscribers. This mechanism involves dynamically discovering a retail ISP for a subscriber, and dynamically cross-connecting a subscriber's connection to a logical connection corresponding to a retail ISP, and is equally applicable to static, PPP and DHCP-based subscribers. Furthermore, dynamic steering of subscribers can be performed at layer 2 or layer 3 of the OSI model. | 08-13-2009 |
20090205025 | Wireless apparatus and method for configuring access point with wireless terminal - A wireless apparatus and a method for configuring an access point with a wireless terminal are disclosed. The wireless apparatus comprises at least one access point with a SSID and a security key. The SSID has a default value and the security key has a null value. The access point is enabled when the wireless apparatus is in an initial status. The SSID and the security key are respectively set with predetermined values through the wireless terminal when the access point is enabled. When the setting of the SSID and the security key is done, the access point then is disabled. | 08-13-2009 |
20090205026 | File transfer system for direct transfer between computers - A file authentication requesting device that stores a computer program for requesting authentication of files in digital systems, the device comprises a confirmation request system that generates a request for a confirmation receipt from a third party authenticator authenticating the attributes of a file; a transferring system that transfers attributes of at least one file to be authenticated to the third party authenticator from the device that requested the confirmation; and a receiving system that receives the confirmation receipt comprising authenticated file attributes, after authentication by the third party authenticator; wherein, at least one file authentication is received from the third party authenticator. Corresponding processing devices, media, systems and methods are also provided. | 08-13-2009 |
20090210932 | ASSOCIATING NETWORK DEVICES WITH USERS - Systems, devices, and methods for associating network devices with users are described, which can facilitate establishing a secure user to network device association. In various embodiments, the disclosed subject matter facilitates devices providing indication of location and device identity to a user and recognizing the user is in the proximity of the device. The disclosed subject matter provides efficient and secure device to user association and can facilitate performing customized actions based on the nature of the association. | 08-20-2009 |
20090217357 | Method and System for Managing Authentication of a Mobile Terminal in a Communications Network, Corresponding Network and Computer-Program Product - A terminal is authenticated in view of inclusion in a communication network by an authentication process conditioned upon location information transmitted from the terminal to at least one server in the network. At least one access point for the terminal to the network is configured for allowing a non-authenticated terminal to transmit to an authentication server in the network authentication messages based on a given authentication protocol, such as, e.g., EAP. The terminal is configured for transmitting the location information to the authentication server by conveying it over the authentication protocol. A location system can be integrated in the terminal to generate location information identifying the location of the terminal, and in that case the terminal is configured for transmitting the location information identifying the location of the terminal to authentication server. As an alternative, a location server is associated with the network and the location information is transmitted from the terminal to the location server. On the basis of the location information transmitted from the terminal, the location server generates location information identifying the location of the terminal and sends the information to the authentication server. | 08-27-2009 |
20090217358 | TECHNIQUES FOR SECURE TRANSPARENT SWITCHING BETWEEN MODES OF A VIRTUAL PRIVATE NETWORK (VPN) - Techniques for secure transparent switching between modes of a virtual private network (VPN) are provided. A principal, via a client, establishes a VPN session in a first mode of operation with a server. The principal subsequently requests a second mode of operation during the same VPN session. The VPN session is transparently transitioned to the second mode of operation without any interaction being required on the part of the principal and without terminating the original VPN session. | 08-27-2009 |
20090217359 | CONNECTION AUTHENTICATION SYSTEM, TERMINAL APPARAUS, CONNECTION AUTHENTICATION SERVER, CONNECTION AUTHENTICATION METHOD, AND PROGRAM - The first terminal apparatus includes a key information acquiring unit that acquires key information from a connection authentication server, a key information notifying unit that notifies the first user of the key information, and a connection information acquiring unit that acquires connection information from the connection authentication server. The second terminal apparatus includes a key information input unit that receives the key information transmitted to the second user and an information providing unit that provides the key information and the connection information to the connection authentication server. The connection authentication server includes a key information providing unit that provides the key information to the first terminal apparatus, an information acquiring unit that acquires the key information and connection information of the second terminal apparatus from the second terminal apparatus, and a connection information providing unit that provides the connection information to the first terminal apparatus. | 08-27-2009 |
20090217360 | Data Search System, data serach method, and recording medium storing data search program - A data search system in which a data processing apparatus and a data search device are communicably connected includes an operational history acquisition unit to acquire operational history data including user data, information about current data processing and the document processed, and apparatus data, an apparatus data file storage unit to store an apparatus data file including the apparatus data and registered group data identifying a group that uses the data processing apparatus, a group-apparatus associator to associate the user data with the apparatus data file, a profile generator to generate a profile specifying significance degrees of the document in relation to the data processing apparatus and the group data, based on the operational history data, the apparatus data file, and the association, a profile storage unit to store the profile, and a data search unit to perform a data search according to a data search request from the user. | 08-27-2009 |
20090217361 | POLLING AUTHENTICATION SYSTEM - An exemplary authentication method includes sending a polling inquiry to an authentication module, identifying a passive notification sent from the authentication module in response to the inquiry, accepting authentication credentials in response to the passive notification, and transmitting authentication information based on the authentication credentials to the authentication module. An exemplary authentication system includes a remote server in communication with a client computer and hosting an access control module. An authentication server is in communication with the remote server and hosts an authentication module. A polling module is in communication with the authentication and access control modules, and is configured to send a polling inquiry to the authentication module, identify a passive notification sent from the authentication module in response to the inquiry, accept authentication credentials in response to the passive notification, and transmit authentication information based on the authentication credentials to the authentication module. | 08-27-2009 |
20090217362 | SELECTIVELY PROVISIONING CLIENTS WITH DIGITAL IDENTITY REPRESENTATIONS - A server provisions a client with digital identity representations such as information cards. A provisioning request to the server includes filtering parameters. The server assembles a provisioning response containing cards that satisfy the filtering parameters, and transmits the response to a client, possibly by way of a proxy. The provisioning response may include provisioning state information to help a server determine in subsequent exchanges which cards are already present on the client. A client may keep track the source of information cards and discard cards which a server has discarded. A proxy may make the provisioning request on behalf of a client, providing the server with the proxy's own authentication and with a copy of the request from the client to the proxy. | 08-27-2009 |
20090217363 | ELECTRONIC CREDENTIALS VERIFICATION AND MANAGEMENT SYSTEM - A credentials record system that creates and maintains all personnel data electronically is disclosed. The system captures personnel background data, such as license information, education and training, work experience, performance data and electronic signature at the time of entry using graphical user interfaces through a network. For example, computers with Internet connections may be used by authorized personnel to access, analyze, update and electronically annotate data even while other users are using the same record. An exemplary system may archive historical data is archived to create and record an audit trail of changes by the users. The system permits instant, sophisticated analysis of background data to identify relationships among the data, including archived data. Moreover, the system includes the capability to access reference databases for consultation regarding verification of data for accuracy on a continuous basis. The system also provides for an automated auditing process to ensure data integrity. The system may also include the capability to incorporate legacy data, such as paper files and mainframe data, for each personnel record. | 08-27-2009 |
20090222895 | Systems and Methods of Network Operation and Information Processing - Systems and methods are disclosed for network operation and information processing involving engaging users of a network. In one exemplary embodiment, there is provided a method of engaging users of a public-access network. Moreover, the method includes associating a processing component with the public-access network; transmitting a request for authorization to use the public-access network, including transmission of a specific identifier associated with the user; transmitting first data including data determined by processing software as a function of the specific identifier; and opening up a connection to the network for the user. In one or more further embodiments, the specific identifier may include or be a function of a processing component ID or the MAC address of a device associated with the user. Other exemplary embodiments may include building profiles of users who access the network based on information collected. | 09-03-2009 |
20090235338 | RESOURCE BASED NON-INTERACTIVE ENTITY APPLICATION PROXY METHOD AND SYSTEM - A security method and system. The method includes retrieving configuration data associated with a non interactive entity (NIE) software application. The configuration data comprises refresh counts, refresh periods, and session IDs. A master refresh period is calculated from the refresh periods. Credentials data associated with a requestor are retrieved. The credentials data are transmitted to a resource server. A session key generated by the resource server is received by the NIE software application. The NIE software application calculates a stale time associated with the session key. The NIE software application generates a first updated refresh count. The NIE software application stores the session key, the first updated refresh count, the first refresh period, and the first specified stale time. | 09-17-2009 |
20090235339 | STRONG AUTHENTICATION TOKEN GENERATING ONE-TIME PASSWORDS AND SIGNATURES UPON SERVER CREDENTIAL VERIFICATION - The invention defines a strong authentication token that remedies a vulnerability to a certain type of social engineering attacks, by authenticating the server or messages purporting to come from the server prior to generating a one-time password or transaction signature; and, in the case of the generation of a transaction signature, signing not only transaction values but also transaction context information and, prior to generating said transaction signature, presenting said transaction values and transaction context information to the user for the user to review and approve using trustworthy output and input means. It furthermore offers this authentication and review functionality without sacrificing user convenience or cost efficiency, by judiciously coding the transaction data to be signed, thus reducing the transmission size of information that has to be exchanged over the token's trustworthy interfaces | 09-17-2009 |
20090235340 | IDENTIFICATION MANAGEMENT SYSTEM FOR ELECTRONIC DEVICE AUTHENTICATION - In the conventional vertical integration system management form, it is impossible or difficult to limit the electronic device function or format when providing a service to an electronic device which is judged by a judgment server of an administrator of the service providing system with whom a service provider has not concluded a contract. To cope with this, a following system is suggested. That is, according to a use request from a first electronic device to a second judgment server, an identification management server which has received a guarantee request outputted from a first judgment server searches an identification management unit for managing information including the electronic device identifiers. According to the search result, a guarantee is outputted. According to the guarantee, the first judgment server outputs a guaranteed service request to the second judgment server. Thus, it is possible to provide a more flexible service provision environment by cooperating the user identification management with other vertical integration type system management form. | 09-17-2009 |
20090235341 | NETWORK INTERFACE APPARATUS, PRINT CONTROL METHOD, PRINT CONTROL PROGRAM, AND IMAGE FORMING APPARATUS - A network interface apparatus is connected to an image forming apparatus, and communicates with an information processing apparatus for transmitting a print data and an authentication server for performing an authentication of a user. The network interface apparatus receives the print data from the information processing apparatus, stores the print data, transmits an authentication request including user identification information to the authentication server according to a reception of the user identification information for identifying the user, and determines whether a communication with the authentication server is available. In a case where it is determined that the communication with the authentication server is available, the network interface apparatus obtains the print data according to the user identification information from the stored print data. In a case where it is determined that the communication with the authentication server is not available, the network interface apparatus turns off a setting of storing the received print data. The network interface apparatus transmits the print data to the image forming apparatus to print the obtained print data or to print the received print data in a case where the setting is turned off. | 09-17-2009 |
20090241173 | METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE - A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software. | 09-24-2009 |
20090241174 | Handling Human Detection for Devices Connected Over a Network - A system and method for determining whether a user of a computer is a human, comprising: generating dynamic request code asking the user for information; sending the dynamic request code to the computer; receiving validation code as an answer to the dynamic request code; and determining whether or not the validation code was generated by a human. | 09-24-2009 |
20090249450 | SYSTEM AND METHOD FOR CONTROLLING A WEBSPHERE PORTAL WITHOUT THE REQUIREMENT OF HAVING THE ADMINISTRATOR CREDENTIAL ID AND PASSWORD - A system and method for securely controlling (e.g., “starting” and “stopping”) a WebSphere Portal (WP) in a production environment without the requirement of having knowledge of (and using) the administrator credentials (ID and password). The system and method, as implemented in a Java application, receives from requesting users and determines whether the requesting users are authorized to control (start/stop) the portal by comparing each requesting user's ID and PW against a list of authorized user IDs and PWs and, if there is a match, passing on the authorized user ID and PW to the portal for controlling (starting/stopping) the WebSphere Portal. The system and method further conveys portal control request authorized user acceptances or portal control request unauthorized user rejections—depending upon whether the requesting user's ID and PW matches any of the list of authorized user IDs and PWs. | 10-01-2009 |
20090249451 | Access to Trusted User-Generated Content Using Social Networks - A method to access trusted user generated content (UGC) is provided. User registration information containing one or more identities is obtained. Each identity corresponds to an internet social network that is facilitated by one of a plurality of social network sites. The social relationships are collected using the provided user identities at the different social network sites and user extended social networks are created for each user by joining the social relationships collected. Then, UGC is collected from the plurality of social network sites and the collected UGC is correlated with the extended social networks. The correlated UGC is filtered according to the user configuration of a user making a request, and then the results are presented to the requesting user. A search function is provided to obtain information on demand, or alternatively, a user receives feeds of information according to configured information regarding the user's extended social network. | 10-01-2009 |
20090249452 | Systems and Methods for Flexible Service Delivery Network Services - A system and method are described that use a subscriber-centric approach to scalably support the delivery of network services across numerous access protocols and across a multitude of access devices. By allowing the use of a service engine that can range in complexity from a simple macro to a rules engine, this approach is suitable for bundled services, as well as single services. | 10-01-2009 |
20090249453 | METHOD AND SYSTEM FOR HUB-AND-SPOKE WEBSITE BROWSING AND NAVIGATION ON A MULTIPANED PLATFORM FOR THE COMMUNICATION, DISTRIBUTION, AND COLLABORATION OF INFORMATION AND DATA - The invention is a method and system for hub-and-spoke website browsing and navigation on a multipaned platform for the communication, distribution and collaboration of information and data. The invention allows multiple non-collocated users to collaborate on an interface created by a server-based application by utilizing a plurality of application spokes and a plurality of application fasteners to facilitate data exchange between a hub and at least one viewing pane on a display device. | 10-01-2009 |
20090249454 | AUTHENTICATION SERVER, AUTHENTICATION SYSTEM, AND AUTHENTICATION METHOD - To provide a technology for enabling authentication according to a state of use of a device on a user side. When, on a communication device ( | 10-01-2009 |
20090249455 | METHOD FOR IDENTIFICATION USING BLUETOOTH WIRELESS KEY - A Bluetooth host solves the aforementioned problems by evaluating a Bluetooth service provider server ID and by determining which of a plurality of access IDs map to the server ID and, correspondingly, providing a Bluetooth access ID that corresponds thereto. Accordingly, one Bluetooth host may readily gain access to any one of a plurality of different devices and different types of devices. Additionally, the Bluetooth host includes capacity to store and provide additional supporting information according to the type of device that is the Bluetooth service provider. Generally, the Bluetooth host stores a plurality of access or link IDs in relation to a plurality of master device IDs and, upon detecting a beacon, determines what access or link ID to provide and whether to provide additional stored information. | 10-01-2009 |
20090254981 | Volatile Device Keys And Applications Thereof - A key is determined from a volatile response using circuitry on the device. The volatile response depend on process variation in fabrication of the device. Error control data that depends on the first volatile response can be computed, stored externally to the device, and then used to generate the key using a volatile response using the circuit. Applications of volatile keys include authentication and rights management for content and software. | 10-08-2009 |
20090260065 | Cumulative Login Credit - Login credit is monitored over a credit time period. Continuous invalid login attempts decrease the login credit for the duration of the credit time period. Login credit accumulates with time. If the login credit is less than a credit threshold, login processing is precluded. A common invalid login notification for presentation to a user is generated if login processing is precluded or if login processing indicates that the login credentials are invalid. | 10-15-2009 |
20090265767 | METHODS AND ARRANGEMENTS FOR PREFIX MANAGEMENT IN MOVING NETWORKS - The present invention relates to prefix management in a moving network comprising a first mobile router which is assigned a first prefix for use when passing traffic to and from a home agent with which the first mobile router is associated, and a second mobile router. The present invention relates to methods and arrangements in the first mobile router, the second mobile router and the home agent for delegating the right to use said first prefix to said second mobile router in a secure manner by means of first and second authentication information that may be compared to verify that the second mobile router has the right to use the first prefix. | 10-22-2009 |
20090265768 | METHOD AND APPARATUS FOR THE SECURE IDENTIFICATION OF THE OWNER OF A PORTABLE DEVICE - An authentication system is provided that includes a portable device and a decryption node. An individual uses the portable device, such as a portable device like a cell phone to compute a challenge and a response. The challenge and response is sent to a decryption node. In response, the decryption node computes a presumed response and compares the presumed response to the response of the portable device, in order to authenticate the individual associated with the portable device. | 10-22-2009 |
20090276837 | CREDENTIAL EQUIVALENCY AND CONTROL - A number of equivalent credentials may be associated with at least one entity. Each of the equivalent credentials may be of one of a number of types, such as, for example, a cryptographic key pair, a password, a biometric, or other types or combinations thereof. When one of the equivalent credentials is authenticated by an authentication control system, the at least one entity may be permitted access to a hardware device, software, or a service associated with the authentication control system. The authentication control system may include a number of authentication endpoints and blocking controls, each of which may be associated with a respective equivalent credential. After the authentication control system authenticates one of the equivalent credentials, a parameter of a blocking control and/or configurable credential-related attributes of an authentication endpoint associated with another of the equivalent credentials may be changed or reset. | 11-05-2009 |
20090282464 | SYSTEM AND METHOD FOR AUTHENTICATING AN END USER - A system and associated method for authenticating an end user. The method comprises generating a first mask in response to an authentication request from an end user, the first mask comprising a set of root nodes, a set of server nodes, and a set of client nodes each being unique to the end user. Next, determining the authenticity of the end user based on comparing data received from the end user with nodes contained in the first mask. The data comprising a set of nodes selected by the end user and the end user having selected the data in response to the first mask. | 11-12-2009 |
20090288148 | Multi-channel multi-factor authentication - Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features and communication channels. These security features can be based, for example, on unique knowledge of the person being authenticated, a unique thing that the person has, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication. | 11-19-2009 |
20090288149 | SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS - A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requester identifying information; generating an authentication request to send to an authentication authority, the authentication request including requester identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer. | 11-19-2009 |
20090288150 | ACCESS CONTROL BY TESTING FOR SHARED KNOWLEDGE - Access to resource(s) intended to be shared with specific groups of individuals is controlled using concise tests of shared knowledge instead of (or in addition) to accounts and access control lists. Users can readily learn the concept and choose questions that will control the access by the desired group with little effort. Such questions can be relatively secure to guesses by those not intended to have access, particularly if the number of allowed guesses is relatively limited. Users can generally predict the security of their questions, but sometimes underestimate the ability of attackers to use Web searching or enumeration to discover answers. In such cases, the system can automatically discover weak questions and then suggest alternatives. By lowering the threshold to access control, shared knowledge tests can enable more types of information to acquire collaborative value on the Internet and on other types of networks. | 11-19-2009 |
20090288151 | Conditional Access System Switcher - A system is configured to provide access between a plurality of terminals and a plurality of different conditional access systems (CASs) associated with the terminals. The system includes a CAS switcher configured to receive requests from the plurality of terminals and, for each of the requests, identifies and sends the requests to a corresponding CAS. The CAS switcher also receives messages from the CASs responsive to the requests and, for each of the messages, identifies and sends the message to a corresponding terminal. | 11-19-2009 |
20090293107 | Transfer server of a secure system for unattended remote file and message transfer - A method for automatically transferring a data file from a network drive of a client controlled local area network to a transfer server over the Internet comprises using a first workstation to configure event parameters within event tables of the transfer server. An unattended interface module executed by a processor of a second workstation obtains, from the transfer server, the event parameters stored in the event tables. The event parameters comprise a file name and a directory path. The file name identifies the data file to be uploaded. The directory path identifies an upload directory of the network drive. The second workstation periodically searches the upload directory and, upon locating a data file in the upload directory with the file name, transfers the data file to the transfer server over a secure connection established with the transfer server over the internet. | 11-26-2009 |
20090300730 | SECURITY MESSAGE PROCESSING - Systems, methods and apparatus for handling security messages in a distributed security system. Requests, replies, and/or updates have varying time constraints. Processing node managers and authority node managers determine the best transmission times and/or the ignoring of such data to maximize information value. | 12-03-2009 |
20090300731 | Remote Publishing and Server Administration - Embodiments are directed to managing server content and configuration from within a single server management application. In one embodiment, a computer system receives a client connection requesting initiation of a server management application. The computer system initiates the server management application. The application provides means managing content and server configuration settings from within the server management application. The computer system receives user input indicating a configuration settings change to be applied to the server and alters configuration settings on the server. The management application provides configuration access to those settings for which the client has access rights. The computer system receives user input indicating that one or more portions of content are to be published to the server and publishes the content portions to the server. The server management application implements a protocol provider model that facilitates content publishing to the server over a variety of different protocols. | 12-03-2009 |
20090300732 | METHOD AND APPARATUS OF OTP BASED ON CHALLENGE/RESPONSE - The present invention is proposed to solve the problem of high cost of an ordinary OTP token and the problem of vulnerability to hacking of a mobile OTP, for which an OTP program is mounted to solve the problem of high cost. There is provided a user authentication system and a method thereof, in which a user sets an image password as a fixed key, a query terminal outputs a query screen on which a created OTP is divided into pieces and matched to images of the fixed key, the user who confirms the query screen sequentially inputs the numbers that correspond to the image password, i.e., the fixed key of the user himself or herself, and a result of user authentication is processed according to whether the inputted numbers are matched to the response value prepared in a server. | 12-03-2009 |
20090300733 | INFORMATION PROCESSING APPARATUS, AUTHENTICATION SYSTEM, INFORMATION PROCESSING METHOD AND STORAGE MEDIUM - An information processing apparatus includes a storage unit that stores a first user identifier that identifies respective users in the information processing apparatus, and plural second user identifiers stored in respective authentication apparatuses and identify the users in each authentication apparatus, so as to correspond with each other; a first authentication request unit that transmits authentication information input by a user to at least one of the authentication apparatuses and requests authentication of the user; a first user identifier acquisition unit that, when authentication of the user has been successful, acquires the second user identifier of that user stored in that authentication apparatus; and a use allowing unit that specifies the first user identifier stored in the storage unit corresponding with the second user identifier acquired by the first user identifier acquisition unit, and allows the user identified by the specified first user identifier to use the information processing apparatus. | 12-03-2009 |
20090300734 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND COMPUTER-READABLE STORAGE MEDIUM STORING AUTHENTICATION PROGRAM - An authentication system including an apparatus, in the system use of the apparatus is restricted by an authentication processing according to authentication information, the system having: decision section to compare inputted authentication information with pre-stored authentication information and to notify a message indicating that the authentication information has been changed in a case where the inputted authentication information is not the same as the updated authentication information but is the same as the previously set authentication information. | 12-03-2009 |
20090300735 | METHOD FOR CONTROLLING ACCESS TO CONTENT ON DATA CARRIER - A method for controlling access to content on a data carrier includes reading a first and a second machine readable key stored on the data carrier. Further, a third key is retrieved from a remote server based on the first key. Access to the content on the data carrier is allowed only if the second key matches the third key. | 12-03-2009 |
20090300736 | REMOTE ACCESS METHOD - A remote access method for use in a computer includes the following steps. Firstly, the computer logins into a remote access interface. Next, a remote access role of the computer is selected via the remote access interface, and a remote access operation is performed according to the selected remote access role. If the remote access role is intended to be changed, another remote access role of the computer is selected via the remote access interface. | 12-03-2009 |
20090300737 | SPLIT TEMPLATE BIOMETRIC VERIFICATION SYSTEM - An exemplary system includes a plurality of storage devices storing at least one of a plurality of chunks of a template. A first chunk is stored in a first location and a second chunk is stored in a second location. The system further includes a client device in communication with the storage devices. Each client device includes a verification module that divides the template into the plurality of chunks, and reconstitutes the plurality of chunks into the template during validation. A method includes generating the template based upon an enrollment biometric identifier, dividing the template into the plurality of chunks, storing at least one of the plurality of chunks in a first storage location, and storing at least another of the plurality of chunks in a second storage location. | 12-03-2009 |
20090307762 | SYSTEM AND METHOD TO CREATE, SAVE, AND DISPLAY WEB ANNOTATIONS THAT ARE SELECTIVELY SHARED WITHIN SPECIFIED ONLINE COMMUNITIES - A system and method for the creation and display of web annotations that are selectively shared within specified online communities is disclosed. An embodiment of the system and method include the use of a web browser plug-in that enables a computer user to create content and have that content associated with an Internet address in the form of a web note that is displayed to the user in a presentation layer over the Internet website. That web note is transmitted to a web server that stores the content and attributes of the web note in a database. When that user or another other user of the browser plug-in subsequently navigates to the aforementioned Internet address, that web note is retrieved from the database and displayed through the browser to the user in a presentation layer over the Internet website, independent of that Internet website based on user determined content sharing filters. | 12-10-2009 |
20090307763 | Automated Test Management System and Method - A test management application on a test management server includes a user interface on a Web-based portal by which a user can define one or more tests, selecting any desired configuration of operating system, connection type, and/or application, which are then saved in a test management database in the central server. Multiple tests involving the same configuration can be defined and saved for later selection, either individually or as a group of tests. A client agent engine on a test device can query the test management server for tests that can be conducted using the device's current configuration. If no such tests are found, the device can then query the test management server for the next available test. Upon allocation of the next available test to the device, the necessary system configuration for that test can be automatically retrieved, installed, and verified by the device. The device under test is automatically rebuilt to have the proper configuration for the test to be run. | 12-10-2009 |
20090313683 | IMAGE PROCESSING APPARATUS, DATA PROCESSING APPARATUS, AUTHENTICATION METHOD, DEFINITION DATA UPDATING METHOD, AND AUTHENTICATION PROGRAM AND DEFINITION DATA UPDATING PROGRAM EACH EMBODIED ON COMPUTER READABLE MEDIUM - In order to facilitate maintenance of definition data in which permission or non-permission to execute a process is defined for a respective user, an MFP includes a process execution portion capable of executing processes, a user authentication portion, a definition data acquiring portion to acquire, for the authenticated user, user definition data defining a defined process for which permission or non-permission to execute the process is predetermined and also defining permission or non-permission to execute an undefined process other than the defined process, and a determination portion to determine, for each of the processes the process execution portion can execute, that the user is permitted to execute the process if it is set as the defined process and execution thereof is permitted in the user definition data, or if it is not set as the defined process but execution of the undefined process is permitted therein. | 12-17-2009 |
20090320105 | AUTHENTICATION OF USER INTERFACE ELEMENTS IN A WEB 2.0 ENVIRONMENT - A method for managing authentication of user interface elements in a user interface can be provided. The method can include displaying a plurality of widgets in the web browser and sending an HTTP request for data to a web site, wherein the HTTP request is sent via an XMLHttpRequest API. The method can further include receiving from the web site a 401 HTTP status code associated with a custom “WWW-Authenticate” header value indicating that the HTTP request is unauthorized for communication with the web site and detecting the custom “WWW-Authenticate” header value. The method can further include displaying in a first widget of the plurality of widgets a text field for entering user credentials. The method can further include sending to the web site an HTTP request including the user credentials entered by a user, wherein the HTTP request is sent via the XMLHttpRequest API. | 12-24-2009 |
20090320106 | SYSTEMS, APPARATUS, AND METHODS FOR CURRENCY PROCESSING CONTROL AND REDEMPTION - A coin processing and redemption system includes a coin processing machine configured to receive a batch of coins in an input region and process the batch of coins to determine a value thereof. A dispensing device is provided and is configured to output a redemption ticket bearing a code. The coin processing machine is configured to associate the redemption ticket code with a coin processing transaction prior to the determination of a value of a batch of coins. | 12-24-2009 |
20090328162 | Mutual for reporting a theft in an authentication system - Disclosed are protection of secret information including an encryption key and a system for reporting an emergency such as theft or confinement when secret information is accessed. Secret information includes a large quantity of decoy data and a piece/pieces of true and correct data mixed into the decoy data. The secret data including the decoy data and the true and correct data is two-dimensional code data the code of which is composed of groups of cells having different areas. The positions and order of storage of the true and correct data dispersedly mixed in the decoy data are determined and reported to the user. The user adds a predetermined alerting signal when inputting the password to tell that the user is under control of a third party. The system can detect the alerting signal and know that the user is in an abnormal state, performs normal identification procedures, and takes protection/preservation measures. Part of decoy data is specified as confinement report data and added to the true and correct data. Consequently at least a piece of confinement report data is included and therefore the user himself is judged to be under control of the third party. Then the user is identified and a confinement report alert is issued. | 12-31-2009 |
20090328163 | SYSTEM AND METHOD USING STREAMING CAPTCHA FOR ONLINE VERIFICATION - An improved system and method using a streaming captcha for online verification is provided. A request sent by a client device may be received by a server to serve a streaming captcha to the client device. A server may compose a streaming captcha by superimposing a captcha character string on a video. The streaming captcha may be streamed to the client device. The streaming captcha may be displayed on the client device, and a character string input by a user may be received in response to display of the streaming captcha. The character string received may be sent to the server for verification. The server may verify that the character string received is the same as the captcha character string displayed in the streaming captcha. The server may then send an indication of the verification to the client device. | 12-31-2009 |
20090328164 | Method and system for a platform-based trust verifying service for multi-party verification - A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider. If the integrity manifest comparison indicates that the client platform posture is not good, then the client platform will send a failure notification to the service provider indicating that the client platform has been compromised. | 12-31-2009 |
20100011419 | Authentication method using icon password - A method of authenticating a user of a terminal operating a server and connected to the terminal through a communication network, in which a password needed for authentication is inputted as icons, rather than numerals or characters, thereby preventing leakage or theft of the password. Through the present invention, security is improved in processing a password in an information processing device or a communication network, and furthermore, leakage of the password is fundamentally prevented in the process of inputting the password by a user. Therefore, an effect of securing reliability of the overall authentication process may be obtained. | 01-14-2010 |
20100011420 | OPERATING A SERVICE ON A NETWORK AS A DOMAIN NAME SYSTEM SERVER - Operating a service such as a remote database as a dns server, receiving inputs such as queries as domain names and transmitting replies in the format of IPv4 or IPv6 addresses. | 01-14-2010 |
20100011421 | ENABLING AUTHENTICATION OF OPENID USER WHEN REQUESTED IDENTITY PROVIDER IS UNAVAILABLE - A method, system and computer program product for enabling authentication of an OpenID user when a requested identity provider is unavailable. A relying party receives a login request from the OpenID user, where the login request includes a username. The relying party reads a list of trusted identity providers that are associated with the received username and selects one of those identity providers. The relying party generating an OpenID identifier using an identification (e.g., Uniform Resource Locator) of the selected identity provider and the username. The relying party transmits an authentication request (request to authenticate the OpenID user) to the selected identity provider using the formed OpenID identifier. If the selected identity provider is unavailable, then the relying party selects another identity provider from the list of identity providers that are associated with the received username and repeats the above process. | 01-14-2010 |
20100011422 | PORTABLE ACCOUNT INFORMATION - A method of providing portable account information includes associating two accounts ( | 01-14-2010 |
20100011423 | User identification system and a method thereof - A service providing system using the biometrics identification without inputting the user ID poses the problem that the consideration of a service is erroneously claimed to the registered user not using the service due to the erroneous identification. According to this invention, the threshold of the value of the degree of similarity for user identification is set strictly for each registered biometrics information of the user in accordance with the declaration of the loss caused by the erroneous identification. | 01-14-2010 |
20100011424 | INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING INFORMATION PROCESSING APPARATUS, RECORDING MEDIUM, AND PROGRAM - An information processing apparatus not having an input device for receiving specific authentication information can access another information processing apparatus requiring the specific authentication information while suppressing a decrease in a security level. A control method for controlling an information processing apparatus includes authenticating a user using authentication information, receiving an access request from another apparatus, and requesting the other apparatus to send the authentication information in response to reception of the access request from the other apparatus. When the other apparatus does not have an inputting unit for inputting the requested authentication information, the requesting step includes requesting a predetermined substitute apparatus having the inputting unit to send the authentication information. The authenticating step includes authenticating the user based on the authentication information sent from the predetermined substitute apparatus in response to the request made at the requesting step. | 01-14-2010 |
20100011425 | System And Method For Making a Content Item, Resident Or Accessible On One Resource, Available Through Another - Systems and methods are provided to make content items, already available on one resource, also available through another, such as through a new location or resource. The content items may be, e.g., videos uploaded by a user or other content. The systems and methods employ a streamlined interface for convenience to the user. In one example, a user of a computer system views a video segment through a first website and re-posts the video segment to a second website by entering a single command or clicking a single button. The websites coordinate the re-posting using credentials previously or contemporaneously entered by the user. Moreover, a content item may be automatically prepared for re-posting on the target web site using previously-entered user selections. Playback software from a source website may be posted to a target website to allow access of the content item at the source website. | 01-14-2010 |
20100017859 | Authentication system for networked computer applications - A system such as in a networked computer system comprising a user, an application server, a gatekeeper server and an authentication server. Communication within the system is managed by the gatekeeper server, wherein the user communicates with the authentication server and the application server through the gatekeeper server. Once the user has been initially authenticated by the authentication server, the user may request application services from a plurality of application servers within the networked computer system without having to be re-authenticated. | 01-21-2010 |
20100024010 | Mobile device with customizable login screen - An exemplary method controls the display of information on the screen of a mobile device during a request for login information. Independently controlled regions of the screens are used to concurrently convey different information associated with each region to a user of the mobile device during the rendering of a login request that is contained in one of the regions. | 01-28-2010 |
20100024011 | DOCUMENT MANAGEMENT SYSTEM AND DOCUMENT MANAGEMENT METHOD - When a valid password is input by a user having a right to access a folder, a decrypted document and image for view are produced from an encrypted document included in the folder and stored in the folder such that they are correlated with the encrypted document. If a request to view a document in this folder is issued by a user having a right to access the folder, a corresponding image for view is displayed on a terminal of the issuer of the request. When a request to acquire a document in the folder in order to save it is issued, a corresponding encrypted document is transmitted to a terminal of the issuer of the request. In a case where a request to acquire a document in the folder in order to print it is issued, a corresponding decrypted document is transmitted to an terminal of the issuer of the request. | 01-28-2010 |
20100024012 | SECURE CUSTOMER INTERFACE FOR WEB BASED DATA MANAGEMENT - An integrated series of security protocols is disclosed that protect remote user communications with remote enterprise services, and simultaneously protect the enterprises services from third parties. In the first layer, an implementation of the Secure Sockets Layer (SSL) version of HTTPS provides communications security, including authentication of the enterprise web server and the security of the transmitted data. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user's copper wire connection to a legacy system and a user's remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems. Security for the enterprise network and security for the data maintained by the various enterprise applications is also described. | 01-28-2010 |
20100024013 | Authenticating a Client Using Linked Authentication Credentials - Techniques are provided for improving security in a single-sign-on context by providing, to a user's client system, two linked authentication credentials in separate logical communication sessions and requiring that both credentials be presented to a host system. Only after presentation of both credentials is the user authenticated and permitted to access applications on the host system. | 01-28-2010 |
20100031327 | SAFETY JUDGMENT METHOD, SAFETY JUDGMENT SYSTEM, SAFETY JUDGMENT APPARATUS, FIRST AUTHENTICATION APPARATUS, AND COMPUTER PROGRAM PRODUCT - Security of an information processing apparatus is ensured by performing biological information authentication and collecting the environment information about the information processing apparatus. The information processing apparatus transmits the collected environment information to a first authentication apparatus. An electronic certificate issued by a second authentication apparatus and information encrypted with a secret key issued by the second authentication apparatus are transmitted to the first authentication apparatus. The first authentication apparatus acquires the public key of the second authentication apparatus and the public key of the information processing apparatus so as to decrypt the encrypted information, and judges whether or not the decrypted information is proper. The first authentication apparatus refers to an environment information database and the transmitted information, and judges whether or not the transmitted environment information is proper. When all the authentications by the biological information authentication, environment information authentication and electronic certificate authentication are successful, the information processing apparatus is judged to be safe. | 02-04-2010 |
20100031328 | SITE-SPECIFIC CREDENTIAL GENERATION USING INFORMATION CARDS - Systems and methods for generation of site-specific credentials using information cards are provided. An apparatus can include a machine, a browser on the machine configured to receive a request from a relying party site for a credential from a user, a receiver to receive one or more inputs, a site-specific credential generator to generate the credential based on the inputs, and a transmitter configured to transmit the generated credential to the relying party site. | 02-04-2010 |
20100031329 | METHOD TO AUTHENTICATE DEVICE AND SERVICE, AND SYSTEM THEREOF - A method to authenticate a device and service, and a system thereof, the authentication method including: requesting device authentication information from a device provider in order to receive a service from a service provider, distinct from the device provider, and receiving the device authentication information from the device provider, the device authentication information being used by the service provider to authenticate the device. Therefore, it is possible to perform a device authentication process and service authentication process more simply. | 02-04-2010 |
20100031330 | METHODS AND APPARATUSES FOR CONTROLLING ACCESS TO COMPUTER SYSTEMS AND FOR ANNOTATING MEDIA FILES - Methods and apparatuses for controlling access to computer systems and for annotating media files. One embodiment includes a method including generating a challenge to a user, wherein the challenge includes a verify part and a read part. The methods also includes prompting the user to solve both the verify part of the challenge and the read part of the challenge; receiving input from the user; determining if the input from the user relative to the verify part of the challenge corresponds with the known answer for the verify part of the challenge; and identifying the input from the user relative to the read part of the challenge as an answer to the read part of the challenge, if the input from the user relative to the verify part of the challenge corresponds with the known answer for the verify part of the challenge. | 02-04-2010 |
20100037301 | MANAGEMENT OF USER AUTHENTICATION - A method and system for managing user authentication. First authentication data associated with a user is received from a first authentication mechanism. The first authentication data is generated in response to the first authentication mechanism successfully authenticating the user. In response to receipt of the first authentication data, a first identifier associated with the user is registered. The first authentication data is associated with the first identifier. In response to associating the first authentication data with the first identifier, second authentication data associated with the user is received from a second authentication mechanism. The second authentication data is generated in response to the second authentication mechanism successfully authenticating the user. The second authentication data is associated with the first authentication data and the first identifier. | 02-11-2010 |
20100037302 | PEER-TO-PEER ACCESS CONTROL METHOD OF TRIPLE UNIT STRUCTURE - This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol. | 02-11-2010 |
20100050241 | Accessing memory device content using a network - A first storage unit is bound to a second storage unit based on a binding type associated with content on the first storage unit, the first storage unit being operated through a first host device, and the second storage unit being operated through a second host device. When content on the first storage unit is requested in the first host device, the first host device will calculate an account identifier based on the binding type associated with the requested content and send the account identifier to a server. The server will send the account identifier to the second host device, and the second storage unit will use the account identifier to calculate a credential. The credential will be sent to the first host device through the server. The credential can be used to access the requested content if the credential is valid. | 02-25-2010 |
20100064353 | User Mapping Mechanisms - In various embodiments, techniques can be provided for identifying a user or group of users who initiated network traffic. The user or group of users may be identified as an employee who can be found in corporate or organizational directory. In some embodiments, different authentication mechanisms may be used for various types of network traffic. For example, by proxying instant messaging (IM) communications, a proxy server can know which users are associated with what network traffic. In another example, transparent and non-transparent mechanisms may be provided to authenticate HTTP URL traffic. For other types of traffic, such as non-proxied IM, P2P, and spyware, an existing authentication cache or credential cache may be used to identify the user who generated the traffic. | 03-11-2010 |
20100064354 | MAIDSAFE.NET - This invention is a network that is defined by its novel approach to privacy, security and freedom for its users. Privacy by allowing access anonymously, security by encrypting and obfuscating resources and freedom by allowing users to anonymously and irrefutably be seen as genuine individuals on the network and to communicate with other users with total security and to securely access resources that are both their own and those that are shared by others with them. Further, this invention comprises a system of self healing data, secure messaging and a voting system to allow users to dictate the direction of development of the network, whereby adoption or denial of proposed add-ons to the network will be decided. System incompatibilities and security breaches on networks and the Internet are addressed by this invention where disparity and tangents of development have had an undue influence. The functional mechanisms that this invention provides will restore open communications and worry-free access in a manner that is very difficult to infect with viruses or cripple through denial of service attacks and spam messaging, plus, it will provide a foundation where vendor lock-in need not be an issue. | 03-11-2010 |
20100064355 | SEAMLESS CROSS-SITE USER AUTHENTICATION STATUS DETECTION AND AUTOMATIC LOGIN - A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency ( | 03-11-2010 |
20100064356 | SYSTEM AND METHOD FOR DOUBLE-CAPTURE/DOUBLE-REDIRECT TO A DIFFERENT LOCATION - Embodiments disclosed herein provide a system, method, and computer program product for providing network access control for a shared network. One embodiment of a network access controller may intercept a request to access a network resource from a browser application running on a client device associated with an anonymous user and determine whether the network resource is in a set of network destinations in the shared network. If the network resource is in the set of network destinations, the network access controller may direct the browser application to the network resource. If the network resource is not in the set of network destinations, the network access controller may redirect the browser application to a pre-authentication capture destination in the shared network. From the pre-authentication capture destination the anonymous user is free to visit any of the set of network destinations in the shared network without authentication. | 03-11-2010 |
20100071038 | NETWORK-AGNOSTIC CONTENT MANAGEMENT - System(s) and method(s) are provided for content management, e.g., exchange and manipulation, across devices provisioned through disparate network platforms. Devices can be mobile or stationary, and connect to provisioning network platforms through various network bearers. Through various secure protocols, a client component within a device secures access to content and provides secure delivery thereof Directives for content manipulation are also delivered securely. Delivery of contents and directives are performed from device to device, routed via gateway nodes within a network platform that provisions the device. In addition, or alternatively, content management can be implemented through an intermediary component, which can also validate devices and secure delivery of content or directives. Alarm signaling among devices provisioned through disparate network platforms also can be securely conveyed. Intermediary component also can be exploited for content management among subscribers of disparate network providers. | 03-18-2010 |
20100071039 | IMAGE SHARING SERVER, SYSTEM, METHOD, AND RECORDING MEDIUM - The present invention provides a mechanism for efficiently using the resources of a server for an image sharing service. According to an aspect, an image information management server includes an image information storage device for storing original image storage information for identifying an original image (original image data) stored in each terminal. The original image itself is accumulated in respective terminals instead of a server and the image is distributed and shared between the terminals via the server. | 03-18-2010 |
20100077460 | System And Method For Securing A Network - A method of securing a telecom network, the operation of the telecom network controlled using a plurality of telecom network commands, includes grouping at least some of the plurality of telecom network commands into a plurality of different task sets. Each task set includes one or more telecom network commands. The method further includes grouping at least some of a plurality of users into a plurality of different user groups. In addition, the method includes each user group to the plurality of task sets. The method also includes allowing the at least one user access to the plurality of telecom network commands based on the association of each user group to the plurality of task sets. | 03-25-2010 |
20100077461 | METHOD AND SYSTEM FOR PROVIDING AUTHENTICATION SCHEMES FOR WEB SERVICES - A method for generating authentication code for web service resources. The method includes receiving a selection of a resource method, where the resource method defines a method for interacting with a resource associated with a web service. The method further includes determining an authentication scheme for the resource method, where the authentication scheme defines an authentication mechanism required during execution of the resource method to enable interaction with the resource. The method further includes generating authentication code for the resource method using the authentication scheme, where the authentication code enables a user executing the resource method to interact with the resource. | 03-25-2010 |
20100077462 | SECURE DOMAIN NAME SYSTEM - A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer. | 03-25-2010 |
20100077463 | System and method for providing a secure content with revocable access - There is provided a method for use by a media player to provide access to a media content. The method comprises receiving a request from a user for playing the media content, prompting a user for an authorization code, receiving the authorization code from the user, transmitting the authorization code to an authentication server over a network, receiving a valid authentication message from the authentication server over the network if the authorization code is confirmed to be valid, transmitting the valid authentication message to a content server over the network, retrieving the media content from the content server over the network, wherein the media content incorporates an identification information associating the media content with the user. | 03-25-2010 |
20100077464 | MERCHANT DEVICE AND METHOD FOR SUPPORT OF MERCHANT DATA PROCESSING - A method begins by accessing a merchant web site that is associated with a merchant profile database. The method continues by receiving a log-in page. The method continues by providing log-in information of a merchant via the log-in page. The method continues, when the log-in information is confirmed, by receiving a merchant information page that contains data of a merchant profile record of the merchant profile database. The method continues by providing a response regarding the data of the merchant information page. | 03-25-2010 |
20100083353 | PERSONALIZED USER AUTHENTICATION PROCESS - A system and method for authenticating a user seeking access to a resource via a computer is described herein. In accordance with one embodiment, a person authorized to control access to the resource selects a personalized combination of non-text elements, a collection of non-text elements from which the combination must be selected, and an arrangement in which the collection of non-text elements is presented to the user. When the user attempts to access the resource, the system presents the collection of non-text elements to the user and requires the user to select a combination of non-text elements from among the collection of non-text elements that matches the personalized combination previously selected by the person authorized to control access to the resource. | 04-01-2010 |
20100083354 | THIRD PARTY VALIDATION OF INTERNET PROTOCOL ADDRESSES - A device can connect to a network over a first interface to configure and obtain an IP address. To communicate with nodes in a second network, over a second interface, the IP address can be validated by a trusted third party. The validation can include conducting a return routability test to validate a Prefix of the IP address. Cryptographically Generated Address verification can be utilized to verify the validity of an Interface Identifier included in the IP address. If the IP address is validated, the trusted third party can include the address in a verification ticket, which can also include a signature of the trusted third party. The device can provide the verification ticket to nodes in the second network as authentication of the device. | 04-01-2010 |
20100083355 | DISCOVERY PROFILE BASED UNIFIED CREDENTIAL PROCESSING FOR DISPARATE SECURITY DOMAINS - A method for discovery profile based unified credential processing for disparate security domains can include loading a discovery profile specifying types of manageable resources to be discovered during discovery of manageable resources and authentication protocols for use in accessing each type of the resources. The method also can include discovering the resources across disparate security domains and selecting a discovered one of the resources in a particular one of the security domains for a systems management task. The method further can include transforming an authentication credential not specific to the particular one of the security domains to a mapped authentication credential specific to the particular one of the security domains and authenticating into the particular one of the security domains with the mapped authentication credential utilizing an authentication protocol specified by the profile in order to perform the systems management task on the selected discovered one of the resources. | 04-01-2010 |
20100083356 | SYSTEM AND METHOD FOR INTELLIGENT AUTOMATED REMOTE MANAGEMENT OF ELECTROMECHANICAL DEVICES - Monitoring and control of electromechanical devices from a central data center. The data center may be located at a separate geographic location, using broadband communication channels, such as Internet or telecom channels, and wireless HAN (home area network) communications. Such electromechanical devices may comprise, for example, an HVAC system at a small-business or residential site, a grounds-maintenance sprinkler system, or a small wind or solar energy generation and storage station. | 04-01-2010 |
20100088751 | COMMUNICATION SYSTEM, TERMINAL CONTROL UNIT AND COMMUNICATION METHOD - A terminal control unit and method are provided. The terminal control unit which manages information about a mobile unit which transmits data to a relay unit of transferring data to another relay unit depending on source IP address, includes a terminal communication information storing unit which stores a destination IP address and a terminal identifier for identifying the mobile unit for every relay unit; and a terminal identifier transmitting unit which transmits a combination of the destination IP address and the terminal identifier stored in the terminal communication information storing unit to the mobile unit, upon receipt of a terminal identifier assignment request from the mobile unit, requesting assignment of the terminal identifier to the mobile unit. | 04-08-2010 |
20100100945 | USER AUTHENTICATION MANAGEMENT - End users of a multi-factor authentication service can utilize an account management service, and third-party website can register to utilize the multi-factor authentication service. Registering a third-party website can comprise the multi-factor authentication service receiving a valid digital identity certificate for the third-party website, and receiving an agreement to terms of use of the multi-factor authentication service for the third-party website. Once received, the multi-factor authentication service can enable the third-party website to utilize the service (e.g., switch the service on, or send an authorization key to the third-party website). Further, registering a user to the multi-factor authentication service can comprise determining availability of service, and providing a location-specific access code. Additionally, registering the user can comprise registering the user's mobile device, for example, to provide multi-factor authentication. Also, an Internet-based user account management user interface can be provided that allows a user to view transactions on their account, and an ability to shut off a designated mobile device's ability to authenticate. | 04-22-2010 |
20100100946 | Transparent Client Authentication - A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key. If they correspond, then the client is authenticated. | 04-22-2010 |
20100107227 | SEGREGATING ANONYMOUS ACCESS TO DYNAMIC CONTENT ON A WEB SERVER, WITH CACHED LOGONS - A system and method are provided for segregating access to dynamic content on multiple websites hosted by a web server. When a request is received for dynamic content from a website, a UserRetriever module identifies a path to the content and retrieves a username and password corresponding to the website, from a database that is separate from the web server and used for other purposes (e.g., billing). A UserImpersonator module requests a logon handle for that username from a logon cache manager. The logon handle is used to associate the request with the impersonated user account instead of the default anonymous user account with which the request was initially associated. The dynamic content is retrieved and served under the context of the restricted impersonated user account session, after which the applied logon handle is stripped off and the request is re-associated with the default anonymous user account. | 04-29-2010 |
20100107228 | IP ADDRESS SECURE MULTI-CHANNEL AUTHENTICATION FOR ONLINE TRANSACTIONS - A method for multi-factor authenticating of a user using an application server and an authentication server is disclosed. The method includes receiving from the application server a first source IP address associated with a request for authenticating from the user browser program to the application server. The method also includes receiving from the user browser program a request to perform additional authentication between the user browser program and the authentication server using a separate communication channel. The method additionally includes comparing the first source IP address with a second source IP address associated with the request to perform the additional authentication and failing, if the first source IP address does not match the second source IP address, authentication of the user. | 04-29-2010 |
20100115591 | METHOD AND SYSTEM FOR AUTHENTICATING USERS WITH OPTICAL CODE TOKENS - A method and apparatus are provided for authenticating users using cell phones or other mobile devices. The system finds particular application in authenticating users seeking to retrieve sensitive (e.g. personal, medical, safety, . . . etc.) information. | 05-06-2010 |
20100115592 | Systems and Methods to Control Access to Multimedia Content - Systems and methods to control access to multimedia are disclosed. A method includes receiving a request for multimedia content at a computing device, retrieving a destination address of a mobile communication device related to an authorized user of the computing device and determining whether the mobile communication device is located within a predetermined distance from the computing device. When the mobile communication device is located within the communicative distance from the computing device, the multimedia content is received at the computing device. When the mobile communication device is not located within the communicative distance from the computing device, an authorization-request message is transmitted via a network to the destination address of the mobile communication device, wherein the authorization-request message includes a request for authorization to receive the multimedia content at the computing device. | 05-06-2010 |
20100115593 | USER AUTHENTICATION CONTROL DEVICE, USER AUTHENTICATION DEVICE, DATA PROCESSING DEVICE, USER AUTHENTICATION CONTROL METHOD AND THE LIKE - This invention provides a use authentication control device, a user authentication device, a data processing device, and a user authentication control method and the like that control an authentication interval and an authentication effective period in accordance with a communication speed so as to make it possible to keep a balance between user convenience and safety. The user authentication device, which controls an authentication effective period for a user authentication device of a data processing device connected with a server device through a network, is provided with bandwidth acquiring means for acquiring a communication speed of the network and effective period determining means for determining an authentication effective period in accordance with the communication speed. | 05-06-2010 |
20100115594 | AUTHENTICATION OF A SERVER BY A CLIENT TO PREVENT FRAUDULENT USER INTERFACES - Protecting a user against web spoofing in which the user confirms the authenticity of a web page prior to submitting sensitive information such as user credentials (e.g., a login name and password) via the web page. The web page provides the user with an identifiable piece of information representing a shared secret between the user and the server. The user confirms the correctness of the shared secret to ensure the legitimacy of the web page prior to disclosing any sensitive information via the web page. | 05-06-2010 |
20100122323 | STORAGE DEVICE MANAGEMENT SYSTEMS AND METHODS - Storage device management systems and methods are provided. The system includes a storage device and an electronic device. The storage device has a UID, a public area comprising a URL (Uniform Resource Locator) and a security module, and a hidden area comprising at least one key. The electronic device reads the security module from the storage device, and executes the security module to encrypt the UID. The electronic device links to a host according to the URL, and transmits the encrypted UID of the storage device to the host for management. | 05-13-2010 |
20100122324 | OVER THE AIR SERVICES FOR MOBILE DEVICES - A client device may be managed in the event of, for example, device loss or mislocation. In such a case, a user can effectively cause a restriction command to be generated, where the restriction command is wirelessly transmitted to the client device. The restriction command can be specified to either lock user data on the client device or erase user data on the client device. | 05-13-2010 |
20100122325 | Data Session Authentication Credentials Update For A Wireless Communication Device - Methods and apparatus of a wireless portable communication device for maintaining appropriate authentication credentials for accessing a data application maintained in a service network are provided. A default access point name (APN) or network access identifier (NAI) is maintained in memory of the wireless device. The wireless device submits, via a default wireless network, the default APN or NAI for establishing a data session in the default wireless network. The wireless device is then able to receive, in the data session via the default wireless network, a message service using the common data application maintained in the service network. In response to a change in service subscription for the wireless device, the wireless device receives, via a current cellular network, a current APN or NAI and stores it in its memory. The wireless device then submits, via the current wireless network, the current APN or NAI for establishing a data session in the current wireless network. The wireless device is then able to receive, in the data session via the current wireless network, the message service using the common data application maintained in the service network. | 05-13-2010 |
20100122326 | Systems and Methods for State-Less Authentication - Systems and methods for providing user logon and state-less authentication are described in a distributed processing environment. Upon an attempted access by a user to an online resource, transaction, or record, a logon component asks the user to supply a logon ID and a password. The logon component verifies the provided information, and upon successful identification, a security context is constructed from information relevant to the user. The security context is sent to the user and is presented to the system each time the user attempts to invoke a new resource, such as a program object, transaction, record, or certified printer avoiding the need for repeated logon processing. | 05-13-2010 |
20100125896 | TRUSTED NETWORK TRANSFER OF CONTENT USING OF NETWORK INPUT CODE - Systems and methods for use in connection with the trusted transmission and reception of content, such as encryption key information, from one computing device in a network to a second computing device are provided. In one embodiment, the invention provides a way to trust or validate the transfer of a public key using a very short code entered out of band of the network that is easy for end-users to remember, or write down. | 05-20-2010 |
20100132017 | PROCESS FOR AUTHENTICATING A USER BY CERTIFICATE USING AN OUT-OF BAND MESSAGE EXCHANGE - A process for authenticating a user by certificate using an out-of-band message exchange is provided. The authentication of the user may be performed in addition to initial authentication procedures. The certificate-based authentication of the user may provide for a more secure mechanism for confirming the identity of the user and may be used for specific applications requiring such higher security provisions. | 05-27-2010 |
20100132018 | Method, Apparatus, and Computer Program Product for Managing Software Versions - An apparatus for managing software versions may include a processor. The processor may be configured to determine whether a security identifier of a first security certificate matches a trusted security identifier. In this regard, the first security certificate may include software version criteria. The processor may also be configured to determine whether a software version of a software application satisfies software version criteria of the first security certificate. The processor may be configured to make this determination in response to determining that the security identifier of the first certificate matches the trusted security identifier. Further, the processor may also be configured to permit execution of the software application, in response to determining that the software version satisfies the software version criteria. Associated methods and computer program products may also be provided. | 05-27-2010 |
20100146599 | CLIENT-BASED GUEST VLAN - A network device connected to a network includes a physical port and multiple logical ports configured to provide guest access or authenticated access to the network via the physical port, to a supplicant device. An authorization engine determines whether the supplicant device is authorized to access the network. An authentication engine determines whether the supplicant device is compatible with an authentication protocol associated with the network based on a receipt or a non-receipt of a response from the supplicant device to one or more authentication requests. A guest table stores the source address of the supplicant device if the supplicant device is authorized to access the network and is incompatible with the authentication protocol, wherein the logical ports are configured to provide the guest access to the supplicant device corresponding to the source address stored in the guest table. | 06-10-2010 |
20100146600 | SYSTEM AND METHOD FOR AUTOMATIC DATA PROTECTION IN A COMPUTER NETWORK - A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules. | 06-10-2010 |
20100154037 | TECHNIQUES FOR NETWORK PROCESS IDENTITY ENABLEMENT - Techniques for network process identity enablement are provided. Inter-server communications within a network are intercepted so that unique identity-based information is gathered and recorded before a sending process is permitted to release a communication over the network to a receiving process. Moreover, the receiving process cannot process the communication being sent until identifying information is gathered again and independently validated against the prior recorded information. | 06-17-2010 |
20100154038 | Dynamic File Access To Files Of Unmapped Remote Computers - Dynamically providing access to files of presently unmapped remote computers, including, responsive to receiving a file access request from a user, displaying a file access Graphical User Interface (‘GUI’) dialog box; receiving, from the user through the file access GUI dialog box, a Uniform Resource Locator (‘URL’) representing a file location on a remote computer, wherein the URL specifies a particular access protocol among a number of available access protocols, a network location of the remote computer, a port number, and a file system path; and accessing, in dependence upon the URL, a file on the remote computer at the file system path through data communications established between a local server module and a remote server running on the remote computer using the particular access protocol, the network location of the remote computer, and the port number. | 06-17-2010 |
20100154039 | APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR FACILITATING SECURE PASSWORD CREATION AND MANAGEMENT - Apparatus, methods and/or computer program products are provided that facilitate the creation and management of secure passwords. Upon receiving a proposed password from a user for use in a computer system, apparatus or other communication system, the proposed password is evaluated for compliance with security guidelines. If the password complies at least with a minimum level of security, the password is evaluated and a relative level of the password is determined and assigned to the password. A lifespan for the password is selected based on the assigned relative security level of security. The user is notified of the assigned lifespan. Operations for evaluating the password, assigning the lifespan, and notifying the user of the lifespan may be performed in substantially real-time. | 06-17-2010 |
20100154040 | METHOD, APPARATUS AND SYSTEM FOR DISTRIBUTED DELEGATION AND VERIFICATION - A method for distributed delegation and verification includes: a service provider generating first delegation information including authorization credentials and self-signed credentials thereof to establish a delegation relationship with a first service node; the first service node generating second delegation information including the authorization credentials in the first delegation information and self-signed credentials thereof to establish a delegation relationship with a service requestor; upon receipt from the service requestor of a service request including the delegation information issued to the service requestor, the service provider requesting the first service node to verify the self-signed credentials in the delegation information in the service request; the first service node performing verification; and upon successful verification by the first service node, the service provider verifying the authorization credentials in the delegation information in the service request and, upon successful verification, granting the service request. | 06-17-2010 |
20100162368 | Method, apparatus and system for remote management of mobile devices - An apparatus and system for enabling users to remotely manage their devices. Specifically, in one embodiment, in the event of a theft of a device or other such occurrence, a user may send a command to the device to execute a specified command. The command may include actions such as locking the device, shutting down the device, disabling logon's to the device and other such actions that may secure the device and the data on the device from unauthorized access. Upon receipt of an authorized unlock credential, the device may once again be made accessible. | 06-24-2010 |
20100162369 | Automatically Adding User Names to Server User List - A system and method in which when a user logs into a client computer with his user name, the client computer determines the existence of a server and the server automatically adds the user name to the list of users maintained by the server, is disclosed. With the user name automatically populated in the server user list, the administrator may easily select and configure access for the user. | 06-24-2010 |
20100162370 | MANAGING HOST APPLICATION PRIVILEGES - A method and system of controlling access to a hardware or software feature provided by a host is disclosed. An application seeking authorization to access a feature transmits a credential and an index to a host agent within the host. The index is associated with the requested feature. The host agent reads credential validation data from a storage location corresponding to the index in a non-volatile storage device in communication with the host. The validity of the credential is determined based on the credential validation data, and an authorization is transmitted if the credential is valid. A third party can control the outcome of the validity determination by sending an instruction to the host to replace the credential validation data with invalid data that causes the validity test to fail. The third party can also control the non-volatile storage device data used by the application to calculate the credential. | 06-24-2010 |
20100162371 | Login security with short messaging - Additional security is provided for on-line account users beyond that which is otherwise conventionally provided by, e.g., longer passwords, passwords that include both characters and numbers, etc., by implementing an on-line server that notifies a pre-registered account holder via a short messaging system (SMS) with a short message login notification when a log-in (or even just a login attempt) occurs. Thus, even entry of the proper user/password information, which would conventionally be presumed to be authorized, will be notified to the registered SM address of the authorized user. | 06-24-2010 |
20100162372 | Configurable user management - A user is authenticated by receiving an indication that a portal user wants to access a server. An attempt is made to access the server using a first authentication technique. If the first technique fails, an attempt is made to access the server using a second authentication technique. | 06-24-2010 |
20100169956 | FAR-END CONTROL METHOD WITH SECURITY MECHANISM - The present invention relates to a far-end control method with a security mechanism including a host transmitting an identification code through the PSTN (Public switched telephone network) to the I/O control device of the far-end. The I/O control device has a CPU to receive the identification code and judge whether the identification code matches with the predetermined value stored therein; if the identification code matches with the predetermined value, the mobile internet connection between the host and the I/O control device is activated to enable the host to mutually transmit information or signals with a far-end control device from the I/O control device through the mobile internet, and the connection will be disabled after the information or signal transmission is completed. Thus not only the damage caused by line occupied from the hacker invasion or error signal transmission is reduced, but also the cost and power consumption without connecting the mobile internet between these two ends all the time is reduced. | 07-01-2010 |
20100169957 | WEAK PASSWORD SUPPORT IN A MULTI-USER ENVIRONMENT - Embodiments of the present invention provide a method, system and computer program product for supporting weak password authentication in a multi-user application environment. In an embodiment of the invention, a method for supporting weak password authentication in a multi-user application environment can be provided. The method can include acquiring log in data for a log in attempt by an end user amongst end users in a multi-user application. The method also can include messaging the log in data to others of the end users for subjective analysis by the others of the end users in detecting an unauthorized log in attempt. | 07-01-2010 |
20100175113 | Secure System Access Without Password Sharing - A mechanism is provided for performing secure system access by a requesting user without sharing a password of a credential owner. A database stores system information for resources. The owner of super user authority for a resource provides system information to the database including a credential for accessing the resource. When a user wishes to access the system, client software of the requestor sends an access request to client software of the owner. The client software of the owner prompts the owner to authorize or deny access. Responsive to the owner authorizing the access, the client software of the owner returns authorization to the client software of the requestor, which then uses the credential in the system information database to access the resource. The client software of the requestor does not cache or store the credential or present the credential to the user. | 07-08-2010 |
20100175114 | ADDING BIOMETRIC IDENTIFICATION TO THE SERVER SECURITY INFRASTRUCTURE FOR AN ENTERPRISE SERVICE BUS SYSTEM - An enterprise service bus server receives a user's biometric information from a client. The enterprise service bus server requests authentication of the user by sending the user's biometric information to a trusted third party authenticator Furthermore, the enterprise service bus server establishes a connection with the enterprise service bus client if the trusted third party authenticator indicates that the user is authenticated. In addition, the enterprise service bus server allows access to an enterprise service bus service for the enterprise service client. | 07-08-2010 |
20100180323 | STATEFUL SERVER BASED SOCIAL NETWORKING USING MOBILE DEVICES - The present invention provides methods and systems for using a stateful server for social networking using mobile devices. In one embodiment, a user uses a mobile device to register for a networking service offered by the stateful server. The stateful server transmits several tiers of service options to the user, and generates responses based on the user's selection to the service options. The stateful server establishes a unique state for each session initiated by the user, and stores all information related to the session in association with the unique state. The stateful server removes hyperlinks from text messages transmitted to the user's mobile device. The stateful server stores correlation information of the removed hyperlinks in association with the unique state. The stateful server enables the user to establish a friend network and to transmit information associated with the unique state to contacts within the friend network. | 07-15-2010 |
20100186070 | System, device and method for secure provision of key credential information - A system for secure provision of key credential information is provided. The system comprises secure logic circuitry for being disposed in a host computer. The secure logic circuitry detects a message received from a remote computer connected to the host computer and indicative of a request for provision of the key credential information; generates a message for prompting a user for provision of the key credential information; receives the key credential information; and provides the key credential information to the remote computer absent processing using circuitry of the host computer. The system further comprises a secure user interface cormected to the secure logic circuitry for receiving the key credential information from the user and providing the same to the secure logic circuitry. | 07-22-2010 |
20100186071 | NETWORK AUTHENTICATION SYSTEM AND METHOD - A network authentication system and method are provided. When an authentication request is initiated by a user of a computer device through a network, a display interface displaying an identifier, an authentication (matching) result corresponding to the identifier and one or more non-authentication (bogus) results unrelated to the identifier are transmitted to the computer device. The user then chooses among the authentication result and the non-authentication results with the goal of choosing the result that is associated with displayed identifier. If a non-authentication result is chosen, the user is given an opportunity to repeat the authentication. The identifier includes advertising information, thereby predictably producing a desired advertising effect. | 07-22-2010 |
20100192205 | PREVENTING INADVERTENT LOCK-OUT DURING PASSWORD ENTRY DIALOG - One embodiment provides a computer-implemented method for providing controlled access to electronic content. A password is associated with electronic content, such as by password-protecting an electronic file that contains the electronic content. At least one password attempt is received in an effort to access the electronic content. Each password attempt is compared to the password at a selected subset of “trap” character positions. Up to a threshold number of password entries is allowed that have incorrect characters at any of the trap character positions. A greater number or even an unlimited number of incorrect password entries are allowed having incorrect characters at non-trap character positions. Access to the electronic content is allowed only if one of the password entries exactly matches the password. | 07-29-2010 |
20100192206 | BULLETIN BOARD SYSTEM, TERMINAL DEVICE OF BULLETIN BOARD SYSTEM, AND SERVER DEVICE OF BULLETIN BOARD SYSTEM - A unique authentication ID is given to a television to automatically log in a server by using the ID. A password used for logging in the server is registered to the server from the television for each mobile phone of sub-users who share the television. A message may be input from both of the television and the mobile phone. The authentication ID, the password, a message, a user name, and an input date are stored in the server. When being accessed from the television or the mobile phone, the server generates and transmits an HTML to be displayed on the television or the mobile phone, and thus, a message is displayed in a predetermined display format for each of the television and the mobile phone. | 07-29-2010 |
20100199334 | DEVICE AND METHOD FOR IDENTIFICATION AND AUTHENTICATION - A device for identification and authentication of a remote user connecting to a service over a network includes a cryptographic processor and at least one cryptographic key and storage means, additional processing means and interface means to generate and transmit a unique authentication code as emulated keystrokes through a standard input, means of a client terminal. The code may be transmitted only by an explicit command of the user. | 08-05-2010 |
20100205656 | MEDIA MONITORING SYSTEM - A media monitoring system that allows a monitoring device to control the media content that can be downloaded by a monitored device. The monitoring device reviews requests for media content from the monitored device and makes a decision whether to allow the monitored device access to the media content. Authorization may occur interactively or automatically using media settings associated with the monitored device. The monitored device is prevented from accessing media content until the media content is authorized. The media monitoring system may operate in a wired and/or wireless network. | 08-12-2010 |
20100205657 | PROTECTED ACCESS CONTROL METHOD FOR SHARED COMPUTER RESOURCES - In embodiments of the present invention improved capabilities are described for providing protected computer communications. The present invention may provide for computer communications where in response to a receipt of a communication at a first computing facility from a second computing facility, the first computing facility may be caused to send a request to a compliance center for security compliance information relating to the second computing facility. In response to the request for security compliance information, the first computing facility may receive compliance information related to the second computing facility, which may cause the first computing facility to perform an action regulating further communications from the second computing facility if the second computing facility security compliance information indicates that the second client computing facility is not compliant with a current security policy. | 08-12-2010 |
20100205658 | SYSTEM, METHOD AND PROGRAM PRODUCT FOR GENERATING A CANCELABLE BIOMETRIC REFERENCE TEMPLATE ON DEMAND - A system, method and program product for generating a cancelable biometric reference template on demand. The method includes creating, using a biometric application, a base reference template having a unique biometric template identifier that uniquely identifies biometric data corresponding to a biometric sample collected for an individual and generating, utilizing a transformation engine, a cancelable reference template derived from the base reference template, where the cancelable reference template generated is used by the individual to participate in a new biometric application without having to provide a new biometric sample or without having to rely on a biometric service provider to issue a new reference template for the new biometric application. The method further includes injecting the base reference template created into a secure portable device issued to the individual and loading the transformation engine onto the device for generating on demand the cancelable reference template. | 08-12-2010 |
20100205659 | INFORMATION MANAGEMENT SYSTEM, INFORMATION PROCESSING APPARATUS AND COMPUTER READABLE MEDIUM STORING INFORMATION PROCESSING PROGRAM - An information management system includes first and second information processing apparatuses. The first information processing apparatus includes: an invalidation unit configured to invalidate operation at the first information processing apparatus if input terminal password information is different from correct terminal password information; and a first releasing unit configured to release an invalidation of the operation based on an invalidation releasing process. The second information processing apparatus includes: a determination unit configured to determine whether target information is in a limited state in which a process to the target information is limited at the second information processing apparatus; and a second releasing unit configured to perform the invalidation releasing process if correct limitation releasing password information is input. The invalidation releasing process includes: releasing the limited state of the target information; and releasing the invalidation of the operation of the first information processing apparatus. | 08-12-2010 |
20100211999 | NETWORK PROTECTING AUTHENTICATION PROXY - It is convenient to allow access to a private network, such as a corporate intranet, or outward facing extranet application, from an external network, such as the Internet. Unfortunately, if an internal authentication system is used to control access from the external network, it may be attacked, such as by a malicious party intentionally attempting multiple invalid authentications to ultimately result in an attacked account being locked out. To circumvent this, an authentication front-end, proxy, wrapper, etc. may be employed which checks for lockout conditions prior to attempting to authenticate security credentials with the internal authentication system. | 08-19-2010 |
20100218240 | Authentication system and method - An authentication system includes one or more terminals in communication with a server on a network. The server is operable to receive user login information; and generate an authentication data set having: a plurality of decoy data; an anchor data, wherein the anchor data is based on information from a user profile; and target data in a predetermined relationship relative to the anchor data. The server is also operable to generate a decoy data set having: a plurality of second decoy data; and at least one anchor data. The server may then display the authentication data set and decoy data set and determine an authentication result by performing a predetermined manipulation of the target data. The server may receive a user response to an authentication prompt; and authenticate the user if the authentication result and user response are the same. | 08-26-2010 |
20100218241 | AUTHENTICATION USING A WIRELESS MOBILE COMMUNICATION DEVICE - An authentication scheme may be used to decide whether to permit access to a user account access to which is controlled by a network resource server. An initial portion of a password is received at a mobile communication device, and a remaining portion of the password is received at a password client installed in or otherwise coupled to the network resource server. The initial portion is communicated from the mobile communication device to the network resource server, where it is passed to the password client, which combines it and the remaining portion to produce a complete password. A value calculated by the password client from the complete password is sent to a password server, which generated the password and sent the initial portion and remaining portion. If the value matches a value calculated by the password server from the complete password in the same manner, authentication has succeeded. | 08-26-2010 |
20100229222 | Peer-to-Peer Video Content Distribution Network Based on Personal Network Storage - A method and system of accessing content in a peer-to-peer network are described including receiving by a peer a content list including content availability from a directory service, requesting content from the directory service and downloading the requested content to a first personal network storage area associated with the requesting peer from a second personal network storage area associated with a second peer, wherein the first and second personal network storage areas are hosted by servers with an access network. A method and system for accessing content in a peer-to-peer network are also described including receiving by a directory service peer information and content availability information, posting the peer information and the content availability information, receiving a request for content from a peer and directing a personal network server having a personal network storage areas associated with peers to transfer the content from a personal network storage area associated with a second peer to a personal network storage area associated with the requesting peer. | 09-09-2010 |
20100229223 | USING SOCIAL INFORMATION FOR AUTHENTICATING A USER SESSION - A social CAPTCHA is presented to authenticate a member of the social network. The social CAPTCHA includes one or more challenge questions based on information available in the social network, such as the user's activities and/or connections in the social network. The social information selected for the social CAPTCHA may be determined based on affinity scores associated with the member's connections, so that the challenge question relates to information that the user is more likely to be familiar with. A degree of difficulty of challenge questions may be determined and used for selecting the CAPTCHA based on a degree of suspicion. | 09-09-2010 |
20100229224 | Web Content Access Using a Client Device Identifier - Systems and methods are provided for controlling access to online services. For example, the system may include an application running on a user computer ( | 09-09-2010 |
20100235890 | Communication of Session-Specific Information to User Equipment from an Access Network - In conjunction with establishment of a session between an access network and user equipment of a communication system, session-specific information is transmitted from the access network to the user equipment. The session-specific information transmitted from the access network to the user equipment comprises information to be utilized in an authentication protocol carried out between the user equipment and an authentication server of the system. For example, the session-specific information transmitted from the access network to the user equipment may comprise an identifier of a gateway coupled between the access network and the authentication server. | 09-16-2010 |
20100235891 | METHOD AND SYSTEM FOR FACILITATING SYNCHRONIZING MEDIA CONTENT BETWEEN A VEHICLE DEVICE AND A USER DEVICE - A user uploads content such as files containing audio, video, graphical, data, points of interest, and other information from a user device such as a personal computer to a central server over the interne. Upon determining that a trigger event has occurred, communication and processing circuitry in a vehicle device automatically download the previously uploaded content over the interne and a short-range wireless network and store the content for use by a device such as an audio/visual/navigation unit. Examples of a trigger event include proximity to a short-range wireless communication network coupled to the internet, presence within a geofence, turning off a vehicle's engine, or detecting an SMS wake-up message while the vehicle device's main processor, transceivers not used for SMS, and auxiliary circuitry are in sleep mode. The short-range wireless network can be a vehicle owner's home network, or a commercial wi-fi hot spot, or subscription wireless service. | 09-16-2010 |
20100242099 | Method and apparatus of UI design for web-based computer user working environment - This invention takes the course of evolution and creating a web based computer user work environment for a control management station and its associated systems on the network crossing Intranet, Internet or LAN. Therefore, users can access and manage the control management station and all its associated system through web browser on any other systems or devices. To establish a web based computer user work environment, the resources information on control management station and on associated systems on network need to be collected and convert them to standard structured format for web based communication and further displaying them in web browser. These information need to be collected by control management station at its and the associated systems' boot up time or at the time when a user logins and requests to access and manage these resources. | 09-23-2010 |
20100242100 | NETWORK ACCESS AUTHENTICATION - The invention relates to a method, an element, and a system for providing access authentication for a user using user equipment ( | 09-23-2010 |
20100251345 | Adaptive HTTP Authentication Scheme Selection - A method is presented for selecting an HTTP authentication scheme at a client computer. A request message is sent from the client computer to a server computer to access information on the server computer. In response, the client computer receives a response message from the server computer. The response message includes an HTTP header that includes a first scheme identifier, indicating a first HTTP authentication scheme and a second scheme identifier, indicating a second HTTP authentication scheme. If the client computer does not support the second HTTP authentication scheme, the client computer uses the first HTTP authentication scheme when sending another HTTP message to the server computer. If the client computer supports the second HTTP authentication scheme, the client computer uses the second HTTP authentication scheme when sending another HTTP message to the server computer. | 09-30-2010 |
20100251346 | AUTOMATIC LICENSE KEY INJECTION - A method, server and system for obtaining a licensed application is provided. In one example embodiment, the method comprises: receiving an application download request from a user of the electronic device by way of an input mechanism associated with the electronic; transmitting a download request from the electronic device to an application delivery server; receiving an application from the application delivery server at the electronic device; receiving a license key from the application delivery server; and automatically injecting the license key into the application. | 09-30-2010 |
20100251347 | SIMPLE, SECURE LOGIN WITH MULTIPLE AUTHENTICATION PROVIDERS - A secure distributed single-login authentication system comprises a client and a server. The client collects authentication credentials from a user and tests credentials at a variety of potential authentication servers to check where the login is valid. It combines a password with a time-varying salt and a service-specific seed in a message digesting hash, generating a first hash value. The client sends the hash value with a user name and the time-varying salt to a selected server. The server extracts the user name and looks up the user name in the server's database. If an entry is found, it retrieves the password, performing the same hash function on the combination of user name, service-specific seed, and password to generate a second hash value, comparing the values. If the values match, the user is authenticated. Thus, the system never reveals the password to authentication agents that might abuse the information. | 09-30-2010 |
20100269161 | METHOD AND SYSTEM FOR PREVENTING FRAUDULENT ACTIVITIES - A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application. | 10-21-2010 |
20100275249 | METHODS AND APPARATUS TO DISCOVER AUTHENTICATION INFORMATION IN A WIRELESS NETWORKING ENVIRONMENT - Example methods and apparatus to discover authentication information in a wireless networking environment are disclosed. A disclosed example method involves transmitting a request message to a network access point requesting identifiers indicative of authentication information required by the network access point to authenticate a wireless terminal. In addition, at least one authentication requirement identifier is retrieved from a response message transmitted by the network access point. The at least one authentication requirement identifier is indicative of an authentication value obtainable using operations performed by the wireless terminal at a media access control layer without providing access to an internet protocol layer to retrieve the authentication value. | 10-28-2010 |
20100281524 | Authentication Method Without Credential Duplication for Users Belonging to Different Organizations - The present invention relates to a method for allowing a user to access the Internet. A user sends an Internet access request through a first Organization's gateway and supplies to the latter some credentials for his/her authentication with a second Organization. The credentials provided contain at least one piece of information about the second Organization. The first Organization contacts the second Organization for the purpose of authenticating the user and granting him/her access to the Internet. The second Organization then gives the user the authorization to access the Internet. According to the invention, upon the access request the gateway redirects the user to a web page of the second Organization, where the user supplies to the second Organization, through the web page, further authentication credentials required for his/her identification. | 11-04-2010 |
20100281525 | COMMUNICATION SYSTEM, COMMUNICATION METHOD, TERMINAL AND MANAGEMENT DEVICE - A communication system includes a plurality of terminals and a management device that manages a plurality of networks. A first terminal, which is connected to a first network to which the management device is also connected, transmits a connection request for connecting to a second network to the management device. Upon receiving the connection request, the management device determines a predetermined topology from among a plurality of topologies that can be formed when the first terminal connects to the second network. The first terminal receives network configuration information indicating the predetermined topology from the management device. The first terminal transmits the network configuration information to a plurality of terminals participating in the second network. The second network is recreated accordingly. | 11-04-2010 |
20100287602 | CONTENT DELIVERY DEVICE AND SYSTEM, CONTENT-ON-DEMAND METHOD AND NETWORK ARCHITECTURE - The present invention discloses a content delivery device and system, content-on-demand method and network architecture, wherein, the content delivery device is used to realize content delivery function in next generation network, wherein, the next generation network includes a transmission stratum which includes a transmission function entity and a service stratum which includes a service control function entity. The content delivery device is located in the service stratum on top of the transmission stratum, is connected between the service control function entity and the transmission function entity, and is used to deliver the content from application functions module of next generation network to a terminal user. In virtue of the technical scheme of the present invention, various service systems such as IPTV can be merged in next generation network, various multimedia services of next generation network are developed expediently and the vacancy of the related technology is filled up. | 11-11-2010 |
20100293604 | INTERACTIVE AUTHENTICATION CHALLENGE - A system and method for authenticating a request for a resource. A requester sends the request for a resource to a server in a first protocol. The server may send a challenge message to the requester. In response, the requester employs a challenge handler that performs an interactive challenge with a challenge server in a second protocol. Upon successful conclusion of the interactive challenge, the challenge handler synchronizes with a request handler, which sends a challenge response message to the server. The server may then enable access to the requested resource. | 11-18-2010 |
20100293605 | POSITIONAL PASSWORD CONFIRMATION - Adding a layer of security to access login credentials increases security while preserving the efficiency of automatically providing locally stored website login credentials. This security layer can prevent an unauthorized user, who gains access to a login panel or launches a web browser, from retrieving and inappropriately using the stored login credentials. Functionality can be implemented to use positional security information to locally verify the authenticity of a user trying to access stored login credentials. The positional security information can restrict access to/use of the stored login credentials. This can help reduce the possibility of an unauthorized user accessing and using the locally stored website login credentials. | 11-18-2010 |
20100293606 | METHOD AND SYSTEM FOR MANAGING DELAYED USER AUTHENTICATION - A system and methods for coordinating the operation of a client security module and a host security module on a mobile electronic device. The modules communicate with each other through a platform abstraction layer using application programming interfaces to coordinate their activities. In particular, on start-up of the device, the host security module obtains user authorization input from a user and passes the input to a client operating system for validation. Once validated, the host security module unlocks the host-side of the device. At the same time, the client operating system sends a notice or request to the client-side virtual machine requesting that the client-side be unlocked. Once the virtual machine is initialized and available it launches the client security module and unlocks the client-side. During the delay while the virtual machine loads, the user is given access only to the host applications. | 11-18-2010 |
20100299727 | METHODS AND SYSTEMS FOR EXACT DATA MATCH FILTERING - A technique for efficiently preventing exact data words (“entities”) from unauthorized disclosure is disclosed. Protect agents installed at various egress points identify candidate entities from digital information desired to be disclosed by a user. The candidate entities are compared against registered entities stored in a lightweight entity database (LWED). If a candidate entity matches against a registered entity in the LWED, the protect agent initiates a security action. Alternately, the protect agent transmits the matching candidate entity to a global entity database (GED) server to receive additional confirmation on whether the candidate entity matches a registered entity. In some instances, the protect agent also receives (from the GED server) metadata information associated with the matching candidate entity. The protect agent utilizes the metadata information to initiate suitable security actions. | 11-25-2010 |
20100299728 | File transfer system for direct transfer between computers - A file authentication requesting device that stores a computer program for requesting authentication of files in digital systems, the device comprises a confirmation request system that generates a request for a confirmation receipt from a third party authenticator authenticating the attributes of a file; a transferring system that transfers attributes of at least one file to be authenticated to the third party authenticator from the device that requested the confirmation; and a receiving system that receives the confirmation receipt comprising authenticated file attributes, after authentication by the third party authenticator; wherein, at least one file authentication is received from the third party authenticator. Corresponding processing devices, media, systems and methods are also provided. | 11-25-2010 |
20100299729 | Server Computer Issued Credential Authentication - Methods and systems for authenticating computers is disclosed. The methods and system include issue a credential from a first computer to a second computer. When the second computer authenticates to the first computer, the second computer transmits the credential and a first challenge to the first computer. The first computer determines whether the credential is valid, computes a first response to the first challenge, and generates a second challenge. The first computer transmits the first response and the second challenge to the second computer. The second computer determines whether the first response is valid and computes a second response to the second challenge. The second computer transmits the second response to the first computer in order to verify and authenticate the computers. | 11-25-2010 |
20100299730 | USER AUTHENTICATION METHOD, WIRELESS COMMUNICATION APPARATUS, BASE STATION, AND ACCOUNT MANAGEMENT APPARATUS - A wireless communication apparatus transmits a user identifier to an account management apparatus through a communication apparatus. The account management apparatus generates code generation information, and generates code information using authentication information that corresponds to the user identifier and the code generation information. The account management apparatus transmits the code information and the code generation information to the communication apparatus. The communication apparatus sets code information, and transmits the code generation information to the wireless communication apparatus. The wireless communication apparatus generates code information using the code generation information and the authentication information, and when wireless network parameters are set, notifies the account management apparatus of success of authentication. The account management apparatus performs a process to permit the wireless communication apparatus to connect to a communication network. | 11-25-2010 |
20100306831 | METHOD FOR FINGERPRINTING AND IDENTIFYING INTERNET USERS - Various aspects of the present system provide methods and systems for tracing internet actions to a remote computer and to an individual who operates the computer. One aspect provides a technique to generate fingerprint of computer and its user based on the information collected through the actions a user conducts on internet. Another aspect of the system provides a technique to compute the fingerprints and find relations between users and computers. Another aspect of the system provides a trust ranking to a user based on the consistency of information collected from the user's various actions. | 12-02-2010 |
20100306832 | METHOD FOR FINGERPRINTING AND IDENTIFYING INTERNET USERS - Various aspects of the present system provide methods and systems for identifying an individual who operates a remote computer. One aspect provides a technique to generate fingerprint of computer and its user based on the information collected through the actions a user conducts on internet. Another aspect of the system provides a technique to compute the fingerprints and find relations between users and computers. Another aspect of the system provides a trust ranking to a user based on the consistency of information collected from the user's various actions. | 12-02-2010 |
20100306833 | AUTONOMOUS INTELLIGENT USER IDENTITY MANAGER WITH CONTEXT RECOGNITION CAPABILITIES - A remotely located, uniquely identified resource can serve an application utilized by the Web browser. Access to the application can require authentication including a userid and password. A memory for a record associated with the application can be queried. The memory can include a set of userids and passwords indexed against unique application identifiers that are independent upon server identifiers or URLs. Responsive to querying the memory, a match between the application requiring authentication and a unique application identifier in the memory can be determined. A userid and password can be provided without manual input from a user from memory that is associated with the unique application identifier to the remotely located. The uniquely identified resource can use the userid/password as authentication to access the served application. | 12-02-2010 |
20100319056 | DECREASING LOGIN LATENCY - Systems, methods, and computer-storage media for decreasing web service login latency are provided. Upon a user's initial login to the web service from a web browser, the location of user information is identified. A cookie containing information identifying the location of the user information is generated and stored in association with the web browser. Upon a subsequent login to the web service by the same user, the location information included in the cookie is utilized to direct the user request directly to the correct location, without having to repeat the act of identifying the location, thus providing the user with the desired information more quickly. | 12-16-2010 |
20100319057 | Information Processing Apparatus Capable of Authentication Processing with Improved User Convenience, Control Program for Information Processing Apparatus, and Recording Medium Having Control Program for Information Processing Apparatus Recorded Thereon - Whether box access is made or not is determined. When it is determined that a box region is accessed, a box ID entry screen appears. CPU determines whether a box ID is entered or not. If it is determined that a box ID is entered, then device information is obtained. After the device information is obtained, whether a hardware keyboard is present or not is determined. If it is determined that a hardware keyboard is present, a password authentication screen appears. If it is determined that no hardware keyboard is present, an image authentication screen appears. | 12-16-2010 |
20100325703 | System and Method for Secured Communications by Embedded Platforms - A method for ensuring secured communications for embedded platforms includes steps for receiving a device identifier at an authenticating server over a public network from an extended trust device, the authenticating server being communicatively coupled between a secured server and the public network and the device identifier derived from a plurality of machine parameters resident on the extended trust device, accessing a database of authorized device identifiers corresponding to known extended trust devices, and establishing, in response to the device identifier matching one of the authorized device identifiers, a secure private network between the extended trust device and the secured server. The machine parameters may be a combination of a user-configurable parameter and a non-user-configurable parameter. The method may be embodied as a series of process steps stored on a computer readable medium executable by a processor. | 12-23-2010 |
20100325704 | Identification of Embedded System Devices - An embedded system device comprises a processor operatively coupled to a first memory space, a second memory space, and a plurality of user controls. The processor is configured to execute only executable code residing within the first memory space, and the executable code includes authentication routine configured to generate a device identifier based at least upon non-user-configurable parameters of the embedded system device. The second memory space includes user configurable options for use by the processor when executing the executable code. The user controls are adapted to configure the user configurable options within the second memory space, wherein the user controls cannot configure the first memory space. | 12-23-2010 |
20100333182 | SYSTEM AND METHOD FOR ESTABLISHING A SELF-REALIZING EXPANDABLE COMMUNICATIONS NETWORK - This invention relates to a system and method for providing secure reliable expansion of a mobile network. The system includes one or more portable communications devices (PCDs) which incorporate routing, authentication and encryption capabilities and are adapted to provide a connection between a peripheral device and a base-station either directly or indirectly via other similarly configured PCDs. The PCDs also incorporate tamper-proofing features to provide added security. | 12-30-2010 |
20100333183 | IMAGE FORMING SYSTEM, IMAGE FORMING APPARATUS AND RECORDING MEDIUM - An image forming system includes an image forming apparatus, an information processing apparatus and a printer driver generator that generates a printer driver and a unique authentication key for the printer driver. The information processing apparatus gives the unique authentication key to a job generated according to the printer driver currently installed thereon, and transmits them to the image forming apparatus. And the image forming apparatus executes the job if the authentication key received therefrom and an authentication key recorded in the image forming apparatus are identical. | 12-30-2010 |
20100333184 | SYSTEM AND METHOD FOR AUTHENTICATION - A system and method for authentication including verifying a password is disclosed. In one embodiment, the authentication system includes a first storage unit to store an authentication sequence, a read-only memory unit to store an authentication algorithm, and a second storage unit. A microcontroller is coupled to the first storage unit, the read-only memory unit, and is configured to be coupled to and uncoupled from a host. The microcontroller is configured to execute the authentication algorithm to verify a password with the authentication sequence, and to send an access request to a web server via the host if the authentication algorithm has verified the password with the authentication sequence. | 12-30-2010 |
20110010761 | CONNECTIVITY DEPENDENT APPLICATION SECURITY FOR REMOTE DEVICES - Conditional access to security-sensitive applications and/or content in a remote device may be granted based on a history of access to connectivity (e.g., access to a communication network) for the remote device. A remote device may monitor access to connectivity. If it is determined that the remote device has a first history to access to connectivity (e.g., a recent access to connectivity), a first security level is applied in providing access to the security-sensitive application. Otherwise, if a second history of access to connectivity is ascertained (e.g., no recent access to connectivity), a second security level is applied in providing access to the security-sensitive application, where the second security level is more stringent then the first security level. If the remote device is lost, a remote server may send a request to the remote device to restrict or disable access to the security-sensitive applications and/or content | 01-13-2011 |
20110010762 | IDENTITY MANAGEMENT - In providing identity management in distributed systems, it is known to provide a user with a single sign-on to accounts with different service providers with whom the user interacts by communicating with the service providers' computers. Such a single sign-on is provided by having the user authenticate himself to an identity provider computer, and thereafter relying on that identity provider computer to issue identity assertions on his behalf. An identity provider validation service is proposed with which service providers can interact on receiving an identity assertion on behalf of a user. This allows the service provider to rely only on the identity provider validation service rather than having to rely on the numerous identity providers who might issue identity assertion on behalf of one of their users. Furthermore, the identity assertions include a level of assurance indication, and the identity provider validation service indicates whether each identity provider can be trusted to properly issue an identity assertion claiming that level of assurance. This provides a more fine-grained and adaptable identity management than has hitherto been provided. | 01-13-2011 |
20110016513 | SYSTEMS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR ADAPTING THE SECURITY MEASURES OF A COMMUNICATION NETWORK BASED ON FEEDBACK - An adaptable network security system includes trust mediator agents that are coupled to each network component. Trust mediator agents continuously detect changes in the security characteristics of the network and communicate the detected security characteristics to a trust mediator. Based on the security characteristics received from the trust mediator agents, the trust mediator adjusts security safeguards to maintain an acceptable level of security. Trust mediator also uses predetermined rules in determining whether to adjust security safeguards. Despite inevitable changes in security characteristics, an acceptable level of security and efficient network operation are achieved without subjecting users of the network to over burdensome security safeguards. | 01-20-2011 |
20110016514 | METHODS FOR MONITORING AND CONTROL OF ELECTRONIC DEVICES - The present invention relates to telemetry methods and systems and more particularly, to telemetry network connectivity systems, devices and methods. In accordance with various embodiments, a suite of software components configured to provide machine-to-machine network connectivity includes a configurable device translation server module, a complex message constructor and at least one database. In some embodiments the suite of software components, specifically the complex message constructor, may be configured to authenticate commands between an interface and the device translation server. Additionally, the suite of software components, specifically the complex message constructor, may be configured to manage messages between the interface and the device translation server. Managing messages may include initiating alerts and notifications based on a comparison of programming and substantially synchronous and stored information. | 01-20-2011 |
20110023096 | TOKEN-BASED CONTROL OF PERMITTED SUB-SESSIONS FOR ONLINE COLLABORATIVE COMPUTING SESSIONS - In one embodiment, a client device may send one or more sub-session requests to one or more corresponding session controllers through a computer network to obtain one or more corresponding sub-session tokens that indicate in which sub-sessions of an online collaborative computing session the client device is permitted to participate. The client device may then receive particular sub-session tokens (e.g., based on certain permissions), which may then be sent to a collaboration server to establish one or more permitted sub-sessions of the online collaborative computing session with the client device as indicated by the received sub-session tokens. | 01-27-2011 |
20110023097 | AUTHENTICATION METHOD AND FRAMEWORK - Authentication in an ad-hoc network is established between a first device (for example a service-requesting device) and a second device (for example a service-providing device) using a third device (a peer device). An authentication request is transmitted from the first device to the second device. The second device transmits a query message to at least one third device (i.e. peer device). If the peer device has previously been authenticated with the first device, the peer device sends an authentication credential, for example an authentication key, to the first and second devices. Upon receiving the authentication credential, the first device sends the authentication credential to the second device. The second device then compares the authentication credential received from the first device with the authentication credential received from the third device, and authenticates the first device with the second device if the authentication credentials match. Preferably the authentication credential from the third (peer) device to the first device is encrypted. | 01-27-2011 |
20110023098 | METHOD AND SYSTEM FOR MAINTAINING LOGIN PREFERENCE INFORMATION OF USERS IN A NETWORK-BASED TRANSACTION FACILITY - The present invention relates to various aspects for maintaining and utilizing login preference information of users of a network-based transaction facility. In one embodiment, user interface information is communicated to a client via a communications network. The user interface information includes information concerning a plurality of features within the network-based transaction facility. The user interface information also specifies a login interface that facilitates user input of login preference information pertaining to each of the plurality of features. Further, the login preference information is received from the client via the communications network and utilized to control user access to any of the plurality of features within the network-based transaction facility via the communications network. | 01-27-2011 |
20110023099 | USER TERMINAL WITH IDENTITY SELECTOR AND METHOD FOR IDENTITY AUTHENTICATION USING IDENTITY SELECTOR OF THE SAME - The present invention relates to a user terminal ( | 01-27-2011 |
20110030039 | DEVICE, METHOD AND APPARATUS FOR AUTHENTICATION ON UNTRUSTED NETWORKS VIA TRUSTED NETWORKS - The described apparatus and methods may include a security agent configured to transmit a first service request message via a trusted network, and acquire credential information via the trusted network. The security agent is further configured to transmit a second service request message via an untrusted network, wherein the second service request message comprising the credential information. The security agent is further configured to receive service via the untrusted network based on the credential information in the second service request message. | 02-03-2011 |
20110030040 | APPLICATION AUTHENTICATION SYSTEM AND METHOD - A system and method are provided for validating executable program code operating on at least one computing device. Program instructions that include a request for access to sensitive information are executed on a first computing device. An authentication request for access to the electronic information is sent from the first computing device to a second computing device. In response to the authorization request, a challenge is sent from the second computing device to the first computing device. The first computing device executes the challenge and generates an authentication response that includes at least one memory object associated with the program instructions. The response is sent to the second computing device from the first computing device, and the second computing device generates and sends a verification to the first computing device confirming that at least some of the first program instructions have not been altered or tampered with, and further grants the first computing device access to at least some of the electronic information. | 02-03-2011 |
20110030041 | Session Ticket Authentication Scheme - A method of propagating a user's authentication/session information between different requests to Web services in a network includes a web server receiving a request for access to a first web service. The request is intercepted with an agent and authentication credentials are collected. A determination is made whether the web service customer is authenticated and authorized. If the web service customer is authenticated and authorized, a session and session ticket are created. An ID and the session ticket are returned to the web server. The session ticket ID and a public key are encrypted into an assertion. The assertion is sent to the first web service. The assertion is then returned to the web service customer for use with future requests. The assertion can be in the form of a SAML assertion. | 02-03-2011 |
20110041165 | SYSTEM AND METHOD FOR IMPLEMENTING A PROXY AUTHENTICATION SERVER TO PROVIDE AUTHENTICATION FOR RESOURCES NOT LOCATED BEHIND THE PROXY AUTHENTICATION SERVER - Networked resources that are not located behind a proxy authentication server may be enabled to use the proxy authentication server for authentication. This may provide one or more of the features associated with a proxy authentication server (e.g., centralized administration of authentication and/or access information, enhancing software security, centralized administration of permission information, and/or other features) for the resources not located behind the proxy authentication server. These features may be provided without requiring substantial modification of the proxy authentication server. | 02-17-2011 |
20110047602 | End-of-Session Authentication - Techniques for facilitating an online transaction session with an end-of-session authentication are provided. The techniques include performing a start-of-session authentication to enable an online transaction session, and performing an end-of-session authentication to end the online transaction session, wherein the end-of-session authentication comprises a scope comprising each pre-defined critical transaction from the transaction session. | 02-24-2011 |
20110047603 | Systems and Methods for Obtaining Network Credentials - Systems and methods for obtaining network credentials are disclosed. In some embodiments, a method comprises receiving, with a digital device, a network identifier from a network device, providing a first credential request including the network identifier to another digital device on a network, receiving a request for additional network information from the other digital device, providing a second credential request including additional network information to the other digital device, receiving a credential request response including network credentials from the other digital device, and providing the network credentials from the credential request response to a network device. | 02-24-2011 |
20110047604 | COMPUTING INPUT SYSTEM WITH SECURE STORAGE AND METHOD OF OPERATION THEREOF | 02-24-2011 |
20110055907 | HOST STATE MONITORING - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for a host state machine. In one aspect, the method includes defining a state machine in a memory of a data processing apparatus, the state machine comprising a plurality of states, and wherein network access for a host device is controlled in each state according to one or more network access zones associated with the state, each network access zone defining network access capabilities for the host device; monitoring, by the data processing apparatus, host devices attempting to access the network and host devices that have access to the network; and transitioning, for each host device, a state of the host based on the monitoring and a current state of the host. | 03-03-2011 |
20110055908 | SYSTEM AND METHOD FOR REMOTELY ACCESSING AND CONTROLLING A NETWORKED COMPUTER - The present invention advantageously provides a system and method for remotely accessing a networked computer. The system includes a personal computer, a locator server, a remote access terminal, and a connection key. The system is configured to remote access to only those users who are authorized and use authorized remote access terminal and connection key. In some embodiments, the connection key is configured to automate communication requests and authentication processes without user interaction. | 03-03-2011 |
20110067091 | NEXT GENERATION INTEGRATION BETWEEN DIFFERENT DOMAINS, SUCH AS, EXTERPRISE AND SERVICE PROVIDER USING SEQUENCING APPLICATIONS AND IMS PEERING - The present invention provides mechanisms for sharing user information, including user authentication information, across communication networks and more specifically across networks separated by one or more Session Border Controllers (SBCs). The authentication of a user at one network can be leveraged by the second network to invoke one or more applications at the second network in connection with administering a communication session for the user. | 03-17-2011 |
20110072497 | SYSTEM AND METHOD OF USING PERSONAL DATA - A particular method includes receiving a request for a portion of user data from a data repository. The user data is associated with a user. The method includes determining a source of the request. The method includes determining whether the portion of user data can be provided to the source. The method also includes determining at least one type of credential to be supplied from the source when the user data can be provided to the source. The at least one type of credential includes a first authentication when the source is associated with the user and a second authentication when the source is not associated with the user. | 03-24-2011 |
20110078770 | USER INFORMATION POPULATION - Methods and systems are provided for populating user related information, such as in forms at web sites. For example, a method can include providing a web site with information about a user during the front end of accessing the web site by the user. The information can be used to facilitate use of the web site by the user. A system for facilitating access of a web site by a user can comprise an ID provider that is configured to receive a request from a web site for information regarding a user, request information regarding the user from an information provider, and forward the information to the web site. By providing such information to the web site, log on, sign in, and/or registration with a web site can be done quickly, conveniently, and in a manner that is substantially less prone to errors. | 03-31-2011 |
20110078771 | ELECTRONIC DEVICE FOR DISPLAYING A PLURALITY OF WEB LINKS BASED UPON FINGER AUTHENTICATION AND ASSOCIATED METHODS - An electronic device is for communicating with a remote server hosting a web feed of updated content including a plurality of web links. The electronic device includes a finger biometric sensor, a display, and a processor. The processor is for authenticating a finger placed adjacent the finger biometric sensor, and displaying on the display the plurality of web links from the web feed of updated content based upon authenticating the finger. The processor is also for associating account access data with the authenticated finger, and accessing information from a selected web link based upon the account access data associated with the authenticated finger. Additionally, the processor is for downloading and displaying on the display information from the selected web link. | 03-31-2011 |
20110078772 | LDAP SECURITY DOMAIN DATA STORAGE - A Security Domain Access System (SDAS) provides highly available security domain data. The SDAS receives a request pertaining to a security domain. The request includes credentials for accessing a security domain manager server. The SDAS selects one of a plurality of security domain manager servers to process the request based on the credentials and the availability of each of the plurality of security domain manager servers. The SDAS forwards the request to the selected security domain manager server. | 03-31-2011 |
20110078773 | MOBILE TERMINAL AUTHORISATION ARRANGEMENTS - An end-to-end client server system and related method for use in conjunction with mobile terminals. A client application on a mobile terminal is configured to remotely access a backend server via a gateway system. The mobile terminal includes a client application configured to generate a one time password using secret information and a password library, both known only to the client application and a verification component of the gateway system. The one time password provides an additional level of security, which is user dependent and not network dependent. | 03-31-2011 |
20110078774 | METHOD AND APPARATUS FOR ACCESSING SECURE DATA IN A DISPERSED STORAGE SYSTEM - A method begins by a processing module receiving, from a user device, a request to access secure data, wherein the request includes a user identification code and at least one object name for the secure data. The method continues with the processing module processing the request to determine a security level associated with the user device and to determine security parameters associated with the secure data. The method continues with the processing module determining a level of access to the secure data based on the security level associated with the user device and the security parameters. The method continues with the processing module retrieving a set of encoded data slices from dispersed storage units, wherein the set of encoded data slices includes less than a reconstruction threshold number of encoded data slices and generating a response that includes the set of encoded data slices when the level of access is a partial access level. | 03-31-2011 |
20110083169 | METHOD AND SYSTEM FOR THE PROVISION OF SERVICES FOR TERMINAL DEVICES - Services are provided for terminal devices, each having a TPM module. The TPM module of a terminal device transmits a service request with an ID assertion signed by a configurable credential to a server for the purpose of accessing the services of the server. | 04-07-2011 |
20110083170 | User Enrollment via Biometric Device - A web-enabled application identifies a biometric device installed in a client device. The system identifies biometric information associated with a user and creates a biometric template associated with the biometric information. The system then receives user credentials associated with the user and binds the user credentials with the biometric template. | 04-07-2011 |
20110083171 | Method and apparatus in combination with a storage means for carrying out an authentication process for authenticating a subsequent transaction - A computer, such as a WINDOWS® operating system-based PC, has associated with it a Subscriber Identity Module (or SIM), such as of the type used in a GSM cellular telephone system. The SIM can be authenticated by the telephone network, in the same way as for authenticating SIMs of telephone handset users in the network, and can in this way authenticate the user of the PC or the PC itself. Such authentication can, for example, permit use of the PC in relation to a particular application which is released to the PC after the authentication is satisfactorily completed. The application may be released to the PC by a third party after and in response to the satisfactory completion of the authentication process. A charge for the session can be debited to the user by the telecommunications network and then passed on to the third party. | 04-07-2011 |
20110088081 | METHODS FOR EFFECTING REMOTE INTERVIEW INVITATIONS - The invention comprises a method allowing for easy procurement of remote interviews across different web servers. While browsing through prospective candidate personal profiles (or online resume) on e.g. a job-marketplace website, a community website or a networking website, an inviter can directly with limited user input invite any given prospective candidate for a remote interview. By the click of a link embedded within the prospective candidate's profile, the system will invoke a second web server which selects a remote interview profile including information about the open (job) position, remote interview questions and parameters related to the remote interview. The system then associates the remote interview profile, the prospective candidate and the inviter and generates a remote interview invitation link including the associated parameters and sends it to the prospective candidate by e-mail. Once the prospective candidate clicks on the link included in the invitation e-mail she is directed to the remote interview web page which can commence immediately at the second web server. The remote interview webpage display customized look and feel based on the parameters associated with the remote interview profile. Since the associated parameters are included in the link, the second web server can retrieve and use the correct parameters for the remote interview. A candidate can also consent to embed the above remote interview mechanism to allow any inviter sees her online profile to directly invite her for an interview. | 04-14-2011 |
20110088082 | HOME IMAGE CONTENT SECURELY ISOLATED FROM CORPORATE IT - An exemplary apparatus includes one or more processors, volatile memory, a storage drive and circuitry configured to establish a network connection and to attempt to send credentials via an established network connection. Such an apparatus further includes circuitry configured, responsive to authentication failure after an attempt to send credentials, to release an implemented security policy and load an operating system stored on the storage drive, and, responsive to an attempt to send credentials, to maintain an implemented security policy and to use an operating system exposed via an established network connection and associated with the sent credentials Such an apparatus optionally includes circuitry configured to implement a security policy that isolates at least a portion of a local storage drive. Various other apparatuses, systems, methods, etc., are also disclosed. | 04-14-2011 |
20110088083 | METHOD AND SYSTEM FOR AUTHENTICATING A USER BASED ON A PHYSICAL OBJECT - An authentication method based on the use of an inanimate physical object that includes storing first object data in a storage medium, wherein the first object data is generated based on a first image of at least a portion of the physical object, capturing a second image of the at least a portion of the physical object, and generating second object data based on the second image. The method further includes searching the storage medium and determining that the second object data and the first object data are a match, and authenticating an individual associated with the physical object in response that determination. Also provided are embodiments of an authentication system that may be adapted to implement the method. | 04-14-2011 |
20110088084 | INFORMATION STORAGE APPARATUS, RECORDING MEDIUM, AND METHOD - A storage apparatus includes: an access acceptance unit to receive an access request associated with an access from a host apparatus; an authentication processing unit to judge whether the access is authenticated or unauthenticated; a storage unit including a first area that stores first data and a second area that stores second data serving as a substitute for the first data; a data switching unit to allow, when the access acceptance unit judges the access as authenticated, the access to the first area and switches the access to the second area in a case where the authentication processing unit judges the access as unauthenticated, the access to the second data in the second area being provided to disguise that the access was unauthenticated. | 04-14-2011 |
20110093933 | AUTHENTICATION IN A COMMUNICATIONS NETWORK - A method of authenticating a user in an IP Multimedia Subsystem network, the method comprising receiving from an access network an access identifier defining a terminal's physical location, retrieving from a database a registered access identifier associated with the user; and determining if the received access identifier matches the registered access identifier, and if so then authenticating the user in the IMS network, and if not then performing an alternative authentication method. The method allows a nomadic user in the access network to register with an IP Multimedia Subsystem network. | 04-21-2011 |
20110093934 | System and method for privilege delegation and control - This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges. | 04-21-2011 |
20110099610 | TECHNIQUES FOR SECURING DATA ACCESS - Techniques for securing data access are presented. A user's data is encrypted on multiple servers throughout a network. Each portion of the encrypted data resides on a different server, and each portion represents a non-contiguous data selection from the user's original unencrypted data. Each portion encrypted using a master credential that is different from the user's logon credential. Also, each portion encrypted using a server identity for the server on which that portion resides. An order, which is used for assembling decrypted versions of the encrypted portions back into the user's data, is acquired via another and different principal-supplied credential. | 04-28-2011 |
20110099611 | METHODS AND APPARATUS FOR SECURE, PORTABLE, WIRELESS AND MULTI-HOP DATA NETWORKING - A mobile network solution provides secure and portable wireless networking service to mobile users with devices equipped with wireless network interfaces. The Secure Nomadic Wireless Network, or SNOWNET, follows a hierarchical approach. Special SNOWNET nodes are deployed in the area where networking service is needed and form a backbone network. At the same time, SNOWNET nodes provide local access service to regular mobile clients. SNOWNET provides security through authentication of the nodes and clients, as well as through encryption of the data. | 04-28-2011 |
20110107404 | PROTECTED PREMISES NETWORK APPARATUS AND METHODS - Apparatus and methods for enabling protected premises networking capabilities. In one embodiment, the premises network is a Multimedia over Coaxial Alliance (MoCA) network, and is secured by a requirement that devices use a password or key to access the network. The password may be given only to authorized devices. Information regarding a device may be utilized to associate the device with a particular premises network, and provide a password to authorized devices. The password is unique to the premises in one variant by being derived from a subscriber account. At least one of the devices requesting access to the premises network may comprise a gateway device. A home network utilizing existing coaxial cable in the premises is created between a plurality of authorized devices each receiving the password. | 05-05-2011 |
20110107405 | METHOD FOR THE TEMPORARY PERSONALIZATION OF A COMMUNICATION DEVICE - The invention relates to a method for the temporary personalization of a communication device ( | 05-05-2011 |
20110119740 | SYSTEM AND METHOD FOR PROVIDING ENTERPRISE INTEGRATION IN A NETWORK ENVIRONMENT - A method is provided in one example embodiment and includes receiving a request to authenticate an end user in a service provider network, and evaluating the request to identify the end user as belonging to an enterprise network. A tag is generated for a packet associated with a flow for the end user in the enterprise network. Routing occurs for subsequent packets associated with the flow between the enterprise network and the end user. The subsequent packets associated with the flow are not routed through the service provider network. In more particular embodiments, the end user is authenticated in the enterprise network after being authenticated in the service provider network. In addition, traffic for the end user can be separated based on one or more tags identified within the flow. A plurality of flows can be classified based on a customer identification (CID). The tag can be a virtual local area network (VLAN) tag generated at a base station. | 05-19-2011 |
20110119741 | Method for Conditionally Obtaining Files From a Local Appliance - The invention is directed to a method for allowing a user at a client device to conditionally obtain files from either a server device located at, for example, a data center, or an appliance such as a local cache. Should the local appliance be accessible by the client at the time of the user's download request, the server may redirect the download request to the appliance. Otherwise, the file may be downloaded directly from the server. For example, a method configured according to the invention may receive, at a server device, login data from a client device, the login data being input by a user. An affiliated entity of the user based on the login data may be determined, after which an appliance status of the affiliated entity may be determined. A download process according to the appliance status may then be initiated. | 05-19-2011 |
20110119742 | COMPUTER NETWORK SECURITY PLATFORM - A computer system for managing security information for an organization includes a scanner execution module configured to automatically execute at least two scanners in a predetermined interval to analyze potential vulnerabilities of a computer environment. A vulnerability is acquired from the at least two scanners and stored in a data store. A user associated with the analyzed computer environment is determined based on the vulnerability stored in the data store, the user is notified of the vulnerability. | 05-19-2011 |
20110131635 | CLIENT-SIDE PREVENTION OF CROSS-SITE REQUEST FORGERIES - Cross-site request forgeries (“XSRF”) can be prevented using a client-side plugin on a client computer. The client computer accesses a content provided by a third party host via a network and generates a request to a web application as directed by the content. The client-side plugin determines whether the request is associated with suspicious activities based on the content, a source of the request and a list of approved hosts associated with the target host. In response to a determination that the request is associated with suspicious activities, the plugin removes authentication credentials from the request and sends the request to the web application. | 06-02-2011 |
20110131636 | SECURE TRANSFERENCE OF DATA BETWEEN REMOVABLE MEDIA AND A SECURITY SERVER - A data processing system for securing information transfer from a removable media, comprising a security server and networked devices. Each networked device comprises a first operating system arranged to operate it; a second operating system, substantially differing structurally from the first operating system, and arranged to communicate with the security server over a secure communication link; and an I/O port arranged to allow connecting the removable device thereto. Each networked device is arranged to communicate with the removable device only via the second operating system responsive to the connection of the removable device to the port. The second operating system receives the information from the removable media via the I/O port and sends the information to the security server, which applies thereon operations relating to information security and in reference to predefined security criteria, such that the information is secure for use in the networked devices. | 06-02-2011 |
20110131637 | TIME CLOCK - A time clock | 06-02-2011 |
20110145896 | DOMAIN SPANNING APPLICATIONS - Managing and accessing media items, including: a plurality of domains configured to provide access to media items; a plurality of clients associated with the plurality domains, and providing a pathway for accessing the media items; and a spanning application configured to track and aggregate accessible media items from the plurality of domains based on authentication and registration information and associated rights of the plurality of clients and the plurality of domains, wherein the spanning application enables accessing of the media items across the plurality of domains. | 06-16-2011 |
20110154451 | SYSTEM AND METHOD FOR FOR AN INDUSTRY BASED TEMPLATE FOR INTELLECTUAL PROPERTY ASSET DATA - A comprehensive platform for merchandising intellectual property (IP) and conducting IP transactions is disclosed. A standardized data collection method enables IP assets to be characterized, rated and valuated in a consistent manner. Project management, workflow and data security functionality enable consistent, efficient and secure interactions between the IP Marketplace participants throughout the IP transaction process. Business rules, workflows, valuation models and rating methods may be user defined or based upon marketplace, industry or technology standards. | 06-23-2011 |
20110154452 | Methods, Systems and Computer Program Products for Secure Access to Information - Methods for secure communications are provided. The methods include creating a safe user account on a secure access system, wherein creating an account includes provision of at least one strong authenticator to be associated with a user of the secure access system; providing a unique login and the at least one strong authenticator associated with the user to the secure access system to gain access to information associated with a referring organization, the referring organization being registered with the secure access system; and accessing the information associated with the referring organization based on the unique login and the at least one strong authenticator provided to the secure access system. Related systems and computer program products are also provided. | 06-23-2011 |
20110154453 | SYSTEM AND METHOD FOR COMMUNICATION SECURITY - A system and method for communication security receives a request from a first communication device for communication with a second communication device, and determines if the communication is to be secure. The system and method further requests identity verification from the second communication device if the communication is to be secure. In addition, the system and method establishes a secure communication between the first communication device and the second communication device when a valid password is received from the second communication device. | 06-23-2011 |
20110154454 | METHOD AND SYSTEM FOR AUTHENTICATING A NETWORK NODE IN A UAM-BASED WLAN NETWORK - A method and system for authenticating a mobile network node in a Wireless Local Area Network (WLAN), wherein the mobile network node requests access to the WLAN at an access point. Within a closed first network region, before authentication all network protocol layers up to the Layer 3 protocol layer are set up. An authenticator based on Extensible Authentication Protocol (EAP) is generated on the Web server as a captive portal and the Layer 3 protocol layer between the authenticator and the mobile network node including an EAP peer is extended bidirectionally by a defined bit sequence. In case of an access request, the Web server transmits an authentication stimulus to the mobile node by encoding an EAP message request and transmitting it in the Layer 3 protocol layer by the defined bit sequence. The mobile node decodes the EAP message request and transmits, in the Layer 3 protocol layer, by the defined bit sequence, an encoded EAP response message to the authenticator, the EAP response message includes authentication data of the mobile network node. The Web server decodes the EAP response message from the bit sequence, transmits it to an AAA server including an EAP server by an authentication inquiry. On the basis of an authentication response by the AAA Server, access is enabled to a second network region for use by the mobile network node by a Network Access Server. | 06-23-2011 |
20110162051 | AUTHENTICATION METHODS - A computer readable storage medium has computer-executable instructions for causing a computer system to perform a method. The method includes receiving authentication information from an electronic device; identifying the electronic device based on device information for the electronic device; locating an entry associated with a combination of the authentication information and the electronic device, the entry including a count of the number of times the authentication information failed authentication during a specified time interval; and locking out the combination if the count reaches a threshold value, thus blocking the authentication information from accessing a target. | 06-30-2011 |
20110162052 | Network-Based Verification and Fraud-Prevention System - A system for authentication has an Internet-connected server providing services and software executing on the server from a non-transitory physical medium. The software provides a function for receiving a request for authentication from a person seeking service at the server, a function for requesting by the server one or more username/password pairs used for log-in for the person at one or more Internet sites remote from the server, a function for logging in by the server at the remote site or sites on behalf of the person, using the username/password pair or pairs provided by the person, and a function for authenticating the person at the server for interaction with the server. | 06-30-2011 |
20110167481 | SYSTEM AND METHOD FOR TOY ADOPTION AND MARKETING - A method and computer system for providing a virtual world are disclosed. First and second registration codes, which are different and are obtained from purchasing items are used to access different portions of a website. Subsequent to accessing the portions of the website using the registration codes, a first image and a second image are accessed to be viewed, each by using a user identification name and a password without reentering the first and second registration codes. A name is to be selected for each of the images after using the registration codes. After entering the user identification name, the first and second images are to be interacted with to bring about changes to the first and second images, and the changes are based on the interacting. An invitation is to be extended to at least one friend on the website, the at least one friend to view at least one of the first and second images in a virtual room owned by and customizable by the user. | 07-07-2011 |
20110167482 | SECURE AUTHENTICATION ADVERTISEMENT PROTOCOL - A network device for distributing authentication information between authorized nodes for purposes of concurrently “pre-authenticating” a mobile user at a plurality of points throughout a LAN is disclosed. When a client attempts to access the network through the network device, the network device attempts to authenticate the client based on the credentials presented by the user. If authenticated, the client is admitted into the network at the network device and the client's pre-authentication information transmitted to one or more network nodes associated with an authentication group. Upon receipt of the pre-authentication information, the one or more network nodes are authorized to admit the client into the network at those nodes in addition to the network device at which the client was initially authenticated, thereby concurrently pre-authorizing the client at multiple points across the network. | 07-07-2011 |
20110179471 | PAIRING COMPUTATION DEVICE, PAIRING COMPUTATION METHOD, AND PAIRING COMPUTATION PROGRAM - Provided are a pairing computation device, a pairing computation method, and a pairing computation program all of which enable fast pairing computation. The pairing computation device includes, where:
| 07-21-2011 |
20110185401 | REAL-TIME ADJUSTMENTS TO AUTHENTICATION CONDITIONS - Embodiments of the invention provide for adjusting authentication conditions in real-time. A graph-theoretic data structure is dynamically constructing, having nodes corresponding to received valid and invalid authentication credentials used in attempts to access a system. Based on the graph-theoretic data structure, embodiments compute a probability of an invalid credential being an authentication attempt by a particular type of user. If the probability is beyond a threshold probability, embodiments trigger a security event is to adjust an authentication condition of the system, e.g., to increase or decrease a maximum permissible number of failed login attempts within a certain period of time. | 07-28-2011 |
20110185402 | ACCESS CONTROL SYSTEM - A key for a user can be created according to at least one first image of the user. The key can be verified with at least one second image of the user captured after the key is created. A visitor can be authenticated according to a first measure of similarity between the key and at least one authentication image of the visitor. The visitor is authenticated as the user if the first measure of similarity is greater than a first predetermined threshold. The key can be refined with the at least one authentication image of the visitor if the first measure of similarity is lower than the first predetermined threshold and the visitor is authenticated as the user based on a password. | 07-28-2011 |
20110191832 | RESCUING TRUSTED NODES FROM FILTERING OF UNTRUSTED NETWORK ENTITIES - Network entities controlling a set of nodes may vary by trustworthiness, such as tolerance for nodes that send spam, distribute malware, or perform denial-of-service attacks. A device receiving such activities may identify a trust rating of the network entity and apply appropriately stringent filtering (such as spam evaluation) to activities received from nodes controlled by the network entity. However, a poor trust rating of a network entity may subject a legitimate node controlled by the network entity to inefficiently or unfairly stringent activity filtering. Instead, the device may evaluate the activities of a particular node, assign a trust rating to the node, and if the trust rating of the node is higher than the trust rating of the network entity, apply less stringent activity filtering to the activities of the node, thereby “rescuing” the node from the more stringent activity filtering applied to the other nodes of the network entity. | 08-04-2011 |
20110191833 | MATCHING AUTHENTICATION METHOD, DEVICE AND SYSTEM FOR WIRELESS COMMUNICATION - A matching authentication method for wireless communication equipment comprises that: a device at the transmitting end sends a matching request (S | 08-04-2011 |
20110197266 | METHODS AND SYSTEMS FOR SECURE USER AUTHENTICATION - Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device. When entry of the purported OTP value is received by the back-end server in an attempt to log on the back-end server from a second computing device, the back-end server cryptographically calculates a window of OTP values, and log on to the back-end server from the second computing device is allowed if the calculated window of OTP values corresponds to the received OTP value. | 08-11-2011 |
20110197267 | SECURE AUTHENTICATION SYSTEM AND METHOD - There is disclosed a system and method for authenticating the identity of a user of a client device as part of a transaction between the client device and a server of a service provider over a communications network, the client device comprising a unique identifier. The system and method comprise one or more personal identification elements issued to the user based upon an initial authentication of the identity of the user, a credential issued to the client device by the service provider based upon the personal identification elements and the unique identifiers, and a trigger event for launching an authentication application installed on the client device. When the authentication application is launched by the trigger event, the authentication application transmits the one or more personal identification elements and the unique identifier in a combination with the credential to the server for authentication by the service provider. | 08-11-2011 |
20110209205 | Method and System for automated emergency access to medical records - This invention is a method and a system for accessing medical records of an injured party by an emergency responder through a secure website, utilizing a portable emergency access card provided with at least one item of information of the victim, while offering safeguards for the confidentiality of the victim's information and records. | 08-25-2011 |
20110214165 | Processor Implemented Systems And Methods For Using Identity Maps And Authentication To Provide Restricted Access To Backend Server Processor or Data - Systems and methods are provided for providing an application access to an external data source or an external server process via a connection server using an authentication server that has access to an identity map. A credential request is received at the authentication server from the connection server. The credential request includes an identification of the external data source or external server process to be accessed and an account identifier associated with the application or a user of the application. The identity map is searched for a set of credentials associated with both the account identifier and the external data source or external server process. The set of credentials are transmitted from the authentication server to the connection server, for the connection server to establish a connection to the external data source or external server process, where the connection is established without transmitting the set of credentials to the application. | 09-01-2011 |
20110214166 | CONNECTION MANAGEMENT - At a mobile internet protocol (MIP) enabled mobile node (MN), an internet key exchange (IKE) security association (SA) message is prepared and an extension is contained in the SA message indicative of an MIP binding related instruction to a home agent (HA). The SA message is then sent to a packet data network. At a network element, the SA message and an IKE SA message are received from the mobile node. The network element determines in the SA message an MIP binding related instruction to the HA and stores an MIP message based on the determined MIP related instruction. The network element also sends the MIP message to the HA of the MN. | 09-01-2011 |
20110219434 | PROVIDING SECURITY SERVICES WITHIN A CLOUD COMPUTING ENVIRONMENT - Embodiments of the present invention allow for the provisioning of security services within a Cloud computing environment by third parties. Specifically, under the present invention, a Cloud provider will publish a set of potential security attributes (e.g., a list), which can be monitored, to the Cloud customer. The Cloud customer will designate/select one or more of those attributes that the Cloud customer wishes to have monitored for one or more Cloud resources that it is using. The Cloud provider will then provide to the Cloud customer a set of third party security service providers capable of monitoring the attributes the Cloud customer designated. The Cloud customer will then select one or more third party providers from the provided set, and the Cloud provider will associate the given Cloud resources with the respective third party providers. Once third party providers have been associated with Cloud resources, a secure relationship between the third party provider(s) and the Cloud providers will be established. | 09-08-2011 |
20110219435 | CONTENT PROCESSING SYSTEM, CONTENT PROCESSING METHOD, COMPUTER PROGRAM, RECORDING MEDIUM, AND PORTABLE TERMINAL - A content processing system includes a content management device storing contents and information associated with the contents, and a plurality of portable terminals capable of accessing the content management device through a network, and performs a process on the contents according to a workflow using the plurality of portable terminals. The content processing system may include a first executing unit that let at least a part of the contents and the associated information be stored in a portable terminal among the plurality of portable terminals to perform a second process when the process to be currently performed in the workflow is moved from a first process to the second process. | 09-08-2011 |
20110219436 | COMMUNICATION APPARATUS, ELECTRONIC MAIL TRANSMITTING METHOD, AND ELECTRONIC MAIL TRANSMITTING PROGRAM - A communication apparatus enhances security in transmitting electronic mail to a destination mail address without degrading operability. An MFP is connected to an authentication server and a mail server via a network. A user name and a password are entered in a user name entry screen. The MFP requests the authentication server to authenticate the entered user name and password. When the user name and the password are authenticated, the MFP is operable to acquire an e-mail address, a SMTP authentication user name, and a SMTP authentication password according to SMTP associated with the authenticated user name and password from the authentication server. The MFP requests the mail server to authenticate the acquired SMTP authentication user name and SMTP authentication password according to SMTP. When the SMTP authentication user name and the SMTP authentication password are authenticated, the MFP is operable to transmit an e-mail to the mail server. | 09-08-2011 |
20110225633 | Data Processing Methods and Systems for Processing Data in an Operation having a Predetermined Flow Based on CAPTCHA (Completely Automated Public Test to Tell Computers and Humans Apart) Data, and Computer Program Products Thereof - Data processing methods and systems for processing data in an operation having a predetermined flow based on CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) data are provided. First, a server generates a group of CAPTCHA data according to content of the operation. Then, the server transmits the group of CAPTCHA data to a client via a transmission medium. The client receives the group of CAPTCHA data via the transmission medium, inputs a first data corresponding to the operation using the CAPTCHA data and transmits the first data to the server via the transmission medium for verification, wherein the first data contains at least one CAPTCHA data. | 09-15-2011 |
20110231909 | TERMINAL DEVICE AUTHENTICATION METHOD, TERMINAL DEVICE AND PROGRAM - Disclosed is an authentication method for a terminal device having an authentication function. The authentication method for a terminal device which performs authentication when a security lock is released so as to operate a security-locked function includes comparing a plurality of authentication information used for the authentication with a plurality of authentication keys corresponding to the plurality of authentication information input in accordance with a function operation request so as to perform authentication, and when the authentication is successful, releasing the security lock so as to operate the function. The plurality of authentication information and the plurality of authentication keys respectively include at least one image. | 09-22-2011 |
20110239281 | METHOD AND APPARATUS FOR AUTHENTICATION OF SERVICES - An approach is provided for authenticating services at a device. An authentication request from a service platform is received at a device. Local credentials to authenticate access to a storage are retrieved. The access to the storage is authenticated based, at least in part, on the local credentials. If authenticated, it is determined that account information for the service platform is in the storage. The account information includes authentication credentials associated with the service platform, a security policy associated with the service platform, or a combination thereof. A response to the authentication request is generated based, at least in part, on the account information. | 09-29-2011 |
20110239282 | Method and Apparatus for Authentication and Promotion of Services - An approach is provided for authenticating services at a device. An authentication request from a services platform is received at a device. Local credentials to authenticate access to a storage are retrieved. The access to the storage is authenticated based, at least in part, on the local credentials. If authenticated, it is determined that account information for the services platform is in the storage. The account information includes authentication credentials associated with the services platform, a security policy associated with the services platform, or a combination thereof. A response to the authentication request is generated based, at least in part, on the account information. | 09-29-2011 |
20110247056 | Method and apparatus for improved connection of wireless devices using third party programming capability - Provided are a method and an apparatus for searching neighboring Bluetooth® devices through an external terminal having programming capability. The inventive method provides for a slave Bluetooth® device to receive, from the external terminal, the MAC address and optional device name from a target Bluetooth® device. | 10-06-2011 |
20110247057 | METHOD, SECURE DEVICE, SYSTEM AND COMPUTER PROGRAM PRODUCT FOR DIGITALLY SIGNING A DOCUMENT - A method for digitally signing a document, a secure device, and a computer program product for implementing the method. The method employs a secure device which is protected against malicious software or malware and is adapted to establish a secure connection to a recipient via a host. The method includes: connecting to a terminal; accessing the contents of a document received by the secure device; instructing at the secure device to communicate the accessed contents to an output device other than the terminal such that the contents can be verified by a user; ascertaining at the secure device a command received to digitally sign the document; executing at the secure device the ascertained command; and instructing to send a digitally signed document to a recipient over a connection established via the host connected to a telecommunication network. | 10-06-2011 |
20110247058 | ON-DEMAND PERSONAL IDENTIFICATION METHOD - The invention relates to a personal identification method based on requirements. An authentication checking system ( | 10-06-2011 |
20110258685 | ONLINE SECURE DEVICE PROVISIONING FRAMEWORK - A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device. | 10-20-2011 |
20110265152 | SELF-REFRESHING DISPLAY DEVICE SYSTEM AND METHOD - Disclosed is a self-refreshing display system and method that includes a computing device and a display device operatively coupled to the computing device. In a preferred embodiment, an outer frame is provided in the display device, and at least two inner frames are contained in the outer frame. The outer frame is not visible and each of the at least two inner frames is operable to alternate being visible and being not visible. Each of the at least two inner frames is operable to display the content received from the computing device. Preferably, the computing device causes a first inner frame to visibly display content received over a communication network from an information processor while a second two inner frame remains not visible. An electronic request is preferably submitted by the computing device for new and/or updated content from the information processor, and when received, the second inner frame visibly displays the new and/or updated content and the first inner frame becomes not visible. | 10-27-2011 |
20110265153 | Protection Against Unsolicited Communication - Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed. | 10-27-2011 |
20110265154 | APPARATUS FOR ASSOCIATING A CLIENT DEVICE OR SERVICE WTIH A WIRELESS NETWORK - A network association apparatus includes identification information and an authorization credential associated with a specific client device or service to be connected to a wireless network. The apparatus is configured to automatically provide the identification information and the authorization credential to a host device of a wireless network in a secure fashion when brought into close proximity to or physically connected with the host of the wireless network. The apparatus may comprise an RFID tag. | 10-27-2011 |
20110265155 | SERVICE PROVIDER ACCESS - A method and apparatus for enabling a user to access a service provider is described. The user sends a request from a browser to a proxy server. The proxy server modifies the request by adding data (such as a URL) relating to a location of an identity provider able to provide user credentials for the user and forwards the modified request to the service provider. The modification of the access request may occur before the request is sent to the service provider or in response to an authentication request from the service provider. The data relating to the location of the identity provider may be provided as a header (e.g. an http header). | 10-27-2011 |
20110265156 | PORTABLE SECURITY DEVICE PROTECTION AGAINST KEYSTROKE LOGGERS - The invention relates to a portable security device (SC, TK) comprising host connection means (PAD_H, USB_M) for connecting to a computer (PC), client connection means (PAD_C, USB_F) for connecting to an input device (KBD), filtering means for intercepting sensitive data transmitted from the client connection means (PAD_C, USB_F) to the host connection means (PAD_H, USB_M), and protection means for protecting said sensitive data. The invention also relates to an input device comprising a portable security device, to a server, to a system comprising a portable security device, a computer and an input device, and to a method for securing data entered into a computer (PC) with an input device (KBD), the method comprising installing a portable security device (TK) between the computer (PC) and the input device (KBD). | 10-27-2011 |
20110271330 | SOLUTIONS FOR IDENTIFYING LEGAL USER EQUIPMENTS IN A COMMUNICATION NETWORK - A method for identifying legal user equipments in a communication network is provided. The method comprises: sending to a user equipment a request for an identity of the user equipment; receiving from the user equipment a response to the request, the response comprising the identity of the user equipment and an associated credential; and determining whether the user equipment is a legal one, according to a result of authentication based at least in part on the received identity and the credential. | 11-03-2011 |
20110277020 | AUTHENTICATION TERMINAL AND NETWORK TERMINAL - Responsive to a proxy authentication request from a network terminal, a display for prompting a user to start an authentication operation is performed; authentication data for performing personal authentication are read by a user operation; an authentication request is sent together with the read authentication data to an authentication server; an authentication result is received from the authentication server; the network terminal is notified of the result. When a service requiring personal authentication is used, via a network, a request for proxy authentication can be made from a network terminal lacking an interface for personal authentication to a proxy authentication terminal having an interface for personal authentication, whereby the interface of the proxy authentication terminal can be used to perform the personal authentication. | 11-10-2011 |
20110283344 | SYSTEMS AND METHODS FOR HOST AUTHENTICATION - Systems and methods provide for authenticating a device. A method for authenticating a device can include receiving, at communications node, a first message, wherein the first message includes a first Extensible Authentication Protocol (EAP) packet which includes an EAP (Identify) ID response and a first destination address; generating, by the communications node, a second message, wherein the second message includes the first EAP ID response and a second destination address which is different from the first destination address; and transmitting, by the communications node, the second message toward the second destination address. | 11-17-2011 |
20110283345 | MATERIAL OUTPUT SYSTEM FOR OUTPUTTING MEETING MATERIAL FOR PROSPECTIVE PARTICIPANT IN MEETING - In a material output system, if it is determined that a meeting management server has stored therein meeting information in which an authenticated person is included in prospective participants in a meeting, in which an installation place of MFP that has performed authentication agrees with a meeting room where the meeting is held, and in which the present date and time is included in a meeting room reservation time, MFP is instructed to output a material saved in a location associated with the meeting information. If it is determined that such meeting information is not stored in the meeting management server, the material output system displays a screen to allow output of the material saved in the associated location, for at least one piece of meeting information in which the authenticated user is included in prospective participants in a meeting. Accordingly, the material can be promptly distributed to the participant in the meeting. | 11-17-2011 |
20110289564 | SYSTEM AND METHOD FOR PROVIDING AUTHENTICATION CONTINUITY - A computer-implemented method may include receiving first monitored information relating to a user at a time of initial user authentication with a particular application or resource. It may be determined that a second authentication is required at a second time subsequent to the time of initial user authentication. Second monitored information may be captured at the second time. The second monitored information may be compared to the first monitored information to determine whether continued authentication is maintained. Access to the particular application or resource when it is determined that continued authentication is not maintained. | 11-24-2011 |
20110289565 | RETRIEVING ACCESS INFORMATION IN A DISPERSED STORAGE NETWORK - A method begins by a processing module obtaining a set of recovered random numbers, decoding encrypted share slices to produce a set of encrypted shares, and obtaining a set of personalized authenticating values regarding user access to data. The method continues with the processing module generating a set of hidden passwords based on the set of personalized authenticating values, generating a set of blinded passwords based on the set of hidden passwords and a set of blinded random numbers, and generating a set of passkeys based on the set of blinded passwords and the set of recovered random numbers. The method continues with the processing module generating a set of decryption keys based on the set of blinded random numbers and the set of passkeys, decrypting the set of encrypted shares to produce a set of shares, and decoding the set of shares to reproduce the data. | 11-24-2011 |
20110296503 | DOMAIN BASED AUTHENTICATION SCHEME - In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application. | 12-01-2011 |
20110302637 | SOFTWARE DISTRIBUTION METHOD, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING SYSTEM - A distribution server receives authentication information acquired from an IC card reader of a client PC and authenticated by an authentication server. The distribution server adds setting information on the basis of the received authentication information in an installer of a device driver for an image formation section of an MFP to thereby generate a custom installer of the device driver. The distribution server distributes the generated custom installer to an address of a user to be authenticated based on the authentication information. | 12-08-2011 |
20110307943 | METHOD FOR REALIZING CONVERGENT WAPI NETWORK ARCHITECTURE WITH SEPARATE MAC MODE - A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station point by using WPI. | 12-15-2011 |
20110307944 | DISPATCHING METHOD, DISPATCHING APPARATUS AND DISPATCHING SYSTEM - A dispatching method, a dispatching apparatus and a dispatching system are disclosed according to embodiments of the present invention. The dispatching method includes receiving a request initiated by a user terminal, where the request carries address information of the user terminal; obtaining the address information carried in the request and obtaining key information of an access server associated with the address information; searching for a corresponding node based on the key information of the access server and treating the node as a redirected serving node. A dispatching apparatus and a dispatching system are also disclosed according to embodiments of the present invention. The technical solution of the embodiments of the present invention may well solve the dispatching issue and has a more flexible application. | 12-15-2011 |
20110314524 | Authentication system and method - An authentication system includes one or more terminals in communication with a server on a network. The server is operable to receive user login information; and generate an authentication data set having: a plurality of decoy data; an anchor data, wherein the anchor data is based on information from a user profile; and target data in a predetermined relationship relative to the anchor data. The server is also operable to generate a decoy data set having: a plurality of second decoy data; and at least one anchor data. The server may then display the authentication data set and decoy data set and determine an authentication result by performing a predetermined manipulation of the target data. The server may receive a user response to an authentication prompt; and authenticate the user if the authentication result and user response are the same. | 12-22-2011 |
20110314525 | Method and System for Exchanging Setup Configuration Protocol Information in Beacon Frames in a WLAN - Certain aspects of a method for enabling exchange of information in a secure communication system may comprise configuring at least one 802.11 client station via authentication enablement information comprising data that specifies a time period during which configuration is allowed. The data that specifies a time period during which configuration is allowed may comprise a configuration window open field, which indicates a period when a configuration setup window is open. At least one client station may be configured via the authentication enablement information comprising recently configured data, which indicates whether at least one configurator has configured at least one other client station within the time period during which the configuration is allowed. | 12-22-2011 |
20110321141 | NETWORK DEVICES WITH LOG-ON INTERFACES - A credential provider component receives predetermined identity information (IDINF) from a portable device and controls an information database to provide a predetermined credential if the predetermined IDINF matches content in the information database. A log-on component allows the portable device to log on to a network device using the predetermined credential if the predetermined credential is valid. | 12-29-2011 |
20110321142 | AUTHENTICATION METHOD, AUTHENTICATION GATEWAY, AND DATA GATEWAY - An authentication method is applied in a gateway group comprising an authentication gateway and at least one data gateway. The gateway group receives a connection request from a user terminal, and determines whether there is an authentication record on the user terminal in an authentication list. The gateway group provides access service for the user terminal, if there is the authentication record. The gateway group sends an authentication request to an authentication authorization accounting (AAA) server and receives an authentication response from the AAA server, upon no authentication record. The gateway group provides access service for the user terminal, upon receiving a passing authentication response, and storing as the authentication record. The gateway group rejects the access for the user terminal, upon receiving a denying authentication response. | 12-29-2011 |
20120005730 | SECURE DETECTION NETWORK SYSTEM - A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node. | 01-05-2012 |
20120011575 | Methods, Systems, and Products for Authenticating Users - Methods, systems, and products authenticate a user to a device. A user selects or submits a media file for authentication. Features in the media file are compared to a set of criteria for authentication. The number of matching criteria, that are within a range of values for each criterion in the set of criteria, are determined. The number of matching criteria is compared to a threshold value. When the number of matching criteria equals or exceeds the threshold value, then the user that selected or submitted the media file is authenticated. | 01-12-2012 |
20120017267 | METHODS AND APPARATUS TO DISCOVER AUTHENTICATION INFORMATION IN A WIRELESS NETWORKING ENVIRONMENT - Example methods and apparatus to discover authentication information in a wireless networking environment are disclosed. A disclosed example method involves transmitting, during network discovery, a Generic Advertisement Services (GAS) request to a network access point, the GAS request requesting authentication information, the authentication information being indicative of a credential required from a wireless terminal. In addition, a response to the GAS request is received from the network access point. The response includes the authentication information. | 01-19-2012 |
20120030735 | COMMUNICATION APPARATUS, RELAY APPARATUS, WIRELESS COMMUNICATION SYSTEM, CONTROL METHOD OF COMMUNICATION APPARATUS, CONTROL METHOD OF RELAY APPARATUS, AND STORAGE MEDIUM - A communication apparatus, which is connected to a relay apparatus, and transmits data to a server apparatus connected via the relay apparatus, includes a determination unit which determines whether the communication apparatus or the relay apparatus holds authentication information used in authentication processing required to access the server apparatus, a decision unit which decides, according to the determination result, a transmission method required to transmit the data by controlling an authentication processing unit of the apparatus that holds the authentication information to execute the authentication processing, and a transmission unit which transmits the data by the decided transmission method. | 02-02-2012 |
20120030736 | AUTHENTICATING A DATA ACCESS REQUEST TO A DISPERSED STORAGE NETWORK - A method begins by a data accessing module of a dispersed storage network (DSN) sending a data access request to a data storage module. The method continues with the data storage module sending an authentication request to an authenticating module. The method continues with the authenticating module outputting a verification request destined for the data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request. The method continues with the data accessing module outputting a verification response that includes a modified verification code that is generated based on the verification code and a credential. The method continues with the authenticating module outputting an authentication response to the data storage module, wherein the authentication response is generated based on the verification response. The method continues with the data storage module facilitating the data access request when the authentication response is favorable. | 02-02-2012 |
20120030737 | SYSTEM AND METHOD FOR AUTHORIZING A PORTABLE COMMUNICATION DEVICE - Systems and methods of authorizing a portable communication device to access a network resource. In an embodiment, a request to access a network resource is received from a portable communication device via a network. A processor is used to dynamically and selectively determine whether the portable communication device is authorized to access the requested network resource. The determination may be based on a unique identifying attribute associated with the portable communication device without the unique identifying attribute being predefined in a user profile database and without querying the portable communication device or its user for information. If the portable communication device is authorized, it may be allowed to access the network resource. Otherwise, it may be redirected to an authentication system where it may be enabled to submit authentication-related information so that it may be authorized to access the requested network resource. | 02-02-2012 |
20120036563 | SYSTEMS, DEVICES, METHODS AND COMPUTER PROGRAM PRODUCTS FOR ESTABLISHING NETWORK CONNECTIONS BETWEEN SERVICE PROVIDERS AND APPLICATIONS THAT RUN NATIVELY ON DEVICES - A login session server is configured to establish a communications session between an application that runs natively on a device and a service that is secured by a web services gateway by supporting a temporary login session socket between the device and the login session server and by passing a login session token to the device over the temporary login session socket. The temporary login session socket can be used to verify that the application that runs natively on the device is authorized to use the services of the service provider. Related systems, devices, methods and computer program products are disclosed. | 02-09-2012 |
20120036564 | PEER ENROLLMENT METHOD, ROUTE UPDATING METHOD, COMMUNICATION SYSTEM, AND RELEVANT DEVICES - Embodiments of the present invention disclose a peer enrollment method, a route updating method, a communication system, and relevant devices to improve security of a peer-to-peer (P2P) network. The peer enrollment method includes: receiving an enrollment request from a peer, where the enrollment request carries identity information of the peer; verifying the identity information of the peer, and if the verification succeeds, obtaining peer location information of the peer and generating a peer credential according to the peer location information; and sending the peer credential carrying the peer location information to the peer so that the peer joins the P2P network according to the peer credential. Embodiments of the present invention further provide a route updating method, a communication system, and relevant devices. Embodiments of the present invention may improve security of the P2P network effectively. | 02-09-2012 |
20120036565 | PERSONAL DATA PROTECTION SUITE - An online protection suite that provides subscribers to organizations a highly integrated desktop application with a dashboard set of services combining single-click access to user accounts and a bulletin-board of constantly refreshed posters offering a variety of related products and services. | 02-09-2012 |
20120042363 | COMMUNICATION SYSTEM PROVIDING WIRELESS AUTHENTICATION FOR PRIVATE DATA ACCESS AND RELATED METHODS - A communication system may include a server configured to provide data access based upon an authenticated logon, and a computer configured to access the server to receive a temporary authenticated logon identification (ID) for the server. The communication system may further include a mobile wireless communications device including a housing, a wireless transceiver carried by the housing, a sensor carried by the housing, and a controller carried by the housing, the controller being coupled to the wireless transceiver and the sensor. The controller may be configured to cause the sensor to wirelessly retrieve the temporary authenticated logon ID from the computer, and cause the wireless transceiver to wirelessly communicate logon data to the server for providing data access via the computer based upon the temporary authenticated logon ID. | 02-16-2012 |
20120072972 | SECONDARY CREDENTIALS FOR BATCH SYSTEM - A batch job system may create a second set of credentials for a user and associate the second set of credentials with the user in an authentication server. The second set of credentials may allow computers running the batch jobs to have user-level authentication for execution and reporting of results. The second set of credentials may be a single sign on type of credential, and may consist of a virtual smartcard that each worker computer may use for authentication. In some embodiments, authentication requests may be routed to a virtual or physical Hardware Security Module. | 03-22-2012 |
20120072973 | METHOD AND APPARATUS FOR AUTHENTICATION IN PASSIVE OPTICAL NETWORK AND PASSIVE OPTICAL NETWORK - The embodiments of the present disclosure provide a method and an apparatus for authentication in a Passive Optical Network (PON), and a PON. The method includes: receiving, by an Optical Network Unit/Optical Network Terminal (ONU/ONT), a first negotiation message sent by an Optical Line Terminal (OLT), and authenticating the OLT according to a logic registration ID of the OLT; sending, by the ONU/ONT, a second negotiation message to the OLT, the logic registration ID of the ONU/ONT is used to enable the OLT to authenticate the ONU/ONT according to a logic registration ID of the ONU/ONT, and allocates a terminal identifier for the ONU/ONT after the authentication succeeds. In the embodiments of the present disclosure, the OLT and the ONU/ONT are authenticated through the logic registration IDs, thus eliminating security threats in the authentication process. | 03-22-2012 |
20120072974 | STREAMING CONTENT IN GUEST MODE - The present application relates to systems, apparatus and methods for transmitting image data from a content source to an image display in a dual mode system which includes a guest mode and an authorized user mode. One example embodiment comprises establishing a secure connection to a network requiring access credentials, detecting a content source, establishing a non-secure connection to receive image data from the content source, receiving the image data from the content source, and providing the image data to a display, wherein the content source is not provided access over the secure connection. | 03-22-2012 |
20120079569 | FEDERATED MOBILE AUTHENTICATION USING A NETWORK OPERATOR INFRASTRUCTURE - Architecture that utilizes the strong authentication mechanisms of network operators to provide authentication to mobile applications by identity federation. When a mobile client initiates request for access to an application outside the network operation infrastructure, the request is passed to an associated application secure token service. The application secure token service has an established trust and identity federation with the network operator. The application secure token service redirects the request to a network operator security token server, which then passes the request to a network operator authentication server for authentication against an operator identity service. Proof of authentication is then issued and returned from the network operator security token server to the application secure token service and the application, which allows the mobile client to access the application. | 03-29-2012 |
20120079570 | METHOD AND APPARATUS FOR ACCELERATED AUTHENTICATION - Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user. | 03-29-2012 |
20120084843 | CONVERGED LOGICAL AND PHYSICAL SECURITY - A security management system that includes a hierarchical security platform, converged IT and physical security management, unified credentialing, credential issuance and incident(s) management. An exemplary aspect of the invention also relates to physical and logical security management and information technology/network security management, with a credential issuance and integrity checking system as well as associated readers and printers of the credential. Still further aspects of the invention relate to obtaining, assembling and analyzing one or more of data, video information, image information, biometric information, sensor information, terrorist information, profile information, and/or other types of information to provide a comprehensive platform for all aspects of security management. A toolkit is also provided that allows complete management, integration, scalability, interoperability and centralized control of all aspects of security including personnel credentialing, personnel management, personnel tracking, task management, security system integration, security information exchange and scalability. | 04-05-2012 |
20120090020 | SIDE LOADING - Side loading of content elements is provided. A selection of a content element from a terminal device may be received and a content format associated with the terminal device may be identified. If the content element is not available in the identified content format, the content element may be transcoded from a current content format to the identified content format and the content element may be transferred to the terminal device in the identified content format. | 04-12-2012 |
20120096523 | METHOD AND APPARATUS FOR LINKING MULTIPLE CONTACT IDENTIFIERS OF AN INDIVIDUAL - Techniques for linking multiple contact identifiers of an individual include receiving first data that indicates contacts of a first user at first services. Contact identifiers for a different second user at second services are determined based at least in part on the contacts. Second data that indicates an association among the second user and the candidate contact identifiers is sent to the first user. In some embodiments on a client, techniques include determining to send first data that indicates contacts of a first user at first services; and receiving second data. The second data indicates an association among a different second user and candidate contact identifiers for the second user at second services based at least in part on the contacts. A prompt is presented for the first user to approve an association between the second user and a candidate contact identifier. | 04-19-2012 |
20120096524 | METHOD AND SYSTEM FOR FAST ACCESS TO ADVANCED VISUALIZATION OF MEDICAL SCANS USING A DEDICATED WEB PORTAL - A system for viewing at a client device a series of three-dimensional virtual views over the Internet of a volume visualization dataset contained on centralized databases employs a transmitter for securely sending volume visualization dataset from a remote location to the centralized database, more than one central data storage medium containing the volume visualization dataset, and a plurality of servers in communication with the centralized databases to create virtual views based on client requests. A resource manager load balances the servers, a security device controls communications between the client device and server and the resource manager and central storage medium. Physically secured sites house the components. A web application accepts at the remote location user requests for a virtual view of the volume visualization dataset, transmits the request to the servers, receives the resulting virtual view from the servers, and displays the resulting virtual view to the remote user. | 04-19-2012 |
20120102552 | USING AN IMAGE TO PROVIDE CREDENTIALS FOR SERVICE ACCESS - A method for providing at least one credential to access a service includes receiving an image from a camera that is included in a user device that also includes a processor and a communications device. The image is analyzed using an optical character recognition engine coupled to the processor. The analyzing the image includes determining that the image includes potential credential information that includes at least one credential including at least one character string. The at least one credential from the potential credential information is provided, using the communications device, to a service in order to access the service. In an embodiment, the user device may include a limited input device that is free of a physical keyboard having alphanumeric characters, and the determination and use of the at least one credential from the image simplifies the accessing of the service by minimizing or eliminating the need to use the limited input device. | 04-26-2012 |
20120117630 | Method and System for Secure Management of Co-Located Customer Premises Equipment - A method, system, and apparatus for managing customer premise equipment according to one embodiment includes establishing a secure connection between a first transport unit and a second transport unit. The secure connection includes an embedded operations channel and is operable to isolate a management plane from a data plane. The method further includes the first transport unit receiving a request for access to the first transport unit from the second transport unit. The method further includes establishing a secure terminal session between the first transport unit and the second transport unit using the embedded operations channel in response to receiving the request for access. The first transport unit then receives a management command from the second transport unit and the first transport unit performs at least one management function in response to receiving the management command. | 05-10-2012 |
20120117631 | SYSTEM AND METHOD FOR PROVISIONING AN EMAIL ACCOUNT USING MAIL EXCHANGE AND ADDRESS RECORDS - A system for provisioning an electronic mail (email) account of a user for allowing access to an electronic mailbox from a remote device to retrieve email includes a communications module that receives email address parameters entered by the user and transmits a domain name system (DNS) query to the Internet for returning mail exchange (MX) and address (A) records corresponding to the entered email address parameters of the user. A configuration module processes any returned MX and A records to determine whether the email address parameters entered by the user are valid before attempting to provision the email account of the user. | 05-10-2012 |
20120124652 | SYNCHRONIZATION APPARATUS AND METHOD - Disclosed herein is a synchronization apparatus and method. The synchronization apparatus includes a server synchronization determination unit for determining whether synchronization with a server is possible. A device search unit searches for a communication-enabled neighboring device if it is determined that synchronization with the server is impossible. A multi-hop synchronization processing unit transmits synchronous data to the neighboring device, thus enabling synchronization with the server via the neighboring device. In the synchronization method, whether synchronization with a server is possible is determined. If it is determined that synchronization with the server is impossible, a communication-enabled neighboring device is searched for. Synchronous data is transmitted to the neighboring device, thus enabling synchronization with the server via the neighboring device. | 05-17-2012 |
20120131650 | SPOT BEAM BASED AUTHENTICATION - In one embodiment, a method to authenticate a claimant comprises receiving, from the claimant, at least one of a set of beam data from a spot beam transmission, comparing the claimed at least one set of beam data to a known valid data set, and authenticating the claimant when a difference between at least one set of beam data and the known valid data set is less than a threshold. | 05-24-2012 |
20120131651 | System, Device And Method For Secure Provision Of Key Credential Information - A system for secure provision of key credential information is provided. The system comprises secure logic circuitry for being disposed in a host computer. The secure logic circuitry detects a message received from a remote computer connected to the host computer and indicative of a request for provision of the key credential information; generates a message for prompting a user for provision of the key credential information; receives the key credential information; and provides the key credential information to the remote computer absent processing using circuitry of the host computer. The system further comprises a secure user interface connected to the secure logic circuitry for receiving the key credential information from the user and providing the same to the secure logic circuitry. | 05-24-2012 |
20120144457 | METHOD AND SYSTEM FOR PROVIDING REGISTRATION OF AN APPLICATION INSTANCE - An approach for registration an application instance is provided. A registration request including credential information related to a user, a device and an instance of an application resident on the device is generated. The registration request is transmitted over a network to a registration platform. A unique identifier that is encrypted, in response to registration of the application instance is received from the registration platform. This unique identifier is used to securely authenticate communication with the application instance. | 06-07-2012 |
20120144458 | SYSTEM AND METHOD FOR IDENTITY VERIFICATION ON A COMPUTER - A system to verify user identity on a computer uses a server with a set of stored or created images. An image is selected and transmitted over a computer network to the computer whose user identity is to be verified. The user captures the image on a mobile communication device using, by way of example, a built-in camera. The captured image is transmitted via a public mobile network back to the server where the captured image is compared with the stored image. If the images match, the user identity is verified. In another embodiment, multiple images may be displayed and user-selectable options are selected by capturing one of the multiple images. | 06-07-2012 |
20120144459 | REVOKING DELEGATABLE ANONYMOUS CREDENTIALS - The claimed subject matter provides a method for revoking delegatable anonymous credentials. The method includes receiving a request to revoke an anonymous credential. The anonymous credential may be representative of an ability to prove non-membership in an accumulator for a first entity. The method also includes revoking the anonymous credential from the first entity in response to the request to revoke the anonymous credential. Additionally, the method includes revoking the anonymous credential from a second entity in response to the request to revoke the anonymous credential. The first entity delegates the anonymous credential to the second entity. | 06-07-2012 |
20120144460 | METHODS AND DEVICES FOR ACCESS AUTHENICATION ON A COMPUTER - The invention discloses methods for preventing unauthorized and potentially illegal access to password-protected accounts. Specifically, the invention allows for inclusion of time-related data to distinguish between a human and computer as the source of a password, either in its creation or in its delivery to a server to gain access to a web-based account. | 06-07-2012 |
20120144461 | MOBILE PIN PAD - A system is configured to: receive an authentication request for a transaction from a web server; identify a phone number of the mobile device based on identifying information of the user in the authentication request and the user information, transmit a message to the mobile device based on the phone number, receive a message response from the mobile device, determine whether the mobile device provided a mobile pin pad authentication for the user based on the message response, and transmit a success authentication response to the web server when the mobile device provided the mobile pin pad authentication for the user. | 06-07-2012 |
20120159582 | OBSCURING VISUAL LOGIN - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and either the modified base image or modified overlay image is moved by the user. A security level requirement is assigned and positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image after the moving in a manner that meets the security level requirement. | 06-21-2012 |
20120159583 | VISUAL OR TOUCHSCREEN PASSWORD ENTRY - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and movement of either the modified base image or modified overlay image is permitted if a criterion for movement is met. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image. | 06-21-2012 |
20120159584 | Device Association - Embodiments provide systems, methods, and articles of manufacture for enabling a client to associate with a device. In various embodiments, the device may transmit cryptographic data to a client. Based on and utilizing the cryptographic data, the client may associate with the device. | 06-21-2012 |
20120159585 | SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS - A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requestor identifying information; generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer. | 06-21-2012 |
20120167183 | METHODS AND SYSTEMS FOR TESTING PERFORMANCE OF BIOMETRIC AUTHENTICATION SYSTEMS - A method of testing the performance of a biometric authentication system includes conducting an initial biometric authentication transaction for an individual using data associated with the individual, and generating an initial result for the initial transaction with the biometric authentication system. Moreover, the method includes obtaining additional data associated with the individual when the additional data is required for conducting a subsequent biometric authentication transaction or after randomly determining that the subsequent transaction is to be conducted. Furthermore, the method includes conducting the subsequent transaction, generating a subsequent result for the subsequent transaction with the biometric authentication system, and updating cumulative performance records based on the initial and subsequent results. The method also includes generating a summary on a temporal or quantifiable basis that includes the cumulative performance records, and determining the performance of the biometric authentication system using the cumulative performance records or the summary. | 06-28-2012 |
20120167184 | ALLOCATION OF APPLICATION IDENTIFIERS - An apparatus, a method, and a computer program product of a wireless device are provided in which a first device identifier of a wireless device is provided. An allocation record is received that includes an expression used for discovery, a second device identifier, and at least one of a digital signature of a first server that delegates the expression or a digital signature of a second server that manages the expression. The allocation record is verified. An apparatus, a method, and a computer program product of a first server are provided in which a device identifier is received from a wireless device. An allocation record is generated that includes an expression used for discovery, the device identifier, and at least one of a digital signature of the first server or a digital signature of a second server that manages the expression. The allocation record is sent. | 06-28-2012 |
20120167185 | REGISTRATION AND NETWORK ACCESS CONTROL - In embodiments of registration and network access control, an initially unconfigured network interface device can be registered and configured as an interface to a public network for a client device. In another embodiment, a network interface device can receive a network access request from a client device to access a secure network utilizing extensible authentication protocol (EAP), and the request is communicated to an authentication service to authenticate a user of the client device based on user credentials. In another embodiment, a network interface device can receive a network access request from a client device to access a Web site in a public network utilizing a universal access method (UAM), and the request is redirected to the authentication service to authenticate a user of the client device based on user credentials. | 06-28-2012 |
20120174195 | FUNCTION MODULE DISPATCHER - Disclosed are methods and systems for function module dispatcher. The methods and systems involve generating a multi tenant enabled function module by adding a logical tenant access parameter to a function to be executed in a tenant system. The methods and systems further include receiving access data associated with a central tenant system and input parameters for executing the function module on one or more tenant systems, accessing a central tenant system based on the access data, retrieving tenant access data associated with the tenant system by matching a logical tenant access parameter data received in the input parameters to the multi tenant function call with the tenant access parameter data stored in a destination map and dispatching the call to execute the function module on a respective tenant based on the tenant access data retrieved from the destination map. | 07-05-2012 |
20120174196 | ACTIVE VALIDATION FOR DDOS AND SSL DDOS ATTACKS - Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. Once a client has been validated, clients may communicate directly with application servers in a secure manner by transparently passing through one or more intermediary proxy servers. | 07-05-2012 |
20120174197 | PUSH BUTTON CONFIGURATION OF MULTIMEDIA OVER COAX ALLIANCE (MOCA) DEVICES - A first device coupled to a multimedia over coax alliance (MoCA) network may receive, from a second device, an indication that a configuration button on the second device has been pushed. The first device may receive, from a third device, an indication that a configuration button on the third device has been pushed. The first device may allow the second device to be authenticated on the MoCA network if the configuration buttons of the second and third devices were both pushed within a determined amount of time. The first device may prevent the second device from being authenticated on the MoCA network if the configuration button of the second device and the configuration button of the third device were not pushed within a determined amount of time. The indication from the third device may comprise a layer 2 management entity (L2ME) message or a Protocol Information element. | 07-05-2012 |
20120180114 | Method and System for Subscriber to Log in Internet Content Provider (ICP) Website in Identity/Location Separation Network and Login Device Thereof - The present invention provides a method and system for a user to log in an Internet Content Provider (ICP) website in an identification location separation network and a login device thereof. The method includes: after receiving an access data packet of a user, the ICP website obtaining an identification code of the user therein, and transmitting the identification code of the user to an Internet Service Provider (ISP) authentication center; the ISP authentication center authenticating the user based on the identification code of the user, and if the authentication is passed, the ISP authentication center returning an authentication passed message, which contains the identification code of the user, to the ICP website; after receiving the authentication passed message, the ICP website obtaining personal information of the user according to the identification code of the user, and then the user logging in the ICP website. | 07-12-2012 |
20120198524 | RESUMABLE PRIVATE BROWSING SESSION - A resemble private browsing session is activated on a network computing device communicatively coupled via a network to other network computing devices. The private browsing session restrictedly saves one or more network browsing memories corresponding to activity between the network computing device and other network computing devices. The one or more network browsing memories are restrictedly saved under protection of a private credential. After the private browsing session has ended, access to the private browsing session is blocked unless a received credential submission matches the private credential. If the received credential submission matches the private credential, the private browsing session is resumed with access to the one or more network browsing memories. | 08-02-2012 |
20120198525 | SERVER RESERVATION METHOD, RESERVATION CONTROL APPARATUS AND PROGRAM STORAGE MEDIUM - An information processing device including a communication interface that exchanges data with a first device and a second device; and a processor that performs authentication of the first device; receives content data from the first device via the communication interface; and controls the communication interface to send the content data in real time to the second device based on an access control setting, which indicates a restriction on sending the content data. | 08-02-2012 |
20120198526 | SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR MESSAGE AUTHENTICATION TO SUBSCRIBERS OF AN INTERNET SERVICE PROVIDER - An internet service provider (ISP) is configured to provide notification messages such as service updates to subscribers via redirected web pages. In order for the web pages to be treated as originating from the ISP, the ISP provides a shared secret in the browser message. The shared secret may be a secret not derivable by viruses or trojans in the subscriber computer, such as a MAC address of the subscriber modem. | 08-02-2012 |
20120204241 | SECURE TUNNELING PLATFORM SYSTEM AND METHOD - A system and method and provided for receiving, by a wireless gateway device from a user computing device, a request for network access and is received via a first communication protocol. The request is formatted to comply with a second communication protocol that is different than the first communication protocol, and transmitted to at least one authentication computing device. The wireless gateway device receives a reply formatted to comply with the second communication protocol from the at least one authentication computing device that grants the request. The device formats the reply to comply with the first communication protocol, and transmits by the wireless gateway device, the formatted reply to the user computing device. A first communication pathway is established between the authentication computing device and the user computing device, and a request for access to at least one other computing device is received by the authentication device. The request is forwarded to the at least one other computing device, and a reply granting the request is received and forwarded to the user computing device the reply granting the request for access. An identification of at least one of the user computing device and the at least one other computing device, is stored in at least one database. | 08-09-2012 |
20120204242 | PROTECTING WEB AUTHENTICATION USING EXTERNAL MODULE - Systems, methods, computer program products, and networks for protecting web authentication. In some examples a system for protecting web authentication includes a web client and a validator which is external to the web client. In these examples, the validator is configured to enable at least one validation item which is provided to a web server during web user authentication to be protected from possible tampering by the web client. | 08-09-2012 |
20120204243 | SYSTEMS AND METHODS FOR NETWORK CURATION - Systems and methods for network curation are disclosed. In some embodiments, a method comprises scanning, by a mobile device, an area to identify a network device for accessing a network, receiving, by the mobile device, a network identifier associated with the network device, providing a curation indicator request to a curation server, the curation indicator request comprising the network identifier, receiving a curation indicator from the curation server, the curation indicator being retrieved, based on the network identifier, from a database of a plurality of curation indicators, the curation indicator associated with a likelihood of intent to publicly share the network by the network device, comparing the curation indicator to an access setting, the access setting indicating acceptability of network access based on the likelihood of intent to publicly share the network by the network device, and accessing the network via the network device based on the comparison. | 08-09-2012 |
20120204244 | AUTOMATED PASSWORD AUTHENTICATION - A system connected to an existing computer includes a unit for monitoring the screen and provides input, and a storage unit that stores data that pair screen buffer regions with authentication details. The system learns new pairs via user training and presents stored authentication details when the screen buffer matches a related stored region which is paired with a region of the screen. | 08-09-2012 |
20120210402 | Protecting Information on a Computer System Using Multiple Authentication Methods - In one embodiment, a method includes receiving, for a user, first user authentication information for a first authentication method and receiving, for the user, second user authentication information for a second authentication method. The second authentication method is different from the first authentication method. Upon authenticating the first user authentication information and the second user authentication information, the method moves a subset of data stored on a back-end storage device to a front-end storage device. The front-end storage device is directly connected to the user via a network and the back-end storage device not being directly connected to the network. The method then allows access to the subset of data for a period of time, wherein after the period of time expires, the subset of data is removed from the front-end storage device. | 08-16-2012 |
20120216260 | SYSTEMS, METHODS AND APPARATUS FOR AUTHENTICATING ACCESS TO ENTERPRISE RESOURCES - Systems, apparatus, methods and articles of manufacture provide for controlling access to one or more enterprise resources, including one or more functions of an enterprise device, or other computing device, based on information about one or more activities of a user. Some embodiments provide for determining an intuitive challenge question having a corresponding response, such as an intuitive password. | 08-23-2012 |
20120216261 | Method and System for Electronic Delivery of Essential Mail Items - A delivery server, and a method of operating same for providing an trusted electronic mail service for the delivery of items to a subscriber. An associated database contains subscriber details. The server receives from the subscriber a nomination of at least one service provider from which the subscriber wishes to receive electronic mail items. The nomination is stored in the database in association with the subscriber details. A trusted communications channel is established between the delivery server and a service provider computer system, for example via the Internet or other public network. The delivery server receives essential mail data from the service provider via the communications channel, and verifies that the subscriber wishes to receive a corresponding electronic mail item, by comparison with subscriber details and nominations stored in the database. In the event that the verification is successful, the delivery server delivers the electronic mail item to the subscriber. | 08-23-2012 |
20120216262 | Methods, Systems, And Computer Program Products For Determining An Originator Of A Network Packet Using Biometric Information - Associating a network packet with biometric information for a user includes identifying biometric identification information for a user of a network device, including an identifier of the biometric identification information in at least one of a header and a trailer of a network packet without including biometric identification information in a payload of the network packet, and sending the packet via a network, wherein the identifier identifies the network packet as having originated from the user. | 08-23-2012 |
20120222097 | SYSTEM AND METHOD FOR USER CLASSIFICATION AND STATISTICS IN TELECOMMUNICATION NETWORK - The embodiments herein relate to user data management in a telecommunications network and, more particularly, to classifying users in a telecommunications network and subsequently leveraging the classification and augmented statistical information. The system uses intelligent modeling techniques & machine learning algorithms to classify users. It also groups users by statistical analysis of this classification. The system is able to provide secure, authenticated and authorized access to this classification, statistical grouping and other augmented information about users to an external agent in real-time. This enables service personalization and personalized service recommendations. System allows external agents to define certain classification criteria for users in the form of models, which are pluggable in nature, to derive multiple user classification schemes. The system is also able to handle extremely large volumes of user data in the order of terabytes by scaling horizontally on inexpensive commodity hardware. | 08-30-2012 |
20120222098 | WIRELESS ESTABLISHMENT OF IDENTITY VIA BI-DIRECTIONAL RFID - A method, a system, and a computer program product are provided for wireless establishment of identity via bi-directional radio-frequency identification (RFID). The method is implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions operable for sending device data including at least a username and a password to a transceiver. The method also includes receiving an identifier of an access point in a wireless network from the transceiver, the transceiver sending the device data to the access point via a security server. The device data is sent to the access point based on the identifier of the access point, the access point establishing a secure connection to the computer infrastructure based on the device data received from the transceiver and the computer infrastructure. | 08-30-2012 |
20120227095 | SYSTEMS AND METHODS FOR GENERATING MODULAR SECURITY DELEGATES FOR APPLICATIONS - Embodiments of the present teachings relate to systems and methods for generating modular security delegates for applications. According to embodiments, in a multiple network environment, multiple machines (or clients) can be configured. Each machine can include a plurality of application instances and an authentication delegate. In addition, each network environment can include a communication interface to security services. The applications can include logic that indicates what security delegate to use for a given set of user authentication credentials. The logic can be configured to determine the appropriate authentication delegate using various methods. The authentication delegates can receive a set of user authentication credentials from application instances and determine whether the set of user authentication credentials are valid. Each authentication delegate corresponds to one and only one type of authentication mechanism. | 09-06-2012 |
20120233672 | Provisioning Methods And Apparatus For Wireless Local Area Networks (WLANS) With Use Of A Provisioning ESSID - A wireless network has a primary network which provides one or more communication services and a provisioning network which provides a provisioning service but disallows the one or more communication services. A mobile device associates with an access point of the wireless network by sending a request which includes a first set service identifier (SSID) for accessing and operating in the provisioning network. If an authentication procedure is successful, the device receives via the access point a second SSID in a provisioning procedure with the provisioning network, and programs the second SSID in a network list. The device subsequently associates with the access point by sending a request which includes the second SSID from the network list instead of the first SSID, for accessing and operating in the primary network for the one or more communication services. | 09-13-2012 |
20120233673 | System and Method to Support Identity Theft Protection as Part of a Distributed Service Oriented Ecosystem - A system and method to support identity theft protection and, in particular, to a system and method for supporting identity theft protection as part of a distributed service oriented ecosystem in Internet protocol (IP) multimedia subsystem (IMS) and non-IMS networks. The system includes an identity session initiation protocol (SIP) application server configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP enabled device to attach to a telecommunications service provider network. A user may accept or reject an authorization request using the SIP enabled device or non-SIP enabled device. | 09-13-2012 |
20120240203 | METHOD AND APPARATUS FOR ENHANCING ONLINE TRANSACTION SECURITY VIA SECONDARY CONFIRMATION - The need for secure online transaction on inherently insecure platforms such as PCs and mobile devices is increasing with the widespread adoption of e-commerce and online banking. Providing enhanced security on such platforms is challenging as factors of cost and user convenience are significant barrier to adoption rates. The proposed invention does not require special hardware, operating systems or communication links installed on the client devices. Instead, it makes use of the fact that a large number of consumers already have access to multiple independently operating devices such as PCs and cellular phones. Providing secondary confirmation for secure transactions using a plurality of such devices addresses both the cost and ease-of-use factors. In particular, a secure transaction that is originated on one type of consumer device such as a PC is conducted to require a secondary transaction on a different device such as a mobile phone. This way an attacker faces the much harder problem of synchronously compromising two very different systems to gain control of a particular secure transaction. | 09-20-2012 |
20120240204 | System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication - Systems and methods of authentication according to the invention are provided comprising a user, a service client, a service server, a portable communications device and an authentication server, wherein the method comprises use of one time passwords and out-of-band outbound communication channels. This system gives access to authentication seekers based on OTP out of band outbound authentication mechanism. The authentication seeker or system user scans a multi-dimensional barcode or another like encoding mechanism and validates the client and triggers the out of band outbound mechanism. The portable mobile device invokes the client server to request authentication. The client server authenticates the user based on a shared secret key and the user is automatically traversed to the next page. | 09-20-2012 |
20120240205 | SELECTIVE INTERNET PRIORITY SERVICE - An Internet Priority Service (IPS) provides to authorized users priority access to communication over the Internet during emergencies. Transmission of data packets from an authorized user that accesses the IPS are given priority for transmission over the Internet. The level of priority given to a data packet depends on the type of application associated with the data packet. Each user or group of users may also be given a respective IPS level of priority. Furthermore, for a particular authorized user, access to the IPS may be limited to a specific number of application types, which for example do not have high bandwidth requirements. Assigning different priority levels as a function of application type and user or group of users, and limiting IPS access to specific application types allows efficient methods of emergency communication to be implemented over the Internet during emergencies. | 09-20-2012 |
20120246706 | SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein. | 09-27-2012 |
20120254956 | Securely Managing Password Access to a Computer System - A method, system or computer usable program product for providing initial access Lo the computer system in response to a user providing a first password, and upon detecting a condition meeting a predetermined criteria, providing subsequent access to the computer system in response to the user providing a second password wherein the first password has stronger security than the second password. | 10-04-2012 |
20120260321 | Method and apparatus to auto-login to a browser application launched from an authenticated client application - A technique for automated login to a browser application from an authenticated client application begins upon the end user taking an action to access a target resource. A credential is associated with the client application as a result of a prior login operation. The technique is implemented in a server application associated with the client application. In response to the end user taking the action, the server application receives a first request that includes the credential. The credential is cached at a location identified by a one-time-key that is generated by at the server in response to receipt of the first request. The server application then returns a response to the first request that includes a data string (e.g., a URL-template) that includes the one-time-use key. Upon receipt of that response, the client application fills in the URL-template with the target resource URL and launches the browser. The resulting second request is received at the server application, which retrieves the credential from the location identified by the one-time use key. The server application sets the retrieved credential in a cookie and returns a response to the second request. That response includes the cookie and a redirect to the target resource. In this manner, the browser is redirected to the target resource (e.g., a secure page) without requiring an extra login. | 10-11-2012 |
20120272298 | METHOD TO PROVIDE CHIP BASED SECURITY FOR I/O PACKETS IN AN ARRAY USING DYNAMIC TOPOLOGY - An apparatus comprising a controller circuit and an array. The controller circuit may be configured to read/write data in response to one or more input/output requests. The array may be configured to present/receive data to/from the controller circuit in response to the input/output requests. The data may be only transmitted to/from the array after a successful authentication between (i) a first code embedded within each of the input/output requests and (ii) a second code stored on a non-volatile memory within the controller circuit. | 10-25-2012 |
20120272299 | INFORMATION PROCESSING SYSTEM, IMAGE PROCESSING APPARATUS, INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREFOR AND COMPUTER-READABLE STORAGE MEDIUM - There are provided an information processing system for providing a user with an authentication screen suitable for an authentication apparatus connected to an image processing apparatus, an image processing apparatus, an information processing apparatus, a control method therefor, and a program. When a user requests a login operation, the image processing apparatus generates a login request containing authentication apparatus information indicating an authentication apparatus for authenticating the user, which is connected to the image processing apparatus, and notifies the information processing apparatus of the login request. On the other hand, when the login request is sent, the information processing apparatus generates screen information of an authentication screen for executing authentication using the authentication apparatus indicated by the authentication apparatus information, and notifies the image processing apparatus of the generated screen information. | 10-25-2012 |
20120272300 | METHOD AND SYSTEM FOR CONFIGURING LOCAL AND REMOTE RESOURCES TO ACCOMPLISH RENDERING OF MULTIMEDIA CONTENT ON DISSIMILAR FORMAT DEVICES BASED ON USER BIOMETRIC DATA - A system and method is provided for communication of information in a mobile communication device (WMCD) configured to network connection may include discovering via a wireless mobile communication device, available communication resources based on acquired biometric data for a user of the WMCD, and communicating multimedia information between the WMCD and one or more of the discovered available resources. The acquired biometric data may include physical and behavioral biometric data to be authenticated and validated by a pattern recognition database. A connection between the WMCD and one or more discovered available resources may be established through linking the acquired biometric data to resources in available local or remote network. The established connection may enable the WMCD to consume or redirect media from the available resources and may be dynamically adjusted and updated based on dynamic sensing of the acquired biometric data in the available network or available resources. | 10-25-2012 |
20120278868 | FRAUD DETECTION SYSTEM AUDIT CAPABILITY - Embodiments of the invention are directed to a fraud detection system that records an audit log of modifications made by a user to a selection of fraud detection rules in a merchant profile. The audit log contains details of the modifications and the user associated with the modifications. A search can be conducted on the audit log to determine details of modifications made to a merchant profile within the fraud detection system. | 11-01-2012 |
20120278869 | REGISTRATION AND CREDENTIAL ROLL-OUT FOR ACCESSING A SUBSCRIPTION-BASED SERVICE - A user may access a subscription-based service via a system comprising one or more devices with one or more separate domains where each domain may be owned or controlled by one or more different local or remote owners. Each domain may have a different owner, and a remote owner offering a subscription-based service may have taken ownership of a domain, which may be referred to as a remote owner domain. Further, the user may have taken ownership of a domain, which may be referred to as a user domain. In order for the user to access the subscription-based service, registration and credential roll-out may be needed. An exemplary registration and credential roll-out process may comprise registration of the user, obtaining credentials from the remote owner and storing the credentials. | 11-01-2012 |
20120284779 | ELECTRONIC DEVICES HAVING ADAPTIVE SECURITY PROFILES AND METHODS FOR SELECTING THE SAME - Adaptive security profiles are supported on an electronic device. One or more security profiles may be automatically or selectively applied to the device based on the device's location and one or more geographic zone definitions. The security profiles may be used to determine the level of authentication or number of invalid authentication attempts for a particular feature or application or set of features or applications. | 11-08-2012 |
20120291106 | CONFIDENTIAL INFORMATION LEAKAGE PREVENTION SYSTEM, CONFIDENTIAL INFORMATION LEAKAGE PREVENTION METHOD, AND CONFIDENTIAL INFORMATION LEAKAGE PREVENTION PROGRAM - Provided is a confidential information leakage prevention system in which a client | 11-15-2012 |
20120291107 | SYSTEMS AND METHODS FOR UNIVERSAL ENHANCED LOG-IN, IDENTITY DOCUMENT VERIFICATION AND DEDICATED SURVEY PARTICIPATION - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data. A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server. | 11-15-2012 |
20120297464 | AUTHENTICATED TRANSMISSION OF DATA - A method for transmitting data confirmed by at least one person (KND), wherein data (TOR) to be transmitted are received and/or generated by an input device (BSW), wherein the input device (BSW) can be operated by the person (KND). A configuration for performing the method and a computer program for implementing the steps are also provided. | 11-22-2012 |
20120304260 | PROTECTION FROM UNFAMILIAR LOGIN LOCATIONS - In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface | 11-29-2012 |
20120304261 | PUBLICLY AVAILABLE PROTECTED ELECTRONIC MAIL SYSTEM - A secure messaging system provides a secure messaging exchange service to identified users. | 11-29-2012 |
20120311682 | SYSTEM AND METHOD FOR PROVIDING RESTRICTIONS ON THE LOCATION OF PEER SUBNET MANAGER (SM) INSTANCES IN AN INFINIBAND (IB) NETWORK - A system and method can provide subnet manager (SM) restrictions in an InfiniBand (IB) network. A first SM in a subnet in the IB network operates to determine whether a second SM associated with a remote port is trustworthy. Furthermore, the first SM is allowed to send at least one of a request and a response that contains a management key to the second SM, if the first SM determines that the second SM is trustworthy. Additionally, the first SM is prevented from attempting to initiate communication with the second SM, if otherwise. | 12-06-2012 |
20120317628 | SYSTEMS AND METHODS FOR AUTHORIZING A TRANSACTION - Methods and apparatuses are disclosed for creating a software based secure element reader and a digital credential data delivery system for point-of-sale (POS) locations that do not have a secure element reader. Methods and apparatuses are described for creating a remotely hosted repository of secure elements that may be selected and connected to a mobile or a stationary device. Near-field communication (NFC) capabilities may be utilized to interrogate a selected secure element by a RFID POS reader through the mobile NFC device over a data connection between that mobile NFC device and the remote hosted secure element. | 12-13-2012 |
20120324550 | Systems and Methods for Combining User Profiles - Certain embodiments of the invention may include systems and methods for combining user profiles. According to an example embodiment, a method is provided for refining group content choices. The method includes identifying that at least two users are accessing media content on a same device, wherein each of the at least two users is associated with a different set of profile attributes; generating a spliced user profile having spliced profile attributes based at least in part on at least a portion of the set of profile attributes associated with at least one of the at least two users; determining at least one content recommendation based on the spliced profile attributes; and delivering the at least one content recommendation over a content distribution channel to the at least two users on the media device. | 12-20-2012 |
20120324551 | Method of Improving Online Credentials - The invention comprises a method of providing additional assurance regarding a websites authenticity, The assurance is provided by using a credential that contains an image of the website operator or the website operator's business operations. The assurance is also provided by scanning the website associated with the credential for changes and alerting the website operator or a website visitor of the changes. The invention includes a method of ensuring the proper operation of the credential and a method of protecting the credential from mis-issuance. | 12-20-2012 |
20120331532 | DEVICE-AGNOSTIC MOBILE DEVICE THIN CLIENT COMPUTING METHODS AND APPARATUS - In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to cause a processor to send, from a sole application stored at a mobile device, a first signal including authentication information of a user. The code can further represent instructions configured to cause the processor to receive, at the sole application, a second signal indicating a set of cloud-based applications associated with the user, the second signal being sent in response to the authentication information. The code can further represent instructions configured to cause the processor to send, to a display of the mobile device, an indicator of the set of cloud-based applications associated with the user, and receive user input including a request to initialize a first cloud-based application from the set of cloud-based applications. The code can further represent instructions configured cause the processor to send a third signal indicating a requested function associated with the first cloud-based application, and receive, in response to the third signal, a fourth signal including information associated with the requested function. | 12-27-2012 |
20120331533 | Virtualizing Storage for WPAR Clients that Share a Common Operating System of Logical Partition - Systems, methods and media for providing to a plurality of WPARs private access to physical storage connected to a server through a VIOS are disclosed. In one embodiment, a server is logically partitioned to form a working partition comprising a WPAR manager and individual WPARs. Each WPAR is assigned to a different virtual port. The virtual ports are created by using NPIV protocol, between the WPAR and VIOS. Thereby, each WPAR has private access to the physical storage-connected to the VIOS. | 12-27-2012 |
20130007853 | MOBILE DEVICE AND METHOD FOR AUTOMATIC CONNECTIVITY, DATA OFFLOADING AND ROAMING BETWEEN NETWORKS - Embodiments of a mobile device and methods automatically connecting to a Wi-Fi Hotspot 2.0 are generally described herein. In some embodiments, subscription information for one or more service providers (SP) that operate Wi-Fi networks is stored in a subscription data object of the mobile device. The subscription information includes home service provider information, policy information and pre-provisioned credentials. The mobile device may be configured to determine, without user interaction, if the subscription information is applicable to an available Wi-Fi network and perform without user interaction, an extensible authentication protocol (EAP) based authentication using the pre-provisioned credentials with the available Wi-Fi network to establish a Wi-Fi connection with the available Wi-Fi network. This automatic connectivity may allow a mobile device to roam across Wi-Fi hotspots of Wi-Fi networks and offload traffic to Wi-Fi networks. | 01-03-2013 |
20130007854 | Storage Gateway Activation Process - Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider. | 01-03-2013 |
20130007855 | POWERLINE COMMUNICATION DEVICE SUPPORTING SECURE DATA EXCHANGE - A Power Line Communications (PLC) device includes a processing module, memory, a Wireless Local Area Network interface (WLAN I/F), and a PLC communication interface (PLC I/F). When operating as a client device, the PLC device establishes communications with a premises communication device via the PLC I/F, requests WLAN service from the premises communication device via the PLC I/F, receives WLAN access credentials from the premises communication device via the PLC I/F, and accesses a WLAN via the WLAN I/F using the WLAN access credentials. The PLC device communicates with a client device via the PLC I/F, receives a WLAN service request from the client device via the PLC I/F, validates the client device for WLAN service, and transmits WLAN access credentials to the client device via the PLC I/F. The PLC device may also support backchannel operations such as financial transactions, key exchanges, encryption support, all via the PLC I/F. | 01-03-2013 |
20130014232 | CONFIGURATION OF ACCESSORIES FOR WIRELESS NETWORK ACCESS - A portable computing device can enable an accessory to access a wireless network. In particular, the portable computing device can provide a wireless network access credential to the accessory. The accessory can thereafter use the wireless network access credential to access a wireless network. The portable computing device can additionally configure an access point that manages the wireless network to permit the accessory to join the wireless network. | 01-10-2013 |
20130014233 | SYSTEM AND METHOD FOR SECURE VOTING - Methods, systems, and computer-readable media are provided for conducting an election. In one exemplary embodiment, there is provided a method for ensuring integrity of an electronic ballot. The method can include creating electronic ballots for voters based on votes received from the voters; digitally signing the electronic ballots; storing the signed electronic ballots; retrieving the signed electronic ballots from storage; verifying the digital signatures on the retrieved electronic ballots; and presenting the voters with validation pages derived from the retrieved electronic ballots, the validation pages including a user interface element for the voters to confirm that the retrieved electronic ballots accurately reflect their vote. | 01-10-2013 |
20130014234 | DOMAIN ISOLATION THROUGH VIRTUAL NETWORK MACHINES - A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains. | 01-10-2013 |
20130014235 | METHOD FOR DISTINGUISHING A LIVE ACTOR FROM AN AUTOMATION - A computer-implemented method for distinguishing a live actor from an automation is described. A user request to access a service is received, and, in response, the user is presented with a minority set of N objects and a majority set of >N objects. The majority set includes objects sharing at least one common attribute expected to be apparent to a human observer absent among objects associated with the minority set. The user is requested to identify at least one object, from among the objects associated with the minority or majority set, that satisfies a predetermined criterion and in response an indication of a selection of at least one object is received. Whether the user-selected object satisfies the predetermined criterion is determined and as is that the user is a human upon determining that the user-selected object satisfies the predetermined criterion. | 01-10-2013 |
20130024915 | Systems and Methods for Authenticating Users Accessing Unsecured WiFi Access Points - Systems and methods system for a user accessing an unsecure Wifi access point are provided. In an embodiment, the present invention requests that the customer perform authentication of the access point to which he is connected. On initial connection to the access point, the customer provides his username/password and chooses a memorable information element (e.g., image or phrase). A site specific cookie is delivered to the customer device after a successful authentication. On subsequent connections, the site specific cookie is validated and the MAC address of the customer device is used to retrieve the memorable information element. If the customer recognizes his memorable image, he confirms that he is on a bona fide access point. In a further embodiment, if the customer connects at a location and/or time of day which breaks a previously observed pattern, MAC authentication is not accepted and a full authentication (e.g., user/password) is required. | 01-24-2013 |
20130024916 | System and Method for Verification, Authentication, and Notification of Transactions - A system and method are provided for verifying, authenticating, and providing notification of a transaction such as a commercial or financial transaction, with and/or to at least one party identified as engaging in the transaction and/or identified as having a potential interest in the transaction or type of transaction. | 01-24-2013 |
20130024917 | MEMO SYNCHRONIZATION SYSTEM, MOBILE SYSTEM, AND METHOD FOR SYNCHRONIZING MEMO DATA - Provided is a memo synchronization system, a mobile system, and a method for synchronizing memo data. The memo synchronization system includes a storage device, an authentication unit configured to authenticate a user by receiving authentication information of the user from a mobile terminal via a memo application installed in the mobile terminal, and a synchronization unit stored on the storage device and configured to synchronize memo data stored in the mobile terminal with memo data stored in a web storage space of an online memo service based on a request for synchronization transmitted from the mobile terminal through the memo application. The request for synchronization includes a synchronization request generated by the memo application according to an event set by the user. | 01-24-2013 |
20130031616 | Methods and Systems for Enabling Multiple Accounts Support - Embodiments allow communication for a first and second account on one device to be sent and received over a single socket connection. A unique identifier may be associated with each account on the device. Communications sent from each account on the device may be encapsulated with the unique identifier for the account. Similarly, communications received for each account on the device may be encapsulated with the unique identifier for the account by a mobile endpoint. | 01-31-2013 |
20130042308 | SUBSCRIPTION INTERFACE FOR PROVIDING ACCESS TO DIGITAL PUBLICATIONS - The present application provides a subscription interface positioned between client devices and third-party digital subscription providers. The subscription interface allows multiple different publication-related applications (e.g., Sports Illustrated, Time magazine, etc.) running on different client devices (e.g., tablets, desktop computers, laptop computers, smart phones, etc.) to obtain a list of digital issues available from an associated third-party digital subscription provider based on entitlements of the user of the client device. The subscription interface ensures that the application receives the list and associated metadata in a desired format for that particular application on a particular client device. | 02-14-2013 |
20130042309 | USER AUTHENTICATION MANAGEMENT - End users of a multi-factor authentication service can utilize an account management service, and third-party website can register to utilize the multi-factor authentication service. Registering a third-party website can comprise the multi-factor authentication service receiving a valid digital identity certificate for the third-party website, and receiving an agreement to terms of use of the multi-factor authentication service for the third-party website. Once received, the multi-factor authentication service can enable the third-party website to utilize the service (e.g., switch the service on, or send an authorization key to the third-party website). Further, registering a user to the multi-factor authentication service can comprise determining availability of service, and providing a location-specific access code. Additionally, registering the user can comprise registering the user's mobile device, for example, to provide multi-factor authentication. Also, an Internet-based user account management user interface can be provided that allows a user to view transactions on their account, and an ability to shut off a designated mobile device's ability to authenticate. | 02-14-2013 |
20130047223 | Methods for the Secure Use of One-Time Passwords - Methods for authentication over unsecure networks using one-time passwords methods are provided. The methods establish a connection over a first channel between an authentication system and a user's computing system, then the authentication system determines information based on the connection over the first channel, such as the IP address and other information that can be readily found once the IP address is known. The information derived from the connection is then provided to the user over a second channel, and the user is given an opportunity to review the information before deciding whether to continue the login. If the information returned to the user over the second channel is suspicious, this can indicate to the user that the connection over the first channel has been compromised. | 02-21-2013 |
20130055361 | Mobile communications device security technique - The level of security associated with mobile communication device access is advantageously reduced while the mobile device resides at a location deemed to be “safe.” Determining whether the mobile communications device resides at a safe location depends on (a) location coordinates, and (b) frequency and duration of use of the mobile communication device at the location. | 02-28-2013 |
20130055362 | AUTHENTICATING VIA MOBILE DEVICE - A first server device is configured to receive an authentication request from a second server device; add the authentication request to a queue associated with a user; and provide a representation of the queue to a mobile device of the user. The representation of the queue includes an entry for the authentication request. The first server device is further configured to receive, from the mobile device, authentication information, provided by the user, for the authentication request; determine that authentication, of the user, for the authentication request is successful based on the authentication information; generate an authentication response that indicates that the authentication, of the user, for the authentication request is successful; and transmit, by the first server device, the authentication response to the second server device. | 02-28-2013 |
20130055363 | CONNECTING REMOTE AND LOCAL NETWORKS USING AN IDENTIFICATION DEVICE ASSOCIATED WITH THE REMOTE NETWORK - One or more portable identification devices associated with a first smart network can be carried with a user of the first smart network to a second smart network and used to automatically identify the first smart network and allow authorized access to the smart network via the second smart network. The one or more portable identification devices are configured to automatically provision the second smart network with the information necessary for the second smart network to identify the first smart network and the authorization credentials to connect to the first smart network. In some example embodiments, the portable identification devices may be RFID tags. | 02-28-2013 |
20130055364 | INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING THE SAME AND STORAGE MEDIUM - An information processing apparatus of this invention has a function of transmitting data to a server on a network and causing the server to store the data. Setting information including at least the validated period information of the data and the storage destination information of the server is stored. The information processing apparatus instructs the server to delete the data stored even after the elapse of a validated period represented by the validated period information based on the stored validated period information and the storage destination information of the server. | 02-28-2013 |
20130061295 | Providing Status of Site Access Requests - Concepts and technologies are described herein for providing status of site access requests. In accordance with the concepts and technologies disclosed herein, a user attempts to access functionality of a server application that is limited to authorized users. In response to the access attempt, the server application determines if the user is authorized to access the functionality and if the user has previously requested access to the functionality. If the user has not previously requested access to the application, the server application can present a user interface to the user for requesting access to the server application. If the user has previously requested access to the application, the server application can present an indication that an access request already exists, history and status information associated with the access request, and/or an interface for submitting messages to the site owner or other entity. | 03-07-2013 |
20130061296 | SOCIAL DISCOVERY OF USER ACTIVITY FOR MEDIA CONTENT - Aspects of the present disclosure provide techniques that may enable user activity information to be automatically generated and shared with other users of a social network. In one example, a method of automatically publishing, to one or more social network services, information about user activities regarding media content items includes receiving user activity information regarding a media content item, wherein a user is a member of one or more social network services, and the user activity information is generated in response to one or more activities taken by the user with respect to the media content item. The method may also include receiving an indication of one or more users of the one or more social network services to whom the user activity information is to be made accessible, and automatically publishing the user activity information to the one or more social network services. | 03-07-2013 |
20130061297 | HOME NETWORKING WEB-BASED SERVICE PORTAL - A web-based service portal provides a user interface to configure and/or access device(s) of a home network. The service portal can communicate with device(s) through application program interfaces (APIs). The service portal can provide a standardized user interface for specific feature(s) of a device. | 03-07-2013 |
20130074164 | METHOD AND SYSTEM OF SECURING ACCOUNTS - A method and system of securing account is provided. When a client computer requests access to an account accessible via a server, the server determines a MAC address associated with the client computer and compares it to a MAC address associated with the account. If the MAC address of the client computer is not the same as the MAC address associated with the account, the server initially denies access to the client computer, but may allow access after verification of the client computer by the user associated with the account. | 03-21-2013 |
20130074165 | Trusted Content Distribution System - A trusted content distribution system is described comprising a trustworthy enduser device and a network management infrastructure, the enduser device being adapted for communications between the enduser device and the networked infrastructure via a secure tunnel; the end user device comprising a host processor and memory; secure non-volatile memory for storing an operating system, a trusted boot process executed by the host processor to boot the end user device into a known state, means for communicating with a visualisation device. | 03-21-2013 |
20130081114 | SYSTEM AND METHOD FOR USER AUTHENTICATION - A system and method for providing authentication of a user is disclosed. The use of a non-confidential and unique user identification number and a temporary access code separates authentication of the user from transmission of any user passwords or user-identifiable data, as well as provides a ubiquitous means to authenticate the user with unrelated organizations, without any information passing between those organizations. | 03-28-2013 |
20130081115 | SERVER AND METHOD FOR PROVIDING SURVEY OF BROADCASTING PROGRAM - A survey providing apparatus includes a reception unit configured to receive a survey participation signal, from a user device, related to the broadcasting program that is being reproduced in a broadcasting device, a user authentication unit configured to authenticate a user based on identification information of the user device included in the received survey participation signal and user information that is previously stored in a database, a transmission unit configured to transmit a survey list for the broadcasting program to the user device and a survey result generation unit configured to generate a survey result based on a survey response to the survey list and the user information, wherein the transmission unit is further configured to transmit the generated survey result to the broadcasting device. | 03-28-2013 |
20130081116 | TRUSTED INTERNET IDENTITY - A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requestor by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request. | 03-28-2013 |
20130081117 | PERSONAL CRITERIA VERIFICATION USING FRACTIONAL INFORMATION - A method for verifying the identity of users connected to a computer network comprises providing fractional information queries to users, wherein responses to these individual queries are not sufficient to identify the user. This method further comprises receiving responses to these fractional information queries and comparing these responses to data available from within a computer network. A set of potential matches to the user is generated according to these responses and is used in determining whether the set of potential matches is sufficient to identify the user. | 03-28-2013 |
20130086650 | Communication system including optical recognition and method of using same - A system and method for communication are disclosed. The system and method can be used for a variety of applications, including administrative provisioning of information to particular users, handing off calls to or from another phone, for other application deployment, for pass of control, and similar applications. The system includes a server, a first device having an image displayed thereon, and a second device having a camera and client application software thereon. The image provides a medium for sending encrypted data between the devices and/or between a device and a server. | 04-04-2013 |
20130086651 | RE-AUTHENTICATION IN SECURE WEB SERVICE CONVERSATIONS - Techniques are disclosed for sharing communication session information, such as encryption keys for data protection, among multiple communication operations and/or multiple users. Multiple users can share the same communication session concurrently, with each message being individually authenticated. The provided techniques include receiving, at a client application, a first request to send a first web service message to a web service application or group of web services, retrieving existing communication session information having the same sharing characteristics as the first request, where the sharing characteristics include web service environment information and/or request information, including the user credentials associated with the user in the message and in each subsequent message communicated using the existing communication session information, and communicating the web service message to the web service application or group of web services using the existing communication session information. | 04-04-2013 |
20130086652 | SESSION SHARING IN SECURE WEB SERVICE CONVERSATIONS - Techniques are disclosed for sharing communication session information sharing in web service applications. The techniques include management of concurrent sessions by dynamically determining the session association of web service requests at runtime. These sessions can be shared by a group of web services on the server side, and across multiple web services clients with many users, independently of where these applications reside. Session identifiers are determined for these concurrent web service invocations based on an algorithm that uses information from configuration and runtime data. Different information is used in the session identifier depending on configuration parameters to provide different types of sharing that correspond to different use cases. This mechanism can be used with SOAP-based web services, REST-based web services, and the like. | 04-04-2013 |
20130086653 | MOBILE NETWORK OPERATOR AND DATA SERVICE PROVIDER INTEROPERATION - Embodiments of computer-implemented methods, systems, computing devices, and computer-readable media are described herein for allowing a mobile network operator to perform services on behalf of a non-internet protocol multimedia subsystem (non-IMS) data provider. In various embodiments, an application server (“AS”) front end of the data provider is communicatively connected to a user data repository (“UDR”) and a home subscription server (“HSS”). The HSS is also connected to the UDR. Neither the non-IMS AS nor the HSS store user data, but instead communicate with the UDR across various reference points. The communication across the reference points facilitates the HSS performing various user services on behalf of the non-IMS AS. Other embodiments include user access and authentication procedures in such a network architecture, as well as corresponding policy and charging architecture. | 04-04-2013 |
20130086654 | COMPUTER IMPLEMENTED SYSTEM AND METHOD FOR AUTHENTICATING A SENDER OF ELECTRONIC DATA TO A RECIPIENT - A sever receives data from a sender to be dispatched to a recipient. Before dispatching the data to the recipient the server sends a message to the sender's email address requesting a response which will confirm the sender's authorship of the data. Upon receiving the confirmation about sender's authorship of the data, the server transmits the data together with an identification of the sender to the recipient. | 04-04-2013 |
20130091557 | SYSTEM AND METHOD FOR PROVIDING CLOUD-BASED CROSS-PLATFORM APPLICATION STORES FOR MOBILE COMPUTING DEVICES - A method of accessing an application on an internet computing device includes deploying a cross-platform application store server, and accessing one or more multi-platform applications in either of two modes: a first mode including running in a cloud one or more multi-platform applications in an application container, and remotely displaying the applications using a display protocol, or a second mode including running by proxy one or more local applications on a device in a secure application container. | 04-11-2013 |
20130097677 | Systems, Methods and Computer Program Products Supporting Provision of Web Services Using IMS - A web service request from a device is received at a web service provider. The web service request is authenticated at the web service provider using the IMS network. A requested web service is provided to the device responsive to the authentication of the web service request. The web service request may be received via a path outside of the IMS network, e.g., over a network using HTTP or other non-IMS protocol. The requested web service may also be provided using a web service response communicated to the device via a path outside of the IMS network. | 04-18-2013 |
20130097678 | Portable Identity Rating - Portable on-line identity verification technology includes, for example, portable widgets with an identity rating, and other on-line identification verification icons and identity rating scores. | 04-18-2013 |
20130097679 | AUTHENTICATION SERVER WITH LINK STATE MONITOR AND CREDENTIAL CACHE - An example embodiment of the present invention provides processes relating to the authentication, by an authentication server, of a supplicant/user for access to a network. In one particular implementation, an authentication server receives a request for access from a supplicant, which request is forwarded to the authentication server by an authenticator that controls a port to the network. The authentication server scores various authentication methods, based on configured preferences, currently cached credentials, and the availability of a networked credential store as measured by a link-state monitor. The authentication server then negotiates an agreed authentication method with the supplicant, using a preferred order resulting from the scores. The authentication server receives forwarded credentials for the agreed authentication method from the supplicant and instructs the authenticator to give the supplicant access to the port, if the authentication server can verify the credentials against a credential store or a credential cache. | 04-18-2013 |
20130104201 | AUTHENTICATION SYSTEM AND RELATED METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for determining a key string adapted to provide a basis for authenticating the identity of the requester; a means for receiving an authentication credential associated with the request for access; and a means for evaluating the authentication credential to authenticate the identity of the requester. | 04-25-2013 |
20130104202 | SYSTEMS AND METHODS FOR AUTHORIZING THIRD-PARTY AUTHENTICATION TO A SERVICE - Systems and method for authorizing third-party authentication to a service are disclosed herein. As exemplary method includes an online service provider subsystem, which is configured to provide a service, 1) receiving a request from a user to use a third-party authentication service to authenticate the user to the service, 2) directing, in response to the request, the user to authenticate to the third-party authentication service, 3) receiving, from a third-party subsystem that provides the third-party authentication service, a third-party user identifier for the user, 4) requiring the user to verify an identity of the user, and 5) authorizing, based on the verified identity of the user, use of the third-party user identifier to authenticate the user to the service. Corresponding methods and systems are also disclosed. | 04-25-2013 |
20130104203 | BEHAVIORAL FINGERPRINT BASED AUTHENTICATION - A computationally-implemented method, for certain example embodiments, may include, but is not limited to: determining that a first user of a computing device is associated with the computing device; and determining a level of authentication associated with the first user via the computing device, the level of authentication at least partially based on a behavioral fingerprint. In addition to the foregoing, other example aspects are described in the claims, drawings, and written description forming a part of the present disclosure. | 04-25-2013 |
20130104204 | MOBILE HOST USING A VIRTUAL SINGLE ACCOUNT CLIENT AND SERVER SYSTEM FOR NETWORK ACCESS AND MANAGEMENT - A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network. | 04-25-2013 |
20130111570 | METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION USING HASHED PERSONALLY IDENTIFIABLE INFORMATION | 05-02-2013 |
20130117826 | HOME REALM DISCOVERY IN MIXED-MODE FEDERATED REALMS - The authentication of identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication. Requests for service from valid identities in the realm that are to be authenticated by direct authentication are responded to with a direct authentication interface. Requests for service from valid identities in the realm that are to be authenticated by federated authentication are responded to with a federated authentication interface. Requests for service from invalid identities are responded to pseudo-randomly with either the direct authentication interface or the federated authentication interface. | 05-09-2013 |
20130117827 | SECURE WIEGAND COMMUNICATIONS - The present invention is directed toward secure access systems. Specifically, a method and system is provided that enhances the security of unidirectional communication protocols used in access control systems, such as the Wiegand protocol. The enhancements may include obfuscation of data, a two-way packet-mode communications, and blind synchronization of pseudo-random number generators. | 05-09-2013 |
20130117828 | DISTRIBUTED NETWORK MANAGEMENT HIERARCHY IN A MULTI-STATION COMMUNICATION NETWORK - The invention relates to a network and to a method of operating a network. The network comprises a plurality of stations each able to transmit and receive data so that the network can transmit data between stations via at least one selected intermediate station. The network further comprises a plurality of levels of stations including a first level comprising user and/or seed stations, a second level comprising auxiliary stations providing access to auxiliary networks, a third level comprising at least one location management station, and a fourth level comprising at least one authentication station. The method comprises transmitting, from or on behalf of a station on the first level requiring authentication, to an authentication station via one or more stations, an authentication request message. In response, the authentication station transmits authentication data to authenticate the station on the first level. | 05-09-2013 |
20130117829 | INTERNET ENABLED MONITORING AND CONTROL DEVICE - A connection between a monitoring device and a remote user is accomplished securely over the Internet by using a communication channel with public/private key encryption to connect the two locations and by performing authentication of a user at the local monitoring device rather than at a device server at the remote location, thereby effectively removing the device server as vulnerable point for attack. In particular, when a remote user attempts to log in, via a web browser or interactive telephone system, the encrypted channel is established using the public/private key of the device and the device server proxies the log-in request to the monitored device. The device itself is then responsible for granting or denying access. | 05-09-2013 |
20130125218 | METHOD, APPARATUS AND SYSTEM FOR REMOTE MANAGEMENT OF MOBILE DEVICES - An apparatus and system for enabling users to remotely manage their devices. Specifically, in one embodiment, in the event of a theft of a device or other such occurrence, a user may send a command to the device to execute a specified command. The command may include actions such as locking the device, shutting down the device, disabling logon's to the device and other such actions that may secure the device and the data on the device from unauthorized access. Upon receipt of an authorized unlock credential, the device may once again be made accessible. | 05-16-2013 |
20130125219 | AUTOMATED DEVICE PROVISIONING AND ACTIVATION - A non-transitory machine-readable storage medium storing program code for causing a processor to establish a plurality of links to a plurality of devices communicatively coupled to the processor, a particular link of the plurality of links supporting control-plane communications between the processor and a particular device of the plurality of devices over a wireless access network; receive a server message from a particular server of a plurality of servers communicatively coupled to the processor, the server message comprising message payload for delivery to the particular device; generate an encrypted message comprising the message payload and an identifier identifying a particular agent of a plurality of agents on the particular device; and send the encrypted message to the particular device over the particular link, wherein establishing the plurality of links comprises executing a link initialization sequence associating the particular link with a credential associated with the particular device. | 05-16-2013 |
20130125220 | METHOD AND SYSTEM FOR AUTHENTICATING INTERNET USER IDENTITY - A method and system for authenticating an Internet user identity, by cross-referencing and comparing at least two independent sources of information. A first geographical location of computer signature of an Internet user is identified and the geographical location of a communication voice device of said Internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the Internet user. Based upon geographical proximity of said locations, a score is assigned to the Internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated. | 05-16-2013 |
20130133044 | SELF-PROPELLED HARVESTING VEHICLE INCLUDING A THERMOCHEMICAL REACTOR FOR CARBONIZING HARVESTED CROP MATERIAL - A system and method are provided for employing a hand-held wireless device to assess a vulnerability of a wirelessly-accessible target network to intrusion and/or cyber-attack. The system and method are directed at providing discrete, covert and fully-automated wireless access to the target network via one or more wireless access points and to assessing characteristic of the one or more wireless access points and the target network in support of a vulnerability assessment. The hand-held wireless device is configured to collect appropriate data regarding the wirelessly-accessible network, including network and portal scans, and higher-level programmed data collection. The hand-held wireless device is further configured to analyze the collected data and to produce at least a first level vulnerability assessment of the target network without interaction by the user. | 05-23-2013 |
20130133045 | Method for directing requests to trusted resources - The present invention enables an enterprise to move from an implicitly trusted resource pool to an explicitly authenticated resource pool. Trust information is generally conveyed whenever a new resource is added to the pool and trust information is revoked when a resource is removed from the pool or is unable to provide its advertised resources. The dynamic, event driven conveyance of trust information is particularly important in highly virtualized environments where virtual resources are dynamically scaled up and down in response to resource demand. | 05-23-2013 |
20130133046 | SEARCH SERVICE ADMINISTRATION WEB SERVICE PROTOCOL - The embodiments described herein generally relate to a method and system for enabling a client to configure and control the crawling function available through a crawl configuration Web service. A client is able to configure and control the crawling function by defining the URL space of the crawl. Such space may be defined by configuring the starting point(s) and other properties of the crawl. The client further configures the crawling function by creating and configuring a content source and/or a crawl rule. Further, a client defines authentication information applicable to the crawl to enable the discovery and retrieval of electronic documents requiring authentication and/or authorization information for access thereof. A protocol governs the format, structure and syntax (using a Web Services Description Language schema) of messages for communicating to and from the Web crawler through an application programming interface on a server hosting the crawler application. | 05-23-2013 |
20130133047 | INTERWORKJNG BETWEEN FIRSTAND SECOND AUTHENTICATION DOMAINS - To interwork between a first authentication domain and a second authentication domain, a bridge module performs a first authentication procedure in the first authentication domain for a mobile station, wherein the first authentication domain is part of a wireless access network. Based on information collected in the first authentication procedure, the bridge module performs a second authentication procedure is performed, on behalf of the mobile station, in the second authentication domain. | 05-23-2013 |
20130133048 | IDENTITY ASSESSMENT METHOD AND SYSTEM - A method, system and software for assessing an entity ( | 05-23-2013 |
20130139228 | INFORMATION PROCESSING APPARATUS EQUIPPED WITH WIRELESS COMMUNICATION FUNCTION, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - An information processing apparatus capable of effectively preventing an unauthorized access in a manner cooperatively associated with a predetermined security setting of a wireless communication. An information processing apparatus is capable of wireless communication with an external apparatus, receives a job request therefrom, and executes job processing according to the job request. A CPU sets a management setting for managing users who use the information processing apparatus. The CPU receives the job request from the external apparatus via a wireless LAN interface. The CPU determines, when the job request is received, whether or not the wireless communication has been set to a predetermined security setting, and performs control, when it is determined that the wireless communication has not been set to the predetermined security setting, so as to refuse to accept the job request, unless the management setting has been set. | 05-30-2013 |
20130139229 | SYSTEM FOR SHARING PERSONAL AND QUALIFYING DATA WITH A THIRD PARTY - A method for users to share personal and qualifying information with a plurality of third parties. Authenticated users may share personal and qualifying information obtained from a plurality of data repositories comprising of credit data, motor vehicle data, insurance data, criminal data, sex offender data, occupancy data and employment data. The personal and qualifying information may be viewed by a plurality of third parties until the user revokes access at any time. Neither user nor third parties are allowed to alter data. However, users have the option to supply supplemental explanations for data. The method facilitates the development of trust necessary for transactions between two parties comprising of securing housing, obtaining loans, securing employment, etc. | 05-30-2013 |
20130139230 | Trusted Service Management Process - Techniques for providing trusted management services (TSM) are described. According to one aspect of the techniques, a secure element (SE) is personalized via the TSM. A process is provided to personalize an SE with multiple parties involved and orchestrated by a party or a business running the TSM, hence as a trusted service manager (TSM). The TSM brings the parties together to recognize the SE being personalized so that subsequent transactions can be authorized and carried out with a device embedded with the SE. In operation, each of the parties may load a piece of data into the SE, including registration information, various services or application data, and various keys so that subsequent transactions can be carried out with or via an authorized party and in a secured and acknowledgeable manner. | 05-30-2013 |
20130145439 | APPARATUS AND METHOD FOR SECURE STORAGE OF INFORMATION ON A MOBILE TERMINAL - A mobile terminal and method for securely storing private information are provided. The mobile terminal includes a cellular band transceiver for transmitting and receiving radio signals in a cellular band, a controller for controlling operations of the mobile terminal, and a memory for storing programs used by controller for the controlling of the operations of the mobile terminal and data including the private information, the memory including a secure storage area for storing the private information, and a non-secure storage area for storing the non-private information. | 06-06-2013 |
20130145440 | REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE - Described herein are techniques for regulating access to a remote resource using two-factor authentication based on information regarding a host machine of a portable storage drive that stores an operating system that is booted by the host machine. The information regarding the host machine of a portable storage drive may be used as a second factor in a two-factor authentication. Such information regarding the host machine may include, in some embodiments, information retrieved from a secure storage of the host machine, such as from a cryptoprocessor of the host machine. The information may include an identifier for the host machine or may be a user credential pre-provisioned to the host machine to be used in two-factor authentication. | 06-06-2013 |
20130145441 | CAPTCHA AUTHENTICATION PROCESSES AND SYSTEMS USING VISUAL OBJECT IDENTIFICATION - Systems and processes for performing user verification using an imaged-based CAPTCHA are disclosed. The verification process can include receiving a request from a user to access restricted content. In response to the request, a plurality of images may be presented to the user. A challenge question or command that identifies one or more of the displayed plurality of images may also be presented to a user. A selection of one or more of the plurality images may then be received from the user. The user's selection may be reviewed to determine the accuracy of the selection with respect to the challenge question or command. If the user correctly identifies a threshold number of images, then the user may be authenticated and allowed to access the restricted content. However, if the user does not correctly identify the threshold number of images, then the user may be denied access the restricted content. | 06-06-2013 |
20130145442 | SYSTEM AND METHOD FOR PRIVILEGE DELEGATION AND CONTROL - This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges. | 06-06-2013 |
20130145443 | APPLICATION SECURITY SYSTEM AND METHOD - According to an aspect, a computing device includes a processor; a computer readable memory; a display screen; a touch sensitive panel overlying the display screen; and computing device application instructions coded in the computer readable memory and executed by the processor to: display a user-selectable photograph on the display screen, the user-selectable photograph including a group of fiducials, generate captured pattern data, the captured pattern data representing coordinate values on the touch sensitive panel where touched by a user, and provide for authentication of the user based on a comparison of the captured pattern data and respective locations of the group of fiducials included in the user-selectable photograph. | 06-06-2013 |
20130145444 | ELECTRONIC RECEIPT SYSTEM, TERMINAL DEVICE AND METHOD OF PROVIDING ELECTRONIC RECEIPT - An electronic receipt system includes a terminal device, a first memory unit which a first user has, and a second memory unit which a second user who is a trading partner of the first user has. The terminal device includes biometric authentication obtaining means to obtain biometric authentication information of the first user and biometric authentication information of the second user; electronic tally generating means to generate electronic tallies based on the biometric authentication information of the both users; electronic receipt generating means to generate electronic receipts including transaction information of the first user and the second user, the electronic receipts including a first electronic receipt having one of the electronic tallies and a second electronic receipt having another of the relevant electronic tallies; means to store the first electronic receipt in the first memory unit; and means to make the second electronic receipt to be stored in the second memory unit. | 06-06-2013 |
20130152175 | MULTI-INTERFACE MOBILITY - Techniques for providing access to cloud services via a plurality of different network interfaces of a client device. In accordance with one example, during establishment of a communication session between the cloud computing system and the client device, an interface-independent identifier is provided to the client device via a first of the plurality of different network interfaces. Following determination to establish the communication session via the second network interface, the cloud computing system is configured to maintain a virtual environment associated with the communication session for a period of time. A message is received, via a second of the plurality of different network interfaces, from the client device that includes the interface-independent identifier. In response to the received interface-independent identifier, the communication session is re-established with the client device via the second network interface, thereby enabling access to the virtual environment maintained by the cloud computing system. | 06-13-2013 |
20130152176 | SECURE AUTHENTICATION - Apparatus, systems, and methods provide a mechanism to enhance the security of operating client devices with systems controlling secure data. Various embodiments include apparatus and methods to authenticate a communication session between a server and a client device without providing authentication tokens to the client device. Additional apparatus, systems, and methods are disclosed. | 06-13-2013 |
20130152177 | Method and Apparatus for Providing Personal Mobility Features in a Telecommunications Environment - Personal mobility, multiparty control, and device augmentation features are provided within a voice-over-Internet protocol environment, such as a distributed feature composition (DFC) telecommunications architecture. The personal mobility features allow a caller to be identified to a callee using a desired identifier in place of an identifier of the device from which a call is made. Such personal mobility features are made available in multiparty calling environments and after mid-call moves. Device augmentation features provide enhanced calling options to a device that may otherwise be unequipped to provide such options, thus enabling personal mobility and multiparty control features across a wide variety of telecommunications devices. | 06-13-2013 |
20130160095 | METHOD AND APPARATUS FOR PRESENTING A CHALLENGE RESPONSE INPUT MECHANISM - An approach is provided for presenting a challenge response input mechanism on a device. A user receives a challenge (e.g., a CAPTCHA, a password prompt, a login prompt, etc.) when attempting to access a service and/or a resource wherein the user has to provide a response before access to the service or to the resource is granted. Further, one or more applications on the user device and/or at a service provider present a combination dial/slider on the user device whereby the user may interface with the input mechanism for constructing a response to the challenge. | 06-20-2013 |
20130160096 | SYSTEM AND METHOD OF PORTABLE SECURE ACCESS - An access system and method to establish communication with a customer system via a port is provided. The system can comprise a secure access key that can provide a communication link to the port on the customer system, and a footprint module. The footprint module can block connectivity via the port with the customer system unless the footprint module detects the secure access key as having a first authentication to connect to the customer system. A client device can communicate with the secure access key to get a second authentication from the secure access key to create a connection for communication via the secure access key with the customer system. The system can further comprise a user authentication module that requires a third authentication of a user to operate the client device to communicate over the secure connection via the secure access key with the customer system. | 06-20-2013 |
20130167207 | Network Acquired Behavioral Fingerprint for Authentication - A computationally-implemented method, for certain example embodiments, may include, but is not limited to: identifying a network connection coupling a computer server to a computing device; and transmitting, via the network connection, a behavioral fingerprint associated with an authorized user of the computing device, the behavioral fingerprint providing at least one status of the authorized user with respect to the computing device. In addition to the foregoing, other example aspects are presented in the claims, drawings, and written description forming a part of the present disclosure. | 06-27-2013 |
20130167208 | Smart Phone Login Using QR Code - Systems and methods are disclosed for a user to use a mobile device such as a smart phone to scan a QR (Quick Response) code displayed on a login webpage of a website. The QR code may encode a server URL of the website. The mobile device decodes the QR code and transmits a device ID and other decoded information to a service provider. The service provider locates login credentials of the user linked to the device ID and communicates the login credentials to a website server for user authentication. Alternatively, the mobile device may transmit its device ID to the website server for the website server to locate a user account linked to the device ID for user login. Alternatively, the mobile device may transmit stored login credentials to the website server. Advantageously, a user may access a website without the need to provide any login credentials. | 06-27-2013 |
20130174231 | MEDIA EXPOSURE DATA COLLECTION AND SECURITY - Systems and methods are disclosed for securely transferring research data relating to media exposure data, such as radio, television, streaming media and the Internet. A plurality of portable computing devices seek and bond to a collector via Bluetooth in a specific area, such as a household. The collector authenticates itself with each of the portable computing devices and vice versa where the collector arranges a secure research data transfer session with each respective device using exchanged authentication files. As each secure session is made, each portable computing device transmits stored research data during the session. | 07-04-2013 |
20130174232 | SERVICE PROVIDER INVOCATION - A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response. | 07-04-2013 |
20130174233 | SERVICE PROVIDER INVOCATION - A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response. | 07-04-2013 |
20130191885 | SECURE MOBILE INTERFACE ACCESS SYSTEM - A method performed by one or more server devices connected to a mobile device via a network, the mobile device being connected to an electronic device is provided that can include sending, by the one or more server devices and to the mobile device, data initiating a session between the one or more server devices and the mobile device; sending a request for information about the electronic device; receiving the requested information about the electronic device; identifying device credentials for the electronic device and communication protocols for communicating with the electronic device; providing the device credentials for the electronic device and the communication protocols for communicating with the electronic device; automatically gathering information about the electronic device from data stored on the electronic device using the communication protocols and the mobile device; and providing support to the electronic device via the mobile device. | 07-25-2013 |
20130191886 | PROTECTING AUTHENTICATION INFORMATION OF USER APPLICATIONS WHEN ACCESS TO A USERS EMAIL ACCOUNT IS COMPROMISED - An email server provided according to an aspect of the present invention protects authentication information of user applications when access user's email account is compromised. In an embodiment, when an email message directed to a user contains content which provides access to authentication information for accessing a user application implemented external to said email server, the email server requires authentication credentials from the user before providing access to the content. As a result, even if the user's email account is compromised, additional controls are provided to reduce the probability of compromise of access to user applications implemented external to the email server. | 07-25-2013 |
20130191887 | Social network based trust verification Schema - A computationally implemented method includes, but is not limited to: for receiving at a computing device one or more behavioral fingerprints associated with one or more network accessible users; receiving an authentication request at the computing device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and transmitting from the computing device a decision associated with the authentication request, the decision based on a trust verification schema generated by relationally mapping the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 07-25-2013 |
20130191888 | METHOD, APPARATUS, AND SYSTEM FOR SENDING CREDENTIALS SECURELY - A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment, a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed. | 07-25-2013 |
20130191889 | Direct Authentication System and Method via Trusted Authenticators - Fraud and identity theft are enabled by two faulty assumptions about the way that the identity of a person is verified in our society. The first is that someone who demonstrates knowledge of certain items of personal or financial information about a particular person is presumed to be that person. The second assumption, which gives rise to the first assumption, is that these items of information can be kept confidential. Because fraudsters and identity thieves often seek to use their victim's personal and financial information, this invention proposes a direct authentication system and method that does not depend on these assumptions. The proposed method enables businesses to determine whether the customer is truly the person who he says he is by adopting a new “two-factor” authentication technique and authenticating customer's identity utilizing customer's trusted authenticator. A customer's trusted authenticator can be found within the financial services community; in particular, a bank or other financial institution with whom the customer has a trusted relationship, such as a bank account. | 07-25-2013 |
20130191890 | METHOD AND SYSTEM FOR USER IDENTITY RECOGNITION BASED ON SPECIFIC INFORMATION - The invention relates to a method and a system for user identity recognition based on specific information, which involves identifying user temporary unique identification associated with specific information based on the specific information, which represents user access to the internet; acquiring user temporary unique identification and user identity information from a communication network side; and associating the user identity information with the specific information based on the user temporary unique identification, wherein the associated information is used for providing the user identity information to the external. The method and system can associate specific information with user identity information based on user temporary unique identification so as to provide internet applications with the user identity information corresponding to the specific information. The internet applications can thereby carry on subsequent actions, such as analysis of user behavior and precision marketing, and can also process user positioning against network security events. | 07-25-2013 |
20130191891 | AUTOMATIC PROVISIONING OF RESOURCES FOR MEETING COLLABORATION - A method may comprise maintaining by a computer system connected to a network an indication of availability dates and times of one or more output devices connected to the network. The computer system may receive an output device invitation indicating an output device to reserve for a meeting conducted over a conferencing system and determine whether the output device is available for reservation during a date and time period of the meeting. The computer system may be communicating over the network to the output device activation information indicating that the output device is to become active at a predetermined date and time related to the date and time period of the meeting and login information including a credential for the output device to use for logging into the conferencing system for the meeting. | 07-25-2013 |
20130191892 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SECURITY VERIFICATION OF COMMUNICATIONS TO TENANTS OF AN ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for security verification of communications to tenants of an on-demand database service. These mechanisms and methods for security verification of communications to tenants of an on-demand database service can enable embodiments to allow tenants to selectively implement security measures with respect to inbound communications, etc. The ability of embodiments to provide such feature may allow tenants to efficiently and effectively implement security measures for in-bound emails. | 07-25-2013 |
20130198817 | ENABLING SEAMLESS OFFLOADING BETWEEN WIRELESS LOCAL-AREA NETWORKS IN FIXED MOBILE CONVERGENCE SYSTEMS - Methods and apparatus for facilitating access to public wireless access points in a fixed-mobile convergence system. A mobile terminal is pre-provisioned with one or more security parameters corresponding to one or more WLAN access points that the mobile terminal might need to access should a current WLAN access point fail or otherwise become unreachable. The WLAN access points are similarly pre-provisioned with a security parameter corresponding to the mobile terminal. With these pro-provisioned security parameters, the mobile terminal and any one of the potential target WLAN access points conduct an abbreviated authentication process in the event that a switch-over becomes necessary. | 08-01-2013 |
20130198818 | Logout From Multiple Network Sites - Disclosed are various embodiments for logging out from multiple network sites using an authentication client that manages sessions for the network sites. Account data is maintained for multiple accounts of a user for multiple network sites. The account data includes a respective security credential for each of the accounts. An authentication client automatically authenticates with multiple authentication services corresponding to multiple network sites using multiple accounts in response to the user accessing each network site. A respective session is established for each network site. A logout is performed by ending each one of the sessions. | 08-01-2013 |
20130198819 | EFFICIENTLY THROTTLING USER AUTHENTICATION - In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination. | 08-01-2013 |
20130198820 | SYSTEM FOR MANAGING USED RESOURCES IN GUEST ROOM - Disclosed is a system for managing a guest room. The system for managing a guest room includes a guest room management server and a terminal The guest room management server, which is connected to the terminal, controls the resource control device in order to provide resources such as electricity, water, gas, and wireless/wired network to the guest room associated with the terminal. The guest room management server checks the connectivity of the terminal, and stops the supply of resources to the guest room when the terminal is disconnected. The terminal receives information on the cost or the volume of the resources used during the period that the terminal was connected. The user can easily see the information on the resources that have been used while using the guest room, which reduces the chance of disputes related to the cost of the resources used. | 08-01-2013 |
20130212653 | SYSTEMS AND METHODS FOR PASSWORD-FREE AUTHENTICATION - Various systems and methods for implementing password-free authentication are described herein. A request to access a network resource is received at a server, from a client device. The request is verified, and an authentication reservation is created for the device, with the authentication reservation allowing the device to access the network resource. Later, when an attempt to access the network resource is received, the attempt is granted access to the network resource in response to matching information contained in the attempt with information stored in the authentication reservation. | 08-15-2013 |
20130212654 | SYSTEM AND METHODS FOR PROFILING CLIENT DEVICES - Systems and methods are provided for providing generating and managing profiles. Such systems and methods may be implemented to control access to a function of a web server or site based on a level of trust associated with a user or device profile. According to one exemplary method, session information associated with a request to access a function of a web server is identified. At least one processor determines whether the request is associated with a trusted device profile based on the at least the session information. Access to the requested function is provided when the request is associated with a trusted device profile. | 08-15-2013 |
20130212655 | EFFICIENT PREVENTION FRAUD - This disclosure is directed to methods and systems for managing difficulty of use and security for a transaction. A transaction manager operating on a computing device may determining a range of possible steps for a transaction comprising security measures available for the transaction. The transaction manager may identify a threshold for a security metric to be exceeded for authorizing the transaction, the security metric to be determined based on performance of steps selected for the transaction. The transaction manager may select for the transaction at least one step from the range of possible steps, based on optimizing between (i) a difficulty of use quotient of the transaction from subjecting a user to the at least one step, and (ii) the security metric relative to the determined threshold, the optimization including a preference for inclusion of a step for liveness detection or biometric deterrence if available. | 08-15-2013 |
20130219477 | TRANSPARENT CLIENT AUTHENTICATION - A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key. If they correspond, then the client is authenticated. | 08-22-2013 |
20130227657 | COMMUNICATION WITH A WEB COMPARTMENT IN A CLIENT APPLICATION - A secure communication method between a web compartment and a client application can allow network updates to be used for a client application. For example, a secure communication method can allow predefined operations to be carried out on a client machine. An example web compartment can include an iframe tag and the communication can be a string command, such as by using a postmessage API. Such a structure allows some user interface elements to be supplied from a client device and other user interface elements to be supplied a server computer. | 08-29-2013 |
20130227658 | OPENID/LOCAL OPENID SECURITY - Identity management, user authentication, and/or user access to services on a network may be provided in a secure and/or trustworthy manner, as described herein. For example, trustworthy claims may be used to indicate security and/or trustworthiness of a user or user device on a network. Security and/or trustworthiness of a user or a user device on a network may also be established using OpenID and/or local OpenID, a secure channel between a service and the user device, and/or by including a network layer authentication challenge in an application layer authentication challenge on the user device for example. | 08-29-2013 |
20130227659 | AUTOMATED DEVICE PROVISIONING AND ACTIVATION - A method and a network system for storing a plurality of device credentials associated with a device group comprising a plurality of wireless devices managed by an entity that is different from a network system operator, each of the plurality of device credentials associated with a different wireless device, each wireless device of the device group coupled or capable of being coupled to the network system over a wireless access network; providing a secure interface configured to assist the entity in creating or modifying at least a portion of a device-group service policy associated with the device group, the device-group service policy configured to assist the network system in controlling, monitoring, or accounting for device-group communications over the wireless access network; provisioning one or more elements based on the device-group service policy; identifying the device-group communications; and applying the device-group service policy based on the identified device-group communications. | 08-29-2013 |
20130227660 | REGISTRATION SERVER, GATEWAY APPARATUS AND METHOD FOR PROVIDING A SECRET VALUE TO DEVICES - The present invention relates to auto-provisioning of authentication data for client devices. A registration server includes a gateway determination unit, which is configured to determine a gateway apparatus transferring a request signal from a device, and a processing unit. The processing unit is configured to transmit a first signal including a token and first access information of the gateway apparatus to the device if an identifier of the gateway apparatus is stored on the server, and to transmit a second signal indicating a positive response to the gateway apparatus when it obtains the token and the identifier based on a third signal received in response to the first signal. The gateway apparatus sends the secret value to the device when it receives the second signal. | 08-29-2013 |
20130232561 | COMMON DATA MODEL AND METHOD FOR SECURE ONLINE SIGNUP FOR HOTSPOT NETWORKS - Embodiments of a subscription server and method for secure online signup with a common data model for Hotspot networks are generally described herein. In some embodiments, the subscription server is configured to generate and store a subscription management object (MO) that includes a plurality of nodes that define a subscription that has been provisioned for service by a wireless service provider. The subscription MO may include a home operator node that specifies home-operation information for an associated subscription and a credentials node that includes credentials for the associated subscription. The subscription MO may optionally include a policy node that identifies operator policy for the associated subscription and a subscription management node that identifies subscription management parameters for the associated subscription. | 09-05-2013 |
20130232562 | MULTI-FACTOR AUTHENTICATION ENROLLMENT OPTIMIZATION METHOD AND APPARATUS - A method and system for the identification of a user is provided by collecting a series of user enrollment data from a series of user inputs; calculating a user profile from the series of user enrollment data and additional user data, the additional user data being randomly selected user enrollment data from the series of user enrollment data; comparing a post-training user login to the user profile; updating the user profile with data from the post training user login if the post-training login is consistent with the user profile; repeating the comparing and the updating for each successive post training user login. | 09-05-2013 |
20130239185 | METHOD AND SYSTEM FOR USING SOCIAL NETWORKS TO VERIFY ENTITY AFFILIATIONS AND IDENTITIES - Login credentials for at least one website, such as a social networking website, are received from a user purporting to act on behalf of an entity, for example, in the context of registering the entity with a system for electronic bill payment. Social data relating to the entity is retrieved from the websites using the login credentials. The social data comprises a plurality of social connections, each reflecting a respective relationship between the entity and a respective third party. A plurality of relevant social connections comprising at least a subset of the plurality of social connections is determined, each social connection of the plurality of relevant social connections reflecting a relationship to a respective third party that is deemed to be reliable. A reliability rating of the entity is then determined based on the plurality of relevant social connections. | 09-12-2013 |
20130239186 | GLOBAL SECURE SERVICE PROVIDER DIRECTORY - Systems and methods enable members of a secure transaction network to readily identify the appropriate trusted service manager (TSM) to support a particular transaction. A global directory of TSM providers is provided that a secure service provider can use for determining which TSM provider is the authorized manager of a security domain for the particular transaction. In aspect the directory of TSM providers may be stored within a mobile device secure element. In another aspect, the directory of TSM providers may be stored in a central TSM repository. In a further aspect, the directory of TSM providers may be distributed among a number of secondary TSM repositories. The appropriate TSM may be identified based upon a secure element identifier and an application identifier provided by a secure element as part of the transaction. Communication of the identifiers from mobile devices may be via cellular or near field communication links. | 09-12-2013 |
20130247157 | METHOD OF CONNECTING A DEVICE TO A NETWORK USING DIFFERENT SERVICE PROVIDERS - The present invention comprises a method and apparatus for simplifying the process of access to a network for a roaming computer user, divides the responsibility of servicing a given user wanting to access the network between multiple parties wanting to access the network between multiple parties and minimizes the possibility of improper dissemination of email header data as well as improper use of network resources (including server systems) by non-clients. | 09-19-2013 |
20130254854 | INDIVIDUAL AND INSTITUTION VIRTUALIZATION MECHANISMS - A virtualization capability is adapted support virtualization for an individual or an institution. The virtualization for an individual or an institution may be provided using mappings of real information to virtual information. The virtualization for an individual or an institution may be used to support secure communications by the individual or an institution (e.g., electronic communications, non-electronic communications, or the like). The virtualization for an individual or an institution may include various types of E.164 Number Mapping (ENUM) virtualization, such as user ENUM virtualization, infrastructure ENUM virtualization, private ENUM virtualization, enterprise ENUM virtualization, and the like. The virtualization for an individual or an institution may include virtualization for online transactions in a manner that hides real information associated with the individual or an institution (e.g., name, mailing address, or the like) from the online vendor. The virtualization for an individual or an institution may include other types of virtualization. | 09-26-2013 |
20130254855 | DYNAMIC RENDERING OF A DOCUMENT OBJECT MODEL - The present application relates to a computer having a processor configured to execute a set of instructions to render a customised version of a restricted document object model. A restricted element in a document object model is identified and at least one rule associated with the restricted element is accessed. The at least one rule is applied to the restricted element to generate a modified document object model which is then rendered. A related computer-implemented method is also covered by the present application. The present application relates to server-side authentication techniques; content filtering based on user-specific and context-based requirements; and audit trail techniques. | 09-26-2013 |
20130263233 | DATA ACCESS AND CONTROL - A data access and control system and method for sourcing data to one or more software as a service (SaaS) providers. Certain embodiments include an interface engine coupled to one or more SaaS providers through a network, and further operable to service requests for data operations from the SaaS providers. The service requests may include a request for data from the user-controlled structured data store or a request to store data in the user-controlled structured data store. The user-controlled data store may be local to the user or in a remote location. User-control of data provides additional security because the SaaS provider does not keep control of the data. Certain embodiments include encryption through the use of a cipher or a key, which may be provided from a third party. The ciphers may be dynamically changed for different files. Other embodiments include operations on a mobile computing device. | 10-03-2013 |
20130263234 | Cross Access Login Controller - A method of controlling access to a network, the method comprising storing in a data repository first identifying detail relating to a second type of connection and associating the details with respective base credential relating to a first type of connection, and granting a request to access to network via second type of connection, the request comprises a second identifying detail, if correlation is found between the second identifying detail and the first identifying detail. | 10-03-2013 |
20130269007 | AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, SERVICE PROVIDING SERVER, AUTHENTICATION METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - An authentication system | 10-10-2013 |
20130276073 | Systems and Methods for Providing Secure Communications for Transactions - Embodiments of the present invention provide systems and methods for providing secure communications. One aspect of an embodiment of the invention creates a virtual private connection to a remote server or network utilizing a connection server and at least one direct connection between a client device and the remote server, without utilizing the Internet. In another aspect of an embodiment of the present invention, a client operating system is taken over by a vertical function operating system to service the communication with the remote server. Still another aspect of an embodiment of the present invention comprises a client device establishing a connection with a remote server through a connection server and at least one direct connection, shutting down a first operating system, starting up a second secure operating system, and launching an interface application with the second operating system to conduct electronic transactions with the remote server. | 10-17-2013 |
20130276074 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths. | 10-17-2013 |
20130276075 | Secure Peer-to-Peer Network Setup - Apparatuses for peer-to-peer network setup are presented. In one embodiment, an apparatus comprises a wireless processing unit to communicate with a master device. The wireless processing unit is operable to receive encoded data in a two-dimensional (2D) barcode. The encoded data comprise at least user information associated with the master device including a user identifier, a device identifier, or both. The encoded data further comprise network information including a network identifier, a password, and a profile lifetime value. In one embodiment, the apparatus further comprises a display unit to display at least part of the user information and the network information to a user. The wireless processing unit is operable to initiate a peer-to-peer network setup with the master device based at least on a response from the user. | 10-17-2013 |
20130276076 | MOBILE DEVICE AND METHOD FOR SECURE ON-LINE SIGN-UP AND PROVISIONING FOR WI-FI HOTSPOTS USING SOAP-XML TECHNIQUES - Embodiments of a mobile device and method for secure on-line sign-up and provisioning of credential for Wi-Fi hotspots using SOAP-XML techniques are generally described herein. Techniques for subscription remediation using SOAP-XML techniques are also generally described herein. In some embodiments, the mobile device may be configured to establish a transport-layer security (TLS) session with a sign-up server through a Wi-Fi Hotspot to receive a certificate of the sign-up server. When the certificate is validated, the mobile device may be configured to exchange device management messages with the sign-up server to sign-up for a Wi-Fi subscription and provisioning of credentials, and retrieve a subscription management object (MO) that includes a reference to the provisioned credentials for storage in a device management tree. | 10-17-2013 |
20130283358 | CONVENIENT WIFI NETWORK ACCESS USING UNIQUE IDENTIFIER VALUE - A WiFi network manager stores a unique identifier value such as a network address associated with a communication device as being a valid credential for the communication device to subsequently access a WiFi network including one or more access points. The WiFi network manager monitors use of the unique identifier value to access the WiFi network. In response to detecting misuse of the unique identifier value by two or more communication devices using the unique identifier value to use the WiFi network, the WiFi network manager at least temporarily prevents access to the WiFi network. | 10-24-2013 |
20130283359 | ESTABLISHING ACCESS CONTROLS IN A PREMISE-BASED ENVIRONMENT - Establishing access controls includes establishing a communication session between an unrecognized user identity of a user device and a destination system through an online access provider device that provides the user device with access to the destination system. The communication session is established from a premise having associated therewith one or more user identities that are recognized by the online access provider device, with at least two of the recognized user identities being associated with different access control levels. An access control level to apply to communications between the unrecognized user identity of the user device and the destination system is determined by applying an access control level established for one of the recognized user identities. The determined access control level is applied to communications between the unrecognized user identity of the user device and the destination system. | 10-24-2013 |
20130291073 | MULTI-STACK SUBSCRIBER SIGN ON - A system includes a multi-stack subscriber, a gateway, and a web portal. The web portal determines whether the subscriber is authenticated to access the Internet using a first Internet Protocol by receiving logon information from the subscriber. The subscriber requests to access the Internet using a second Internet Protocol. The gateway and/or the web portal determine whether the subscriber is authenticated to access the Internet using the second Internet Protocol without sending a second logon to the subscriber. | 10-31-2013 |
20130291074 | WIRELESS SECURITY CONFIGURATION - An apparatus, method and computer-readable storage medium to efficiently connect to wireless access point(s). An electronic device may capture coded information. The coded information may include a security key to connect to a wireless access point, and the coded information may be an image, an audio clip, or a video. The coded information may be a Quick Response Code. The coded information may be captured from a display of a second electronic device. The second electronic device may include the wireless access point. | 10-31-2013 |
20130291075 | METHOD AND SYSTEM FOR NETWORK ACCESS CONTROL - An apparatus may include a transceiver and a processor circuit coupled to the transceiver. The apparatus may also include a local packet data network access module operable on the processor circuit to schedule for transmission from the transceiver to a mobility management entity (MME) a request from a user equipment (UE) for access to a local network, to generate a request for authentication to be sent to the UE, and to receive authentication information sent in response to the request for authentication. Other embodiments are disclosed and claimed. | 10-31-2013 |
20130305324 | Incremental Password Barriers to Prevent Malevolent Intrusions - According to one embodiment of the present invention, an approach is provided that, when an incorrect password during a sign-on attempt at a password prompt included in a sign-on barrier to a restricted resource (such as a locked mobile telephone), incrementally increases the sign-on barrier. The increased sign-on barrier includes can include additional prompts and/or a time delay. If subsequent responses match expected responses, then access to the restricted resource is provided to the user. However, if any of the subsequent responses fail to match a corresponding expected response, then access to the restricted device continues to be denied. Subsequent responses include further attempts at entering a correct password. | 11-14-2013 |
20130305325 | Methods for Thwarting Man-In-The-Middle Authentication Hacking - Methods for user authentication over unsecured networks are provided. Such methods rely on the user having one or two electronic devices, comprising two unique network addresses, and the methods seek to verify that the two network addresses are linked to geographic locations that are proximate to one another at the time of the authentication. Location information reported from user devices is not employed, rather, third-party resources are queried about each network address. A man-in-the-middle attack is suggested whenever the two geographic locations are not within a reasonable proximity of one another. | 11-14-2013 |
20130305326 | SECURE COMMUNICATION OF DISTRIBUTED RUBY REQUESTS - Various embodiments of systems and methods for providing a secure communication are described herein. A client application generates a Distributed Ruby (DRb) request based on a request received from a user. The obtained DRb request is wrapped to obtain an HTTPS request, which includes the DRb request and one or more authentication information. The generated HTTPS request is forwarded to an HTTPS server, which verifies the HTTPS request based on the authentication information. The HTTPS request is then unwrapped to obtain the DRb request, which is executed by a DRb server to obtain a result of execution of the DRb request. | 11-14-2013 |
20130305327 | METHOD AND APPARATUS TO ASSIST USER INPUT BASED ON A MOBILE TERMINAL BROWSER - The present invention discloses a method and apparatus for assisting user input based on the mobile terminal browser, including: storing login authentication information entered by a user when the user logs in a website for a first time from a mobile terminal; after determining that a current page in the mobile terminal browser is a login page and the user logs in after the first time, loading the stored authentication login information to the current login page; receiving the login authentication trigger information; encapsulating the loaded login authentication information of the current login page; and generating a login request for login authentication by a website corresponding to the current login page. By using the disclosed method and apparatus, the number of times the user is required to enter the username and password can be reduced, and the amount of time for the user to access Internet websites can be reduced. | 11-14-2013 |
20130312070 | METHOD AND APPARATUS FOR A MULTI-PARTY CAPTCHA - In accordance with an example embodiment of the present invention, a method comprising: receiving at least one request for generating a challenge from at least one device; generating the challenge with at least two components; transmitting component of the challenge to the at least one device; causing presentation of at least part of the challenge to at least two users; causing communication between said at least two users; and receiving at least two responses to the challenge from the at least one device. Related apparatus and computer program product are also described. | 11-21-2013 |
20130318577 | TRUSTED APPLICATION MIGRATION ACROSS COMPUTER NODES - An embodiment includes a secure and stable method for sending information across a compute continuum. For example, the method may include executing an application (e.g., video player) on a first node (e.g., tablet) with a desire to perform “context migration” to a second node (e.g., desktop). This may allow a user to watch a movie on the tablet, stop watching the movie, and then resume watching the movie from the desktop. To do so in a secure and stable manner, the first node may request security and performance credentials from the second node. If both credential sets satisfy thresholds, the first node may transfer content (e.g., encrypted copy of a movie) and state information (e.g., placeholder indicating where the movie was when context transfer began). The second node may then allow the user to resume his or her movie watching from the desktop. Other embodiments are described herein. | 11-28-2013 |
20130326596 | APPARATUS AND METHODS FOR PROVIDING AUTHORIZED DEVICE ACCESS - Methods, apparatus, and systems are described for providing an accessor device an access credential to interact with a device resource on an accessee device. An authorization entity having a trust relationship with the accessee device, or a linked subordinate authorization entity, generates the access credential. The access credential includes a modification detection indicator, at least one access privilege, and an accessor public key. The at least one access privilege corresponds to at least one device resource on the accessee device. The authorization entity forwards the access credential to the accessor device, which presents the access credential to the accessee device for authentication. Once authenticated, the accessee device grants access to one or more device resources, and controls requests to insure they are within the scope of the at least one access privilege. | 12-05-2013 |
20130326597 | AUTHENTICATION SYSTEM, INFORMATION REGISTRATION SYSTEM, SERVER, PROGRAM, AND AUTHENTICATION METHOD - The authentication system includes a plurality of user terminals that are used by the same user, and a server capable of communicating with the plurality of user terminals. A user terminal transmits, to the server, an identification ID of the user terminal, a first code that is used in common in the plurality of user terminals, and a second code that was encrypted using the first code. The server is configured to decrypt the encrypted second code using the first code, and perform authentication of the user terminal using the identification ID and the decrypted second code. The server, upon receiving a second code that is not encrypted from one of the plurality of user terminals, transmits the second code that was encrypted using the first code to the one of the user terminals. | 12-05-2013 |
20130326598 | SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR MESSAGE AUTHENTICATION TO SUBSCRIBERS OF AN INTERNET SERVICE PROVIDER - An internet service provider (ISP) is configured to provide notification messages such as service updates to subscribers via redirected web pages. In order for the web pages to be treated as originating from the ISP, the ISP provides a shared secret in the browser message. The shared secret may be a secret not derivable by viruses or trojans in the subscriber computer, such as a MAC address of the subscriber modem. | 12-05-2013 |
20130333002 | DYNAMIC AUTHENTICATION IN ALTERNATE OPERATING ENVIRONMENT - Systems and methods that employ dynamic credentials across distinct authentication standards can be used to reduce the burden associated with repeated re-authentication. A utility can be employed during logon in an alternate operating environment that stores information from the logon dynamically and generates a credential file that is employed to grant access to a resource without repeating the earlier logon procedure, even if the device changes its user state. After processes requiring resource access are complete, or when an allowed time expires, the granted access is revoked and the device returns to a default or standard authentication technique. | 12-12-2013 |
20130333003 | SYSTEMS AND METHODS FOR IMPLEMENTING MULTI-FACTOR AUTHENTICATION - A computer-implemented method for implementing multi-factor authentication may include 1) receiving, as part of a secondary authentication system, an authentication request from a client system, 2) redirecting the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request, 3) receiving an assertion of the first authentication from the client system that demonstrates that the first authentication was successful, and 4) performing a second authentication with the client system in response to receiving the assertion of the first authentication. Various other methods, systems, and computer-readable media are also disclosed. | 12-12-2013 |
20130333004 | CLIENT COMPUTER, REMOTE CONTROL SYSTEM, AND REMOTE CONTROL METHOD - A client computer that is connectable to a host computer by a network, includes a communication part to communicate with the host computer; a user input part; a system part to perform a function depending on an application; and a controller to control the system part to be put into a locking state to stop performing operations input by a user from the user input part if a locking signal is received from the host computer through the communication part, and to control the communication part to unlock the locking state if an unlocking signal is received from the host computer through the communication part. | 12-12-2013 |
20130333005 | CLOUD SERVICE SYSTEM BASED ON ENHANCED SECURITY FUNCTION AND METHOD FOR SUPPORTING THE SAME - The present invention relates to cloud service supporting technology. Particularly, a cloud service system based on an enhanced security function includes a terminal that includes a trusted platform therein and is configured to perform security authentication based on encrypted information provided by the trusted platform, to perform normal authentication based on preregistered ID and password information, and to use a cloud service according to the security authentication and the normal authentication, and a cloud service apparatus that is configured to provide the cloud service to the terminal after completing the security authentication and the normal authentication with the terminal that includes the trusted platform therein. The service apparatus, the terminal, and a method for supporting them are also disclosed. | 12-12-2013 |
20130340052 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER AND DEVICE - Systems and methods for authenticating a user request for authentication are provided. An authentication device that may be part of such a system includes a network interface component coupled to a network and configured to receive at least one data packet having authentication information including at least a username of a user and user credentials. The device also includes a memory coupled to the network interface component and configured to store the received authentication information, one or more instructions for authenticating the user, and account information of the user. The device further includes one or more processors configured to analyze the received information, calculate a score based on the received information, determine a threshold, compare the calculated score with the determined threshold, and authenticate the user and a device from which the data packet is received if the calculated score is greater than or equal to the determined threshold. | 12-19-2013 |
20130340053 | PASS THROUGH SERVICE LOGIN TO APPLICATION LOGIN - Pass through service login for an application can include receiving, within a client system, a credential from a Web-based service responsive to a successful authentication of a user of the client system to the Web-based service. The user can be logged into the application executing within the client system using the credential. | 12-19-2013 |
20130340054 | CREDENTIAL COLLECTION IN AN AUTHENTICATION SERVER EMPLOYING DIVERSE AUTHENTICATION SCHEMES - An aspect of the present invention facilitates flexible credential collection in an authentication server employing diverse authentication schemes. In an embodiment, an access manager in the authentication server determines that an authentication scheme is to be used for allowing access to a resource requested by a user. A custom module (implementing the authentication scheme) in the authentication server then sends to the access manager commands indicating corresponding sets of credentials to be collected. The access manager, in response to receiving each command, collects the corresponding credentials from the user and checks whether the collected credentials authenticates the user. The custom module sends each command after the checking of the previously collected credentials. Accordingly, a developer of the custom module is enabled to request for and to perform the authentication of the user based on different sets of credentials. | 12-19-2013 |
20130340055 | CENTRALIZED USER AUTHENTICATION SYSTEM APPARATUS AND METHOD - An identification module receives a password request for a specified user and communicates an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user. The present invention also teaches an authentication module that communicates the password request to the identification module and receives the encrypted password field therefrom. Upon receiving the encrypted password field, the authentication module authenticates the specified user against the referenced directory object. In some embodiments, the encrypted password field is stored in an identification data store of an identification server and the directory object is stored in an authentication data store of an authentication server. | 12-19-2013 |
20130340056 | VOICE-CAPABLE SYSTEM AND METHOD FOR AUTHENTICATION USING PRIOR ENTITY USER INTERACTION - A system and method for use with a voice-capable system, includes but is not limited to a method including accessing by the voice-capable system of one or more entities computationally networked to the voice-capable system, obtaining one or more user interactions with the one or more entities and generating an authentication session using the one or more user interactions with the one or more entities. | 12-19-2013 |
20130347083 | LENGTH MODULATED OVER-THE-AIR NETWORK SETUP - A system that includes a transceiver, a memory, and a controller coupled to the memory. The transceiver is configured to receive a first plurality of packets from a wireless node. The memory is configured to store a packet length for each of the first plurality of packets. The controller is configured to determine network access credential information for a network supported by a wireless access point based on the packet length for each of the first plurality of packets. | 12-26-2013 |
20140007203 | Web-Based Security Proxy for Computing System Environment Scanning | 01-02-2014 |
20140007204 | Web-Based Security Proxy for Computing System Environment Scanning | 01-02-2014 |
20140013404 | Trust Metrics on Shared Computers - In one embodiment, a method includes receiving data uniquely identifying a particular user to the verification authority and a request to access a shared device. The shared device being configured for use by at least a number of users. The method also includes accessing a social graph of the particular user to determine whether one or more users in the social graph have previously accessed the shared device; and displaying on a display of the mobile device information indicating which of the users in the social graph have previously accessed the shared device. | 01-09-2014 |
20140013405 | METHODS AND SYSTEMS FOR IMPROVING THE ACCURACY PERFORMANCE OF AUTHENTICATION SYSTEMS - A method for improving the accuracy performance of authentication systems includes determining an authentication data requirement for a desired transaction and at least one new verification phrase. The method also includes capturing authentication data from a user with a communications device in accordance with the authentication data requirement, and capturing biometric data of the at least one new verification phrase from the user with the communications device. Moreover, the method includes adding the determined at least one new verification phrase to an enrollment phrase registry and storing the biometric data captured for the at least one new verification phrase in an enrollment data record of the user after successfully authenticating the user. | 01-09-2014 |
20140013406 | EMBEDDED SECURE ELEMENT FOR AUTHENTICATION, STORAGE AND TRANSACTION WITHIN A MOBILE TERMINAL - Various embodiments of the present invention relate to incorporating an embedded secure element into a mobile device, and more particularly, to systems, devices and methods of incorporating the embedded secure element into a mobile device for identity authentication, data storage and processing in trusted transactions. These trusted transactions require a high security level to protect sensitive data or programs in bank account management, purchasing orders, contactless payment, passport verification, and many other high-security applications. The secure element will provide a root of trust such that that applications running on the mobile device are executed in a controlled and trusted environment. In addition to conventional password or encryption protection, alternative security features are introduced from both software and hardware levels based on the embedded secure element. Therefore, the security level of the mobile device is not only enhanced, but also may potentially exceed that of the conventional POS terminals. | 01-09-2014 |
20140020070 | USER DEVICE SECURITY MANAGER - Systems and methods are disclosed to authenticate and authorize a user for web services using user devices. In various embodiments, a method may comprise: identifying, by a user device security manager executing at a user device corresponding to a user of a web service, a first request issued from an application to access remote resources associated with the web service, the application executing at the user device and separate from the user device security manager; acquiring, by the user device security manager, security information of the application in response to the identifying of the first request, the security information including at least one of an application identification, an access scope or a nonce of the application; and transmitting a second request from the user device security manager to the web service to authenticate the application by the web service based, at least in part, on the application identification. | 01-16-2014 |
20140033284 | METHOD FOR USER AUTHENTICATION - A method for verifying an identity of a user includes (a) receiving a request for an identification phrase from a user associated with a user account; (b) selecting the phrase from a pool of phrases and associating the phrase with the user account; (c) sending the phrase to the user; (d) receiving a video recording showing a person reading one or more phrases aloud, and (e) verifying that a phrase read by the person in the video recording corresponds to the selected phrase. A third party may desire verification of the user's identity. The method confirms to the third party the user's identity based on whether or not the phrase read aloud in the video recording matches the randomly selected phrase associated with the user account. | 01-30-2014 |
20140040997 | SELF-DELETING VIRTUAL MACHINES - Securing a virtual machine to be executed on a host machine is accomplished by authenticating, by the virtual machine during an initial boot routine, an identity of the host machine. If the identity does not match a predetermined value, then authenticating the identity of the host machine fails and data associated with the virtual machine is deleted. | 02-06-2014 |
20140040998 | PROVIDING AN OPERATIONAL DASHBOARD - Systems, methods, and devices for providing an operational dashboard are described herein. One method includes receiving operational data associated with a system, receiving credentials associated with a user of a user device including a number of display elements configurable by the user, and determining a particular portion of the operational data to provide to the user via the display elements of the user device based, at least in part, on the credentials. | 02-06-2014 |
20140040999 | HYBRID MULTI-TENANCY CLOUD PLATFORM - Technologies are presented for a hybrid cloud-based service model combining separate database/separate schema, shared database/separate schema, and shared database/shared schema architectures suitable for serving multiple tenants while addressing varying security needs. Roles and security level needs of different tenants may be determined based on tenant declaration or inference from tenant attributes. Tenants may then be assigned to suitable clouds or sub-clouds based on their security level needs. In some examples, a claims-based access control authorization model such as federation may be employed to support interactions between the three different types of clouds or sub-clouds under the umbrella of a single cloud-based service provider while maintaining application and data security. | 02-06-2014 |
20140041000 | ENHANCED 2CHK AUTHENTICATION SECURITY WITH INFORMATION CONVERSION BASED ON USER-SELECTED PERSONA - A server is operated to securely convey information to a user via a network by receiving, from the user, a user selected presentation form representing one of a user selected specific voice and a user selected specific background image. Information for presentation to the user is received from another user and incorporated into the user selected presentation form. The information incorporated in the user selected presentation form is transmitted to the user via the network for presentation to the user. | 02-06-2014 |
20140047516 | CACHE SHARING OF ENTERPRISE DATA AMONG PEERS VIA AN ENTERPRISE SERVER - A method, system and computer program product for performing cache sharing of enterprise data among peer mobile devices. An enterprise server receives a request from a mobile device for enterprise data. Upon identifying peer mobile device(s) that store the requested enterprise data, the enterprise server selects one of these peer mobile devices to provide the requested enterprise data based on an algorithm. A message is sent to the selected peer mobile device from the enterprise server to provide the requested enterprise data to the requesting mobile device, where the message includes connection details as well as a key that uniquely identifies the requested enterprise data that is stored in a cache of the peer mobile device. In this manner, the enterprise data may be shared in a robust and transparent manner while at the same time providing the enterprise control over the dissemination of the enterprise data. | 02-13-2014 |
20140047517 | HYBRID NETWORK APPLICATION ARCHITECTURE - A hybrid-model network application includes a native component that provides user-level access to features of a networked computing device and a web client component that provides access to web services of a server. The network application causes the networked computing device to receive content from the server. The content includes user interface content to be rendered by the web client component and code content associated with the user interface content that uses a native function of the networked computing device. The content is displayed in a user interface by way of the web client component. A request, associated with the code content, is received from a user interacting with the user interface. The device handles the request for use of the native function by the native component. | 02-13-2014 |
20140047518 | Secure Portable Store for Security Skins and Authentication Information - A security component may be associated with a network-enabled application. The security component may access a secure store, which may include customization information, which may include one or more graphical user interface customizations defined by a user, and one or more instances of card information. The card information may specify how to authenticate a user's credentials to access a relying party (e.g., web site). The security component may initiate the display of an embedded region of a window drawn by the network-enabled application. At least a part of the appearance of the embedded region of the window may be defined according to the customization information and not by the relying party. The embedded region may provide a user interface for determining user authentication credentials. The customization information and the one or more instances of card information may not be accessible to the relying party. | 02-13-2014 |
20140047519 | Authentication using a Wireless Mobile Communication Device - An authentication scheme may be used to decide whether to permit access to a user account access to which is controlled by a network resource server. An initial portion of a password is received at a mobile communication device, and a remaining portion of the password is received at a password client installed in or otherwise coupled to the network resource server. The initial portion is communicated from the mobile communication device to the network resource server, where it is passed to the password client, which combines it and the remaining portion to produce a complete password. A value calculated by the password client from the complete password is sent to a password server, which generated the password and sent the initial portion and remaining portion. If the value matches a value calculated by the password server from the complete password in the same manner, authentication has succeeded. | 02-13-2014 |
20140053250 | Access to Web Application via a Mobile Computing Device - Technology is described for allowing access to a web application using a mobile computing device. The method can include obtaining a secure user identifier associated with the mobile computing device as confirmed by a secure wireless network. A hardware device identifier can be retrieved from the mobile computing device. Physical location coordinates can be identified for the mobile computing device. The user identification, hardware device identifier and the physical location can be sent to a web server. Another operation can be enabling access to the web application based on the secure user identifier, a hardware device identifier and correct physical location coordinates as defined by the web application. | 02-20-2014 |
20140059658 | PRIVACY BROKER - A brokered authentication request is received corresponding to an interaction between a particular user and a particular online entity. An identity provider corresponding to the particular user is identified that stores user data identifying the particular user. Confirmation is received that the identity provider has authenticated the particular user to a user profile maintained by the identity provider and a unique persistent user identifier is generated for the particular user that is unique within a system to a pairing of the first user with the first entity. The user identifier is caused to be communicated to the first entity for authenticating the first user in interactions with the first entity. | 02-27-2014 |
20140059659 | SYSTEM AND METHOD FOR AUTHENTICATING MANUAL INTERACTION IN A COMPUTING ENVIRONMENT - The present invention relates to a system and method for providing a secure manual interaction with one or more electronic devices in a network. An authentication module generates an authentication task to a user to input data using a user interface. The data is processed and a second security module generates security tasks to be responded by the user such that the security tasks are generated in real-time by using the input data fed by the user. A verification module correlates the input data with the security tasks responded by the user in order to check the data integrity before completing the interaction. | 02-27-2014 |
20140059660 | Controlling Access to an Accessible Object with an Online Access Control List - Software on a router receives configuration data that specifies a social networking service as a source for authentication according to an authentication protocol. Subsequently, the router software receives packet data from a client device for a destination other than the social networking service. The router software causes software on the client device to display a login view for the social networking service. The router software transmits the login data entered in the login view to the social networking service. And the router software receives an authorization code following a successful login by a user identified on an access control list (ACL). Then the router software transmits the packet data to the destination. | 02-27-2014 |
20140059661 | MANAGEMENT DEVICE, COMPUTER-READABLE RECORDING MEDIUM, AND MANAGEMENT METHOD - A management device includes an authentication unit and a control unit. If authentication information is received from a first device, the authentication unit included in the management device authenticates the received authentication information by using multiple pieces of authentication information that are stored in the first storing unit. If the authentication performed by the authentication unit is successful, the control unit included in the management device executes a login to the second device by using a single piece of login information that is stored in the second storing unit. | 02-27-2014 |
20140068725 | Wireless Pairing and Communication Between Devices Using Biometric Data - In a first implementation, a host determines to pair with a device and transmits biometric data for a user to the device. The device receives the transmitted biometric data and compares such to device biometric data to determine whether or not to pair with the host and/or what data stored by the device to allow the host to access. The host then accesses data of the device to which the device has allowed access. In another implementation, a device determines to pair with a host and transmits biometric data for a user to the host. The host receives the transmitted biometric data and compares such to device biometric data to determine whether or not to pair with the device and/or what data stored by the host to allow the device to access. The device then accesses data of the host to which the host has allowed access. | 03-06-2014 |
20140068726 | SYSTEMS AND METHODS FOR AUTHENTICATION USING LOW QUALITY AND HIGH QUALITY AUTHENTICATION INFORMATION - Systems, methods, and devices for authenticating a user are provided. A device includes one or more processors configured to determine if a requested service requires high quality authentication, generate a request for high quality authentication if the requested service requires high quality authentication, and generate a request for low quality authentication if the requested service requires low quality authentication. The device also include a network interface component coupled to a network, the network interface component configured to: receive the request for the service requiring authentication, and a memory, the memory storing high quality authentication information and low quality authentication information for authenticating the user. | 03-06-2014 |
20140068727 | WI-FI CREDENTIAL SHARING USING IMAGES - In order to facilitate access to a wireless network, access information (and, more generally, credentials) may be provided to an electronic device via an image. In particular, the electronic device may capture an image that includes a representation of the access information. For example, the electronic device may scan a two-dimensional representation of the access information, such as a Quick Response (QR) code. Then, the electronic device may analyze the image to extract the access information. Next, the access information may be used to access the wireless network. This communication technique allows a user of the electronic device to access the wireless network with less effort, thereby improving the user's experience. | 03-06-2014 |
20140068728 | APPARATUS AND METHOD FOR MANAGING HEALTH DATA - An apparatus and method for managing health data through a user terminal are provided. The method includes inputting a user terminal number for identifying the user terminal, and information of a medical instrument for measuring the health data to a management server interworked with the user terminal, receiving, by a receiver, a security type table mapped onto the user terminal number and comprising a security type code for instructing the health data which the medical instrument has measured to be stored in a first memory without security or in a second memory with security, from the management server, and storing the health data in the first memory or the second memory, which the security type code instructs, through determining the security type code of the security type table when the health data is received from the medical instrument. | 03-06-2014 |
20140068729 | System for Enabling a Smart Device to Securely Accept Unsolicited Transactions - A Smart Device ( | 03-06-2014 |
20140068730 | AUTHENTICATION BASED ON PREVIOUS AUTHENTICATIONS - A method and system for authenticating a user to a target server. A request is received from a user computer system to authenticate the user for access to a target server at level N of N levels (N≧2). Each record of a stored authentication plan associated with the user has authentication records each having expected information relating to authentication of the user for access to the N−1 target servers at respective levels 1 through N−1. Each record of a received current authentication plan for the user has authentication records each having current information relating to authentication of the user for access to the N−1 target servers at respective levels 1 through N−1. It is determined that that there is at least a partial match between the stored and current authentication plans, and in response, the user is authenticated for access to the target server at level N. | 03-06-2014 |
20140075522 | RELIABLE VERIFICATION OF HYPERVISOR INTEGRITY - A virtual trusted platform module (VTPM) requests a security state from a virtual machine manager. The security state is indicative of the integrity of at least a portion of software and hardware configurations of the virtual machine manager. The VTPM then receives, from the virtual machine manager, a signed security state comprising trusted platform credentials, and communicates the security state with the authentication server. The VTPM also, based on a secret received from the authentication server, initializes a process using the secret. | 03-13-2014 |
20140082706 | FINE-GRAINED USER AUTHENTICATION AND ACTIVITY TRACKING - In one embodiment, the finer grained control may be in the form of controlling the validity period after which credentials need to be provided anew or access is denied. In another embodiment, the control may be provided by enabling the period of inactivity after which access is denied to be controlled. In yet another embodiment, techniques may be provided for enabling isolation of applications for a session. | 03-20-2014 |
20140082707 | SYSTEMS AND METHODS FOR NETWORK CONNECTED AUTHENTICATION - The field of the invention relates to network connected authentication systems, and more particularly to systems and methods that enable authentication of a user using a connected device in the possession of the user. In an embodiment, the system includes a network connected authentication server system communicatively coupled to a network for access by a plurality of user devices to authenticate a plurality of users of one or more third party applications, and a user account database coupled to the network connected authentication server system to store account information including a username for each of the plurality of users. The network connected authentication server system is configured to pair a username to one or more user devices, receive an authentication request from one of the third party applications, notify at least one of the plurality of user devices that has been paired to the username for which the authentication request is received, receive an authentication response from at least one of the plurality of user devices that has been notified, and send the authentication response to the third party application from which the authentication request is received. | 03-20-2014 |
20140082708 | COMMUNICATION APPARATUS, ELECTRONIC MAIL TRANSMITTING METHOD, AND ELECTRONIC MAIL TRANSMITTING PROGRAM - A communication apparatus enhances security in transmitting electronic mail to a destination mail address without degrading operability. An MFP is connected to an authentication server and a mail server via a network. A user name and password are entered in a user name entry screen. The MFP requests the authentication server to authenticate the entered user name and password. When the user name and password are authenticated, the MFP is operable to acquire an e-mail address, a SMTP authentication user name, and a SMTP authentication password according to SMTP associated with the authenticated user name and password from the authentication server. The MFP requests the mail server to authenticate the acquired SMTP authentication user name and SMTP authentication password according to SMTP. When the SMTP authentication user name and the SMTP authentication password are authenticated, the MFP is operable to transmit e-mail to the mail server. | 03-20-2014 |
20140090032 | SYSTEM AND METHOD FOR REAL TIME SECURE IMAGE BASED KEY GENERATION USING PARTIAL POLYGONS ASSEMBLED INTO A MASTER COMPOSITE IMAGE - A method including: receiving, at a first device, a challenge provided from a second device, wherein the challenge includes an encoding algorithm and a request for credentials from the first device; and outputting, from the first device to the second device, a response to the challenge, wherein the response includes at least one image, the at least one image including an article of evidence arranged according to the encoding algorithm. | 03-27-2014 |
20140090033 | Context Aware Content Distribution - Described herein are systems and methods for context aware content distribution. Content such as e-books, presentations, audio, video, applications, and so forth may be distributed to user devices after establishing a trust relationship. An invitation to provide content may be sent to a user device based on the context of the user device, such as proximity to pre-determined devices, location, and so forth. Upon acceptance of the invitation to opt-in to receiving content, a trust relationship may be established which provides for the transfer of content to the user device. | 03-27-2014 |
20140090034 | SMART PLUG OR CRADLE - There is provided a method and apparatus for allowing a user of a mobile device to securely access a storage device of a home network of the user. The method and apparatus advantageously allow for the user to share data stored on the home network with other users, or to give full or restricted access to other computing devices. The apparatus consists of a network element residing on the home network of the user, which enables communications between the network storage and the mobile device when the mobile device is in a remote location. | 03-27-2014 |
20140096207 | LAYER 7 AUTHENTICATION USING LAYER 2 OR LAYER 3 AUTHENTICATION - A system and method for authenticating a layer 7 client application (application layer) based on a layer 2 (data link layer) or a layer 3 (network layer) authentication is provided. A request to authenticate to a network is received from a communication device. The request to authenticate to the network is for a layer 2 or layer 3 authentication. The communication device is authenticated to the network based on having the necessary credentials. | 04-03-2014 |
20140096208 | AUTOMATED SYSTEM AND METHOD FOR PROVISIONING AND MANAGING CLOUD DESKTOP SERVICES - An automated system and method including proprietary software applications and processes to be used by Internet Service Providers, Infrastructure as a service Providers, Independent Software Vendors, Data Center Managers, and Corporate Enterprises to rapidly provision, configure and manage complex information technology environments that exist in virtual space (the cloud) and are provided for end user interaction using the public computer networks (internet) or private computer networks. | 04-03-2014 |
20140096209 | PRE-AUTHENTICATED CALLING FOR VOICE APPLICATIONS - Architecture for providing pre-authenticated information from an endpoint for subsequently authenticating a device and/or user associated with the previously-authenticated information. A pre-authentication module of the architecture can be a trust component as part of an application that facilitates the utilization of user information and/or endpoint information in a media session protocol message to replace information that would otherwise be gathered via a dialog. In the context of IP-based voice communications, a call can be made from a client that is pre-authenticable, and no longer requires that an IP-based telephone interact with the phone user to facilitate sign-on. | 04-03-2014 |
20140096210 | Advanced Authentication Techniques - A method, system, apparatus, and computer program product are provided for facilitating advanced authentication techniques. For example, a method is provided that includes receiving at least one request to access at least one resource and receiving at least one composite authentication credential, the composite authentication credential comprising a first credential component and a second credential component. The method further includes determining whether the first credential component is valid, determining whether the second credential component is valid and, in an instance in which it is determined that the first and second credential components are valid, causing access to the at least one resource to be permitted. | 04-03-2014 |
20140101731 | SECURE IDENTIFICATION OF COMPUTING DEVICE AND SECURE IDENTIFICATION METHODS - A method implemented on a computing device provides for identifying the device and/or a user to an application on the device. The method comprises receiving a function call for a public identifier, responding to the function call, performing a hash operation and returning the public identifier. Responding to the function call comprises requesting a publisher ID from a first memory location within the device and requesting a private ID from a second memory location. Performing a hash operation on the publisher ID and the private ID creates the public identifier. The public identifier is then returned to the application. A method of allowing a developer to test an application on a mobile device or emulator is also described. A mobile device programmed to return a public identifier to an application is also described. | 04-10-2014 |
20140101732 | Communication with a Voice-Based Account Management System - According to an embodiment, a method facilitates communication with a voice-based management system. An authentication credential is received. Based on the authentication credential, a user is allowed to access an on-line management system operable to facilitate management of an account. The on-line management system receives a request to connect the user to a voice-based management system operable to facilitate providing a response to a question included in the request. A user type associated with the user is determined. A context associated with the question included in the request is determined. A response unit in the voice-based management system is determined according to the user type and the context. The user is connected to the response unit in the voice-based management system without requiring the user to provide the authentication credential to the response unit. | 04-10-2014 |
20140101733 | SYSTEM AND METHOD FOR SECURE USER AUTHENTICATION WITH A SINGLE ACTION - A system and method for securely authenticating a user provides the user the convenience of performing a single action to authenticate the user to an online business without any need for the user to enter, much less remember, any credentials specific to logging into the online business. An actionable item is provided to the user via a message sent to a messaging address that the user has provided when signing up with a backend system incorporating the disclosed authentication system. The actionable item, which incorporates authentication-related information for the user, is so formulated that a single action performed on the actionable item causes an authentication request to be sent to the backend system. The backend system, upon receiving the request, authenticates the user using the authentication-related information retrieved from the authentication request. Optionally, the user will be presented a destination page personally selected during the sign-up following a successful authentication. | 04-10-2014 |
20140101734 | CREDENTIAL AUTHENTICATION METHODS AND SYSTEMS - Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly. | 04-10-2014 |
20140109200 | BIOMETRIC IDENTIFICATION FOR MOBILE APPLICATIONS - Methods for automating the entry of password information and other user credentials into native and web-based computing applications are described. In some embodiments, an end user identity and a corresponding authentication level may be determined during an unlock event or during operation of a computing device. The end user identity may be determined by capturing biometric characteristics of an end user of the computing device (e.g., by performing facial recognition and/or voice recognition). Upon the detection of an authentication request from an application running on the computing device, the end user identity and the corresponding authentication level may be used to acquire and provide user credentials for authenticating the end user to the application. | 04-17-2014 |
20140109201 | Process of Authentication for an Access to a Web Site - A Process of reinforced authentication based on data collection of hardware components contained in a system having steps of enrolment authentication. A web site is connected to and a web page received. A list of hardware components is detected and collected. A subset of the list constituting digital information of reference (DDNA) is generated by a hash operation applied to the raw data. The DDNA is used with a received seed of an authentication server to generate a unique use password (OTP). | 04-17-2014 |
20140109202 | SYSTEMS AND METHODS FOR USING A CLIENT AGENT TO MANAGE HTTP AUTHENTICATION COOKIES - Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described. | 04-17-2014 |
20140109203 | MULTICHANNEL DEVICE UTILIZING A CENTRALIZED OUT-OF-BAND AUTHENTICATION SYSTEM (COBAS) - A multichannel security system is disclosed, which system is for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker has a peripheral device operative within an authentication channel to communicate with the security system. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker. A biometric analyzer—a voice or fingerprint recognition device—operates upon instructions from the authentication program to analyze the monitored parameter of the individual. In the security computer, a comparator matches the biometric sample with stored data, and, upon obtaining a match, provides authentication. The security computer instructs the host computer to grant access and communicates the same to the access-seeker, whereupon access is initiated over the access channel. | 04-17-2014 |
20140109204 | AUTHENTICATION SYSTEM VIA TWO COMMUNICATION DEVICES - To authenticate a user possessing a first communication terminal (TC | 04-17-2014 |
20140115672 | Storing and Accessing Licensing Information in Operating System-Independent Storage - Licensing information that guides the operation of a software application may be stored in operating system-independent storage of a device on which the software application is installed. The operating system-independent storage may be independent of the device's file system and may include storage that is implemented as part of a chipset of the device. The licensing information may be written to the device's operating system-independent storage by a remote device over a communications network regardless of the state of the device. The licensing information may be subsequently accessed by the software application to determine whether functionality requested by a user of the application is supported by the licensing information. | 04-24-2014 |
20140115673 | AUTHENTICATION PROCESS - A first network device is configured to receive a request for content from a user device, determine that the user device is not authenticated, and send information to the user device that the user device requires authentication. The first network device is configured further to receive authentication information for the user device from a second network device. The first network device is configured further to generate a secret key, authenticate the user device. The first network device is configured further to request user knowledge information from the user device, validate the user knowledge information and send the content to the user device. | 04-24-2014 |
20140115674 | WIRELESS COMMUNICATION SYSTEM, PORTABLE TERMINAL, DIGITAL CAMERA, COMMUNICATION METHOD, AND COMPUTER-READABLE STORAGE DEVICE - A generation unit generates the wireless network connection setting information from the first information based on the conversion rule. The encoding unit encodes the first information to generate a code image. A display unit displays the code image. An imaging unit captures the code image. A decoding unit decodes the code image captured by the imaging unit and acquires the first information. A second storage unit stores a conversion rule that is the same as the conversion rule stored in the storage unit. A second generation unit generates the wireless network connection setting information from the first information acquired by the decoding unit based on the conversion rule stored in the second storage unit. A communication unit connects to a wireless network using the wireless network connection setting information generated by the second generation unit. | 04-24-2014 |
20140123248 | COMMUNICATION BETWEEN AUTHENTICATION PLUG-INS OF A SINGLE-POINT AUTHENTICATION MANAGER AND CLIENT SYSTEMS - Various arrangements for providing authentication information to a user are presented. A single-point authentication manager executed by a computer system may receive a request to access a resource from a remote client computer system. The single-point authentication manager may manage access to a plurality of resources including the resource. The single-point authentication manager may communicate with an authentication plug-in application that performs a type of authentication. Authentication of the user may be performed. In response to performing authentication of the user, the authentication plug-in application may generate a message to be transmitted to the remote client computer system. The message may include an indication that the message is to be passed to the remote client computer system and information regarding the authentication of the user. In response to receiving the message from the authentication plug-in application, the message may be transmitted to the remote client computer system. | 05-01-2014 |
20140123249 | Behavioral Fingerprinting Via Corroborative User Device - Disclosed herein are example embodiments for behavioral fingerprinting via corroborative user device. For certain example embodiments, one or more devices may (i) ascertain at least one indicator of a proximity of at least one corroborative user device that is affiliated with a behavioral fingerprint and (ii) incorporate the at least one indicator of a proximity of the at least one corroborative user device into an authentication-related analysis for a user device that is associated with the behavioral fingerprint. However, claimed subject matter is not limited to any particular described embodiments, implementations, examples, or so forth. | 05-01-2014 |
20140123250 | SECURITIZATION OF DEVELOPER CREDENTIALS - Technologies are generally described for systems and methods configured to provide developer credentials to a device. In some examples, a developer device may be configured to send a registration request relating to a program to a service server. In response, the developer device may receive first information. A processor in a user device may be configured to store the program and the first information. The processor may execute at least part of the program to send a first request, including the first information, to a platform server. The processor may be further configured to receive second information in response. The processor may execute the program using the first and second information to generate a second request. The second request may include the second information and may be sent to a service server different from the platform server. | 05-01-2014 |
20140123251 | SYSTEM FOR PROVIDING CONTENT OR APPLICATION AND CONTROL METHOD THEREFOR, TERMINAL AND CONTROL METHOD THEREFOR, AUTHENTICATION DEVICE AND CONTROL METHOD THEREFOR, PROGRAM, AND INFORMATION STORAGE MEDIUM - To provide a system for providing content or an application capable of restricting a terminal device in which the content or the application is able to be used to a single terminal device among one authorized terminal device and one or more unauthorized terminal devices. According to a generation rule, a new authentication symbol string is generated based on at least a part of an authentication symbol string stored in a first authentication symbol string storage unit ( | 05-01-2014 |
20140130142 | Method and Cloud Security Framework for Implementing Tenant License Verification - A method and cloud security framework for implementing tenant license verification. The method and framework conduct tenant license verification transparently to cloud resources and users who request them. An exemplary method comprises receiving by the framework from a client device a request for access to a cloud resource and user information; authenticating by the framework a user of the device using the information; obtaining by the framework a security context for the user including a tenant identifier identifying a multi-user enterprise to which the user belongs using the information; transmitting by the framework to an outside entity over a web services interface a tenant license verification request including the identifier; receiving by the framework from the entity a verification that a tenant license associated with the identifier is in good standing; and granting by the framework to the device access to the resource. | 05-08-2014 |
20140137215 | DATA FLOW PROCESSING IN A NETWORK ENVIRONMENT - Described are a system and method for managing a data exchange in a network environment. A flowtag is assigned to a data packet at a source device. The flowtag includes a port identification corresponding to a port at an aggregation device. A destination device is in communication with the port at the aggregation device. The data packet is authenticated at the aggregation device. The data packet is output from the source device to the destination device via the aggregation device according to the port identification in the flowtag of the authenticated data packet. | 05-15-2014 |
20140137216 | PASSWORD MISMATCH WARNING METHOD AND APPARATUS - Systems and methods for providing an authentication credential mismatch warning are disclosed. More particularly, at least one character from an authentication credential required to access a resource is recorded. When a user attempts to enter the required authentication credential, a mismatch warning can be generated if a monitored character is input incorrectly. The user can then revise the authentication credential input, prior to submitting the authentication credential to the resource. | 05-15-2014 |
20140137217 | VERIFYING AN INDIVIDUAL USING INFORMATION FROM A SOCIAL NETWORK - Systems and methods for verifying individuals using social network information are described. In some examples, the systems and methods receive a request to verify an individual, obtain social network information associated with the individual, and provide the social network information to the requestor. | 05-15-2014 |
20140143843 | SECURITY BYPASS ENVIRONMENT FOR CIRCUMVENTING A SECURITY APPLICATION IN A COMPUTING ENVIRONMENT - Exemplary embodiments of the present disclosure are directed to performing an operation in a computing environment that is prohibited by a security application governing the computing environment. Exemplary embodiments can generate a security bypass environment in a computing environment governed by the security application to provide a bypass to the security application. In exemplary embodiments, a request to perform the operation can be received via the security bypass environment and the operation can be performed through the security bypass environment in response to satisfaction of access control criteria specified for the security bypass environment so that the performance of the operation bypasses the security application. | 05-22-2014 |
20140143844 | Secure Access by a User to a Resource - A method for allowing user access to a resource includes a large number of arrays of elements which are generated and stored for each user for use in a series of log-in sessions. A user input token is calculated by identifying a subset of the array by a pattern of the elements in the array, combined in an operation on the elements selected using one or more mathematical, relational and/or logical operations. The arrays are stored in a table with the tokens calculated from those arrays and withdrawn in a random pattern for use in the sessions for that user. Each array includes multiple possible solutions including the actual solution using the pattern and calculation of that user and these other possible solutions act as hacker traps to indicate the presence of a hacker who has calculated a solution but found the wrong solution | 05-22-2014 |
20140150071 | SOCIAL AUTHENTICATION OF USERS - User authentication is provided. A social network associated with a user of a client device is monitored to determine whether a set of designated users are currently logged in and authenticated to access a secure resource. A video connection is established between the user of the client device and the set of designated users that are currently logged in and authenticated to access the secure resource. In addition, an authentication request screen is sent showing captured video authentication data corresponding to the user of the client device to the set of designated users that are currently logged in and authenticated to access the secure resource. | 05-29-2014 |
20140150072 | SOCIAL AUTHENTICATION OF USERS - User authentication is provided. A social network associated with a user of a client device is monitored to determine whether a set of designated users are currently logged in and authenticated to access a secure resource. A video connection is established between the user of the client device and the set of designated users that are currently logged in and authenticated to access the secure resource. In addition, an authentication request screen is sent showing captured video authentication data corresponding to the user of the client device to the set of designated users that are currently logged in and authenticated to access the secure resource. | 05-29-2014 |
20140150073 | AUTHENTICATION IN A WIRELESS TELECOMMUNICATIONS NETWORK - To facilitate authentication over a wireless access network, it is proposed to provide a hub device having an authentication storage means (i.e. a (U)SIM) to which one or more machine devices are connected. Each machine devices connects to a wireless access network and in order to authenticate with that network requests authentication information from the hub device. The core network of the wireless access network, authenticates each machine device and provides the machine devices with parallel access to the access network in accordance with authentication information obtained from the hub device. The authentication information is unique to the respective machine device but also associated with information stored on the authentication storage means of the hub device. | 05-29-2014 |
20140150074 | METHOD OF ESTABLISHING SECURE GROUPS OF TRUSTED CONTACTS WITH ACCESS RIGHTS IN A SECURE COMMUNICATION SYSTEM - A method of establishing secure groups of trusted contacts with access rights in a secure communication system. The method includes establishing secure groups of trusted contacts in the secure communication system; storing information corresponding to the trusted contacts of a secure group as a secure group in a database; and determining access rights of the secure group and storing the access rights in the database with the stored information corresponding to the secure group. | 05-29-2014 |
20140150075 | SECURELY ESTABLISHING ICE RELAY CONNECTIONS - Methods, apparatuses, and computer program products are described for securely connecting a plurality of ICE client devices without using TURN. A session border controller (SBC) receives, via a website application server, a connectivity message from a first ICE client device at a first relay port and a connectivity message from a second ICE client device at a second relay port. The SBC authenticates the messages using credential information received from the server, and latches address information associated with the first client device to the first relay port and address information associated with the second client device to the second relay port. The SBC forwards the message from the first client device to the second client device and the message from the second client device to the first client device, and establishes an ICE relay connection indirectly between the first client device and the second client device via the relay ports. | 05-29-2014 |
20140150076 | Database Virtualization - Aspects of the subject matter described herein relate database virtualization. In aspects, clusters of database servers may be located at various locations of the Internet. When a client seeks to access a logical database, the client may send a logical server and logical database name in a data structure. These names may be used to find a physical server(s) and database(s) that correspond to the logical database. Once the location is determined, a proxy component is used to intercept and/or forward communications between the client and the physical server(s) and database(s) corresponding to the logical database. Using this system, a client may access data from a logical database without knowing the physical address of the logical user database. | 05-29-2014 |
20140157376 | SYSTEM AND METHOD FOR MAINTAINING CAPTIVE PORTAL USER AUTHENTICATION - The present disclosure discloses a method and network device for maintaining captive portal user authentication. Specifically, the disclosed system determines an association status between a client and an access point in a wireless network, as well as whether to remove an entry corresponding to the client from a network layer (L3) cache based on the association status. If it is determined that the entry is to be removed, the disclosed system removes the entry corresponding to the client from the network layer (L3) cache. Note that, the association status can be determined based on one or more of an indication by a station management process at the network device, and a detection of radio link activities. | 06-05-2014 |
20140157377 | SYSTEM FOR REDUCING AN ONLINE USER'S INFORMATION BURDEN FOR ONLINE PROFILES - A method and system for managing online profiles. The method comprises receiving a plurality of online profiles of a user, the plurality of online profiles including login parameters for websites, and storing the plurality of online profiles in an account associated with the user. The method further comprises receiving a request to navigate to a given one of the plurality of online profiles associated with a given website, retrieving a webpage corresponding to the given website, and loading the given online profile to the webpage corresponding to the given website. | 06-05-2014 |
20140165163 | APPARATUS AND METHOD FOR ACCESSING WiFi NETWORKS - A method and apparatus are for automatically accessing a social network account that provides member information about each of a plurality of social network members. The member information about at least one of the social network members, denoted as a particular member, includes a network detection portion and a security portion. The network detection portion is retrieved from the social network for at least the particular member. A detection is made that the wireless device is within range of a secure wireless network associated with the particular member. The detection uses the network detection portion of the particular member as an input. The security portion of the member information of the particular member is retrieved from the social network. The security portion is used to derive access credentials for the secure wireless network. The derived access credentials are used to securely access the secure wireless network. | 06-12-2014 |
20140165164 | Method to Obtain a Virtual Desktop Stored in a Cloud Storage System, a Corresponding Cloud Broker and Cloud Desktop Agent - A method to obtain a cloud-stored virtual desktop includes a set of user preferences, applications and shortcuts to files that a user desires to access. The method includes (A) transferring from a client device to a cloud broker a virtual desktop request comprising a user identification and a client device type identification; (B) passing the virtual desktop request to a cloud desktop agent responsible for maintenance of virtual desktops and virtual desktop metadata in the cloud storage system; (C) selecting by the cloud desktop agent a list of available virtual desktops for the user and the client device type based on a comparison with the virtual desktop metadata; (D) transferring the list of available virtual desktops to the cloud broker; and (E) forwarding the list of available virtual desktops from the cloud broker to the client device to enable the user to select a virtual desktop to be opened. | 06-12-2014 |
20140173704 | SYSTEM, DEVICE, AND METHOD FOR AUTHENTICATION OF A USER ACCESSING AN ON-LINE RESOURCE - A system, device and method for authenticating a user. The system, device and method may employ a computing device for providing credentials required for access to an on-line resource available over a network. The computing device may connect to the on-line resource to register a user. The computing device may receive from the on-line resource at least one request for a credential to identify the user. In response to the request, the computing device may generate a random credential, store the random credential in association with an on-line resource identifier and the request in a data store accessible to the computing device and, submit the random credential to the on-line resource to register the user. | 06-19-2014 |
20140181922 | SYSTEMS AND METHODS FOR DETERMINING A STRENGTH OF A CREATED CREDENTIAL - Devices, systems, and methods for determining a strength of a created credential are provided. The device includes one or more processors configured to decompose a created credential into credential components, parse the credential components using a limited dictionary, determine a probability of the credential components using a limited ruleset, and calculate a score of the created credential based on the determined probability. The device also includes a memory, the memory storing the limited dictionary and the limited ruleset, and a network interface component coupled to a network, the network interface component configured to transmit the created credential to a remote server over the network for a secondary credential strength determination if the calculated score is above a threshold. | 06-26-2014 |
20140181923 | Method and Apparatus For Monitoring Wireless Network Access - A system and method for monitoring wireless network access, and use of a detected wireless network connection are described. A client component (e.g., software component), or client, can be downloaded to a computing device, which leverages off of the computing device's ability to locate and establish a network connection. The client component listens for network connection activity, and determines whether the device has established a network connection with a network known to the client. If the client determines that a network connection has been established to a known network, the client uses the network connection to log the user onto the network. | 06-26-2014 |
20140181924 | INTELLIGENT ELECTRONIC DEVICE HAVING USER-AUTHENTICATING CAPABILITIES - An intelligent electronic device (IED) includes a user authentication module configured for authenticating authorized users of the IED and preventing an access by non-authorized personnel to a user-selectable portion of operational features of the IED. In exemplary embodiments, the user authentication module includes a database of information authenticating an authorized user and a sensor acquiring user-identifying information (e.g., a biometric sensor, a reader of magnetic, holographic, RFID, or smart ID cards, or a keypad). In one application, these techniques are implemented in IEDs such as electrical power and energy meters and used to control access to reset, configuration, billing, communication, and data acquisition/processing functions of the meters. | 06-26-2014 |
20140189819 | 3D Cloud Lock - In embodiments, a method of securing access to a computer memory and other computer resources includes authoring a 3D projection of data by a registering user customizing elements in the 3D projection, resulting in a registered 3D projection. The method further includes presenting to a requesting user a representation of the elements of the 3D projection in a randomized fashion. The method additionally includes receiving, from the requesting user, manipulations of the presented elements of the 3D projection toward undoing or solving the randomization. The method includes determining whether the manipulated elements of the 3D projection match the customized elements of the registered 3D projection. Then, the method includes granting, to the registered user, access to the computer memory if the manipulated elements of the 3D projection match the customized elements of the registered 3D projection. The granting may be based on the determination of whether the manipulated elements of the 3D projection match the customized elements of the registered 3D projection in the positive. | 07-03-2014 |
20140189820 | Safe auto-login links in notification emails - A web application user is authenticated directly upon selecting a link in a notification email. In this approach, the user's web browser stores a first data string provided by the web application (e.g., in a cookie) during a prior session. The first data string encodes first data about the user that can be verified by the application. Later, the user receives the notification email that includes the link. The link encodes a second data string from which second data about the user can be verified by the application. When the end user selects the link, an authentication request is transmitted to the application. The authentication request includes both the first and second data strings. If both the first data and the second data (as obtained from their respective data strings) can be verified, the user is authenticated without having to perform any additional steps (e.g., manual entry of credentials). | 07-03-2014 |
20140189821 | ACCESSORY INTERFACE SYSTEM - The accessory is capable of connecting to a host device, which is physically separated from the accessory. The accessory includes a first communication module and a contactless module. The first communication module is used to wirelessly coupled to the host device, and receive a first credential from the host device. The contactless module is coupled to the first communication module. The contactless module includes a controller, a first security element, an antenna, and a storage unit. The controller receives the credential from the first communication module. The first security element is coupled to the controller for receiving and storing the first credential. The antenna is coupled to the controller to wirelessly communicate with a first reader for a first application by using the stored first credential. The storage unit stores at least one first transaction record generated during the first application is operating. | 07-03-2014 |
20140189822 | NON-INTRUSIVE BACKGROUND SYNCHRONIZATION WHEN AUTHENTICATION IS REQUIRED - A non-modal notification user interface element is displayed persistently but unobtrusively such that a user may easily determine that authentication credentials are required by a background synchronization process. The non-modal notification is configured such that it may be ignored by the user such that their workflow is not interrupted. The background synchronization continues to synchronize the data it can even though the background synchronization may require authentication credentials for a subset of the data to be synchronized. The user may select the non-modal notification user interface element at any point in time in order to supply the required authentication credentials. The non-modal notification is removed from the display when there are no further authentication credentials required. | 07-03-2014 |
20140189823 | Pass-Thru for Client Authentication - This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server. | 07-03-2014 |
20140189824 | COMMUNICATION SYSTEM, COMMUNICATION APPARATUS AND METHOD FOR SETTING COMMUNICATION PARAMETERS OF THE APPARATUS - A wireless terminal which newly joins a wireless communication system transmits a message containing its identification data to an access point in the wireless communication system at a communication parameter setting start. Upon receiving the message, the access point determines whether or not the wireless terminal has been registered. If it is determined that the wireless terminal has not been registered, the access point determines whether or not the wireless terminal is a setting target device of communication parameters based on the identification data contained in the message. If it is determined that the wireless terminal is a setting target device, the access point sets communication parameters for the wireless terminal. | 07-03-2014 |
20140189825 | Multi Mode Operation Using User Interface Lock - A system and a method are disclosed for a computer implemented method to unlock a mobile computing device and access applications (including services) on a mobile computing device through a launcher. The configuration includes mapping one or more applications with a guest access code. The configuration receives, through a display screen of a mobile computing device, an access code, and determines whether the received access code corresponds with the guest access code. The configuration identifies the mapped applications corresponding to the guest access code and provides for display, on a screen of the mobile computing device, the identified applications. | 07-03-2014 |
20140196124 | CLOUD COMPUTING SECURE DATA STORAGE - Method and implementations for providing a secure data storage service in a cloud computing environment are generally disclosed. The method comprises: partitioning a data resource into data particles, assigning logic groups to the data particles, assigning physical storage groups to the data particles, and/or storing each physical storage group at corresponding storage resource, receiving a request for the data resource, determining whether the request for the data resource is valid, and if the request is valid, transmitting the data particles of the data resource to the client. The method enables improved security for accessing data, and also improves the user experience in cloud computing environments. | 07-10-2014 |
20140196125 | DEPLOYING WIRELESS DOCKING AS A SERVICE - A wireless dockee device may include a memory, and at least one processor configured to authenticate the wireless dockee to a wireless docking service using a Wi-Fi direct service (WFDS) application service platform (ASP). A wireless docking center device may include a memory, and at least one processor configured to authenticate a wireless dockee to a wireless docking service of a wireless docking center using a Wi-Fi direct service (WFDS) application service platform (ASP). | 07-10-2014 |
20140196126 | FACILITATING WIRELESS NETWORK ACCESS BY USING A UBIQUITOUS SSID - The disclosed embodiments provide a system that facilitates wireless network access. The system includes a trusted network access and tunneling service (TNATS) associated with a ubiquitous static service set identifier (SSID). The system also includes a proximate wireless access point (WAP). During operation, the system enables the TNATS on the proximate WAP, which then broadcasts the ubiquitous static SSID. Next, the proximate WAP receives a request from a guest device to access the TNATS through the proximate WAP. The proximate WAP then initiates an authentication process with the TNATS for a user of the guest device. If the authentication succeeds, the proximate WAP allows the guest device to access a network through the proximate WAP. | 07-10-2014 |
20140196127 | Service Access Authentication Method and System - An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state. | 07-10-2014 |
20140196128 | SYSTEMS AND METHODS FOR DISTRIBUTED AUTHENTICATION OF VIDEO SERVICES - Various embodiments of the present invention provide systems and methods for providing distributed authentication of subscribers of a content operator to a content provider. In particular instances, a subscriber of the content operator may visit a website of the content provider and various embodiments of the systems and methods facilitate providing the subscriber with a customized website based on the subscription of the subscriber with the content operator and/or content provider. Further, various embodiments of the systems and methods facilitate streaming high quality content to the subscriber while the subscriber is visiting the website. | 07-10-2014 |
20140201823 | Article of manufacture for securing data in 2D bar codes using SSL - An article of manufacture comprises a printed document associated with a source entity. The printed document is readable by a software application of an electronic device. The printed document includes a plain text content portion and a two-dimensional code (2-D code) that includes data encoded therein which is readable by the software application of the electronic device. The encoded data includes a resource locator to an intent. The resource locator to an intent includes a protocol identifier designating a secure 2-D code which is detectable by the software application of the electronic device for electronic replacement by the software application with a protocol identifier used to access a secure server of the source entity located at a host portion of the resource locator. The protocol identifier is a protocol identifier associated with URL specifications. | 07-17-2014 |
20140208400 | RESTRICTED-USE AUTHENTICATION CODES - Embodiments related to a restricted-use authentication code are disclosed. One disclosed embodiment provides a method of generating a representation of a restricted-use authentication code for detection by another computing device to authenticate the other computing device to a remote service. The method includes receiving authentication information, the authentication information comprising a restricted-use authentication code and generating a representation of the authentication information. The method further includes presenting the representation of the authentication information to a sensor system of the other computing device for authentication. | 07-24-2014 |
20140208401 | STATE DRIVEN ORCHESTRATION OF AUTHENTICATION COMPONENTS IN AN ACCESS MANAGER - Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process. | 07-24-2014 |
20140208402 | METHODS AND SYSTEMS FOR INCREASING THE SECURITY OF ELECTRONIC MESSAGES - A method for generating e-mail messages with increased security includes receiving an e-mail message at a control system. The e-mail message has recipients, a security level, control attributes, and e-mail message contents. Moreover, the method includes verifying the recipients at the control system, and storing the recipients, security level, control attributes, and e-mail message contents in the control system when each of the recipients is verified. Furthermore, the method includes generating modified e-mail messages from the e-mail message, transmitting each of the modified e-mail messages to a respective recipient, and capturing authentication data from one of the recipients when the one recipient indicates a desire to view the e-mail message contents with a communications device operated by the one recipient. When the one recipient is successfully authenticated, the method includes permitting the one recipient to view the e-mail message contents in accordance with the control attributes. | 07-24-2014 |
20140215580 | AUTONOMIC NETWORK PROTECTION BASED ON NEIGHBOR DISCOVERY - In one implementation, security configuration is automated based on information gathered using autonomic neighbor discovery. The neighbor discovery establishes a realm of trust between neighbors, such as determining that some neighbors may be trusted and others may not be trusted. A dynamic security barrier is created using the trust where devices on the network border protect the entire network. Differences in trust result in differential security configuration. | 07-31-2014 |
20140215581 | PROXY DATA VIEWS FOR ADMINISTRATIVE CREDENTIALS - A method of providing an administrator with a managerial view of personnel data may include receiving a login that includes administrator credentials from a personnel administrator and receiving a command associated with the administrator credentials to view personnel data in a personnel database. The personnel data may be associated with a group of employees under a manager in a managerial hierarchy. The method may also include selecting between a manager view of the personnel data and an administrator view of the personnel data. The manager view may include a first subset of the personnel data, the administrator view may include a second subset of the personnel data, and/or the first subset may be smaller than the second subset. The method may additionally include causing the first subset of personnel data to be displayed on a display device according to the manager view. | 07-31-2014 |
20140215582 | VERIFICATION SYSTEM AND VERIFICATION METHOD - A verification system and a verification method are provided. After a user inputs an account number and a password in a display interface provided by a first electronic device, it is determined whether first geographic information of the first electronic device is located within a limited region of second geographic information or a trusted region. If it is determined that the first geographic information is located within the limited region of the second geographic information or the trusted region, the first electronic device is allowed to access a network service platform, or the first electronic device is declined to access the network service platform, thereby increasing network security without complicating operations. | 07-31-2014 |
20140215583 | Wireless Local Area Network Authentication Method and Mobile Terminal - A wireless local area network authentication method is provided that includes: automatically obtaining, by a mobile terminal, an access account and an access password; and automatically sending, by the mobile terminal, a web authentication request to a network server, where the web authentication request carries the access account and the access password. A corresponding mobile terminal is also provided. By applying the wireless local area network authentication method and the mobile terminal disclosed in the present invention, a mobile terminal can automatically complete web authentication of a wireless local area network, a user does not need to enter an account and a password, and a web authentication interface does not need to be displayed to the user either, thereby avoiding a complex and repetitive authentication operation and improving user experience. | 07-31-2014 |
20140223521 | ALLOWING ACCESS TO UNDERLYING HARDWARE CONSOLES TO CORRECT PROBLEMS EXPERIENCING BY USER - A method, system and computer program product for providing access to underlying hardware consoles to correct problems experiencing by a user. The administrative server receives a request from the user to access a managing system configured to provide access to the underlying hardware consoles that are combined together to service a user's computing requirements. The administrative server presents a list of managing systems for the user to connect that were identified as being able to address the problem(s) the user is experiencing. The administrative server then enables access to managing systems selected in the list in response to the user providing appropriate authentication credentials. An interface is then provided to the user by the selected managing systems to select the underlying hardware consoles to access. In this manner, the user is provided access to the underlying hardware consoles in an easy manner without presenting numerous options and configurations. | 08-07-2014 |
20140223522 | PASSIVE SECURITY ENFORCEMENT - Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels. | 08-07-2014 |
20140223523 | SYSTEM AND METHOD FOR NFC PEER-TO-PEER AUTHENTICATION AND SECURE DATA TRANSFER - A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another. | 08-07-2014 |
20140237561 | SECURE FRONT-END INTERFACE - A secure front-end interface for a PLC, RTU or similar device is disclosed. A first server is coupled to the PLC via a communications link and is configured to receive status information from the device and transmit the information to a second server via a one-way data link. The second server has a network interface for coupling to a network and receives the information from the first server via the one-way data link and outputs the information via the network interface based upon a user request. The front-end interface may further include a second one-way data link coupled from the second server to the first server to allow user command entry. The secure front-end interface may alternatively consist only of a single server coupled between the device and the network which requires a user to enter a password before obtaining access to the status information. | 08-21-2014 |
20140237562 | Authentication System and Method - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access to the secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response sting to authenticate the identity of the requestor. | 08-21-2014 |
20140237563 | ONLINE USER ACCOUNT LOGIN METHOD AND A SERVER SYSTEM IMPLEMENTING THE METHOD - The present application provides a webpage login method involving two client devices and a server. The server receives an information access request from a first client device. In response to the information access request, the server returns a unique identifier to the first client device. The unique identifier is to be displayed on the first client device. Next, the server receives a first message from a second client device, the first message including user account information at the server system and authentication information. The server determines whether the authentication information corresponds to the unique identifier and authenticates the information access request in accordance with a determination that the authentication information corresponds to the unique identifier such that the user can access information at the server and associated with the user account information from the first client device. | 08-21-2014 |
20140245406 | Method for Personalizing a Secure Element, Method for Enabling a Service, Secure Element and Computer Program Product - According to an aspect of the invention, a method for personalizing a secure element for a mobile device is conceived, wherein an application is stored in the secure element and wherein the application is pre-provisioned by loading secure credentials into the application without tying said secure credentials to a specific user of the secure element. | 08-28-2014 |
20140245407 | Single Login Procedure For Accessing Social Network Information Across Multiple External Systems - A social networking system contains information describing users of the social network and various connections among the users. A user can access multiple external systems that communicate with the social networking system to access information about the users of the social networking system. Login status of the user account on the social networking system is maintained. If the login status of the user account on the social networking system indicates that the user is not logged in, the user is required to provide authentication information. If the login status of the user account indicates that the user is logged in, social network information is provided to the user via an external system, subject to the privacy settings of users of the social networking system. If the user logs out from an external system, the user is also logged out from the social networking system. | 08-28-2014 |
20140250502 | DETERMINING HUMAN STIMULI AT COMPUTING DEVICES - Techniques for granting access to an application or service based on a detected human stimulus at a computing device include detecting a stimulus that is generated by an external entity and independent of a CAPTCHA or CAPTCHA-like challenge. If the stimulus is included in a set of human stimuli, access to the application or service may be granted. Otherwise, access may be denied. The detected stimulus may be ad-hoc, or may be a response to an explicit challenge other than a CAPTCHA or CAPTCHA-like challenge. A background application may continuously test over time for ad-hoc stimuli that are consistent with a human presence, and may maintain or deny access accordingly. The detected stimulus may include changes in states of components of the computing device that are related to spatial orientation and/or location. Access to the application or service may be granted/denied based on the detected stimulus and an additional criteria. | 09-04-2014 |
20140250503 | SYSTEMS AND METHODS FOR DELIVERING PLATFORM-INDEPENDENT WEB CONTENT - A system and method for providing content on a plurality of platforms. A reference to content and a selection of a selected portion of the content is received from a client device. A container suitable for a target platform is generated. The content portion is transformed such that the transformation includes the selected portion within a boundary associated with the container. The transformation may be associated with the container. The container may then be published for access over a network by means of a browser. Upon accessing of the container, a user's browser may request the transformation and render the transformation within the container. The method may include using a client's credentials to add the container to a social networking profile of the client. | 09-04-2014 |
20140250504 | SYSTEM AND METHOD FOR VALIDATING A USER OF AN ACCOUNT FOR A WIRELESS DEVICE - The disclosure provides a system and method of authenticating a user to a network. For the method, if a request for a resource initiated by the device is related to a restricted resource, then the method: redirects the request to the authentication server; initiates an authentication process at the server to request a user account and a password from the device to authenticate the device if it has not been authenticated; automatically provides the device with access to the restricted resource if the device previously had been authenticated to access the restricted resource; and provides a signal to the device indicating whether it has been authenticated to allow the device to update its graphical user interface to indicate an access status for the restricted resource. If the request relates to a non-restricted resource, then the method automatically provides the device with access to the non-restricted resource. | 09-04-2014 |
20140250505 | MULTI-USER USE OF SINGLE-USER APPS - Multi-user use of single-user applications is disclosed. A request to access application data associated with an object identifier may be received in a context of a single-user application. Access may be provided to one or more application data objects associated with the object identifier. The objects may be included in a data set corresponding to user information associated with the context of the application. | 09-04-2014 |
20140250506 | CONTROL AND MANAGEMENT OF ELECTRONIC MESSAGING - A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine its desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee. | 09-04-2014 |
20140250507 | SECURE RANDOMIZED INPUT - A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user. | 09-04-2014 |
20140259125 | USER AUTHORIZATION AND PRESENCE DETECTION IN ISOLATION FROM INTERFERENCE FROM AND CONTROL BY HOST CENTRAL PROCESSING UNIT AND OPERATING SYSTEM - An embodiment may include circuitry to be included, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute, at least in part, at least one host operating system (OS). The circuitry may perform, at least in part, at least one operation in isolation both from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may include user authorization determination and user presence determination. The authorization determination may be in response, at least in part, to indication of physical presence of at least one user in proximity to the host. The user presence determination may determine, at least in part, whether, after the indication has been provided, the physical presence of the at least one user in the proximity to the host has ceased. | 09-11-2014 |
20140259126 | BIOMETRIC AUTHORIZATION FOR REAL TIME ACCESS CONTROL - A method of providing biometric authorization comprising enabling a user to log into an account, and determining whether there is a hold on the account. When there is a hold on the account, informing the user of the hold, and enabling the user to respond to a transaction that caused the hold. The method, in one embodiment further comprising prompting the user to enter a biometric authentication, in conjunction with the response, and processing the unblock request in real-time upon receiving and validating the biometric authentication. | 09-11-2014 |
20140259127 | EXTENDING AND RE-USING AN IP MULTIMEDIA SUBSYSTEM (IMS) - Systems and methods for extending and re-using an IP multimedia subsystem (IMS) to extend the trust relationship from a closed group of customers of wireless service providers to users of other ecosystems (e.g., Gmail, Facebook, or Yahoo!) for IMS services. Some embodiments include receiving a request from an initiating device to establish a service connection between the initiating device and an endpoint through an Internet Protocol Multimedia Subsystem (IMS) session. The request may include third-party domain credentials (e.g., maintained by a third-party domain) associated with an end-user. The third-party domain credentials can be extracted from the request. Communications with the third-party domain can be used to verify the third-party domain credentials. The IMS session can be established between the initiating device and the endpoint upon verification of the third-party domain credentials. | 09-11-2014 |
20140259128 | ACCESS AUTHENTICATION METHOD AND SYSTEM - A method of authenticating access to an electrical device. The method comprises comparing, at an electronic processor, one or more patterns of temporal or physical properties, associated with an access entry string, to a non-transitory electronic profile data base of ranges of the corresponding patterns, from previously approved access entry strings. The method also comprises approving or denying at the electronic processor, the access entry string. The access entry string is approved if the one or more patterns falls within the respective range of the corresponding patterns in the profile data base. The access entry string is denied if the one or more patterns falls outside the respective range of the corresponding patterns in the profile data base. | 09-11-2014 |
20140259129 | System and Method for Collaborative Authentication - Systems and methods are disclosed for collaborative authentication of a person based on an interaction with another person. A request for collaborative authentication is sent to the computing device of a person wanting to access a system, including an authentication ID unique to the request. The person collaborates with another person associated with the system and provides the second person with the authentication ID. The second person sends the authentication ID to the system such that the system associates the second person with the first person. Data is sent to the second person in order to challenge the first person. The first person responds to the challenge using the computing device and the system receives the response. The system compares the response to an expected answer and can either allow or deny the first person access to the system based on the comparison. Co-location may also be verified. | 09-11-2014 |
20140282921 | RESOURCE-BASED ACTION ATTRIBUTION - A system of resource-based action attribution provides a mechanism for tracking actions performed on a resource shared among multiple users of a resource sharing system, whether the users are authenticated within the resource sharing system or not. The tracking mechanism may allow users to track identifying information of other users who perform actions (e.g., editing actions) on the shared resource. A user can access a resource by providing a resource identifier and/or an access credential associated with the resource. The user's actions on the resource can be associated with an invitee identifier (e.g., an email address) that is associated in memory with the resource identifier and/or the access credential. | 09-18-2014 |
20140282922 | DISTRIBUTION OF SECURE OR CRYPTOGRAPHIC MATERIAL - A user having remote device wants to access an application that requires that the user possess a user application cryptographic credential. If the application needs to verify the identity of the user, the user's remote device performs a cryptographic operation using the user application cryptographic credentials, and sends the result to the application. A configuration for securely distributing the user application cryptographic credentials includes at least one gateway located at an enterprise that is under the control of an enterprise administrator, and a controller that is not located at the enterprise but can be configured by the enterprise administrator to cooperate with the at least one gateway. | 09-18-2014 |
20140282923 | DEVICE SECURITY UTILIZING CONTINUALLY CHANGING QR CODES - A method provides device access security via use of periodically changing Quick Response (QR) codes. The method includes: generating a first authentication QR code and assigning the generated QR code as the current authentication mechanism for accessing the device. Contemporaneously with the generation of the QR code, at least one QR code validity parameter is established to define when access to the device can be provided to a second device that provides the correct authentication QR code along with the access request. The method includes, in response to a pre-defined trigger of the QR code validity parameter: generating a new authentication QR code, different from a previously generated authentication QR code; assigning the new authentication QR code as the current authentication mechanism for accessing the device; and enabling access to the first device to only second devices that provide the current authentication QR code as the authentication mechanism. | 09-18-2014 |
20140282924 | APPLICATION CONNECTION FOR DEVICES IN A NETWORK - A method for application connection comprises discovering information for communicating with a first electronic device. The first electronic device includes an application launched thereon. A symbolic code representing the discovered information is generated. The symbolic code is displayed on a display device. The symbolic code is used to gain access to the first electronic device via a second electronic device. The application is connected via the second electronic device. | 09-18-2014 |
20140282925 | Personal Authentication Device and System for Securing Transactions on a Mobile Device - A personal authentication device for use with a mobile device, comprising a secure processor, a crypto engine supporting certificate functions, a wireless communication module, a cryptographic engine, a memory, a hardware based identity, a policy engine, one or more security features; and an on-board main power battery. Also a system comprising the personal authentication device and a verification authority, and an associated method of authentication. | 09-18-2014 |
20140282926 | DOSSIER PACKAGING - The subject technology discloses configurations for receiving a request from a user to log into a communications server in which the request includes user credentials The user is authenticated based on the included user credentials in the request. The user is then permitted to log into the communications server if the user is successfully authenticated. An input selecting a person of interest is received. The subject technology retrieves information associated with the selected person of interest. A dossier of information including the retrieved information associated with the selected person of interest is generated. The subject technology transmits the generated dossier to the user or an indicated recipient. | 09-18-2014 |
20140282927 | SYSTEM AND METHOD FOR LOCATION BASED VALIDATION VIA MOBILE DEVICE - A system and method is presented for authenticating a user based on the location of a mobile device relative to the location of an accessing device. A user attempting to access a server with the accessing device (e.g., a desktop computer) provides credentials. After validating the credentials, the system determines a mobile device (e.g., a mobile phone) associated with the user. In order to confirm the credentials, the system determines a location of the accessing device relative to a location of the associated mobile device. If the mobile device is within a predefined proximity of the accessing device, the received credentials are confirmed and the user may be allowed access to the server. If the mobile device is not within the predefined proximity of the accessing device, the received credentials are identified as invalid and the user may be denied access to the server. | 09-18-2014 |
20140282928 | METHOD TO ENABLE MOBILE DEVICES TO RENDEZVOUS IN A COMMUNICATION NETWORK - There is provided a method to enable mobile devices to rendezvous on a shared communication service. The method includes steps for creating, via a device, a shared username and a shared password for a private channel in a communication network, determining a unique channel identification (ID) for the private channel based on the shared username and the shared password, and configuring the device with the shared username and the shared password. The method further includes steps for subscribing the device to the private channel using the unique channel ID, transmitting, in response to a discovery request, a self-identification discovery response over the private channel, and broadcasting data between the device and each additional device connected to the private channel. | 09-18-2014 |
20140282929 | CONTROLLING PHYSICAL ACCESS TO SECURE AREAS VIA CLIENT DEVICES IN A NETWORKED ENVIRONMENT - A method is disclosed for providing physical access credentials to a client device. The method may include receiving a request for a physical access credential, where the first request includes at least one user access credential and at least one physical access point identifier. The method may also include determining whether the request should be granted based at least in part on the at least one user access credential. The method may further include, in response to determining that the request should be granted, sending the physical access credential associated with the physical access point. | 09-18-2014 |
20140282930 | Social Media Based Identity Verification - An approach is provided to use social media content to verify the identity of a user. In the approach, a user authentication request pertaining to a user is received. In response, user questions and expected answers are retrieved from social media content that is accessible by the user. The user is prompted to provide user answers responsive to the user questions. The user authentication request is confirmed in response to receiving user answers that match the expected answers. Conversely, user authentication request is invalidated in response to receiving user answers that fail to match the expected answers. | 09-18-2014 |
20140282931 | SYSTEM FOR VEHICULAR BIOMETRIC ACCESS AND PERSONALIZATION - A system and method for authenticating a user and creating and applying a user profile may include authenticating an administrator via an administrator identification. A user identification distinct from the administrator identification may be received, as well as a set of selected features associated with the user. A profile may be created and may include the user identification and the set of selected features. The profile may be applied in response to authenticating a user based on the user identification. | 09-18-2014 |
20140282932 | COMPUTING SYSTEM WITH IDENTIFICATION MECHANISM AND METHOD OF OPERATION THEREOF - A method of operation of a computing system includes: providing a portable authorization module having a module enclosure and an identification unit, the module enclosure completely covering unit contacts of the identification unit; receiving operation power wirelessly for operation of the portable authorization module; and transmitting an identification signal from the portable authorization module for identifying communication from a device. | 09-18-2014 |
20140282933 | DEVICE AUTHENTICATION USING DEVICE ENVIRONMENT INFORMATION - A device authentication server authenticates a remotely located device using a detailed history of movement of the device. Such movement history is represented by data representing a history of the external state of the device within a physical environment, examples of which include accelerometer logs, orientation logs, and magnetic field logs. To authentication of the device, the device authentication server sends a device key challenge to the device. The device key challenge specifies a randomized selection of device attribute parts to be collected from the device and the manner in which the device attribute parts are to be combined to form a device key. The device key is data that identifies and authenticates the device and includes a device identifier and device environmental data for comparison to reference device environmental data. | 09-18-2014 |
20140282934 | PERSONNEL CRISIS COMMUNICATION MANAGEMENT SYSTEM - Systems and methods are disclosed for providing personnel communications management within an enterprise or group of related enterprises during crisis situations. In particular, the systems and methods provide event management, shared situational awareness, personnel tracking, and unified crisis notification management to multiple users. | 09-18-2014 |
20140289819 | SYSTEM AND METHOD FOR NON-INTRUSIVE, PRIVACY-PRESERVING AUTHENTICATION - A system, apparatus, method, and machine readable medium are described for non-intrusive privacy-preserving authentication. For example, one embodiment of a method comprises: entering into a legitimate user state on a client device for a time period following an explicit authentication by an end user; recording reference data related to user behavior while in the legitimate user state; measuring user behavior when outside of the legitimate user state and arriving at an authentication assurance level based on a distance between the measured user behavior and the recorded reference data; in response to an authentication request within the legitimate user state, providing an authentication assurance level at or above a defined threshold, the authentication assurance level being sufficient to authenticate the user to a relying party; and in response to an authentication request while outside of the legitimate user state, providing the authentication assurance level based on a distance between the measured user behavior and the recorded reference data. | 09-25-2014 |
20140289820 | SYSTEM AND METHOD FOR ADAPTIVE USER AUTHENTICATION - A system, apparatus, method, and machine readable medium are described for adaptive authentication. For example, one embodiment of an apparatus comprises: an adaptive authentication module to receive a client request to perform a transaction which requires authentication; a risk engine to analyze first data related to a client to determine a risk value associated with the client; an assurance level gain analysis module to determine an assurance level required for allowing the client to complete the transaction and to determine an assurance level gain required to arrive at the assurance level based on the risk value; the adaptive authentication module to select one or more authentication techniques based at least in part on the indication of the assurance level gain. | 09-25-2014 |
20140289821 | SYSTEM AND METHOD FOR LOCATION-BASED AUTHENTICATION - A system, apparatus, method, and machine readable medium are described for location-aware authentication. For example, one embodiment of a location-aware method for user authentication comprises: determining a current location of a mobile device; identifying a location class corresponding to the current location; selecting a set of one or more authentication techniques to provide a sufficient level of user authentication for a current transaction based on the identified location class. | 09-25-2014 |
20140289822 | SYSTEM AND METHOD FOR CONFIRMING LOCATION USING SUPPLEMENTAL SENSOR AND/OR LOCATION DATA - A system, apparatus, method, and machine readable medium are described for performing authentication using environmental data. For example, one embodiment of a method comprises: collecting environmental sensor data from one or more sensors of a client device; using a geographical location reported by the device to collect supplemental data for the location; comparing the environmental sensor data with the supplemental data to arrive at a correlation score; and responsively selecting one or more authentication techniques for authenticating a user of the client device based on the correlation score. | 09-25-2014 |
20140289823 | METHODS AND APPARATUS FOR NON-CONTACT RADIO FREQUENCY DETECTION AND AUTOMATIC ESTABLISHMENT OF CORRESPONDING COMMUNICATION CHANNEL - Methods and apparatus for establishing secure communications are disclosed. An identifier is received from a personal object such as a ring. This identifier is received, for example, through a non-contact near field communication. The identifier is recognized and associated to a mobile terminal device of a user, the mobile terminal device being separate from the object. Then, a secure communication channel is established with the mobile terminal device over another connection that preferably provides a secure communication channel. | 09-25-2014 |
20140289824 | SHARING AUTHENTICATION PROFILES BETWEEN A GROUP OF USER DEVICES - Technology is disclosed for sharing an authentication profile of a user between a group of user devices for accessing an access restricted computing environment (“the technology”). The access restricted computing environment can require the user to input authentication information, such as a username, password, or answers to challenge questions, to authenticate the user. For example, to access a wireless network on a first user device, a user may have to input a password for the wireless network. To access the same wireless network on a second user device, the user may have to input the password again on the second user device. The technology facilitates the user to obtain the authentication information required to access the wireless network from another user device, e.g., a device from which the user has accessed the wireless network previously. This can eliminate the need for the user to manually input the authentication information repeatedly. | 09-25-2014 |
20140289825 | CONNECTING TO WI-FI NETWORK BASED OFF APPROVAL FROM ANOTHER USER DEVICE - Technology is disclosed for sharing an authentication profile for accessing a Wi-Fi network between multiple devices. To access a particular Wi-Fi network on a first device and a second device, authentication information, e.g., a password for the Wi-Fi network, may have to be input on both the devices. In some embodiments, the technology facilitates obtaining an approval for accessing the Wi-Fi network on the second device from the first device. Upon receiving a request from a user of the second device to access the Wi-Fi network on the second device, the second device requests if any of the devices, e.g., devices in proximity, can approve the access request. A notification is displayed on the first device regarding the access request. The user associated with first device can then approve the access request, which causes authentication information for accessing the Wi-Fi network to be transmitted to the second device. | 09-25-2014 |
20140289826 | ESTABLISHING A COMMUNICATION SESSION - A secure communication session is established between a first endpoint and a second endpoint. The first endpoint can contact the second endpoint via a first communication network and via a second communication network. The first communication network is more trusted than the second communication network. The first endpoint determines that a secure communication session is required. A security association is established between the endpoints for the communication session on a connection via the first communication network. Service is received on a connection via the second communication network using the previously established security association. The step of establishing a security association can comprise authenticating the second endpoint and negotiating a shared secret and the step of receiving service on a connection via the second communication network can occur without any further negotiation of key material or authentication between the endpoints via the second communication network. | 09-25-2014 |
20140298428 | METHOD FOR ALLOWING USER ACCESS, CLIENT, SERVER, AND SYSTEM - The present invention relates to the technical field of computer application, and more particularly to a method for allowing user access, a client, a server, and a system, for solving the problem that when a user accesses a server, it cannot be determined whether the user is allowed to continue accessing the server. The method comprises: a server receiving a type identifier and/or server identifier and user identity information sent from a client, for each application accessed by a login user, the client generating a type identifier and/or server identifier corresponding to the application; the server determining the number of type identifiers and/or server identifiers received for the user according to the user identity information, and determining whether to allow access of the user. The method can solve the problem that when a user accesses a server, it is determined whether the user is allowed to continue accessing the server. | 10-02-2014 |
20140298429 | Method For Operating a Network Device - The invention relates to a method for releasing a network device of a network system that comprises at least the one network device and at least one server. At least one second identifier that is assigned to a mobile computing device is stored in a database of the server. The method has the steps of detecting a first identifier, which is installed on the network device to be released, using the mobile computing device; transmitting the detected first identifier and a second identifier, which is assigned to the detecting mobile computing device, from the mobile computing device to the server; comparing the transmitted second identifier with the at least one second identifier stored in the database; and releasing the network device by means of the server if the result of the check is positive. | 10-02-2014 |
20140298430 | ELECTRONIC COMBINATION LOCK USING FIELDS WITH POSITION INDICATORS - Systems and methods are provided for authenticating users using an electronic combination lock. More specifically, systems and methods are provided for authenticating users using an electronic combination lock by setting a passcode by manipulating a field including selecting multiple indicators in the field in a particular sequence and requiring an accessing user at a later time to repeat the sequence. | 10-02-2014 |
20140298431 | Information Security System in Smart Mobile Environment - Provided is a security communication method of a terminal device. A first authentication unit of the terminal device identifies a first subscriber to connect a first communication network. A second authentication unit of the terminal device exclusively operates with the first authentication unit, and identifies a second subscriber to connect a second communication network which is different from the first communication network. When the second subscriber is identified, at least one external communication module of the terminal device can be inactive. | 10-02-2014 |
20140304784 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR MANAGING ACCESS TO SYSTEMS, PRODUCTS, AND DATA BASED ON INFORMATION ASSOCIATED WITH A PHYSICAL LOCATION OF A USER - In accordance with embodiments, there are provided mechanisms and methods for managing access to data based on information associated with a physical location of a user. These mechanisms and methods for managing access to systems, products, or data based on information associated with a physical location of a user can enable improved data management efficiency, enhanced data management accuracy, decreased data management costs, decreased licensing costs, increased security, additional marketing opportunities, etc. | 10-09-2014 |
20140304785 | METHOD FOR SECURING NAME REGISTRIES, NETWORK ACCESS AND DATA COMMUNICATION IN ID/LOCATOR SPLIT-BASE NETWORKS - The invention provides a new system for internet security. The internet network system comprises a first Edge Network | 10-09-2014 |
20140310785 | IDENTITY MODULE WITH INTERCHANGEABLE UNIQUE IDENTIFIERS - A telecommunications system is provided, comprising a plurality of different cellular telecommunications networks, an identity module registrable on the plurality of different networks and containing multiple unique identifiers, each unique identifier being associated with a respective network; and, a device, operative in accordance with the identity module, to communicate with the networks when the identity module is registered on that network. The identity module comprises a common security key associated with at least two of the unique identifiers such that the identity module is registrable on each one of the plurality of networks when a unique identifier of the identity module and its associated security key are authenticated for that network. | 10-16-2014 |
20140310786 | INTEGRATED INTERACTIVE MESSAGING AND BIOMETRIC ENROLLMENT, VERIFICATION, AND IDENTIFICATION SYSTEM - The present invention provides an integrated interactive messaging system having a biometric engine in order to enhance security of interactive transactions or communications, while also expanding interactive capabilities. The biometric engine is operatively coupled to an interactive messaging system through a suitable network connection. The integrated system includes one or more biometric clients, as well as one or more client application servers. A rules engine is in communication or incorporated within the interactive messaging system. | 10-16-2014 |
20140317699 | USER AUTHENTICATION USING UNIQUE HIDDEN IDENTIFIERS - Systems and methods are provided for user authentication using hidden unique identifiers in networks. In some example embodiments these systems and methods only require a single human readable identifier be provided and minimize personal information exposure in the event of a network breach. | 10-23-2014 |
20140317700 | Method, Device and System for Verifying Based on Verification Diagram, and Storage Medium - The invention discloses a method, a device and a system for verifying based on a verification diagram, and a storage medium, and the method includes: generating an input interface diagram according to a verification diagram including a basic information element and verification information, where the input interface diagram includes the basic information element of the verification diagram except for the verification information; transmitting the verification diagram and the input interface diagram to a terminal; receiving sliding path information inputted on the input interface diagram presented on the terminal; and determining whether the sliding path information matches the verification information, and if so, the verification is successful. The invention is advantageous for preventing the erroneous verification information inputted into a verification code input box caused due to an erroneous touch on an input keyboard, thereby improving the success rate of login authentication on a terminal user by a web-hosting server. | 10-23-2014 |
20140317701 | SYSTEMS AND METHODS FOR ESTABLISHING CLOUD-BASED INSTANCES WITH INDEPENDENT PERMISSIONS - A method and system for facilitating management of cloud-based service instances, the system comprising one or more computing systems configured to communicate with at least one multi-tenant computing cloud, and configured to establish a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud service instance. The system can receive a request for the cloud-based service instance, the request authenticated as originating from a requestor; consult a set of access controls associated with the cloud-based service instance; determine, responsive to the consulting, if the request is allowable by the requestor; and enable, responsive to determining that the request is allowable by the requestor, the requestor to complete the request using a restricted access credential associated with the access entity. | 10-23-2014 |
20140325616 | FILE SYSTEM LEVEL DATA PROTECTION DURING POTENTIAL SECURITY BREACH - Immediately upon identifying a potential breach to a file system, a read-only snapshot of one or more file sets of data stored on a storage volume of the file system is created, and one or more file system protection commands are invoked that restrict access to the snapshot of the file set. Generating the snapshot and restricting access to the snapshot data may include immediately opening an administrative shell for the file-system in response to identifying a potential breach, and executing administrative shell commands that invoke creation of snapshot and limit access of the snapshot data to an administrator or super user. | 10-30-2014 |
20140325617 | DETECTING HORIZONTAL ATTACKS - Horizontal attacks may be detected in an authentication system by comparing entered credentials to a list of common credentials, increasing a score if the entered credential matches a credential on the list of common credentials, and then making a security determination based on the score. The score increase may be weighted based on factors including a recentness of a previous authentication, a similarity of the credential to a correct or common credential, a commonality of the entered credential, and whether or not additional security precautions are being taken. The score may be associated with a credential, an authentication attempt, or may be a system-wide score that, when it reaches a threshold may be indicative of a system-wide attack. | 10-30-2014 |
20140325618 | SYSTEM AND METHOD FOR DELIVERING EXTERNAL DATA TO A PROCESS RUNNING ON A VIRTUAL MACHINE - In a computer system including a computer terminal, an operating system installed on said computer terminal, a virtual machine running on the operating system, a server communicatively coupled to the computer terminal and a process including instructions that when executed on a virtual machine define a user interface; a Single Sign On (SSO) system comprising a database of authentication credentials accessible to the computer terminal, and instructions executable on the virtual machine operative to: obtain user interface state data from the process; query the virtual machine to obtain component data related to the user interface state data; and manipulate the component data so as to deliver authentication credentials to the process. | 10-30-2014 |
20140325619 | METHOD AND SYSTEM FOR ACCESS CONTROL - In a method for control accessing to a communication account, a second terminal obtains the identification information of a first terminal, and sends the communication account information and identification information of the first terminal to the communication platform; the communication platform sends the communication account information to the first terminal based on the identification information. The first terminal sends the communication account information to a near-field communication (NFC) device and reads the communication account information stored in the NFC device when the distance between them is within the preset range. The first terminal then sends its identification information and the communication account information read from the NFC device to the communication platform. Based on communication account information and identification information, the communication platform controls the first terminal to log in by the use of communication account information. | 10-30-2014 |
20140325620 | SYSTEM AND METHOD FOR MANAGING HETEROGENEOUS COMPUTING ENVIRONMENTS - A framework is provided for managing heterogeneous computing environments. The framework includes at least a first computing device having a Windows based operating system, at least a second computing device having a non-Windows or a Windows based operating environment, and a framework module for providing account management, event log management and security management. In one embodiment, the framework module including a secure store technology component and a task automation framework. The task automation framework is interchangeable to provide at least one of a plurality of functions. The secure store technology component is a Windows based file system that is integrated to administrative tasks for controlling and managing non-Windows and Windows based systems remotely. Also disclosed is a system for transferring data, in the form of files, from a first location in the cloud to a second location in the cloud. | 10-30-2014 |
20140325621 | IMPLEMENTING SINGLE SIGN-ON ACROSS A HETEROGENEOUS COLLECTION OF CLIENT/SERVER AND WEB-BASED APPLICATIONS - Leveraging an established authenticated session in obtaining authentication to a client application includes receiving a request for access to a client application requiring authentication of a requestor and determining whether there exist characteristics of leverageable authentications corresponding to established sessions having an authenticated state at a time of the determination. When the determination reveals characteristics of at least one leverageable authentication corresponding to an established session, and attempt is made to obtain access for the requestor to the client application based on the at least one leverageable authentication, and the requestor is provided with a notification related to the 1 attempt to obtain access for the requestor to the client application. | 10-30-2014 |
20140331292 | ABSTRACTED AUTHENTICATED CLIENT CONNECTIVITY APPLICATION PROGRAMMING INTERFACE (API) - A request to establish a connection to a server application executed by a server device is received at a client-side authenticated-connection application programming interface (API) from a client application executed by a client device. The connection request is sent from the client device to a server-side authenticated-connection API executed by the server device. The connection request includes user identification information usable to authenticate a user of the client application with the server-side authenticated-connection API to access the server application. A connection establishment acknowledgement is received from the server-side authenticated-connection API. A handler that represents an established connection to the server application is returned to the client application as a connection establishment acknowledgement. The client application is configured to communicate with the server application using the handler over the established connection with the separate application-specific read/write API. | 11-06-2014 |
20140331293 | Risk Adjusted, Multifactor Authentication - A computer-implemented method comprising: receiving, from a device used by a user, a request to access a resource hosted by a computer system; identifying, by the computer system, a level of risk associated with the user requesting access to the resource; adjusting, by the computer system an authentication standard for access to the resource, adjusting based on the identified level of risk; determining values for authentication factors used in authenticating the user's access to the resource; applying weights to the values for the authentication factors; and determining, based on a comparison of the weighted values to the adjusted authentication standard, whether the user is authorized to access the resource. | 11-06-2014 |
20140331294 | METHOD OF SECURING A COMPUTING DEVICE - A method of securing a computing device is disclosed. The computing device is configured to store an access key in a storage location in order for the computing device to operate in an operational mode. The method comprises removing the access key from the storage location in response to an event indicative of the end of the operational mode. | 11-06-2014 |
20140337937 | METHODS AND DEVICES FOR DETECTING UNAUTHORIZED ACCESS TO CREDENTIALS OF A CREDENTIAL STORE - Methods and devices for detecting unauthorized access to credentials of a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises monitoring a plurality of credentials of the credential store accessed within a period associated with a first setting, and responsive to determining that a number of credentials accessed within the period exceeds a threshold associated with a second setting, outputting, in a user interface, an indication of potential unauthorized access to the credential store. In at least one embodiment, each of the credentials accessed within the period is associated with a different user account. | 11-13-2014 |
20140337938 | BOOKMARKING AND LASSOING IN A GEO-SPATIAL ENVIRONMENT - A method, apparatus and system of bookmarking and lassoing in a geo-spatial environment are disclosed. In one embodiment a method of bookmarking a plurality of entries includes receiving a lasso drawn on a geo-spatial map by a user, obtaining a region on the geo-spatial map based on the lasso, obtaining the plurality of entries from within the region, creating a plurality of bookmarks corresponding to the plurality of entries, associating the plurality of bookmarks with the user, and enabling access to the plurality of entries by the user using the plurality of bookmarks. The method may further include associating the plurality of entries with a group. The method may also include providing additional information corresponding to the plurality of entries to the user. The method may include presenting a mass profile edit option to the user for the plurality of entries. | 11-13-2014 |
20140337939 | CLIENT DISTRIBUTION SYSTEM, CONTENT DISTRIBUTION METHOD, AND CLIENT TERMINAL - The user of any one portable terminal sends a content information request including a user ID to a distribution server. In response, the distribution server distributes a stream data of content that can be used on the user's terminal. If the user of first portable terminal intends to let a second portable terminal try out a certain content, the user sends to the distribution server the trial permission information including the user's own user ID, a content ID of the content of interest, and a digital signature. The distribution server authenticates the received information before distributing a streaming data of a trial-oriented content with the content ID and user ID attached to it as search keys. This allows the content that can be used on a given user terminal to be tried out on another user terminal without the latter user having recourse to the steps of searching for the content in question. | 11-13-2014 |
20140337940 | Remote Provisioning of 3GPP Downloadable Subscriber Identity Module for Virtual Machine Applications - A method is presented of providing a subscriber identity for the provision of services on behalf of the subscriber in a virtual computing environment. The method includes receiving a request to establish an execution environment for a virtual machine-to-machine equipment, vM2 M E. The vM2ME is provided, comprising software for execution in the virtual computing environment and a downloadable Subscriber Identity Module. A Communications Module, CM, is set up for execution in a domain of a virtualisation platform. The CM provides an end-point for communications between the vM2ME and a 3GPP network. The Subscriber Identity Module is installed for execution together with the CM, the Subscriber Identity Module including a 3GPP identity of the subscriber, security data and functions for enabling access to the vM2ME via the 3GPP network. | 11-13-2014 |
20140344904 | SUPPORTING PROXIMITY BASED SECURITY CODE TRANSFER FROM MOBILE/TABLET APPLICATION TO ACCESS DEVICE - Techniques are disclosed for authenticating users to a computing application. A mobile or tablet device is used to generate a security code. Near field communication (NFC) hardware on the mobile device is used to transfer the security code from the mobile device to a computer. To transfer the one-time value, a user simply taps an NFC enabled mobile device on an NFC enabled computing device (e.g. a laptop running a web browser used to access a web service). In one embodiment, doing so triggers a connection between the two devices and an application running on the mobile device transfers the security code to an NFC receiver application running on the computer. The receiving computer may be configured to auto-fill the received security code in the appropriate form field of the application authentication interface. | 11-20-2014 |
20140344905 | Message Delivery System - A processor-based method for delivering messages to recipients upon the death of a user. User accounts are created by receiving a social security number from a user computer, and storing the social security number in a memory and in association with a given user account. Recipient contact information is received from the user computer, and stored in the memory and in association with the given user account. The messages to be delivered upon the death of the user are also received from the user computer, and stored in the memory and in association with the given user account. A processor, according to a predetermined cyclical time schedule, compares the social security numbers associated with the user accounts to an electronically accessible listing of social security numbers of people who have died. When a match is found between the social security numbers of people who have died and a social security number associated with one of the user accounts, then the messages associated with the user account are sent through an output to the recipients associated with the user account. | 11-20-2014 |
20140351902 | APPARATUS FOR VERIFYING WEB SITE AND METHOD THEREFOR - Disclosed are an apparatus and a method for verifying a web site by using a mobile terminal. A method, performed in a server verifying a web site, comprises receiving a message requesting verification on truth or falsehood of a web site which an access terminal accesses from the access terminal; processing the web site based on an Uniform Resource Location (URL) of the web site according to the message; generating verification information for verifying truth of falsehood of the web site based on the URL of the web site, and transmitting the verification information to a mobile terminal; and receiving verification result information on the web site which is generated in the mobile terminal based on an image of the web site and the verification information, and transmitting the verification result information to the access terminal. | 11-27-2014 |
20140351903 | AUTHENTICATION MECHANISM - A method is provided in which both device application and service capability portions of a machine-to-machine (M2M) device can be authenticated to the M2M platform. First, the service capability portion of the M2M device is authenticated at an M2M platform; at this stage, the M2M device enters a partially authenticated state. Next, the device application portion is authenticated at a network application of a M2M system. The M2M platform is informed of the authentication of the device application in order for the M2M device to move from the partially authenticated state to a fully authenticated state. | 11-27-2014 |
20140351904 | METHOD FOR PAIRING ELECTRONIC APPARATUSES - A method of pairing a first item of equipment, termed an initiating equipment desiring to transmit and receive data with a second item of equipment, termed an accepting equipment. The method includes: generating a pairing code; restoring, in the form of a first symbol, the paring code by the accepting equipment; acquiring the first symbol by the initiating equipment; and decoding the first symbol acquired delivering the pairing code. | 11-27-2014 |
20140351905 | Ensemble Computing - Described herein are methods, systems, and computer program products for seamless interoperability between multiple computing nodes. A server computing device receives, from a first computing node in a plurality of computing nodes, a message for transmission to one or more other computing nodes, the message generated by the first computing node based upon application-specific instructions from a first application on the first computing node, where the plurality of computing nodes is defined as a virtual network at the server computing device and each computing node includes an ensemble module for communicating with the server. The server determines one or more other computing nodes in the virtual network to receive the message. The server transmits the message to the determined one or more other computing nodes, where each of the destination computing nodes formats the message into application-specific instructions for a second application on the determined node. | 11-27-2014 |
20140351906 | STORAGE GATEWAY ACTIVATION PROCESS - Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider. | 11-27-2014 |
20140359721 | Live Tiles Without Application-Code Execution - This document describes techniques enabling live tiles without application-code execution. These techniques permit live content to be presented in tiles without executing code of applications associated with those tiles. By so doing, live tiles may be presented more safely, faster, or using fewer resources. | 12-04-2014 |
20140359722 | METHOD AND APPARATUS FOR PROVIDING MULTI-SENSOR MULTI-FACTOR IDENTITY VERIFICATION - An approach for multi-sensor multi-factor identity verification. An identity verification platform determines biometric data associated with a user from one or more sources. The one or more sources are associated with one or more respective network sessions. The platform generates one or more respective trust scores for the one or more sources, the one or more respective network sessions, or a combination thereof based on one or more contextual parameters associated with the user, the one or more sources, the one or more respective network sessions, or a combination thereof. Then the platform verifies an identity of the user based on the biometric data and the one or more respective trust scores. | 12-04-2014 |
20140359723 | COMPUTER PROGRAM, SYSTEM, AND METHOD FOR PROVIDING A USER ACCESS TO ELECTRONICALLY PROVIDED CONTENT - A computer program, method, and system for providing a user access to content in response to an unprompted input or other triggering event at or on a user device. More particularly, the computer program, method, and system provide for the presentation of a masked access point to content. Upon the detection of an input by the user, if said input matches a predetermined access key, then the content is delivered to and/or retrieved by the user device. | 12-04-2014 |
20140359724 | COMMUNICATION SYSTEM HAVING ACCESS CONTROL AS WELL AS METHOD FOR GRANTING ACCESS IN A COMMUNICATION SYSTEM - A communication system includes a first wireless communication device for providing communication access for a mobile computer device in a first communication area. The first wireless communication device comprises an access control system for granting access based on authentication information known by the mobile computer device. A second communication device provides the authentication information for the mobile computer device. Furthermore, the invention relates to a method for granting access, executable by the communication system mentioned above, as well as to a maintenance system and/or an aircraft having such communication system. | 12-04-2014 |
20140359725 | System and Method for Providing Authentication and Authorisation for a Person to Perform Specific Instructions (Tasks) - An electronic system comprising: means for authenticating a task using a password entered into the system, by displaying, in an irregular manner, a plurality of symbols used to enter the password, where the symbols appear on an electronic screen of a device connected to the system. | 12-04-2014 |
20140359726 | Login Process for Mobile Phones, Tablets and Other Types of Touch Screen Devices or Computers - A process including: displaying icons used for password entry into an electronic system, in such a way that a hand movement associated with entry of the password into the system is randomised. | 12-04-2014 |
20140359727 | INFORMATION PROCESSING APPARATUS, VERIFICATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, VERIFICATION PROCESSING METHOD, AND PROGRAM - Provided is An information processing apparatus including a processing unit configured to transmit commitment information including identification information on a verification processing apparatus to the verification processing apparatus, generate response information used for the verification processing apparatus to execute a process related to verification based on challenge information transmitted from the verification processing apparatus, and transmit the response information to the verification processing apparatus or configured to transmit the commitment information to the verification processing apparatus, generate second challenge information including the identification information based on first challenge information transmitted from the verification processing apparatus, generate the response information based on the generated second challenge information, and transmit the response information to the verification processing apparatus. | 12-04-2014 |
20140359728 | SYSTEMS AND METHODS FOR USING END POINT AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT - The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result. | 12-04-2014 |
20140359729 | SYSTEMS, METHODS AND APPARATUS TO APPLY PERMISSIONS TO APPLICATIONS - Methods and apparatus are disclosed to apply permissions to applications. A disclosed example apparatus includes an address trust manager to obtain a first network address having a request for address authentication from a first entity, the first network address having a second network address associated with a second entity to execute the application, an address associator to compare the first network address to a trusted address database to determine whether the first network address is trusted, and a shadow environment communicator to generate a signed message based on the comparison of the trusted address database, the address trust manager to transmit the signed message to the second entity with an indication of authorization via the first network address in response to a match in the trusted address database, and transmit the signed message to the second entity with an indication of non-authorization via the first network address in response to a lack of a match in the trusted address database. | 12-04-2014 |
20140366103 | DEVICE AUTHENTICATION USING DISPLAY DEVICE IRREGULARITY - A device authentication server authenticates a remotely located device using data representing pixel irregularities of a display of the device. Since each display will deteriorate in a unique and randomized way, a unique mapping of pixel irregularities of a display of a device will be unique. By combining unique map of pixel irregularities of a display of the remotely located device, the device can be distinguished from similar devices when other attributes alone are insufficient to uniquely identify the device. | 12-11-2014 |
20140366104 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING APPARATUS - An information processing system includes one or more information processing apparatuses that implement an output data reception unit that receives sets of output data via a network, an identification unit that identifies a user identifier to be associated with the received sets of output data by referring to user information stored in a user information storage unit, a storage processing unit that stores the sets of output data in a data storage unit in association with individual identifiers and a common identifier when the user identifier is not identified by the identification unit, a reporting unit that reports the common identifier via the network, and a transmission unit that receives the user identifier or a combination of an individual identifier and the common identifier via the network, and sends output data associated with the received user identifier or the received combination via the network. | 12-11-2014 |
20140366105 | CONFIGURING WIRELESS ACCESSORY DEVICES - This document describes, inter alia, techniques for configuring or setting up a wireless device. As an example of the features described herein, a first wireless device may be used to configure a second wireless device as follows: the first wireless device may detect that the second wireless device is available and is configurable; the first wireless device may connect to the second wireless device and transmit configuration information to the second wireless device, where the configuration information includes credentials that may be used to access a wireless network (e.g., a password to access a Wi-Fi network); the first wireless device and the second wireless device may then both connect to the wireless network, using the credentials; once both devices are connected to the wireless network, the first wireless device may verify that the second wireless device has been correctly configured. | 12-11-2014 |
20140366106 | APPARATUS AND METHOD FOR PROCESSING DATA OF APPLET INCLUDED IN A PLURALITY OF SECURE ELEMENTS - Disclosed is a method of allowing a main terminal to communicate with a portable terminal comprising first and second secure elements. The method includes: allowing the main terminal to communicate with the portable terminal by using a first applet identifier which is previously recorded in the main terminal; and allowing the main terminal to communicate with the portable terminal by using a second applet identifier which is previously recorded in the main terminal, wherein allowing the main terminal to perform the communication by using the first applet identifier and the allowing the main terminal to perform the communication by using the second applet identifier are alternately and repeatedly carried out. | 12-11-2014 |
20140366107 | METHODS AND SYSTEMS FOR ENHANCING THE ACCURACY PERFORMANCE OF AUTHENTICATION SYSTEMS - A method for enhancing the accuracy performance of authentication systems includes determining an authentication data requirement for a desired transaction and at least one new verification phrase. The method also includes capturing authentication data from a user with a communications device in accordance with the authentication data requirement, and capturing biometric data of the at least one new verification phrase from the user with the communications device. Moreover, the method includes adding the determined at least one new verification phrase to an enrollment phrase registry and storing the biometric data captured for the at least one new verification phrase in an enrollment data record of the user after successfully authenticating the user. | 12-11-2014 |
20140373111 | VIRTUAL KEY RING - A virtual key ring is disclosed. A graphical representation of a key ring or keychain having a plurality of keys is displayed on a computing device, and a pre-determined gesture input from a user indicative of an interaction with the key ring or chain, or one of the keys is received. The wireless operation of a lock can be managed by then accessing stored information associated with a virtual key or the lock in accordance with the pre-determined gesture. Pre-determined gestures can include, for example, movement along a predefined path on a touch screen in order to select a virtual key from among the plurality of virtual keys. The computing device can be a wireless mobile computing device such as a smartphone. The computing device can use any wireless communication technology, NFC and Wi-Fi being examples. | 12-18-2014 |
20140373112 | APPARATUS AND SYSTEM EFFECTIVELY USING A PLURALITY OF AUTHENTICATION SERVERS - A communication apparatus including: a plurality of physical ports to be coupled to different terminals via a network; a plurality of authentication processing units configured to execute an authentication process; and a controller configured to determine which one of the physical ports on which a packet was received from a terminal, to specify a preset authentication process corresponding to the determined physical port on which a packet was received, and to distribute the specified authentication process of the packet from the terminal to an authentication processing unit for executing. | 12-18-2014 |
20140373113 | Trust Based Digital Rights Management Systems - A system and method for allowing access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access to content protected by a different type of digital rights management system. Hierarchical levels of access to the content may be granted based on at least one of license metadata and credentials. | 12-18-2014 |
20140380437 | SYSTEM AND METHOD OF A RELAY SERVER FOR MANAGING COMMUNICATIONS AND NOTIFICATION BETWEEN A MOBILE DEVICE AND APPLICATION SERVER - Providing a mobile device with web-based access to data objects is disclosed. Authentication information is sent from a mobile device to a relay server. The relay server executes a connection application to establish a connection to a web access server. The authentication information is provided to the web access server associated with a data store hosting a data object. Upon authentication, the data object is provided to the relay server from the data store. The data object is then provided to the mobile device. | 12-25-2014 |
20140380438 | METHOD FOR INTEGRATING MANAGEMENT OF POSTED ARTICLES AND TERMINAL FOR THE SAME - There is provided a method for integrated management of posted articles and a terminal for the method. The method for integrated management of posted articles that is executed in a user terminal includes performing a login using an integrated ID when an integrated ID client module starts, having access to a posted article server where an article is written and requesting writing to the posted article server, transmitting a written and posted article to an integrated ID server and requesting storage of the posted article to the integrated ID server, and receiving a storage location where the posted article is stored from the integrated ID server and notifying the posted article server of the received storage location of the posted article. | 12-25-2014 |
20150020172 | SYSTEM AND METHOD FOR AIDING A USER DECISION REGARDING TIME-SENSITIVE DATA ELEMENTS - Provided is a system and method for aiding a user in deciding upon an appropriate action to take regarding a plurality of time-sensitive data elements, the time-sensitive data elements stored in a first database, based upon stored further information data elements stored in a second database. The user is provided with a report which comprises links between the time-sensitive data elements and the stored further information data elements. | 01-15-2015 |
20150020173 | AUTOMATED DEVICE ACCESS - A method of unlocking a locked device includes receiving a device identifier over a wireless communication protocol, determining if the device identifier is associated with a list of trusted devices, transmitting a request to generate an acoustic signal over the wireless communication protocol based on the determination, receiving the acoustic signal as an audio sound generated external to the locked device, estimating a distance between a source of the audio sound and the locked device, and unlocking the locked device based on the estimation. | 01-15-2015 |
20150020174 | Trust Metrics On Shared Computers - In one embodiment, a method includes receiving data uniquely identifying a particular user to the verification authority and a request to access a shared device. The shared device being configured for use by at least a number of users. The method also includes accessing a social graph of the particular user to determine whether one or more users in the social graph have previously accessed the shared device; and displaying on a display of the mobile device information indicating which of the users in the social graph have previously accessed the shared device. | 01-15-2015 |
20150020175 | ACCOUNT LOGIN METHOD, APPARATUS AND SYSTEM, AND NETWORK SERVER - The examples of the present disclosure provide an account login method, device and system and a network server, which relate to computer communications. The method includes: obtaining current fingerprint information sent from a terminal; determining whether the current fingerprint information is the same with pre-stored initial fingerprint information; and allowing the terminal to log in to an account which is associated with a piece of the pre-stored initial fingerprint information when the current fingerprint information is the same with the piece of the pre-stored initial fingerprint information. By determining whether the received current fingerprint information has existed, and allowing the terminal to log in to an account which is associated with the initial fingerprint information if the current fingerprint information has existed, the method realizes login to an account only by a fingerprint, which avoids the complicated process during login to an internet application and improves the user experience. | 01-15-2015 |
20150026779 | PERFORMING REMOTE WI-FI NETWORK CONFIGURATION WHEN A NETWORK SECURITY PROTOCOL IS UNKNOWN - The disclosure relates to performing a remote Wi-Fi network configuration when a network security protocol is unknown. In particular, Wi-Fi network configurations typically require a name, a security protocol, and authentication credentials. However, users attempting to configure a Wi-Fi network may not know the security protocol or be unable to recall the security protocol when presented with a dialog requesting such details. As such, assuming a finite set of security protocols, the algorithm disclosed herein may assume an OPEN (e.g., unsecured) configuration on the destination Wi-Fi network if no credentials were supplied or alternatively a WPS configuration if credentials consisting of exactly eight digits were supplied. Otherwise, the algorithm may iterate through each security protocol supported on the device supports (e.g., according to popularity, complexity, etc.) until a successful network association occurs or all supported security protocols are exhausted. | 01-22-2015 |
20150026780 | HOST PROVIDING SYSTEM AND COMMUNICATION CONTROL METHOD - A host providing system includes a physical host network switch which determines permission and non-permission of communication on the basis of whether or not information pieces indicating users correlated with information indicating a transmission source and information indicating a transmission destination included in communication data from a physical instance match each other, and controls the communication data on the basis of a determination result. Accordingly, since only communication between instances of the same user is permitted, and thus communication from a physical instance is appropriately controlled, it is possible to ensure security in the system. | 01-22-2015 |
20150026781 | SECURE ELEMENTS BROKER (SEB) FOR APPLICATION COMMUNICATION CHANNEL SELECTOR OPTIMIZATION - Systems and methods for managing concurrent secure elements on a mobile device to coordinate with an application or “app” running on the mobile device and an appropriate communications protocol for conducting transactions using the mobile device include: informing, by the processor, the reader device of a preferred app and a communication protocol usable by the preferred app; receiving, by the processor, information about which apps and communication protocols are supported by a reader for processing a transaction; locating, by the processor, a secure element supporting an app and a communication protocol supported by the reader; channeling the communication protocol for the specific configuration of the app and the supporting secure element; activating the secure element that supports the app; and processing, with the activated secure element, using the supported app and communication channel, the transaction with the reader. | 01-22-2015 |
20150033296 | SHARED SPACE FOR CREW COMMUNICATION - A predetermined group of users using one or more computing devices are allowed to join a shared collaboration and communication space associated with the predetermined group of users. The shared collaboration and communication space is associated with the predetermined group of users for a specified time period and for a predetermined operation that the predetermined group of users are authorized to work on. The predetermined group of users are authenticated based on user identities and information identifying the predetermined operation. The shared collaboration and communication space allows for interactive communication among the predetermined group of users. | 01-29-2015 |
20150033297 | DYNAMICALLY MAPPING USERS TO GROUPS - Methods and systems for authenticating users and assigning authenticated users to groups are provided. A method receives a user credential and email address. The method forwards an authentication request including the email address and credential to a remote authentication provider. Based in part on the presence of a full user name in a received response, the method determines that the user is authenticated. Another method extracts a domain name from a received email address of an authenticated user. In response to determining that the domain name is associated with a group, the method assigns the user to the group. A system includes memory with instructions for assigning an authenticated user to a group. The system receives the user's email address and extracts a domain name from the email address. In response to determining that the domain name is associated with a group, the system assigns the user to the group. | 01-29-2015 |
20150033298 | DEVICE AUTHENTICATION USING PROXY AUTOMATIC CONFIGURATION SCRIPT REQUESTS - Methods and systems for performing device authentication using proxy automatic configuration script requests are described. One example method includes generating a unique key for a client device; configuring the client device to send a request for a proxy automatic configuration (PAC) script upon accessing a network, the request including the unique key; receiving, over a network, a request for the PAC script including a request key; and authenticating the client device on the network if the request key matches the client device's unique key. | 01-29-2015 |
20150033299 | SYSTEM AND METHODS FOR ENSURING CONFIDENTIALITY OF INFORMATION USED DURING AUTHENTICATION AND AUTHORIZATION OPERATIONS - Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to carry out an operation control procedure for the service; identifying the user of the service; selecting a trusted device associated with the identified user of the service; sending, to the selected trusted device, a request for confidential information of the user, wherein the confidential information is used to carry out the operation control procedure; receiving the confidential information from the selected trusted device; and carrying out the operation control procedure using the received confidential information. | 01-29-2015 |
20150033300 | USER EQUIPMENT HAVING WEB REAL TIME COMMUNICATION ARCHITECTURE - A communication device configured to provide Web real-time communication (WebRTC) for interne protocol (IP) multimedia services utilizing one or more 3GPP protocols. The communication device can be configured to authenticate communication with one or more clients using one or more IP Multimedia Subsystem (IMS) credentials. The communication device can also be configured to convert communications between WebRTC and 3GPP protocols utilizing Traversal Using Relays around Network Address Translation (TURN) functionality implemented within the communication device. | 01-29-2015 |
20150033301 | DECENTRALIZED ELECTRONIC TRANSFER SYSTEM - An exemplary technique is provided for use in a decentralized electronic transfer system. A first digital code that represents a first transaction is generated from a first user's secure repository to the first user's unsecure repository. The first digital code is sent to a secure storage memory related to the unsecure repository to be stored in an area of the memory. A processor related to the unsecure repository generates a second digital code that represents a second transaction from the unsecure repository to the second user's repository. The processor retrieves the first digital code stored in the secure storage memory and publishes the retrieved digital code to validate the first transaction. In addition, the processor publishes the second digital code to validate the second transaction. | 01-29-2015 |
20150033302 | LOGOUT FROM MULTIPLE NETWORK SITES - Disclosed are various embodiments for logging out from multiple network sites using an authentication client that manages sessions for the network sites. Account data is maintained for multiple accounts of a user for multiple network sites. The account data includes a respective security credential for each of the accounts. An authentication client automatically authenticates with multiple authentication services corresponding to multiple network sites using multiple accounts in response to the user accessing each network site. A respective session is established for each network site. A logout is performed by ending each one of the sessions. | 01-29-2015 |
20150040198 | SYSTEMS AND METHODS FOR ACCESSING A DEVICE USING A PAIRED DEVICE IN ITS PROXIMITY - This disclosure relates to systems and methods for accessing a device using a paired device in its proximity. In one embodiment, a resource sharing method is disclosed, comprising: obtaining a proximal device identifier associated with a proximal device; identifying a proximal device profile associated with the proximal device identifier; retrieving access privilege data stored in the proximal device profile; generating, via a processor, user interface data based on the access privilege data; and providing the user interface data for display. The method may further comprise: providing, for the proximal device, an authentication key identifier and a request for user security input format data; obtaining, from the proximal device: an authentication key associated with the authentication key identifier, and user security input format data; determining that the proximal device is authenticated, based on the authentication key; and displaying a user security input interface based on the user security input format data. | 02-05-2015 |
20150040199 | METHOD FOR ACCESSING A PLURALITY OF SERVICES BY A MOBILE TERMINAL USER, AND RELATED SECURE DEVICE - The invention relates to a method for enabling the user of at least one mobile terminal to access a plurality of services, said method consisting of: creating (E | 02-05-2015 |
20150058938 | Integrated IP Tunnel and Authentication Protocol based on Expanded Proxy Mobile IP - A gateway is preconfigured to establish an Internet Protocol (IP) tunnel with a default local mobility anchor on behalf of a mobile node. The gateway receives from the mobile node an Internet access request including a mobile identifier and authorization and authentication protocol information, and sends to the default local mobility anchor an IP tunnel request to establish an IP tunnel. The gateway receives from the default local mobility anchor a tunnel redirect message to redirect the IP tunnel from the default local mobility anchor to a serving local mobility anchor and, responsive to the tunnel redirect message, authenticates the mobile node and establishes an IP tunnel with the serving local mobility anchor through which the mobile node communicates. | 02-26-2015 |
20150058939 | SYSTEM AND A METHOD FOR LOCATION BASED ANONYMOUS COMMUNICATION OVER A NETWORK - Disclosed is a system and method of location based anonymous communication in between plurality of users over a communication network. The system includes a registration module, a tapping module, a proximity module, an invitation module and a connection module. The registration module registers the credentials of the users. The tapping module receives touch gesture from the user in order to transmit a connection request. The proximity module displays a list of proximal users on receiving the connection request simultaneously from at least two users. The invitation module sends an invitation request to atleast one of the displayed proximal users for initiating the communication. The connection module establishes an anonymous connection for communication in between two users on receiving the invitation acceptance from one of proximal user. | 02-26-2015 |
20150067792 | OWNER ACCESS POINT TO CONTROL THE UNLOCKING OF AN ENTRY - Disclosed is a method, apparatus, and system to control the unlocking of an entry for a guest having a wireless device by an owner access point. A virtual key for a wireless device and an access control rule associated with the virtual key may be stored at the owner access point. The owner access point may determine whether a virtual key received from a wireless device matches the stored virtual key and whether the access control rule for the stored virtual key is satisfied. If the virtual key matches, and the access control rule for the stored virtual key is satisfied, the owner access point may transmit an open command to the entry. | 03-05-2015 |
20150067793 | Method for Secure, Entryless Login Using Internet Connected Device - A system, method, and computer-readable medium are disclosed for using an entryless One-Time Password (OTP) in an active tag environment. Authentication credentials associated with a user and an active tag device are submitted with an access request to an authentication server, where they are processed to generate an OTP credential, which is then stored in a directory service. Encryption operations are then performed on the OTP credential to generate an encrypted OTP credential, which is then provided to the active tag device, which in turn provides it to an active tag terminal. The active tag terminal then submits a request to the authentication server to verify the validity of the encrypted OTP credential. In response, the authentication server verifies its validity and then destroys the OTP credential stored in the directory service. The OTP credential is then decrypted by the active tag terminal and subsequently used to login the user. | 03-05-2015 |
20150067794 | SYNCHRONOUS TIMESTAMP COMPUTER AUTHENTICATION SYSTEM AND METHOD - A method and system for authenticating computer nodes on a network, including providing a synchronized clock system, at a predetermined clock frequency, for use with an electronic system with a plurality of system nodes. Matching counters are connected to each of the plurality of system nodes, each of the counters being incremented in accordance with the clock frequency experienced by the system nodes to which the counters are connected. A difference is calculated between a count number at the end of a certain interval and the count number for the same counter at the beginning of the interval, to arrive at a count difference for each counter. The count difference of a particular counter is compared with the count difference of at least two other counters and, in the event that the count difference of the particular counter does not match, that node is noticed as an imposter. | 03-05-2015 |
20150067795 | Control method and device for mobile terminal, and mobile terminal - The present invention relates to the field of mobile communications, and provides a control method and device of a mobile terminal, and the mobile terminal. The control method of a mobile terminal comprises: a control device of a mobile terminal receiving a first switching instruction that instructs switching the mobile terminal to a security mode; and the control device of the mobile terminal performing control processing on the mobile terminal according to the first switching instruction, and switching the mobile terminal to the security mode, so that the mobile terminal does not send service data to a base station. The technical solution of the present invention can effectively protect the information security of the mobile terminal. | 03-05-2015 |
20150074774 | System, apparatus, and method for a unified identity wallet - A unified identity wallet system, for allowing a user to manage online digital authentication, authorization, and access rights in a simple and secure manner, can include a unified identity wallet server, a pass repository, a unified identity wallet app, an access authorization app, and a unified identity pass manager. The unified identify wallet app can include a processor, a non-transitory memory, an input/output component, a wallet store, a pass requester, and an access manager. A pass provides access authorization to a user and can include the identity of receiver, purpose, type of locations, usage modes, and periods of validity; and can be translated to and stored in a variety of different mobile wallet formats. Further described are a computer-implemented method for obtaining or renewing a pass, and a computer-implemented method for obtaining access to a system. | 03-12-2015 |
20150074775 | System and Method To Enhance Personal Server Security Using Personal Server Owner's Location Data - A system and method to enhance Personal Server Security using Personal Server owner's location data as derived from the Personal Server owner's mobile client computer by controlling certain aspects of the Personal Server security application and Personal Server applications for example automatically or manually disabling access to certain Personal Server applications from the Wide Area Network (Internet) based on if the Personal Server owner is at the home premises and therefore can access the Personal Server from within the trusted Local Area Network and at other times selectively enabling access to certain Personal Server applications from the Wide Area Network when the Personal Server owner is away from the home premises and the only means of accessing such application while away from the premises is via the Wide Area Network. | 03-12-2015 |
20150082396 | PRIVILEGED ACCOUNT PLUG-IN FRAMEWORK - NETWORK - CONNECTED OBJECTS - Techniques for managing network-connected objects are provided. In some examples, code for accessing a network-connected object may be received. The code may be configured to enable generation of an application programming interface method. In some aspects, account information associated with a user may be stored. A particular method call corresponding to the application programming interface method may be received from a computer device of the user. The particular method call may include a request to access the network-connected object. In some examples, the request to access the network-connected object may be authenticated based at least in part on the account information. Additionally, in some examples, an instruction to the network-connected object may be provided over a network if the request is authenticated. | 03-19-2015 |
20150082397 | Processing Method of Wireless Network Device, Wireless Network Device, and Processor of Wireless Network Device - An authentication processing method, a processor of a wireless network device, and the wireless network device. The method includes receiving, by a wireless network device, a network access request sent by a user equipment; and if the wireless network device determines, according to the network access request, that the user equipment meets a set condition, performing authentication on the user equipment using a password-free authentication manner, or assigning permission, which is corresponding to the set condition, on a Web administrator page to the user equipment. In embodiments of the present invention, if it is determined that a user equipment meets a set condition, authentication is performed on the user equipment using a password-free authentication manner, and corresponding authentication manners are used according to different user requirements, so that an authentication manner of the wireless network device is more flexible, and network access experience of a user is improved. | 03-19-2015 |
20150082398 | COMMUNICATION BETWEEN AUTHENTICATION PLUG-INS OF A SINGLE-POINT AUTHENTICATION MANAGER AND CLIENT SYSTEMS - Various arrangements for providing authentication information to a user are presented. A single-point authentication manager executed by a computer system may receive a request to access a resource from a remote client computer system. The single-point authentication manager may manage access to a plurality of resources including the resource. The single-point authentication manager may communicate with an authentication plug-in application that performs a type of authentication. Authentication of the user may be performed. In response to performing authentication of the user, the authentication plug-in application may generate a message to be transmitted to the remote client computer system. The message may include an indication that the message is to be passed to the remote client computer system and information regarding the authentication of the user. In response to receiving the message from the authentication plug-in application, the message may be transmitted to the remote client computer system. | 03-19-2015 |
20150089604 | GLOBAL UNIFIED SESSION IDENTIFIER ACROSS MULTIPLE DATA CENTERS - Systems and methods are disclosed for using a global unified session identifier across data centers. When a user first accesses a data center and an initial session is created for the user in the data center, a session identifier is generated for the user session. Because the initial session is the first session created for that user, the initial session identifier is designated as the global unified session identifier for all sessions that may be created for the user in other data centers within the enterprise network. Other data centers may then map the global unified session identifiers to locally generated session identifiers for the user. Using a global unified session identifier enables various user session actions to be performed globally across the data centers, including global logout, global session termination, global session updates, and/or the like. Using a global unified session identifier also prevents the risk of collision that can occur between randomly generated numbers of different data centers. | 03-26-2015 |
20150089605 | ENABLING DIGITAL TRANSACTIONS WITH CREDENTIAL PROVIDED BY INTERACTION WITH AN OBJECT - A computer-implemented method includes, at a device running an application, and in response to a user attempting to enable or use an aspect of said application, using said device to obtain image information about an object, said object including indicia, and said image information comprising information about said indicia; using said image information to ascertain identifier information for an object; providing said identifier information to an authorization service; and responsive to said providing in (c), obtaining a response from said authorization service, said response comprising a credential; and (d) using said credential within said application to enable or use said aspect of said application. The aspect of said application to be enabled or used may be (i) a feature of said application; (ii) an amount of a virtual currency within said application; (iii) a reward within said application; or (iv) a purchase within said application. | 03-26-2015 |
20150089606 | AREA RESTRICTED NETWORK MANAGEMENT METHOD AND DEVICE AS WELL AS AREA KEY RECEIPT METHOD AND DEVICE - Disclosed is an area restricted network management method including a step of detecting, in a first area restricted network, one or more second area keys sent from one or more second area restricted networks; a step of generating a first hierarchical area key which is related to a first area key generated by the first area restricted network as well as at least one of the detected one or more second area keys; and a step of transmitting the first hierarchical area key to inside of the first area restricted network. | 03-26-2015 |
20150095992 | SYSTEMS AND METHODS FOR AUTHENTICATION USING A DEVICE IDENTIFIER - Systems and methods are disclosed which may allow a user having a mobile device to automatically authenticate to a server using a device identifier associated with the mobile device. An access point may be configured to send the device identifier as well as additional identifying information to the server so that the device identifier can be accurately matched to the mobile device. Then, when the mobile device submits a credential during authentication, the device identifier and the credential may be matched such that the next time the server receives the device identifier from the access point, the mobile device may be automatically authenticated. | 04-02-2015 |
20150095993 | METHOD AND APPARATUS FOR PREVENTING THEFT OF PERSONAL IDENTITY - A method and apparatus of preventing the theft of a personal ID are disclosed. The apparatus of preventing the theft of a personal ID includes an estimation unit, a gender similarity computation unit, an age similarity computation unit, a final similarity computation unit, and a theft check unit. The estimation unit estimates the gender and age of a user based on an image of the user. The gender similarity computation unit computes the similarity in gender based on input gender and the estimated gender. The age similarity computation unit computes the similarity in age using input age and the estimated age. The final similarity computation unit computes a final similarity using the similarity in gender and the similarity in age. The theft check unit determines whether or not a personal ID has been stolen based on the results of comparison between the final similarity and a reference value. | 04-02-2015 |
20150095994 | SYSTEMS AND METHODS FOR PROFILING CLIENT DEVICES - Systems and methods are provided for providing generating and managing profiles. Such systems and methods may be implemented to control access to a function of a web server or site based on a level of trust associated with a user or device profile. According to one exemplary method, session information associated with a request to access a function of a web server is identified. At least one processor determines whether the request is associated with a trusted device profile based on the at least the session information. Access to the requested function is provided when the request is associated with a trusted device profile. | 04-02-2015 |
20150101030 | User Collision Detection and Handling - Techniques for user collision detection and handling are described. According to various embodiments, a network resource provides content, services, and so forth, for consumption by authenticated users. To perform authentication tasks, the network resource leverages authentication services. Since a network resource may utilize multiple authentication services, collisions between users may occur. For instance, a user identifier for a user authenticated by one authentication service may match a user identifier for a different user authenticated by a different authentication service. Thus, techniques discussed herein are employed to detect such collisions and to handle the collisions such that users are differentiated from one another for authentication and resource access purposes. | 04-09-2015 |
20150106887 | SYSTEMS AND METHODS FOR CONFIGURING AN ELECTRONIC DEVICE - A method for configuring a device is performed at a target device with a processor and memory storing instructions for execution by the processor. In some implementations, the target device is a media presentation device, such as a WiFi enabled speaker system. Connection information is received from a configuration device, such as a laptop computer or mobile telephone, via an analog audio interface. The connection information includes first account credentials. In some implementations, the connection information also includes network configuration data such as a name of wireless network and a security key. The target device connects to a server system remote from the target device using the first account credentials. | 04-16-2015 |
20150106888 | TRUST/VALUE/RISK-BASED ACCESS CONTROL POLICY - Generating a resource access control decision is provided. A user trust value associated with a user identifier of a user requesting access to a protected resource is modulated based on an estimated risk value associated with a context of a resource access request. The resource access control decision is generated based on the modulated user trust value associated with the user requesting access to the protected resource. | 04-16-2015 |
20150106889 | POTENTIAL ATTACK DETECTION BASED ON DUMMY NETWORK TRAFFIC - A method, apparatus and product for potential attack detection based on dummy network traffic. One embodiment includes a method comprising analyzing an activity, wherein the activity is performed in response to a message, wherein the message is transmitted by a first application that is executed by a computing device, wherein the computing device is connected to a computerized network, wherein the first application is configured to transmit the message in order to induce a potential attacker to perform a malicious activity, wherein said analyzing comprises comparing the activity to a predetermined expected activity in response to the message; and determining, based on the analysis of the activity, that a second application is under a potential attack; whereby an operation of the first application is capable of exposing potential attacks on the second application without monitoring network traffic of the second application. | 04-16-2015 |
20150106890 | Automatic Multimedia Upload For Publishing Data And Multimedia Content - Disclosed herein is a method and system for utilizing a digital data capture device in conjunction with a Bluetooth (BT) enabled mobile device for publishing data and multimedia content on one or more websites automatically or with minimal user intervention. A client application is provided on the BT enabled mobile device. In the absence of inbuilt BT capability, a BT communication device is provided on the digital data capture device. The BT communication device is paired with the BT enabled mobile device to establish a connection. The client application detects capture of data and multimedia content on the digital data capture device and initiates transfer of the captured data, multimedia content, and associated files. The digital data capture device transfers the captured data, multimedia content, and the associated files to the client application. The client application automatically publishes the transferred data and multimedia content on one or more websites. | 04-16-2015 |
20150113614 | CLIENT BASED SYSTEMS AND METHODS FOR PROVIDING USERS WITH ACCESS TO MULTIPLE DATA BASES - An automated method for managing secure access by trusted users of a plurality of disparate databases. Each user presents a uniquely assigned set of access credentials during an authentication session, and authenticated users are connected to a proxy server. The proxy server manages access to all database(s) and intermediates any exchange of database commands and query responses which the user is authorized to initiate. A corresponding record in a user account repository is checked to identify those databases and resources which are to be made accessible to each respective user, and connections between these and the proxy server are made and torn down, on-demand. For each user, an audit log is created and updated to reflect all user database activity, and audit reports may either be generated on demand or automatically based on the occurrence of one or more selectable events. | 04-23-2015 |
20150113615 | TEXT MESSAGE AUTHENTICATION SYSTEM - Systems and method for authenticating users are presented. A system can send a passkey to a user interface of a known device. A user can then send a messaging service message with the passkey from a second device to the system. After receiving the message from the user, the system can extract the passkey from the message, and compare the received passkey against the passkey originally sent to the user. The known device and the second device can each have separate and unique device identifiers. | 04-23-2015 |
20150121480 | System and Method to Prevent Spoofed Communication Through Out-Of-Band Verification - The disclosed subject matter addresses the problem of spoofing by directly and transparently communicating with the apparent sender of the potentially spoofed incoming message or with the communications network handing the communication of the potentially spoofed incoming message. The address of the recipient device of the potentially spoofed incoming message is compared with addresses of communication sent from the apparent sender. As a result of this comparison, it may be determined whether the phone call or message was sent from the apparent source or was spoofed. The times associated with messages sent from the indicated sender and times associated with the incoming message may also be used to determine the authenticity of the apparent sender. The recipient is of the incoming message is notified of a spoofed message. | 04-30-2015 |
20150121481 | APPLICATION AUTHENTICATION USING NETWORK AUTHENTICATION INFORMATION - In general, in one aspect, embodiments relate to receiving, by a system of one or more network devices from a client device, a request to access one or more applications, determining, by the system, that the client device has already been authenticated to access a network, and based on determining that the client device has already been authenticated to access the network, causing authenticating of the client device for accessing the one or more applications. | 04-30-2015 |
20150121482 | MOBILE BASED LOGIN VIA WIRELESS CREDENTIAL TRANSFER - Systems and methods for mobile-based login via wireless credential transfer are disclosed. In some implementations, a proxy server receives a registration request for a receiver device for accessing a secure resource. The proxy server registers the receiver device in response to the registration request. The proxy server receives, from a transmitter device, information identifying the transmitter device along with authentication credentials for authenticating the receiver device to access the secure resource. The proxy server identifies the receiver device based on the information identifying the transmitter device. The proxy server forwards, to the receiver device, the authentication credentials for authenticating access of the receiver device to the secure resource. | 04-30-2015 |
20150121483 | SYSTEM AND METHOD FOR IDENTITY MANAGEMENT PROVIDERS IN A CLOUD PLATFORM ENVIRONMENT - Described herein is a system and method for supporting an identity management provider in a cloud computing environment. In accordance with an embodiment, an identity management (IDM) provider can provide an identity store (e.g., LDAP directory) configuration for use by a cloud platform (e.g., CloudLogic) service. In accordance with an embodiment, the IDM provider can centrally manage one or more identity store configurations, and supply a particular configuration to the orchestration engine when a service is being provisioned, so that the service can then be launched with an appropriate identity store. This allows a platform administrator to specify identity store configurations once and in one place, instead of having to create an identity store configuration for each service. | 04-30-2015 |
20150121484 | SYSTEM AND METHOD FOR SIGNALING AND VERIFYING URL SIGNATURES FOR BOTH URL AUTHENTICATION AND URL-BASED CONTENT ACCESS AUTHORIZATION IN ADAPTIVE STREAMING - Signaling and verifying URL signatures for accessing URL addressable content in adaptive streaming. A plurality of URL authentication and URL authorization descriptors are provided for a plurality of URLs, wherein each URL authentication descriptor comprises information for verification key acquisition and for accessing an authentication tag for authenticating a given URL in the plurality of URLs according to an associated URL authentication scheme. Each URL authorization descriptor is for verification key acquisition and for accessing an authorization tag for authorizing access to content addressable by a given URL in the plurality of URLs according to an associated URL authentication scheme. A plurality of URL authentication and URL authorization descriptors for the plurality of URLs are communicated and each descriptor is verified in the communicated plurality of URL authentication and URL authorization descriptors for its given URL in the plurality of URLs according to its associated scheme. | 04-30-2015 |
20150121485 | CONFIGURATION OF NETWORK DEVICES - According to examples described herein computer devices coupled to a network can be automatically configured. Systems information is gathered from a plurality of computer devices by way of one or more of an agent and a scout. This information is standardised and stored in one or more databases. A program function is determined from the standardised information. This program function is used to identify two different sets of computer programs installed on a set of networked computer devices. This configuration is then replaced by a configuration where only a single common computer program is used to perform the program function. | 04-30-2015 |
20150121486 | AUTHENTICATION FOR APPLICATION - The present disclosure provides a method, terminal, and system for authentication with respect to an application. The present techniques may be applicable at a terminal with near-field communication function. When a particular operation of the application is triggered, a near-field device within a certain distance of a terminal is detected. An identification of the near-field device is obtained. The identification is sent to a server to request the server to determine whether the near-field device is a particular near-field device corresponding to the particular operation. A result of authentication performed by the server according to the identification is obtained. A following processing is applied to the particular operation according to the result of authentication. The present techniques ensure safety of operations of the application operated at the terminal. | 04-30-2015 |
20150128229 | PROBABILISTICALLY EXPEDITED SECURE CONNECTIONS VIA CONNECTION PARAMETER REUSE - Methods for probabilistically expediting secure connections via connection parameter reuse are provided. In one aspect, a method includes determining whether a client had previously established a secure connection with a hostname. The method also includes obtaining a source identifier used by the client to establish the previous secure connection when it is determined that the client previously established the previous secure connection with the hostname. The method also includes sending a request to the hostname for a new secure connection based on the obtained source identifier. Systems and machine-readable media are also provided. | 05-07-2015 |
20150128230 | Network Access - Disclosed is a user device comprising storage means and a network interface for connecting to a network via an access point. The user device also comprises a processor configured to execute a client. This client is operable to receive access data pertaining to the access point which is conditionally useable by the client. The client is further operable to determine that the client can use the received access data based on a detected current condition at the user device. In response to said determination, the client is operable to use the received access data to: (i) store access credentials of the access point in said storage means, and (ii) configure the user device to an automatic connection mode. When so configured, the user device is capable of automatically connecting to the network via the access point using the stored access credentials independently from the client thereafter. | 05-07-2015 |
20150128231 | INFORMATION PROCESSING SYSTEM AND INFORMATION PROCESSING METHOD - An information processing system includes a device registration unit that stores device identification information of a device in a first storage unit in response to a device identification information registration request, a generation unit that generates user identification information of an unspecified user of the device, an authentication unit that performs authentication in response to an authentication request from the device and associates user identification information of a specified user specified in the authentication request with the device when the authentication performed in response to the authentication request is successful, and a processing unit that executes a process according to the user identification information associated with the device in response to a request from the device that has been successfully authenticated. Upon receiving an authentication request that does not specify user identification information, the authentication unit associates the user identification information generated by the generation unit with the device. | 05-07-2015 |
20150128232 | METHODS AND APPARATUS TO DISCOVER AUTHENTICATION INFORMATION IN A WIRELESS NETWORKING ENVIRONMENT - Examples to discover network authentication information in a wireless network involve transmitting during network discovery and prior to authentication, a Generic Advertisement Services (GAS) request to a network access point. The request requests authentication information. In addition, a response to the request is received from the network access point. The network authentication information is retrieved from the response. The network authentication information includes a re-direct frame. | 05-07-2015 |
20150135283 | OPEN CONNECTION MANAGER VIRTUALIZATION AT SYSTEM-ON-CHIP - Resource and memory use by applications used by user equipment (UE) can be adaptively controlled. A UE comprises a connection-manager kernel (CMKC) that can be embedded at the SOC level to facilitate resource and memory control at SOC level. CMKC operates in conjunction with an operating system kernel. CMKC comprises functional blocks that provide network enabler functions and observability APIs for network enhancement, traffic flow monitoring and filtering, QOE executive routines, and traffic flow time shifting. CMKC performs or provides analytics, security and firewall tags, cache management at SOC level, and policy enforcement. CMKC and a trusted memory operate in a trusted zone environment to facilitate secure operation. CMKC adaptively collects information from control registers and analytics, and maps such information to the trusted memory, which can be accessible to trusted APIs to facilitate enabling trusted applications to have knowledge of contextual network information. | 05-14-2015 |
20150135284 | AUTOMATIC ELECTRONIC DEVICE ADOPTION WITH A WEARABLE DEVICE OR A DATA-CAPABLE WATCH BAND - Embodiments relate generally to electrical and electronic hardware, computer software, human-computing interfaces, wired and wireless network communications, data processing, computing devices, watches, watch bands, and wrist-worn watch-enabled devices. More specifically, techniques for adopting electronic devices using data from a wearable device, such as a data-capable watch band are described. In some examples, a wearable device can include an adoption controller configured to detect the short-range communication link. Further, the wearable device can be configured to transmit key data to an electronic device to transition the electronic device from a lender mode of operation to a lendee mode of operation to enable the wearer to use the electronic device. | 05-14-2015 |
20150135285 | CHILD-ORIENTED COMPUTING SYSTEM - A child-oriented browsing system is provided wherein the system is implemented using a piece of client software, executing on the computing device of a child, and a website/server that manages the client software and other functions of the child-oriented browsing system. | 05-14-2015 |
20150135286 | SYSTEMS AND METHODS FOR GROUP AUTHENTICATION - The field of the invention relates to network connected authentication systems, and more particularly to systems and methods that enable authentication of one or more users of a group using network connected devices. In an embodiment, the system includes a network connected authentication server coupled to a network for access by a plurality of user devices in a group to authenticate a user of one or more third party applications. When a user of the group visits a third party application and initiates a group authentication, the network connected authentication server retrieves authentication rules and sends authentication requests to the user devices of the group based on the authentication rules. When the network connected authentication server receives authentication responses from the user devices, the network connected authentication server sends the responses to the third party application, which determines whether approval should be granted based on the responses and on the policies of the third party application. | 05-14-2015 |
20150135287 | AUTOMATED SDK INGESTION - In an assessment or audit of a computer system, an auditing subsystem will parse software development kit (“SDK”) interfaces and obtain customer usage, configuration and security information by applying requests for information to the application programming interfaces provided by the SDK interfaces. | 05-14-2015 |
20150135288 | MESSAGING GATEWAY - A notification message gateway is disclosed. Notification data and application identification data is received. The application identification data is used to select an application credential associated with at least one application instance. The notification data and application credential are provided to a distribution node such that the notification data is provided to the application instance. | 05-14-2015 |
20150143481 | APPLICATION SECURITY VERIFICATION METHOD, APPLICATION SERVER, APPLICATION CLIENT AND SYSTEM - The disclosure discloses an application security verification method, an application server, an application client, and a system, wherein the application security verification method includes: detecting by an application server, an occurrence of a default security risk event on an application client; obtaining by the application server, default verification information associated with a login account of the application client; and sending by the application server, the default verification information to the application client in order to verify the application client. A user of an application client may therefore verify the security of the application client and the application server, thereby effectively prevents any forged and illegal APP from threatening the security of the user's private information and financial information. | 05-21-2015 |
20150143482 | Secure Computer Architectures, Systems, and Applications - Secure computer architectures, systems, and applications are provided herein. An exemplary system includes a legacy environment which is an off-the-shelf computing system, a trusted environment device that communicates with a network, and at least one peripheral that is communicatively coupled with the trusted environment device or having an authentication module. | 05-21-2015 |
20150150099 | AUTHENTICATION DEVICE, AUTHENTICATION METHOD AND IMAGE FORMING APPARATUS - Authentication device performs authentication using an element group image which indicates an element group configured by arranging a plurality of elements. Authentication device transmits screen data representing an authentication screen to an accessing computer in order to display the authentication screen on a display unit of the computer, the authentication screen including the element group image, in which some or all of the plurality of elements change, a question answerable by looking at the element group image before a change and the element group image after the change and an answer entry box. The question is included in the authentication screen with at least either before or after the change of the element group image. The answer entry box is included in the authentication screen after the change of the element group image. The authentication is succeeded if the answer entered in the answer entry box is correct. | 05-28-2015 |
20150294096 | RHYTHM-BASED USER AUTHENTICATION - The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user. | 10-15-2015 |
20150295923 | ENVIRONMENT BASED SWITCHING BETWEEN TWO DIMENSIONS AND THREE DIMENSIONS - A method, apparatus, system, article of manufacture, and computer program product provide the ability to provide three-dimensional (3D) content. A user is authenticated and authorized to view the 3D content. The 3D content is displayed. A change in the user state is detected. Based on the user state change, two-dimensional (2D) content is displayed instead of the 3D content. | 10-15-2015 |
20150304296 | REGISTERING CONTENT TO A DIGITAL LOCKER - An approach is provided for registering specific content in a portable storage medium to a digital locker. The portable storage medium is configured to include a content access application which causes the user interface to display a content access and registration part on a terminal executing the content access application, to request user entry of access validation information associated with the specific content. Upon access validation, the specific content can be registered to the digital locker of the user. | 10-22-2015 |
20150304297 | Secure Information Storage and Delivery System and Method - A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is associated with a service level including at least one of a data type or a data size limit associated with the secure vault, the secure vault being adapted to receive and at least one data entry and securely store the at least one data entry if the at least one of a size or a type of the at least one data entry is consistent with the service level. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device. A synchronization utility determines whether the at least one data entry on the secure vault is transferable to or storable on the mobile vault based on at least one of the size or the type of the at least one data entry and transfers the at least one data entry from the secure vault to a corresponding data entry on the mobile vault if the at least one data entry on the secure vault is determined to be transferable to or storable on the mobile vault. | 10-22-2015 |
20150304298 | METHODS AND APPARATUS FOR PROVIDING ACCESS TO A SERVICE - Methods and apparatus for providing access to a service are disclosed. An example method includes analyzing a received request to verify a requesting device, the received request identifying multicast group memberships of the requesting device. Access is provided to the service in response to verifying the requesting device using the multicast group memberships. | 10-22-2015 |
20150304303 | METHOD AND SYSTEM OF PROVIDING A PICTURE PASSWORD FOR RELATIVELY SMALLER DISPLAYS - Embodiments described herein relate to a device operable to process input for a picture password for proof of knowledge. In some embodiments, the device includes a display, an input subsystem, processor(s), and memory containing instructions executable by the processor(s) such that the device is operative to display, on the display of the device, an image for the picture password proof of knowledge. The image is associated with an overlaid grid comprising a plurality of elements, and each element corresponds to a distinct area of the image. The device is further operative to, in response to receiving an input via the input subsystem at a first location of the display, highlight an element of the overlaid grid at a second location on the first image on the display. The second location is offset from the first location by a predetermined offset. | 10-22-2015 |
20150304311 | Trust Metrics On Shared Computers - Particular embodiments of a verification authority associated with a web service may receive a request to access the web service. The request may comprise data uniquely identifying a client device. The request may have been received from a shared device, wherein the shared device is configured for use by a plurality of users. The verification authority may access a social graph of a user associated with the client device to determine whether one or more social-networking users have previously accessed the shared device. The verification authority may then transmit to the client device information indicating which of the social-networking users have previously accessed the shared device. | 10-22-2015 |
20150304321 | AN IMAGE MANAGEMENT SYSTEM AND AN IMAGE MANAGEMENT METHOD BASED ON FINGERPRINT AUTHENTICATION - The invention discloses an image management system and method based on fingerprint authentication, and belongs to the field of communication technology. The system comprises a fingerprint sensing device and an information exchange platform. The fingerprint sensing device is used for extracting the first fingerprint information of a user at a first terminal and encrypting an image according to the first fingerprint information. The information exchange platform is used for sending the first fingerprint information to a second terminal, such that the second terminal decrypts the image according the first fingerprint formation to obtain the decrypted image. The system and method greatly improve the privacy of the image of the user, and improve the security of the image. | 10-22-2015 |
20150304324 | CONNECTION AUTHENTICATION - One or more embodiments of techniques or systems for connection authentication are provided herein. A mobile device or device may act as an initiator of a connection with a vehicle, which acts as a target. A user utilizing the device may initiate a connection request by launching an application or browser on the device. The device transmits the connection request to the vehicle. The vehicle may receive the connection request and respond with a device identifier (ID) request. A user of the device may select whether or not to continue. If the user continues, the device transmits a device ID of the device to the vehicle. An interface component may render the connection request for an occupant of the vehicle, such as the driver, and await a response. In this way, a driver of a vehicle may act as a gatekeeper for connections. | 10-22-2015 |
20150304334 | PORTAL AUTHENTICATION METHOD AND ACCESS CONTROLLER - In a portal authentication method, a DHCP request message sent by a terminal is received by an AC. In response to finding that a user of the terminal is an unauthenticated user, a private network IP address is assigned to the terminal. After portal authentication of the terminal is finished, a wireless connection of the terminal is terminated by the AC. When a DHCP request message sent by the terminal again is received, a determination that the user of the terminal passes the authentication is made by the AC, a public network IP address is assigned to the terminal, and an accounting request message is sent to a RADIUS server. After finding that the terminal is offline, an accounting stop message is sent by the AC to the RADIUS server, the wireless connection of the terminal is disconnected, and the public network IP address is released. | 10-22-2015 |
20150304843 | SYSTEMS AND METHODS FOR SHORT RANGE WIRELESS DATA TRANSFER - Systems and methods for application level authentication are provided for use with the low energy Bluetooth device and accessory. This includes receiving accessory credentials from a server, establishing a Bluetooth low energy connection with the accessory, authenticating with the accessory, and lastly transferring data to the accessory. The transferring of the data may be either a bulk transfer, or a data stream. The authenticating may be an application layer authentication between a device and the accessory using a shared secret key and using a hash function. Additional embodiments include methods for over-the-air firmware updates, and device control of a low energy Bluetooth accessory. | 10-22-2015 |
20150312240 | WIRELESS AUTOMATIC PAIRING METHOD, METHOD OF ESTABLISHING CONNECTION, AND WIRELESS ACCESS POINT DEVICE - The present disclosure illustrates a wireless automatic pairing method, a method of establishing connection, and a wireless access point device which enable an electronic device to connect with a wireless access point device by automatic pairing. The method of establishing connection comprises steps of: establishing a connection from the electronic device to the wireless access point device; transmitting the network identification code from the electronic device to the wireless access point device; in the electronic device, receiving a network name and a password transmitted from the wireless access point device; terminating the connection between the wireless access point device and the electronic device; transmitting a connection request containing the network identification code, the network name, and the password to the wireless access point device; establishing a connection between the electronic device and the wireless access point device. | 10-29-2015 |
20150312254 | Concurrent, Diverse Party Multi-processor Wireless Quality Metric Collection Circuits and Method of Operation - A system includes a bidirectional signal bus controlled by an M×S master/slave bridge circuit. An application processor having at least one core is communicatively coupled by the bidirectional signal bus to a radio processor having at least one virtual machine. The core hosts a master agent. The virtual machine hosts a slave agent. Each master agent is coupled to a collector server by an authenticated connection circuit to receive and store profiles and build and transmit packages. Each master agent is coupled to at least one slave agent and can transmit a profile to the slave agent and request and receive packages which are generated by the slave agent by executing the profile. Each slave agent receives and executes profiles to collect data from radio circuits and upon command builds and transmits data packages to a master agent. | 10-29-2015 |
20150317467 | APPARATUSES AND METHODS FOR FAST ONBOARDING AN INTERNET-ENABLED DEVICE - Various aspects directed towards automating an onboarding procedure are disclosed. In a first aspect, an administrative communication associated with onboarding an onboardable device is received by an access point (AP) device, such that the administrative communication originates from a device different than the onboardable device. The AP device then enables the onboardable device to access a secure network based on the administrative communication. In another aspect, an identifier is transmitted from an onboardable device while the onboardable device operates in an AP mode. The onboardable device then receives credentials associated with accessing a secure network via an AP device. Here, the credentials received from the AP device are in response to an authentication of the identifier by an administrator. The onboardable device then connects to the secure network by utilizing the credentials. | 11-05-2015 |
20150324571 | CONVERGED LOGICAL AND PHYSICAL SECURITY - A security management system that includes a hierarchical security platform, converged IT and physical security management, unified credentialing, credential issuance and incident(s) management. An exemplary aspect of the invention also relates to physical and logical security management and information technology/network security management, with a credential issuance and integrity checking system as well as associated readers and printers of the credential. Still further aspects of the invention relate to obtaining, assembling and analyzing one or more of data, video information, image information, biometric information, sensor information, terrorist information, profile information, and/or other types of information to provide a comprehensive platform for all aspects of security management. A toolkit is also provided that allows complete management, integration, scalability, interoperability and centralized control of all aspects of security including personnel credentialing, personnel management, personnel tracking, task management, security system integration, security information exchange and scalability. | 11-12-2015 |
20150326558 | ARCHITECTURE FOR PLATFORM SECURITY USING A DEDICATED SECURITY DEVICE FOR USER INTERACTION - There is provided an architecture for a data processing platform using a dedicated security device for user interaction, the data processing platform ( | 11-12-2015 |
20150326559 | METHOD AND SYSTEM FOR AUTHORIZING SECURE ELECTRONIC TRANSACTIONS USING A SECURITY DEVICE - Methods and systems for authenticating a security device for providing a secure access and transaction authorization to a remote network location are provided. The security device is authenticated by installing private security software on the security device. A Two-Channel authorization method includes a transaction notification/authorization channel and a transaction channel. A Three-Channel authorization method includes a transaction notification channel, a transaction authorization channel, and the transaction channel. Embodiments of the present invention provide increased security and privacy. A corresponding system for authenticating a security device and preforming secure private transactions is also provided. | 11-12-2015 |
20150326575 | DATA TRANSFER BASED ON INPUT DEVICE IDENTIFYING INFORMATION - In one aspect, a first device includes a processor and a memory accessible to the processor. The memory bears instructions executable by the processor to identify a first data transfer command based on input from an input device, receive identifying information associated with the input device, and execute the first data transfer command responsive at least in part to authentication of the input device based at least in part on the identifying information. The first data transfer command pertains to the transfer of first data. | 11-12-2015 |
20150327066 | MANAGEMENT OF ACCESS TO A PLURALITY OF SECURITY MODULES INCORPORATED INTO A DATA-PROCESSING DEVICE - The invention relates to a method for managing the use, in a terminal, of a plurality of security modules (SIM1, SIM2) managed by an entity (STK) capable of requiring the provision of security codes in order to unlock the modules. The method is characterised in that it comprises: a first phase of accessing the modules (PH1), including a step of receiving (ET13-1, ET13-2), by the entity, codes of the modules, a step of transmitting (ET14-1, ET14-2) the received codes to the security modules, followed by a step of storing (ET16), in a security module referred to as the main module, at least one code received by the entity relative to a module (SIM2) other than the main module; and a second subsequent access phase during which the unlocking of the main module is followed by a step of transmitting at least one code from the main module to at least one other security module (SIM2) corresponding to said at least one code. | 11-12-2015 |
20150327069 | METHOD OF ESTABLISHING WIRELESS CONNECTION AND WIRELESS ACCESS POINT DEVICE - The present disclosure illustrates a method of establishing wireless connection and a wireless access point device. The method includes: executing a connection establishing program of an electronic device to transmit a connection establishing request to a service program of the wireless access point device; using the service program to transmit audio data containing a network name and a password to the electronic device; receiving and parsing the audio data by an audio receiving unit of the electronic device to obtain the network name and the password; using the connection establishing program to transmit other connection request containing the network name and the password to the service program; permitting the electronic device to log in the wireless access point device according to the network name and the password, to establish the connection between the electronic device and the wireless access point device. | 11-12-2015 |
20150334105 | METHODS FOR ACTIVATION OF AN APPLICATION ON A USER DEVICE - Methods for activating a second application on a user device using a first application already installed and activated on the user device are described. In one embodiment the second application requests activation from the first application. The first application then authenticates a user before providing an activation response. The activation response can be requested from a remote server by the first application on behalf of the second application. The methods improve the ease of activating new software on a user device. | 11-19-2015 |
20150341320 | SECURE NETCENTRIC ARCHITECTURE PROVIDING REAL-TIME ACCESS TO DATA - A netcentric architecture is provided for securely communicating and processing secure data between centrally located server devices and user devices over a network. A centrally located server device in the netcentric architecture may include a core application used to process requests from the user devices. The requests and the processing of the requests may involve the secure data. A security architecture layer may be provided to restrict access to the core application and maintain security of the secure data. The security architecture layer may further monitor and record the secure data communicated using the netcentric architecture. | 11-26-2015 |
20150341328 | Enhanced Multi-Level Authentication For Network Service Delivery - One embodiment of an apparatus, e.g. a RADIUS server, includes a processor and a processor-readable storage medium. The memory contains instructions that when executed configure the processor to 1) authenticate a user for access to network services based on user-specific account credentials; and 2) authenticate the user for access to network services based on at least one parameter specific to at least one physical network component used to provide the network services to the user. | 11-26-2015 |
20150341336 | SYSTEM FOR AUTHORIZATION OF ACCESS - A method and device for communication and control of access including an access point containing a screen and camera whereby a visitor who is not preauthorized desires to communicate with a remote entity and uses a smartphone, holding it in line of sight of the camera, which smartphone contains indicia that is transmitted by the camera to the remote entity to obtain access. | 11-26-2015 |
20150341354 | NETWORK RESOURCE MANAGEMENT SYSTEM UTILIZING PHYSICAL NETWORK IDENTIFICATION FOR PRIVILEGED NETWORK ACCESS - The disclosed network resource management system employs a hardware configuration management (HCM) information handling system (IHS) that may couple to a single administered IHS or to multiple administered IHSs via an administrative network. An HCM tool in the HCM IHS may generate, modify and store hardware configuration information, including physical network identifications (PNet IDs), in an HCM database and share the HCM database with the administered IHSs. The administered IHS may be a privileged network access (PNA) IHS. The PNA IHS may receive a privileged network access management (PNAM) database from a PNAM IHS via the administrative network. The PNA tool may extract hardware configuration information, including PNet IDs, from the HCM database and privileged network access information, including PNet IDs, from the PNAM database. The PNA tool may utilize the information, including PNet IDs, to enable the PNA IHS to limit access to privileged networks. | 11-26-2015 |
20150350214 | INDIVIDUALIZED AUDIT LOG ACCESS CONTROL FOR VIRTUAL MACHINES - To provide enhanced operation of computing systems to control access to audit logging resources by virtual machines, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system is provided. The method includes receiving requests for audit credentials from virtual machines, and responsively providing individualized audit credentials to the virtual machines based at least on identities of the virtual machines. The method also includes, in the audit system, authorizing storage of audit data transferred by the virtual machines based at least on the individualized audit credentials accompanying the audit data. The method also includes, in the authorization system, selectively de-authorizing one or more of the virtual machines and reporting information regarding the de-authorized one or more of the virtual machines to the one or more audit systems. | 12-03-2015 |
20150358307 | INFORMATION MANAGEMENT APPARATUS, INFORMATION MANAGEMENT SYSTEM, INFORMATION MANAGEMENT METHOD, AND STORAGE MEDIUM - An information management apparatus includes a memory and a processor configured to execute a process. The process includes registering schedule information entered by a user, storing the registered schedule information in the memory, obtaining current environmental information from a mobile terminal of the user, and when the registered schedule information is changed, determining whether the user of the mobile terminal is a genuine user based on the current environmental information and past environmental information obtained from past schedule information stored in the memory. | 12-10-2015 |
20150358324 | SCHEDULE RECORDING METHOD - Disclosed is a schedule recording method, comprising: an authentication server receiving triggering information and then acquiring key information from the triggering information, the key information comprising an authentication code; acquiring an authentication window, and searching the authentication window for the authentication code; if the authentication code is found, extracting a time factor corresponding to the authentication code, and generating and storing an authentication code list and/or staff log. | 12-10-2015 |
20150363588 | APPARATUS AND METHOD FOR PASSWORD AUTHENTICATION - A user inputs a password at a user device whose processor receives the password, retrieves a stored derived value resulting from a derivation function, preferably a cryptographic one-way function, applied to a reference password, scrambles the received password using a function taking the derived value as a variable to obtain a scrambled password, and sends the scrambled password to an authentication server. In case the stored derived value cannot be retrieved, the processor uses the derivation function to generate a derived value from the received password. In case the password is received during generation of a new password, the processor generates and stores a derived value from the new password. In an embodiment, the apparatus comprises the authentication server. | 12-17-2015 |
20150365395 | SOCIAL CONTENT INTEGRATION - Herein disclosed is an integrated platform comprising at least one social network and one password to access the platform and the at least one social network. In some embodiments, the at least one social network comprises the integrated platform itself as a social network, Google+, Instagram, LinkedIn, Facebook, Twitter, Tumblr, or combinations thereof. In some embodiments, the integrated platform provides full function of the at least one social network. In some embodiments, the full function comprises logging in, registering, saving log-ins, following, posting, chatting, inviting friends, adding friends, sending messages, sending or uploading photos or videos, notifying, sharing, aggregating news feed. In some embodiments, the integrated platform provides a chatting function with a user-dictated timed self-destruct feature or instant self-destruct feature by shaking a mobile device on which the platform is installed. In some embodiments, the chatting function comprises photo or video correspondence. | 12-17-2015 |
20150370872 | EMBEDDABLE CLOUD ANALYTICS - An analytics module may be embedded into an application developed, published, or used by an entity in addition to the owner of the data under analysis. An access token may be submitted by the analytics module to a provider of hosted services. The access token may correspond to an n-dimensional cube containing data at a level of granularity permitted to the application. The access token may incorporate additional policies controlling access to the corresponding n-dimensional cube. | 12-24-2015 |
20150373538 | Configuring Secure Wireless Networks - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for configuring secure wireless networks. One of the methods includes receiving, at a security system management device, protocol and key information for establishing a connection as a client device to the wireless IP device, wherein the protocol and key information is received in response to a user transmitting an identifier for the IP device to a service provider system; establishing communication with the wireless IP device, wherein the wireless IP device is acting as an access point device; exchanging keys with the wireless IP device; rebooting the security system management device to become an access point for the secure wireless network; and establishing communication with the wireless IP device, wherein the wireless IP device has become a wireless client. | 12-24-2015 |
20150381593 | PRIVILEGED ACCESS GATEWAY FOR ACCESSING SYSTEMS AND/OR APPLICATIONS - Access to secured access systems and/or applications is provided to an authorized user through an access manager. The access manager manages access credentials for the authorized user such that the user is only authenticated by the access manager. The access manager communicates with the secured access applications and/or systems on behalf of the authorized user. Additional security features provide for the access manager to control the flow of information, from the secured access areas to the authorized user, according to the user's specified level of authorization. | 12-31-2015 |
20150381603 | CLOUD AUTHENTICATION - A cloud authentication system is disclosed. A request for an authentication setup for a first user of a first service provider is received. Additional information, such as authentication criteria, can further be received, such as from the first service provider. A set of stimuli to associate with a first user profile of the first user of the first service provider is stored. | 12-31-2015 |
20150381625 | SECURE MOBILE CLIENT WITH ASSERTIONS FOR ACCESS TO SERVICE PROVIDER APPLICATIONS - A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request. | 12-31-2015 |
20150382198 | SYSTEMS AND TECHNIQUES FOR WIRELESS DEVICE CONFIGURATION - Systems and techniques for configuring wireless devices are described. To configure a wireless target device to access a network and/or network-based services, a wireless connection may be formed between the wireless target device and a wireless source device storing configuration data for accessing one or more networks and/or network-based services. The source device may determine whether it is authorized to send at least a portion of the configuration data to the target device. The target device may determine whether it is authorized to accept at least a portion of the configuration data provided by the source device. The target device may accept at least a portion of the configuration data by storing the accepted configuration data in a memory (e.g., a non-volatile memory) and/or by using the configuration data to access a wireless network and/or a network-based service. | 12-31-2015 |
20160004855 | LOGIN USING TWO-DIMENSIONAL CODE - After a client terminal successfully logs into a website through a mobile terminal by using user information and password information, a corresponding relationship between the client terminal and the user information is recorded. When the client terminal logs into the website again, the mobile terminal determines that the client terminal is allowed to log into the website through a two-dimensional code by using the corresponding relationship. The mobile terminal acquires a security identification corresponding to the client terminal, generates a two-dimensional code by using the security identification, and displays the two-dimensional code. Upon a receipt of a scanning command from the client terminal, the mobile terminal determines that the client terminal logs into the website through the two-dimensional code. The techniques of the present disclosure do not require the user to input username and password into a login interface repeatedly and improve the user experience in website login. | 01-07-2016 |
20160006712 | USER PROVISIONING - A method of credential provisioning on a target service utilizes three credential sets: authentication credentials, privileged credentials and provisioned credentials. An intermediate element receives a request from a user client to establish a session with a target service. The request includes authentication credentials. The intermediate element creates provisioned credentials using privileged credentials which are authorized for creating provisioned credentials for accessing the target service. Once provisioned credentials have been created, a dual session communication channel is established between the user client and the target service. The session between the user client and intermediate element is established using the authentication credentials and the session between the intermediate element and the target service is established using the provisioned credentials. Optionally, user authorization to establish a session with the target service is determined prior to creating the provisioned credentials. | 01-07-2016 |
20160006731 | DOCUMENT AUTHENTICATION - A method of authenticating a document transmitted to a service, the method comprising: selecting or inserting at least one keyword in a copy of the document as received by the service; receiving a biometric response to the received document from a user indicated as having transmitted the document; identifying a keyword of the at least one keyword present in the biometric response; and determining whether the received document may be considered a true copy of the transmitted document responsive to the identified keyword. | 01-07-2016 |
20160006739 | WIRELESS LOCAL AREA NETWORK ACCESS - A system and machine-implemented method of wireless network access are provided. An authentication request comprising credentials for a user account of a cloud-based service is received from a wireless client device. The authentication request is forwarded to a server associated with the cloud-based service for authentication of the user account credentials. A list of one or more network identifiers corresponding to networks for which access by the user account of the cloud-based service is authorized is received from the server. The received list of one or more network identifiers is sent to the wireless client device, wherein the received list of one or more network identifiers is sent to the wireless client device prior to the wireless client device being associated with the wireless local area network. | 01-07-2016 |
20160012139 | IMAGE PROCESSING APPARATUS, CONTROL METHOD OF IMAGE PROCESSING APPARATUS, AND PROGRAM | 01-14-2016 |
20160012259 | SYSTEM AND METHOD FOR SECURING A COMPUTER PORT WITH AN ATTACHED DEVICE USING SHAPE MEMORY ALLOYS | 01-14-2016 |
20160014104 | Device-Pairing by Reading an Address Provided in Device-Readable Form | 01-14-2016 |
20160014107 | DATA SYNCHRONIZING SYSTEM, CONTROL METHOD THEREOF, AUTHORIZATION SERVER, AND STORAGE MEDIUM THEREOF | 01-14-2016 |
20160014688 | TECHNIQUES FOR MANAGING ACCESS POINT CONNECTIONS IN A MULTIPLE-PERSONA MOBILE TECHNOLOGY PLATFORM | 01-14-2016 |
20160019378 | USER AUTHENTICATION SECURITY SYSTEM - A system or computer usable program product for providing secure user authentication including presenting a displayed representation of a three dimensional object having multiple selection areas, wherein respective selection areas are represented on at least two faces of the object and a symbol is depicted in each of the multiple selection areas; receiving a sequence of user inputs including a plurality of user selections of respective selection areas of the object indicating selection of the respective symbol and at least one user input indicating a movement of the object between the two faces so that user selection of selection areas on each of the two faces is accomplished; utilizing a processor to compare the sequence of user inputs to a predetermined authentication sequence stored in memory; and responsive to a positive comparison of the predetermined authentication sequence, providing user authentication. | 01-21-2016 |
20160019380 | USER AUTEHNTICATION USING VOICE AND IMAGE DATA - Techniques are generally described for user authentication. Example techniques may include providing a data set including audio data and image data, wherein the audio data includes voice recordings of multiple people, wherein the image data includes at least a facial image of at least one of the multiple people, receiving a response to the data set from a user device, and determining whether the received response corresponds to at least a part of content of the voice recording of the one of the multiple people whose facial image is included in the image data. | 01-21-2016 |
20160021092 | SYSTEM AND METHOD FOR MANAGING HETEROGENEOUS COMPUTING ENVIRONMENTS - A system for transferring data, in the form of files, from a first location in the cloud to a second location in the cloud includes storage for credentials to allow the system to access the data in a plurality of locations in the cloud; storage for data accessed in a first location in the cloud; and data transfer components for transferring the data accessed at the first location to a second location in the cloud. A method for transferring data stored in the cloud, includes providing credentials to a service to allow the service to access the data in a plurality of locations in the cloud; using the service to access data stored in a first location in the cloud; and using the service to transfer the data accessed at the first location to a second location in the cloud. | 01-21-2016 |
20160021095 | Protection from Unfamiliar Login Locations - In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface | 01-21-2016 |
20160028716 | ROUTING PROTOCOL AUTHENTICATION MIGRATION - A first migration instruction is received from a management device, new authentication information is configured on a routing device according to the first migration instruction, and an authentication direction of the new authentication information is configured as a receiving direction. A second migration instruction that is sent by the management device after determining that all adjacent routing devices have configured the new authentication information is received, an authentication direction of original active authentication information is configured as a receiving direction and the authentication direction of the new authentication information is configured as the receiving direction and a sending direction. | 01-28-2016 |
20160028726 | Device to Device User Service Sharing Using Shared Trusted ID - Sharing a service with a trusted device is described. User login information is received from a user, including a trusted device id associated with the device and the user. A detection broadcast is received from another device and a response message is sent to the other device indicating the device is also associated with the trusted device id. Authentication is performed to determine that the user has successfully logged into the other device with the user login information associated with the trusted device id. Information about services available on the device may be sent to the other device. A service may be selected and performed with data and service instructions received from the other device. The selected service on the device may require a user to be logged in and the selected service may not be available on the other device. | 01-28-2016 |
20160028731 | Method and Apparatus for MoCA Network With Protected Set-Up - Systems and methods for securing a network, for admitting new nodes into an existing network, and/or securely forming a new network. As a non-limiting example, an existing node may be triggered by a user, in response to which the existing node communicates with a network controller node. Thereafter, if a new node attempts to enter the network, and also for example has been triggered by a user, the network controller may determine, based at least in part on parameters within the new node and the network controller, whether the new node can enter the network. | 01-28-2016 |
20160028741 | METHODS AND DEVICES FOR VERIFICATION USING VERIFICATION CODE - The present disclosure relates to methods and devices for verification using a verification code. The method includes: generating acquiring information of the verification code for a current verification when receiving an acquiring request for the verification code from a terminal device, wherein the acquiring information of the verification code comprises a verification identifier, and an operation object and operation manner prompt information for acquiring the verification code; sending the acquiring information of the verification code to the terminal device; receiving a verification request from the terminal device, wherein the verification request comprises the verification identifier and a first verification code obtained after the operation object is operated according to the operation manner prompt information; and verifying the first verification code of the verification request. Accordingly, a user does not need to manually input the verification code, thus the verification manner is simplified. | 01-28-2016 |
20160036802 | PLACING A USER ACCOUNT IN ESCROW - Disclosed are systems, methods, and non-transitory computer-readable storage media for placing a user account in escrow to remove it from an administered account. An employee and/or an employer can select to remove a user account from an administered account associated with the employer. To ensure that the each party, the employer and employee, has an opportunity to retain their content stored in the removed user account, the user account can be placed into escrow, requiring login credentials of both the user and the administrator (employer) to access the user account. The user account can therefore not be accessed unless both the employer and employee each login to the account at the same time. By placing the user account in escrow, both parties can be assured that they can access the content items in the user account, and that the other party cannot access the content without their knowledge. | 02-04-2016 |
20160036805 | NETWORK AUTHENTICATION METHOD AND DEVICE FOR IMPLEMENTING THE SAME - A method is to be implemented using a network authentication device and a user end for authenticating the user end. The network authentication device stores hardware information associated with unique identification codes of hardware components of the user end. In the method, the user end executes a terminal program for scanning the hardware components to obtain the identification codes, for establishing a hardware list according to the identification codes, and for automatically sending to the network authentication device verification data associated with the hardware list without user operation. The network authentication device verifies identity of the user end based on the verification data and the hardware information. | 02-04-2016 |
20160036854 | APPARATUS AND METHOD FOR SHARING A HARDWARE SECURITY MODULE INTERFACE IN A COLLABORATIVE NETWORK - A first communication device having a secure access to a security module establishes a collaborative network by forming a collaborative security association with a second communication device associated with a user of the first communication device. The first communication device (a) sends an advertisement of services associated with the security module to the second communication device and receives an advertisement response from the second communication device or (b) receives a solicitation request for services associated with the security module from the second communication device. Responsive to receiving one of the advertisement response and the solicitation request, the first communication device determines whether the second communication device is authorized to access the security module. The first communication device processes and forwards security service messages between the second communication device and the security module, in response to determining that the second communication device is authorized to access the security module. | 02-04-2016 |
20160044014 | COMMUNICATION SYSTEM AND METHOD, INFORMATION PROCESSING TERMINAL AND METHOD, AND INFORMATION PROCESSING DEVICE AND METHOD - The present invention relates to a communication system and method, an information processing terminal and method, and an information processing device and method which enable simple and secure restricted access. When a PDA | 02-11-2016 |
20160044018 | SECURE DATA ENTRY VIA AUDIO TONES - A cloud client device identifies one or more devices within a predetermined range of the cloud client device operable to communicate with the cloud client device. The cloud client device pairs with one or more of the devices. To provide secure access to the cloud client device and to other functionality provided by the paired devices, the cloud client device accepts tones as a password. The cloud client device receives a password after a prompt as one or more tones and translates the tones for comparison with the password for the cloud client device. Access is allowed if the translated tones match the password for the cloud client device. | 02-11-2016 |
20160044032 | SETUP OF MULTIPLE IOT NETWORK DEVICES - The present disclosure relates to setup of multiple IoT network devices. Specifically, various techniques and systems are provided for setup of multiple similar IoT devices at substantially the same time using joint authentication. More specifically, embodiments of the present invention are directed to methods and systems including, for example, receiving, at an existing network device on a network, one or more communications, wherein the one or more communications include an indication that multiple new network devices are associated with the network; receiving an indication that the multiple new network devices have each generated a setup access point; establishing a connection with the setup access point of each of the multiple new network devices; receiving identification information, wherein the identification information includes information identifying each of the multiple new network devices; and transmitting the identification information identifying each of the multiple new network devices, wherein when the identification information is received, the identification information facilitates generating one or more authentication queries to authenticate one or more of the multiple new network devices. | 02-11-2016 |
20160044033 | METHOD FOR VERIFYING SECURITY DATA, SYSTEM, AND A COMPUTER-READABLE STORAGE DEVICE - The disclosure herein is related to a method for verifying security data, a system, and a computer-readable storage device. The system includes an application server for providing service, and receiving a service request made by a terminal. The system also includes an authentication server for providing identification authentication for receiving a request made by the application server for verifying the terminal. The authentication server sends a signal to the terminal for initiating an authentication process, and processing authentication with the terminal. The authentication server delivers transaction data for the terminal to complete the service access when the connection between the server and terminal is verified. The terminal is permitted to access the service when the terminal passes the authentication and submits a request form according to the data to the application server. | 02-11-2016 |
20160044047 | CONTINUOUS USER AUTHENTICATION - Technologies are generally described for authenticating a user account. In some examples, a method performed under control of a server may include providing a communication service to an end device; receiving, from the end device, a text input, while providing the communication service; and authenticating a user account associated with the end device, based on the received text input, while providing the communication service. | 02-11-2016 |
20160048662 | Computerized CAPTCHA Systems Using A Direct Connection With User Computing Device - Computerized CAPTCHA systems using a direct connection with user computing devices are provided. An example computerized CAPTCHA system is configured to perform operations. The operations include receiving a request from a user computing device to engage in a verification process. The request is received independent of a resource provider from which the user computing device has requested a resource. The operations include providing a challenge to the user computing device at least in part in response to the request for engagement in the verification process and receiving a response to the challenge from the user computing device. The operations include determining whether the user computing device should be verified based at least in part on the response and providing a verification token to the user computing device when it is determined that the user computing device should be verified. | 02-18-2016 |
20160050215 | PLATFORM TRUST EXTENSION - A system and method of providing a platform trust extension for an information handling system is disclosed herein. The platform trust extension receives a notification that an application is selected for installation or execution on an information handling system. The identify of the application or the source of the application is identified based upon a signature of the application. The platform trust extension determines whether the application or the source of the application is semi-trusted based upon the signature of the application. If the application is semi-trusted, the platform trust extension permits the application to run at an additional trust level. | 02-18-2016 |
20160050219 | BLUETOOTH BEACON PROTOCOL - Beacon devices may transmit beacon messages to alert an application on a mobile phone of the beacon device's proximity. An encrypted authorization may be used to prevent malicious attacks. Unfortunately, some operating systems, e.g., the iOS™ operating system, strip data fields in service Universally Unique Identifiers (UUIDs) from a received beacon message before the message is passed to the application. Various embodiments provide a protocol wherein the beacon device successively transmits a first beacon message (e.g., an iBeacon™ message) and a second Bluetooth® Low Energy broadcast message. The first beacon message alerts the application of the beacon device's proximity and identity while the second message contains the encrypted authorization and possibly any additional information relevant to the application. | 02-18-2016 |
20160057145 | SYSTEMS AND METHODS FOR AUTHENTICATION USING A DEVICE IDENTIFIER - Systems and methods are disclosed which may allow a user having a mobile device to automatically authenticate to a server using a device identifier associated with the mobile device. An access point may be configured to send the device identifier as well as additional identifying information to the server so that the device identifier can be accurately matched to the mobile device. Then, when the mobile device submits a credential during authentication, the device identifier and the credential may be matched such that the next time the server receives the device identifier from the access point, the mobile device may be automatically authenticated. | 02-25-2016 |
20160057155 | USER INTERFACE FOR SELECTION OF MULTIPLE ACCOUNTS AND CONNECTION POINTS - Embodiments of the present disclosure provide a user interface that enables a user to more easily identify servers that may be used to set access permissions for content items. The method and system described herein includes receiving user credentials that are associated with a user. In response to receiving the user credentials, one or more servers associated with the user credentials are displayed. The one or more servers are configured to manage information rights for a content item created by the user. Upon receiving a selection of one of the one or more servers, a list of one or more templates supported by the selected server is displayed to the user. The one or more templates identify information rights that may be applied to the content item. | 02-25-2016 |
20160065556 | BOOTSTRAP MECHANISM FOR ENDPOINT DEVICES - A method of bootstrapping between endpoint client and server in a low power wireless network. The method includes the steps of initiating a bootstrap request from an endpoint client to the server with the bootstrap request including an endpoint client name in an identifier, determining a registry apparatus to be assigned to the endpoint client, accepting the bootstrap request at the server and in response to the bootstrap request providing a security object and an identifier to the endpoint client to identify the assigned registry apparatus. | 03-03-2016 |
20160065562 | METHOD AND SYSTEM FOR EFFICIENT PASSWORD INPUT - Embodiments of the present application disclose a method for receiving password input from a user. During operation, the system receives, by a computing device, user input indicating that a user is entering a password. The system displays a plurality of shortcut keyboards of a keyboard sequence in successive order based on an arrangement of characters in the password. The system displays a first shortcut keyboard with a first key labeled with at least a first character of the password prior to displaying a second shortcut keyboard with a second key labeled with one or more characters positioned subsequent to the first character in the password. The system then receives input from the user selecting at least one key of each shortcut keyboard from the plurality of shortcut keyboards, and determines the password entered by the user based on the characters entered by the user through the key selections. | 03-03-2016 |
20160065573 | Trusted Application Migration Across Computer Nodes - An embodiment includes a secure and stable method for sending information across a compute continuum. For example, the method may include executing an application (e.g., video player) on a first node (e.g., tablet) with a desire to perform “context migration” to a second node (e.g., desktop). This may allow a user to watch a movie on the tablet, stop watching the movie, and then resume watching the movie from the desktop. To do so in a secure and stable manner, the first node may request security and performance credentials from the second node. If both credential sets satisfy thresholds, the first node may transfer content (e.g., encrypted copy of a movie) and state information (e.g., placeholder indicating where the movie was when context transfer began). The second node may then allow the user to resume his or her movie watching from the desktop. Other embodiments are described herein. | 03-03-2016 |
20160066181 | Control and Enhancement of Direct Wireless Service Communications - An access point is configured to control peer-to-peer wireless transmission in an area around the access point. The access point receives a message from a service providing device advertising a service. The access point receives another message from a service using device requesting the service. The access point determines whether the service using device or the service is prohibited in the area controlled by the access point. Responsive to a determination that the service using device is prohibited, the access point blocks the service using device from receiving the service. Responsive to a determination that the service is prohibited, the access point blocks the service providing device from providing the service. | 03-03-2016 |
20160072791 | DATA CENTER ACCESS AND MANAGEMENT SETTINGS TRANSFER - Technologies and implementations for providing a data center access and management settings transfer service are generally disclosed. | 03-10-2016 |
20160072798 | BIOMETRIC SOFTKEY SYSTEM - A computing system is described in which biometric softkeys control access to and launch computer applications in response to one or a combination of biometric signatures. After having been registered, biometric signatures are received and mapped to applications of the user environment. A particular biometric signature is then used to automatically launch the corresponding application. | 03-10-2016 |
20160072802 | SYSTEMS AND METHODS FOR PERFORMING USER RECOGNITION BASED ON BIOMETRIC INFORMATION CAPTURED WITH WEARABLE ELECTRONIC DEVICES - Systems and methods are disclosed herein for performing biometrics based user recognition and monitoring based on biometric information captured using wearable monitoring devices. More specifically, the present application provides systems including monitoring devices built into one or more articles of clothing that capture data relating to the wearer of the device and other subjects, such as biometric information, health vitals, environmental information, location data and the like. The systems also include a mobile computing device configured to receive the captured data from the monitoring device and, in conjunction with a distributed biometric authentication and identity assertion platform, perform user recognition based on biometric information captured by the mobile device and/or the monitoring device. The present application also provides an infrastructure for collecting and managing the data collected by the monitoring device in an authenticated/verified manner. | 03-10-2016 |
20160072806 | SETUP OF MULTIPLE IOT DEVICES - The present disclosure relates to the setup of multiple devices on a local area network. Specifically, various techniques and systems are provided for utilizing a network device to efficiently add a new device to a local area network using an existing network device. Exemplary embodiments of the present invention include a computer-implemented method. The method comprises receiving, at a network device on a network, credentials identifying a network gateway in the network; receiving a communication including an indication that a new network device has generated a new access point; transmitting a query, wherein the query includes a request to determine whether the new network device is associated with the network; receiving a communication including a response to the query indicating that the new network device is associated with the network; establishing a connection with the new access point of the new network device; and transmitting the credentials identifying the network gateway, wherein the credentials are used for the new network device to join the network. | 03-10-2016 |
20160072809 | PROVISIONING REMOTE ACCESS TO A NODE - Systems and methods for providing registration at a remote site that may include, for example, a monitoring module that may communicate with a remote site. A registration protocol may be used by the monitoring module and the remote site in generating the messages communicated during the registration process. The monitoring module may gather and generate various identification information to be included in the registration protocol messages. The registration information provided by the monitoring module maybe stored at the remote site in a database server having a database. A confirmation message may be communicated from the remote site to the monitoring module that may either acknowledge successful registration or report that an error occurred during the registration process. | 03-10-2016 |
20160072810 | ENTITY-BASED APPLICATION SELECTION/INSTALLATION - In some examples, an entity-based application provision system is described. The entity-based application provision system receives credential information via a client device. Upon verifying the credential information, the entity-based application provision system identifies a corresponding entity type based on the credential information. The entity-based application provision system may then select and install one or more applications that are tailored to the entity type in the client device. | 03-10-2016 |
20160080347 | SYSTEMS AND METHODS FOR VERIFYING ATTRIBUTES OF USERS OF ONLINE SYSTEMS - For sharing of information in a virtual or online environment, methods and systems are provided which enable verifying attributes of an individual. An individual registered for participation in a virtual or online environment may provide evidence of the attributes from a verification source that exists outside the virtual or online environment. An administrator associated with the virtual or online environment verifies the attributes by receipt of the evidence. Alternatively, the attribute for the individual may be verified after receipt of one or more signals indicating individuals registered for participation in the virtual or online environment have corroborated the attributes. A verification indication for an attribute may be shared with other individuals in the virtual or online environment. | 03-17-2016 |
20160080349 | FACILITATED INFORMATION EXCHANGE TO A SERVICE PROVIDER FOR A REQUESTED SERVICE - A method, a computer program product and a computer system, for exchanging information to provide services, is provided. A computer processor creates an information repository associated with a service requestor, in response to receiving a request for service from the service requestor. The computer processor notifies a service provider of the request for service from the service requestor. The computer processor receives a request for information from the service provider, regarding information about the service requestor. The computer processor forwards the request for information to one or more information providers. The computer processor stores information in the information repository, in response to receiving the information from the one or more information providers, and notifies the service provider to retrieve the information from the information repository. | 03-17-2016 |
20160080356 | AUTHENTICATION MECHANISM - A computer-implemented method for preventing password leakage into a non-password field includes detecting that a user of an electronic device has entered a character in a non-password field appearing on a display associated with the electronic device. The character is echoed to at least the display, and stored to provide a stored character string. The stored character string is compared to a set of valid entries for the non-password field, when length of the stored character string reaches a predetermined threshold value. An alert is transmitted when the stored character string fails to match at least a substring of an element of the set of valid entries for the non-password field. | 03-17-2016 |
20160080358 | HOSTED APPLICATION SANDBOX MODEL - An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources. | 03-17-2016 |
20160080369 | SOURCE DEVICE FOR SYSTEMS AND METHODS OF VERIFYING AN AUTHENTICATION USING DYNAMIC SCORING - A source device for systems and methods of verifying an authentication based on dynamic scoring is disclosed, wherein the source device is configured to receive at least one identification feature from a user, and to communicate the identification feature to a verification unit. The verification unit is configured to generate a base verification score associated with the user based on at least one identification input, the identification input comprising the identification feature, a feature validity rating, and a source device validity rating, to receive a request to access a service, wherein the verification unit compares the base verification score with a service authorization threshold associated with the service, and to grant access to the service when the base verification score meets the service authorization threshold. | 03-17-2016 |
20160080379 | EFFICIENT AND RELIABLE ATTESTATION - A computing device, or a security component of a computing device, implements delayed attestation by initially providing first credentials to a remote access device to establish a first level of trust. The first credentials may be provided before or while the computing device or the security component is obtaining security information from a remote security device. The security information is used to generate second credentials that are subsequently provided to the remote access device to establish a second level of trust. The first credentials may comprise an encryption key that can be generated by the security component without having to retrieve information via a network, and the second credentials may comprise an attestation statement that is more trustworthy than the encryption key and that is generated based on a certificate retrieved from a remote security device (e.g., a certificate authority server). | 03-17-2016 |
20160087979 | Devices, Systems and Methods for Security Using Magnetic Field Based Identification - Devices, systems and methods are disclosed for determining an electromagnetic signature for authenticating a device, a user, and/or a location. In exemplary embodiments, a magnetometer captures an electromagnetic signature which is then compared with one or more authorized electromagnetic signatures. If the electromagnetic signature matches an authorized electromagnetic signature, then access is granted. The magnetometer is integrated into a communication device having a processor and a logic. The magnetometer captures an electromagnetic signature of a surrounding environment and detects motion of the communication device through the captured electromagnetic signature. The logic on the communication device locks or unlocks features of the device based upon the captured electromagnetic signature. In further embodiments of the subject disclosure, the magnetometer is in communication with a server which authenticates a user or communication device to provide access to a remote location. | 03-24-2016 |
20160099925 | SYSTEMS AND METHODS FOR DETERMINING DIGITAL DEGREES OF SEPARATION FOR DIGITAL PROGRAM IMPLEMENTATION - This disclosure relates generally to enterprise software management, and more particularly to systems and methods for determining digital degrees of separation for digital program implementation. In one embodiment, a digital degrees of separation determination system is disclosed, comprising a hardware processor, and a memory storing instructions executable by the processor for obtaining user credentials, and determining a user classification based on the user credentials. The processor may execute the instructions for identifying a user digital need based on the user classification, and querying a database for market-available software applications related to the user digital need. Further, the processor may execute the instructions for obtaining a list of user-accessible software applications related to the user digital need, and comparing characteristics of the market-available software applications to the user-accessible software applications. Also, the processor may execute the instructions for calculating a digital degrees of separation based on the comparison. | 04-07-2016 |
20160099930 | RESTRICTION OF IP ACCESS BASED ON PERSONAL PERFORMANCE - An application on a computing device communicatively coupled to a communications network for receiving restriction input from a parent user of the application. The application includes a reception module configured for receiving physical activity data from a wearable computing device worn by a child user. The application also includes an access control module configured for: receiving a request from the child user to access particular content on the communications network, comparing the received physical activity data from the wearable computing device to a physical activity threshold and determining whether the physical activity threshold has been met, comparing the particular content to the definition of accepted content, determining whether the particular content comprises accepted content, and, providing to the child user access to the particular content on the communications network if the particular content comprises accepted content and the physical activity threshold has been met. | 04-07-2016 |
20160099937 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes validating the communications device, capturing biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and granting access to the protected resources when the transmitted and stored one-time pass-phrases match. | 04-07-2016 |
20160105418 | METHOD, SYSTEM, DEVICE, AND TERMINAL FOR NETWORK INITIALIZATION OF MULTIMEDIA PLAYBACK DEVICE - The present disclosure provides a method, system, device, and terminal for network initialization of a multimedia playback device. The method includes: screening, by a terminal, a wireless access point of the multimedia playback device; connecting the terminal to a first wireless network of the wireless access point of the multimedia playback device; and sending, by the terminal, parameter information of a second wireless network, to which the terminal connects, to the multimedia playback device through the first wireless network, which allows the multimedia playback device to be connected to the second wireless network according to the parameter information of the second wireless network, so as to complete initialization. The method for network initialization of a multimedia playback device does not need to download a specific application to perform multistep network initialization nor to input a series of IP addresses through a network browser and make complicated settings to perform network initialization. Implementation of the process of the network initialization herein is simple, convenient to use, and highly efficient. | 04-14-2016 |
20160105432 | SYSTEM AND METHOD TO PROVIDE INTERACTIVE, USER-CUSTOMIZED CONTENT TO TOUCH-FREE TERMINALS - A method of displaying content to a user within a managed space comprised of one or more touch-free interactive kiosks includes collecting user data about the user. In addition, the plurality of touch-free interactive kiosks are configured to uniquely identify users located at the kiosk. Based on the identified user, and collected user data associated with the user, content is selected to be displayed to the user. | 04-14-2016 |
20160112398 | ALLOWING A USER TO EASILY COLLABORATE WITH USERS FROM OUTSIDE ORGANIZATIONS WHERE THE USER HAS VISITOR STATUS BY SELECTING AN OBJECT ASSOCIATED WITH THE OUTSIDE ORGANIZATION THAT IS DISPLAYED ON THE USER INTERFACE OF THE USER'S COMPUTING DEVICE - A method, system and computer program product for allowing a user to easily collaborate with users from different organizations. In response to authenticating the user to access the environment of the user's home organization, a list of outside organizations where the user has visitor status is obtained. Outside organization(s) in the list of outside organizations that have content to be viewed by the user are identified. An object associated with the user's home organization, objects associated with the outside organizations where the user has visitor status as well as indications (e.g., star) associated with those outside organizations that have content to be shared with the user are displayed on the user interface of the user's computing device. In this manner, the user will be able to collaborate with an outside organization that has content to be shared in response to selecting the object associated with the outside organization. | 04-21-2016 |
20160112399 | INFORMATION PROCESSING DEVICE - A login controller has a function of allowing a user to log in to an information processing apparatus. A sign-in controller has a function of allowing the user to sign in to a network service provided by a server. At login time, a login information receiving unit receives a pass code input by the user for login authentication. A login processing unit performs login authentication using the received pass code. If it is determined that the pass code received by the login processing unit is incorrect, a sign-in processing unit causes the user to sign out of the network service. When the user again signs in to the network service, a screen generating unit receives the pass code for login authentication. A registration processing section then registers the received pass code in a registered user information holding section as a new pass code. | 04-21-2016 |
20160112400 | SIMPLIFIED CONFIGURATION OF A NETWORK DEVICE - Methods, systems, and computer readable media can be operable to pair a client device with a CPE device. The methods, systems and computer readable media described in this disclosure can enable the pairing of a client device with a CPE device upon a connection of the client device to a whole-network associated with the CPE device. Further, methods, systems and computer readable media can enable the secure pairing of a client device with a CPE device with little to no user-input. | 04-21-2016 |
20160112407 | USING AN ENHANCED DATA AGENT TO RESTORE BACKED UP DATA ACROSS AUTONOMOUS STORAGE MANAGEMENT SYSTEMS - An exemplary system preserves the autonomy of two or more distinct storage management systems all the while enabling backed up data to be restored from a first storage management system (the “local system”) to a specially-configured client in a second storage management system (the “remote system”). For example, backed up data in the local system (e.g., a secondary copy of production data) may be transferred, in a restore operation, from secondary storage in the local storage management system, which originated the data, to a client of the remote storage management system (the “remote client”). As a specially-configured “restore-only client,” the remote client is limited to receiving backed up data from the local storage management system, via restore operation(s) managed by the local storage manager. The remote client remains a full-fledged client in its home system, the remote storage management system. | 04-21-2016 |
20160112416 | VERIFYING A USER BASED ON DIGITAL FINGERPRINT SIGNALS DERIVED FROM OUT-OF-BAND DATA - In general, embodiments of the present invention provide systems, methods and computer readable media for providing a user verification service based on analyzing digital fingerprint signals derived from out-of-band data (i.e., data not directly supplied by the user). In some embodiments, a digital fingerprint engine embedded in an app hosted on a client device being accessed by a user reads various device or user data and then creates a set of encoded user verification data representing out-of-band data stored locally on that device. In some embodiments, the user verification data are encoded as hashes generated by a hash function. In some embodiments, the app is configured to contact a business server via the cloud, and the set of digital fingerprints are included in an authorization request transmitted from the client device to the business server. In some embodiments, a digital fingerprint verification service verifies the set of digital fingerprints by determining whether they match any of a stored set of digital fingerprints representing a group of previously verified users. | 04-21-2016 |
20160119305 | ELECTRONIC PROTECTED HEALTH INFORMATION SECURITY FOR DIGITAL MEDICAL TREATMENT ROOM - A medical imaging system includes a data store having stored medical imaging data and a computer. The system may be in a medical treatment room and is adapted to receive and display imaging data from a medical procedure. The computer has a graphical user interface that receives authentication credentials. An authenticator alternately prevents or allows a user access by logging the user into the system using the authentication credentials. A file accessor receives received medical imaging data and stores it in the data store, and retrieves the stored medical imaging data and provides it to the graphical user interface for display. Documentation data is received through the graphical user interface and is stored in the data store without requiring the user to provide the authentication credentials or be logged into the system. The user cannot access the stored medical imaging data before providing the authentication credentials and being logged into the system. | 04-28-2016 |
20160119787 | MOBILE TERMINAL AND CONTROL METHOD FOR THE SAME - A mobile terminal is disclosed herein. The mobile terminal may include a body, a display, a transceiver for short range radio communication, and a controller configured to control data transfer through the transceiver. The controller may be configured to determine whether a request for data is received, determine whether an input is required to allow authorize the data transfer, and determine whether the data transfer is authorized, and transfer data through the transceiver when the data transfer is authorized. The input may be received without displaying a prompt on the display for the input. The input may be received while the display is turned off. Moreover, the input may be a prescribed movement of the body of the mobile terminal or an application of a prescribed amount of force on the mobile terminal. | 04-28-2016 |
20160127324 | PRIVACY PROTECTED INTERNET NETWORKS, SUBNETWORKS AND SUB-SUBNETWORKS - A computerized methods and systems to create, control and manage restricted scope and closed internet interactive networks, subnetworks and sub-subnetworks. The invention permits the protected network, subnetworks and sub-subnetworks to be connected to an open or previously established network, yet still remaining protected, secure and anonymous. Entrance into the protected interactive networks, subnetworks and sub-subnetworks by the user is achieved through a protected network device, anonymous address code, anonymous access code and/or anonymous login information. As the user interacts with the digital elements within the protected interactive networks, subnetworks and sub-subnetworks, a database of said interactions is created and used by the protected network provider in various ways, such as for user behavior information. No personal identifiable information is stored within interactive networks, subnetworks and/or sub-subnetworks and communication on said networks is unique, which inhibits and deters the targeting of the networks by cyber-criminals. | 05-05-2016 |
20160127338 | AGGREGATE SERVICE WITH ENHANCED REMOTE DEVICE MANAGEMENT - One embodiment provides a method, including: receiving, from a client device, a request by a user to access an aggregate service device; authenticating, at the aggregate service device, the user to provide access to at least one remote device; providing, by the aggregate service device, data analogous to data of the at least one remote device; receiving, by the aggregate service device, a selection of data accessible by the user from the at least one remote device; and facilitating data transfer associated with the selection of data. Other aspects are described and claimed. | 05-05-2016 |
20160134608 | NODAL RANDOM AUTHENTICATION - Systems, methods, and computer program products related to transaction application security are disclosed. In a particular embodiment, application nodes are randomly selected for requiring re-authentication of a user traversing nodes of the application. These and other embodiments are more fully disclosed herein. | 05-12-2016 |
20160142407 | METHOD AND APPARATUS FOR DISPLAYING USER INTERFACE IN ELECTRONIC DEVICE - A method for obtaining biometric information associated with a user of the electronic device from the electronic device is provided. The method includes determining condition information associated with the user based on at least the biometric information, displaying a notification corresponding to the biometric information via a display functionally connected to the electronic device when the condition information corresponds to a first predefined condition, and automatically executing an application associated with the biometric information when the condition information corresponds to a second predefined condition. Other embodiments are also possible. | 05-19-2016 |
20160142913 | METHODS AND APPARATUS FOR CONTENT SHARING BETWEEN MULTIPLE MOBILE ELECTRONIC DEVICES - A method performed by a server to facilitate content sharing between multiple mobile electronic devices includes receiving, from a first mobile electronic device, a first content-sharing request and credentials for establishing a direct wireless connection between the first mobile electronic device and another mobile electronic device for sharing content of the first mobile electronic device. A first content-discovery request is received from a second mobile electronic device, and a location of the second mobile electronic device is also received. The credentials are communicated to the second mobile electronic device when the location indicates that the second mobile electronic device is within an established content-sharing geographical area. | 05-19-2016 |
20160156616 | CLOUD AGENT DEVICE, CLOUD STORAGE AND FILE TRANSFERRING METHOD | 06-02-2016 |
20160164858 | SHUTTING DOWN ACCESS TO ALL USER ACCOUNTS - Disclosed is a system and associated method or restricting access to a user's account via one or more account access channels. The system typically includes a processor, a memory, and an access restriction module stored in the memory. The module is typically configured for: integrating one or more account access channels associated with the user's account with an access restriction procedure; receiving a request from the user to implement the access restriction procedure; based on receiving the request from the user to implement the access restriction procedure, implementing the access restriction procedure, wherein implementing the access restriction procedure comprises restricting access to the user's account via the account access channel(s). | 06-09-2016 |
20160171194 | DOSSIER PACKAGING | 06-16-2016 |
20160171196 | Authenticating Users Requesting Access to Computing Resources | 06-16-2016 |
20160171202 | SYSTEMS AND METHODS FOR FACILITATING MOBILE TRANSACTIONS | 06-16-2016 |
20160173467 | DOCUMENT COLLABORATION THROUGH NETWORKING CREDENTIALS | 06-16-2016 |
20160173472 | METHOD FOR EXCHANGING NUMERICAL DATA FRAMES AND ASSOCIATED COMMUNICATION SYSTEM | 06-16-2016 |
20160173473 | METHOD FOR AUTHENTICATING A USER, CORRESPONDING SERVER, COMMUNICATIONS TERMINAL AND PROGRAMS | 06-16-2016 |
20160173500 | MULTI-TENANT SECURITY IN THE CLOUD | 06-16-2016 |
20160174075 | AIRCRAFT WIRELESS NETWORK FOR FIXED AIRCRAFT COMPONENTS | 06-16-2016 |
20160182504 | METHOD AND APPARATUS FOR PROCESSING A RTCWEB AUTHENTICATION | 06-23-2016 |
20160182543 | SOFTWARE TAMPERING DETECTION AND REPORTING PROCESS | 06-23-2016 |
20160188849 | AUTHENTICATING ACTIVITIES OF ACCOUNTS - A system, a medium, and a method involve a communication interface of a server device that receives first activity data associated with a first activity of an account and second activity data associated with a second activity of the account. A processor of the server device determines a first location of the first activity from the first activity data and a second location of the second activity from the second activity data. An authentication circuit of the server device determines a first authentication of the first activity based at least on the first activity data. The authentication circuit determines a second authentication of the second activity based on at least one of the first authentication, the first location, and the second location. A transmitter of the communication interface transmits an indication of the second authentication to a client device. | 06-30-2016 |
20160196416 | ELECTRONIC COMBINATION LOCK USING FIELDS WITH POSITION INDICATORS | 07-07-2016 |
20160197903 | SIGNATURE SYSTEM PORTAL FOR SIGNING ELECTRONIC DOCUMENTS | 07-07-2016 |
20160197908 | WEB BASED EXTRANET ARCHITECTURE PROVIDING APPLICATIONS TO NON-RELATED SUBSCRIBERS | 07-07-2016 |
20160253492 | AUTHENTICATION MECHANISM | 09-01-2016 |
20160380989 | LEARNED ROVING AUTHENTICATION PROFILES - Disclosed herein are systems and methods for determining learned associations between authentication credentials and network contextual data, such as may be utilized in a network that supports network roving. A mobile device attempts to rove to a visited network using authentication credentials associated with another network, based at least in part on first contextual information associated with the other network and second contextual information associated with the visited network indicating that the visited network is part of a common association of networks that supports roving internetworking between the networks of the common association. | 12-29-2016 |
20160380990 | Electronic Discovery Insight Tool - An electronic discovery insight tool is presented. The tool is implemented in an apparatus comprising one or more processors, one or more memories communicatively coupled to the one or more processors and storing instructions which, when processed by the one or more processors, cause: displaying, on a user display device: an interactive object for selecting one or more data collections, a selectable search object for selecting search functionalities, a selectable report object for selecting report functionalities, and a selectable tag management object for selecting tag management functionalities; receiving, from a user via the interactive object, a selection of a data collection from the one or more data collections; in response to receiving the selection of the data collection: accessing the data collection to make the data collection available a user invoking one or more of: to the search functionalities, the report functionalities, or the tag management functionalities. | 12-29-2016 |
20160381082 | ELECTRONIC MESSAGING EXCHANGE - A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local, users and a plurality of remote users. The system, prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform. | 12-29-2016 |
20170237735 | ENABLING SECURE NETWORK MOBILE DEVICE COMMUNICATIONS | 08-17-2017 |
20170238182 | Automatic Authentication of a Mobile Device Using Stored Authentication Credentials | 08-17-2017 |
20190147309 | COMMUNICATION APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM | 05-16-2019 |
20190149511 | SYSTEM AND METHOD FOR CONNECTING USING ALIASES | 05-16-2019 |
20190149532 | MULTI-OPTION AUTHENTICATION PORTAL IMPLEMENTATION IN A NETWORK ENVIRONMENT | 05-16-2019 |
20190149550 | SECURING PERMISSIONED BLOCKCHAIN NETWORK FROM PSEUDOSPOOFING NETWORK ATTACKS | 05-16-2019 |