Entries |
Document | Title | Date |
20080201767 | AUTHENTICATED CREDENTIAL-BASED MULTI-TENANT ACCESS TO A SERVICE - Associating a computing device with a group of other computing devices. A service receives a common credential from the computing device and associates the computing device with the other computing devices also associated with the common credential. The service generates a machine-specific credential for use by the computing device in subsequent communications with the service. The machine-specific credential is used to authenticate, identify, and group the computing device with the other computing devices in the subsequent communications. | 08-21-2008 |
20080201768 | Method For Managing A Large Number Of Passwords, Portable Apparatus And Certification Information Storing Device Using The Same, And Certification Information Management Method Using The Same - Disclosed herein are a password management apparatus and method, a certification information storage apparatus and a certification information management method. The password management method of accessing and managing desired passwords through a portable password management apparatus and a terminal on which a password management program is installed, includes a first step of executing the password management program on the management terminal, a second step of receiving a user authentication number from the management apparatus, and comparing the first authentication number with a user authentication number previously stored in the management terminal, thereby authenticating whether a user is a legitimate user, and a third step of, only if the user is authenticated as a legitimate user, receiving a password list from the management apparatus and outputting the received password list onto a screen. | 08-21-2008 |
20080209529 | TRANSACTION INTEGRITY AND AUTHENTICITY CHECK PROCESS - The present invention refers to a process of transaction authenticity and integrity check that allows the user to verify the authenticity of an internet bank site. Said process does not require the use of special devices by the users, thus avoiding extra implementation costs and making its adoption easy. | 08-28-2008 |
20080209530 | Method And System For Receiving And Providing Access To Information At A Web Site - At a vendor-managed web site, purchasing information is received from a first terminal, including purchasing information that is customized for a customer. The customer includes first and second users having respective first and second levels of authorized access to the purchasing information. The first user is identified by a first identifier, and the second user is identified by a second identifier. To a second terminal, access at the vendor-managed web site is provided to: only a first portion of the purchasing information in response to receiving the first identifier from the second terminal which identifies the first user; and at least a second portion of the purchasing information in response to receiving the second identifier from the second terminal which identifies the second user. The second portion includes at least a part of the first portion and a third portion of the purchasing information. The part of the first portion includes at least a portion of the customized purchasing information. | 08-28-2008 |
20080209531 | Method, apparatus, and system for outputting information and forming image via network, and computer product - An information output apparatus includes a tray determining unit that determines an output tray to which printed sheets are output, a secret information generating unit that generates first secret information corresponding to tray identification information for identifying the output tray determined, a transmitting unit that transmits the first secret information generated by the secret information generating unit to a terminal, an input accepting unit that accepts an input of second secret information from a user, and a tray controlling unit that specifies the output tray based on the first secret information when the second secret information and the first secret information coincide with each other, and allows a slot of the specified tray to be open. | 08-28-2008 |
20080216160 | ROBUST DIGEST AUTHENTICATION METHOD - The present invention relates to a method of authenticating a user in a communication system comprising a user terminal and an authentication server which is capable of storing two types of nonce values, namely dedicated nonce values unique in the system and common nonce values shared between users in the system. In the method the authentication server receives ( | 09-04-2008 |
20080216161 | SYSTEM AND METHOD FOR SECURE CONFIGURATION OF SENSITIVE WEB SERVICES - The present invention discloses a system and method for configuration of access rights to sensitive information handled by a sensitive Web-Service. In a case of requested configuration changes initiated by the client system the Web-Server system provides a configuration data file to the client system preferably using a SOAP-communication protocol. The changes of the configuration data file are exclusively performed offline at the client side and the updated configuration data file is signed with authentication information and sent as a part of a SOAP-request to the Web-Server system. The Web-Server system provides a filter component for identifying and discarding non-SOAP requests as well as an access control manager for providing authentication examination for incoming SOAP-requests. After successful passing these components the SOAP-request is used for updating the existing configuration data file. | 09-04-2008 |
20080235773 | Method of irrugalar password configuration and verification - A method of irregular password configuration and verification, comprising one irregular character series with a series of texts, numbers or symbols inputted into a system to generate a series of password displaying onscreen of a display device. The series of password comprises at least one register code and at least one random combination unit with a text and a number, or a symbol, wherein the register code is concealed in the random combination unit. | 09-25-2008 |
20080250480 | METHOD AND SYSTEM FOR AN ELECTRONIC BANK SAFE DEPOSIT BOX - A system and method for providing secure electronic storage in a plurality of electronic safes which each include a plurality of electronic compartments. The owner of each electronic safe can generate new compartments and determine who has access to each of the compartments in their electronic safe. | 10-09-2008 |
20080250481 | Secure Web-Based User Authentication - Techniques for authenticating a user are described. In one implementation, a user requests access to protected information or resources by providing a user name and a password to a web server that controls access to the information or resources. If the user name and password match a known user profile, the web server retrieves a user identifier (e.g., a personal identification number) and constructs a translation table around the user identifier. The translation table includes the values that constitute the user identifier, random representations of each value, visual images that represent each value, and random image names for each visual image. The information in the translation table is then used to generate a user interface that allows the user to enter his or her user identifier via the user's computing device without exposing the actual user identifier values to the computing device. | 10-09-2008 |
20080263642 | SYSTEMS AND METHODS FOR A COMPUTER NETWORK SECURITY SYSTEM USING DYNAMICALLY GENERATED PASSWORDS - Methods and systems for a computer network security system are disclosed. A computer security system includes at least one computer configured to be operably coupled to a remote network and having an application program comprising a login scripts database and a variable database. The security system further includes a client device configured to be operably coupled to the computer to allow for the use of the application program. The application program is configured to dynamically generate a password upon attempting to access a remote network. Furthermore, the application program may update passwords within a user's login scripts database. Additionally, a remote network may support the security system and may include at least one computer system having an administrator application program installed thereon and configured to receive a network device and an administrator device. A network administrator may use the network and administrator device to monitor and modify contents of the security system. | 10-23-2008 |
20080263643 | METHOD AND SYSTEM FOR PASSWORD APPLICATION - Methods, systems, and program products for a client application provide child passwords mapped to a parent password authorized for login to a secure network resource server. A child user logs in to the client application by entering the child password. When a child user properly requests a secure resource from the secure network resource server, the client application uses the authorized parent password to login to the secure server and retrieve a secure resource without communicating the child password to the secure server. The child user login session is administered by the local application pursuant to access rules or limitation parameters associated with the child password. Child passwords may be set to expire. The client application may also monitor secure server access by a child user; monitored use may also be reported, and an access rule or password limitation parameter may be revised in response to monitoring and use reporting. | 10-23-2008 |
20080263644 | FEDERATED AUTHORIZATION FOR DISTRIBUTED COMPUTING - Distributed computing systems can exchange authorization information in a manner which alleviates the need for a receiving system to utilize any external systems when making an authorization decision. The trusted authorization provider can digitally sign authorization snippets of information. The requestor sends the digitally signed authorization snippet with the request. Because both computing processes trust the same authorization provider, the servicer of the request is able to grant or deny access in a completely autonomous fashion without having to rely on external resources for authorization. A requesting process can determine the digitally signed authorization snippet corresponding with the request. The servicing process can rely on the digitally signed authorization snippet to perform the authorization. | 10-23-2008 |
20080263645 | PRIVACY IDENTIFIER REMEDIATION - A secure server installation is provided that abstracts credit card identifiers from its server, network, application and database environments, thus reducing investment in securing, segregating and/or isolating these environments in their entirety. The secure server installation intercepts credit card transactions sent from front end applications to back end applications, and forwards tokens in replacement of credit card identifiers for processing by the back end applications. | 10-23-2008 |
20080263646 | SYSTEMS AND METHODS FOR A COMPUTER NETWORK SECURITY SYSTEM USING DYNAMICALLY GENERATED PASSWORDS - Methods and systems for a computer network security system are disclosed. A computer security system includes at least one computer configured to be operably coupled to a remote network and having an application program comprising a login scripts database and a variable database. The security system further includes a client device configured to be operably coupled to the computer to allow for the use of the application program. The application program is configured to dynamically generate a password upon attempting to access a remote network. Furthermore, the application program may update passwords within a user's login scripts database. Additionally, a remote network may support the security system and may include at least one computer system having an administrator application program installed thereon and configured to receive a network device and an administrator device. A network administrator may use the network and administrator device to monitor and modify contents of the security system. | 10-23-2008 |
20080263647 | System and Method For Providing Network Device Authentication - A secure framework for wireless sensor networks. The framework provides a system and method for providing network device authentication. The system and method comprises installing a unique device key in a network device and creating a chain of keys, wherein each subsequent key is encrypted using the previous key. The method executes an authentication process for storing and issuing keys, wherein the authentication process uses a unique device key to install a device site key in the network device and uses the device site key and the unique device key to authenticate the network device for communicating with a wireless network router, wherein the wireless network router creates a unique network-device-router key. The unique network-device-router key is used to authenticate the network device for communicating over the wireless network using an encrypted network session key and allows secure encrypted link-layer communications over the wireless network. | 10-23-2008 |
20080271127 | APPARATUS AND METHOD FOR CREATING STAND-ALONE BUSINESS INTELLIGENCE WIDGETS WITHIN AN AUTHENTICATION FRAMEWORK - A computer readable storage medium includes executable instructions to retrieve a list of one or more widgets from a repository. A set of items representing the list of one or more widgets is displayed. A widget is selected from amongst the one or more widgets in the repository. The widget is configured with a set of authentication credentials | 10-30-2008 |
20080276307 | Computer System and Access Right Setting Method - IC cards (R | 11-06-2008 |
20080276308 | Single Sign On - A method to securely access systems (I, II) of a distributed computer system by entering passwords is described, wherein some systems are accessible by equal, and some systems are accessible by different passwords, comprising the steps of:
| 11-06-2008 |
20080282331 | User Provisioning With Multi-Factor Authentication - A method and system for authenticating a user in a network includes a network software client of a computing device requesting network software services from a service gateway. A call between a user phone and an IVR phone login system is initiated in response to the user phone and the computing device being within a coverage area of the service gateway. A location of a user uniquely assigned to the computing device is identified within the coverage area. A first information received in the network software services from the computing device is correlated with a second information received from the IVR phone login system. When the first and second information match, access by the computing device to services of the service gateway is allowed. | 11-13-2008 |
20080282332 | Method For Executing a Protected Function of an Electric Field Unit and Electrical Field Unit - In order to develop a method for carrying out a protected function of an electrical field device in such a manner that a high degree of security against unauthorized accesses to the electrical field device can be ensured irrespective of the nature of the communication link between a user and the electrical field device, an identification device for the electrical field device and a security device are used to check whether a stated protected function of the electrical field device can be carried out, or should be refused. The invention also relates to an appropriately configured electrical field device. | 11-13-2008 |
20080295159 | Method and System for the Authentication of a User of a Data Processing System | 11-27-2008 |
20080301788 | IDENTITY ASSERTION - The present invention relates to using authorization information provided by an asserting agent to control identity-related interactions between a receiving agent and an identity agent, which acts on behalf of the asserting agent. The authorization information may be provided to the identity agent directly or through the receiving agent. When the asserting agent is asserting the identity of an associated entity to the receiving agent, the asserting agent delivers assertion information, which may but need not include the authorization information, to the receiving agent. The assertion information includes claim information that includes actual claims or identifies available claims. Upon receiving the assertion information, the receiving agent may interact with the identity agent. The identity agent will use the authorization information to control claim-related interactions with the receiving agent. | 12-04-2008 |
20080301789 | METHOD AND SYSTEM FOR REAL WORLD VERIFICATION OF A PERSON AND/OR BUSINESS IDENTITY AT A CENTRAL LOCATION FOR REAL AND VIRTUAL WORLD - The method and system of the present invention provides a central location, such as the United States Postal Service® (USPS), a product that will advance them into the world of internet business and will in turn offer the opportunity for new sources of revenue. The method and system of the present invention has the facilities to verify a person's and/or businesses identity. The verification process can be done in the same manner as money order, check cashing and real P.O. boxes, which are currently limited to availability in the post office. If the user is verified at the central location, the user's e-mail address, domains, ISP, WSP, and Web Sites can be globally registered at one or more e-mail servers or service providers that participate with the verification. The e-mail server or service providers can attach a symbol of the identity verification on all e-mail sent by the e-mail server or service provider from the verified customer. | 12-04-2008 |
20080301790 | FAST RE-AUTHENTICATION WITH DYNAMIC CREDENTIALS - A proxy server that is inserted between a plurality of network access servers, typically an access points, and an authentication server. When an original authentication request is received by a network access server, the network access server forwards the request to the proxy server which forwards the request to an authentication server. The authentication server then sends the session information to the proxy server which stores the keying material as a dynamic credentials. When the client re-authenticates with one of the plurality of access servers, the re-authentication request is handled by the proxy server using the dynamic credentials. The proxy server may re-authenticate the client using a different method than the method that was originally used. For example, the original authentication may be by Extensible Authentication Protocol—Transport Layer Security (EAP-TLS) and subsequent re-authentications may use Wi-Fi Protected Access (WPA). | 12-04-2008 |
20080313720 | System, Device and Method for Conducting Secure Economic Transactions - An identification verification device includes an input operable to receive an identification verification query relayed by an account hosting entity. The identification verification query includes a temporary code received from a user. A comparator is coupled to the input and is operable to compare the received temporary code with a verification code. An output transmits to the account hosting entity one of an authorized and a not authorized response that is based upon the comparison. | 12-18-2008 |
20080313721 | ACCESS CONTROL OF INTERACTION CONTEXT OF APPLICATION - A method of controlling access to an interaction context of a multi-user application includes receiving and tracking over time login requests pertaining to one of a plurality of user accounts of a virtual application instance of the multi-user application, each login request including a login password and each user account including a user password. A login request for the user account is rejected when the login password fails to match the user password of the user account. Access to the user account is denied when a consecutive number of times a login request for the user account is rejected reaches a selected limit. The user is prompted to change the user password of the user account and given limited access to the user account to do so when the user password is a permanent password and a cumulative number of rejected login requests for the user account reaches a selected threshold. | 12-18-2008 |
20080320569 | METHODS, SYSTEMS, AND APPARATUS FOR STAGGERED RENEWAL PERIODS - An embodiment relates generally to receiving a plurality of security certificates for each user of a plurality of users and generating a random renewal period for a selected security certificate. The method also includes associating the random renewal period to the selected security certificate and providing the selected security certificate with the random renewal period to the respective user of the plurality of users. | 12-25-2008 |
20080320570 | INFORMATION PROCESSING APPARATUS - According to one embodiment, an information processing apparatus includes a wireless communication unit which receives and transmits a voice call wireless signal with a base station, an acceptance unit which accepts instructions related to a privacy protection operation using the voice call wireless signal received by the wireless communication unit, and a control unit which controls the privacy protection operation in accordance with the instructions accepted by the acceptance unit. | 12-25-2008 |
20080320571 | EMERGENCY RESPONDER CREDENTIALING SYSTEM AND METHOD - A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity. | 12-25-2008 |
20080320572 | EMERGENCY RESPONDER CREDENTIALING SYSTEM AND METHOD - A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity. | 12-25-2008 |
20080320573 | Automated User Registration - For users to access network services such as video streaming from a device, users usually have to register themselves with the service first. Most registration mechanisms require a user to input a username, password, date of birth and other details. When implemented through a web interface, this mechanism is relatively easy for the service provider to provision. However, the problem is that users are required to manually enter significant amounts of information which can be both time consuming, especially on a mobile device where there usually no QWERTY input device, and susceptible to unintentional errors. The present invention proposes an automated registration process that does not require a user to enter any details manually except for the initial request to subscribe to a service. The process gathers information automatically about the user and the device used, which is then stored and used for user authentication during subsequent service requests following the initial subscription request. The subsequent requests for service also do not require the user to manually input any user data. | 12-25-2008 |
20090007246 | SECURITY BASED NETWORK ACCESS SELECTION - A method and wireless device select a set of secure network connections ( | 01-01-2009 |
20090007247 | DOMAIN ID SERVICE - The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding. | 01-01-2009 |
20090013390 | Security Device And Method Incorporating Multiple Varying Password Generator - A two-varying-password generator having two varying passwords of different digit lengths and different time intervals is disclosed. A two-varying-password generator has a printed circuit board where a processor is soldered onto, a battery, a display window and an on/off key and code key. The processor is loaded with two predetermined programs that can produce two passwords (or more than two passwords) of different digit length and different time interval. When on/off key is pressed, the processor is activated and produces two passwords of the current time using the two predetermined programs loaded in the processor. The two passwords are the functions of time, which are defined by two predetermined programs respectively. Meanwhile, the host computer also stores these two programs in the customer's account. As the clocks of both two-varying-password generator and host computer work in synchronously, both of them can produce two identical passwords of the same moment. Application of two-varying-password generator can counter phishing sites, fight credit card forgery and unauthorized transaction, tackle cloned ATM card. The technique of two-varying-password generator possesses an advantage over competitor's techniques: very low computation load for both host computer and two-varying-password generator. This means that annual fee for each customer is so little that it can be neglected and a two-varying-password generator can be made in very slim size as only a button-size battery is enough to support its 5-year life span. | 01-08-2009 |
20090013391 | Identification System and Method - A system and a method is disclosed for securely identifying human and non-human actors. A computer implemented system and a method is also disclosed for securely identifying human and non-human actors. | 01-08-2009 |
20090019534 | System, method and computer program product for providing unified authentication services for online applications - A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications. | 01-15-2009 |
20090031404 | Method and apparatus providing virtual private network access - A virtual private network device enables individual machines at a remote subnet to be visible and addressable from a central site by establishing a private address range for the remote machines, forming a virtual private network tunnel from the virtual private network device to the central site, and communicating the private address range to the central site to enable connections from the central site to individual machines on the remote subnet. | 01-29-2009 |
20090037988 | System and method of mutual authentication with dynamic password - A method of mutual authentication with dynamic password includes: generating a dynamic password and a first validation code by using a password generator; entering the dynamic password into a user interface; and transmitting the dynamic password to a verification host to verify the correctness of the dynamic password, if the dynamic password is correct, returning a second validation code to the user interface for a user to confirm whether the first validation code and the second validation code are the same or not. A system of mutual authentication with dynamic password is also disclosed. The above-mentioned system and method of mutual authentication with dynamic password can reduce the risk of phishing attack. | 02-05-2009 |
20090037989 | METHOD FOR PRESENTING PASSWORD CODES IN MOBILE DEVICES FOR AUTHENTICATING A USER AT A PROTECTED INSTITUTION - The method of the invention allows presenting, in a friendly and intuitive form, to a user of a protected institution, access password codes arranged in the form of a table and to be individually and only once utilized for authenticating a user upon a respective operation to access said institution. The method proposed herein is particularly adequate for the representation of passwords in a mobile device, such as cell phone, PDA, and the like, utilizing a representation practically identical to the tables of printed passwords and already utilized by many users. There are additional advantages in relation to the use of printed tables, such as the possibility of highlighting a determined password, searching a determined index, protecting the tabular token application by password, and updating the passwords, and the like. | 02-05-2009 |
20090037990 | METHOD AND APPARATUS FOR DISTRIBUTED AUTHORIZATION BY ANONYMOUS FLEXIBLE CREDENTIAL - A method and apparatus for distributed authorization by anonymous flexible credential are provided. Pseudonym authority issues a root pseudonym to a user. The user may generate large amount of derived pseudonym from the root pseudonym. The user may obtain resource credentials from resource protectors by using derived pseudonyms. The user may select a set of resource credentials, generate a flexible credential from this set of resource credentials and request access to the resource corresponding to the set of resource credentials to a resource protector by using the flexible credential and a derived pseudonym. Revocation list for each resource may be maintained in the system such that any one of resource credentials of any user may be revoked without affecting other resource credentials of that user. | 02-05-2009 |
20090037991 | MANAGING TRANSFERS OF INFORMATION IN A COMMUNICATIONS NETWORK - The invention features various techniques for managing transfers of information in public packet switched communications networks. In one aspect, the invention provides a system for identifying updated items of network-based information, such as pages, to users in a network. A master server receives the data from each of a plurality of network servers and merges them into one or more master logs. The logs have entries that pertaining to creation of or changing of pages of information. Another aspect of the invention features a system for implementing security protocols. A proxy server translates links from a protocol incompatible with the network tool to a protocol compatible with the network tool and back-translates the link. Another aspect of the invention features a system for managing authenticating credentials of a user. A proxy server manages a user's authenticating credentials automatically on behalf of the user. Another aspect of the invention features a system for inducing advertisers to target advertisements to consumers. An advertising broker receives advertisements and messages indicating that users have read the advertisements, and causes an offer having monetary value to be executed. Another aspect of the invention features a system for extracting data from sources of network-based information in a communications network. An object embedding-program locates a script program and causes the script program to extract data from a page of information. | 02-05-2009 |
20090037992 | Apparatus, system, and method for generating and authenticating a computer password - An apparatus, system, and method for constructing, transmitting, and authenticating a password utilized by an authentication device to authenticate an access device. The authentication device receives the password from the access device, authenticates the access device if the password matches stored information, and returns an acknowledgment message that includes an index value associated with a stored character set. The access device constructs and transmits the password. The access device receives from a user, a plurality of predefined characters forming a User ID. The access device also receives the acknowledgment message and index value from the authentication device. The index value is used to identify a set of password modification factors from a plurality of sets stored in a lookup table. The access device utilizes the identified set to modify a password, and transmits the password to the authentication device. | 02-05-2009 |
20090055907 | Authentification Broker for the Securities Industry - Identity-independent authentication tokens enable issuance of a single strong credential that can be mapped to an individual at each of multiple accounts within the online world. An issuer generates one or more authentication tokens for issuance to individuals or other entities. In some instances, each of these authentication tokens comprises a unique serial number. The individual or other entity may then request an authentication token from the issuer. The issuer may then issue the token to the individual without the need to ask or require the individual to identify his or herself. The individual may then map this issued authentication token to the individual's password at each of the individual's online accounts. | 02-26-2009 |
20090055908 | Apparatus and method for accessing user cookies between network domains - Multiple network domains may be grouped together. One network domain may represent a primary domain, while one or more additional network domains may represent secondary domains. User cookies associated with users may be stored in the primary domain. When a user attempts to access the primary domain, the primary domain may retrieve and use the user cookie to log the user into the primary domain. When a user attempts to access a secondary domain, the secondary sends a request to the primary domain. The primary domain sends the user cookie or related information (such as a token) to the secondary domain, which uses the user cookie or related information to log the user into the secondary domain. In addition, an active session between the user and one of the network domains can be transferred to another network domain. | 02-26-2009 |
20090055909 | DATA TRANSMITTING METHOD WITH MULTIPLE TOKEN MECHANISM IN WIRELESS TOKEN RING PROTOCOL - A data transmission method with multiple token mechanism in wireless token ring protocol is provided. First, (a) a logical ring with M nodes is provided; (b) a k-th node is selected from the logical ring, and a token in the k-th node is generated; (c) a first message is sent to a (k+1)-th node from the k-th node with the token, and whether the (k+1)-th node responds a second message is judged, if yes, the data to be transmitted is transmitted from the k-th node, otherwise, the token of the k-th node is eliminated; (d) the token is sent to the (k+1)-th node from the k-th node after completing the transmission of the transmitted data of the k-th node, a generation token sequence is generated in a i-th node, and sent to a (i−1)-th node; and (e) the token is generated for the (i−1)-th node with the generation token sequence. | 02-26-2009 |
20090055910 | SYSTEM AND METHODS FOR WEAK AUTHENTICATION DATA REINFORCEMENT - This document discusses, among other things, a system and methods for weak authentication data reinforcement. In an example embodiment, authentication data is received in a request to authenticate a user. In response to authentication being detected to be weak authentication data, it may be determined whether the request to authenticate is associated with a human user. An example embodiment may include initiating an authentication process based on determining that the request to authenticate is associated with the human use. | 02-26-2009 |
20090055911 | METHOD FOR COMPUTING THE ENTROPIC VALUE OF A DYNAMICAL MEMORY SYSTEM - Methods, devices, and systems are provided for optimizing the dissemination of information in various types of systems such as an access control system. More specifically, there are provided various mechanisms to increase the efficiency with which system updates and other types of information are spread throughout an access control system having at least one non-networked reader. | 02-26-2009 |
20090055912 | USER AUTHENTICATION SYSTEM USING IP ADDRESS AND METHOD THEREOF - A method for authenticating a user by IP address check includes: receiving a URL and a session cookie from a client; determining whether or not an IP address of the client has been changed based on the session cookie; resetting the session cookie, if the IP address has been changed, by adding the changed IP address as a temporary IP address thereto; determining whether or not the URL is required to perform IP address check; requesting a re-login to the client if it is determined that the URL is required to perform IP address check; and adding the temporary IP address to a valid IP address list for the user if the re-login is successful. | 02-26-2009 |
20090064293 | METHOD AND APPARATUS FOR A COMMUNITY-BASED TRUST - Machine-readable media, methods, apparatus and system for a community-based trust are provided. In an embodiment, it may be determined whether a requesting node obtains a trust from a targeting node through an endorsement from an intermediate node. If the requesting node obtains the trust through the endorsement from the intermediate node, an intermediate trust level that indicates how much the targeting node trusts the intermediate node may be obtained; and a new trust level that indicates how much the targeting node trusts the requesting node may be calculated based upon the intermediate trust level. | 03-05-2009 |
20090064294 | Methods for selectively capturing and replicating one-time password generator functionality from device to device - Structures and methods are disclosed for selectively capturing (“peeling”) and replicating (“cloning”) OTP tokens from one device to another while maintaining OTP state. Embodiments described herein provide for sending, from a first device to a second device, state information including for example, a key, a current OTP sequence value and a time to expiry value corresponding to selected tokens to be cloned. The second device thereafter uses the state information to generate OTP sequences corresponding to the selected tokens in time-synchronization with corresponding authentication entities. Additionally, embodiments described herein provide for restoring the OTP sequence corresponding to the selected tokens on the first device following a loss of synchronization of the selected tokens on the first device. | 03-05-2009 |
20090064295 | SYSTEM, METHOD, AND APPARATUS FOR ON-DEMAND LIMITED SECURITY CREDENTIALS IN WIRELESS AND OTHER COMMUNICATION NETWORKS - A method includes storing a security credential associated with a communication network on a portable storage device. The method also includes detecting removal of the portable storage device from a specified location. The method further includes allowing at least one communication device to communicate over the communication network using the security credential. In addition, the method includes revoking the security credential after a specified time period has elapsed. The portable storage device could represent a card, and the specified location could represent a card reader/writer. Also, the communication network could represent a wireless network, and the security credential could represent a cryptographic key. | 03-05-2009 |
20090064296 | COMMUNICATION SYSTEM, METHOD FOR TRANSFERRING INFORMATION, AND INFORMATION-COMMUNICATION DEVICE - A first information-communication device generates first biometric pattern used for comparison based on user biometric information retrieved by a biometric sensor, and sends the generated first biometric pattern to a second biometric information-communication device. The second information-communication device compares the first biometric pattern sent from the first information-communication device with second biometric pattern, which is user biometric pattern stored in memory, and sends the second biometric pattern to the first information-communication device when the compared biometric pattern matches. The first information-communication device then stores the second biometric pattern sent from the second information-communication device. | 03-05-2009 |
20090064297 | SECURE CREDENTIALS CONTROL METHOD - Methods, apparatus, and systems are provided to secure access to an account of a user. The account may have a system administrator. The user may have a credential for accessing the secure data on the account. The methods, apparatus, and systems involve setting a universal reset credential associated with the account, denying the system administrator of the account permission to change the first credential of the access feature, and permitting the system administrator to reset the access feature from the first credential to the universal reset credential. | 03-05-2009 |
20090064298 | System and Program for Access Control - A system and program for a proxy server that forwards an access request from a client to a data server and forwards response data from the data server to the client. The proxy server includes a means for storing a first address location and an encoding format of the response data. The proxy server also includes a means for receiving a subsequent access request from the client, which includes a second address location encoded by the encoding format. A means is present in the proxy server for comparing the second address location to the first address location to determine if the second address location is related to the first address location. The proxy server also includes a means for decoding the second address location based on the encoding format in response to a determination that the second address location is related to the first address location. | 03-05-2009 |
20090077641 | COLLABORATIVE PROCESSING USING INFERENCE LOGIC - A collaborative engine electronically processes a request for a result using inference logic. If insufficient goals are provided to resolve the request, a partial result is generated as a function of one or more unresolvable goals. The request for a result may be processed with two or more collaborative engines using workspace chaining, to process information from/to multiple domains or systems which have security restrictions preventing full flow of information between them. Inputs available to the workspace of one collaborative engine are resolved as far as possible and a partial result based on that processing is generated and transmitted for further processing in the workspace of another collaborative engine. The invention may be used for determining a routing path for data or telephonic communication to/from a user of a communication network, or for processing of a management action for a component of an electronic data network, or a commercial transaction. | 03-19-2009 |
20090077642 | COOPERATION METHOD AND SYSTEM BETWEEN SEND MECHANISM AND IPSEC PROTOCOL IN IPV6 ENVIRONMENT - The present invention relates to a method of embodying a cooperation system between SEND and IPSec in an IPv6 environment. The cooperation system between SEND and IPSec in accordance with the present invention includes: receiving an authentication completion report message including a first IP address of a host whose authentication is completed by the SEND; generating new authentication information corresponding to the host and storing the new authentication information in a temporary storage area, if authentication information for the host is not present in the temporary storage area, wherein the authentication information includes the first IP address; and if an authentication check request message including a second IP address is received from the IPSec, checking whether the second IP address is present in the temporary storage area, and sending the result of checking to the IPSec. The present invention allows the authentication information shared between SEND and IPSec in a mobile environment, where the network is frequently accessed, enabling IPSec secure communication at a lower cost. | 03-19-2009 |
20090077643 | VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service. | 03-19-2009 |
20090083840 | INFERENCE SEARCH ENGINE SECURITY - In some aspects of the invention, a method for determining access to data stored within one or more databases is described. The method includes the aspects of receiving a user request from a user at an inference engine for access to the data, wherein the inference engine is in communication with a rules database, including one or more rules governing access rights to the data. Moreover, the method includes the aspects of creating a user credential based on the application of one or more of the rules to a identity information related to the user. Further, the method includes the aspects of comparing the created user credential and the user request at the one or more databases to determine whether the user meets the access rights for retrieving the data. Furthermore, the method includes aspects of determining an answer as to whether the access of the data is permitted or denied. | 03-26-2009 |
20090089864 | REMOTE MANAGEMENT OF TELECOMMUNICATIONS NETWORK ELEMENT DURING LICENSE EXPIRE AND RENEWAL PERIOD - A remote management method permits the management of a license on a network element in a telecommunications network. One or more features on the network element are enabled for a predetermined time according to a license provided to the network element. Management data is sent to and received from the network element on a first management data connection. User traffic utilizing the one or more features is sent to and received from the network element on a second user data connection. The second user data connection is distinguishable from and controllable independently of the first management data connection. If the license expires, then the second user data connection is blocked, and license management data is downloaded to the network element over the first management data connection while the second user data connection is blocked. The license on the network element is renewed using the license management data downloaded over the first management data connection. After the license is renewed, the user data connection is unblocked. | 04-02-2009 |
20090089865 | NETWORK ACCESS AND PROFILE CONTROL - A method and apparatus for managing network profiles and/or access to a network. Network profiles stored in a computer may be deleted and/or a connection to a wireless network may be disabled when a corresponding access period for the network has been exhausted. The access period may define an amount of time, a number of connections, a number of bits or packets of information, or other measure of connectivity to a network and/or maintenance of profile information related to the network that may be limited in some fashion. | 04-02-2009 |
20090089866 | ACCESS AUTHORIZATION SYSTEM, ACCESS CONTROL SERVER, AND BUSINESS PROCESS EXECUTION SYSTEM - An access authorization system is provided, which can reduce the user wait time until the provision of a user-requested service. The access authorization system of the present invention specifies the next service to be provided to a UT (a client-side communication device) after the service currently being provided to the UT, and then executes process to make an authorization decision in advance regarding the next service with respect to the user of the UT, before the UT requests the next service. | 04-02-2009 |
20090089867 | System and method providing secure access to computer system - A system and method for providing secure access to a computer system. An access device divides the password into multiple segments and places them in data packets. In one embodiment, an authentication server has multiple addresses, and each packet is sent to a different address. The server then reassembles the password. In another embodiment, when the server receives a password, the server sends an index value back to the access device, which then accesses the server on another address indicated by the index value. Alternatively, the password is sent to multiple addresses for the server, and the server determines whether any of the received packets have been altered. The multiple password packets may be forced to follow different paths to the server, thereby denying hackers the ability to intercept all of the password characters or determine the inter-packet timing factor. The system is effective against passive and active hackers, Trojans, and phishing techniques. | 04-02-2009 |
20090094687 | System and methods for key challenge validation - This document discusses, among other things, a system and method for detecting an initiation of a transaction and generating a string of characters based on the detection. A first portion of the string of characters may be presented in such a way as to be distinguished from a second portion of the string of characters. In various example embodiments, the transaction is validated based on an identification of the first portion of the string of characters. | 04-09-2009 |
20090113530 | User Authentication Based on Voucher Codes - An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication. | 04-30-2009 |
20090113531 | System and method for pooling and load distributing connection-oriented servers - There is provided a system and method for managing connections between computers and a server pool. An exemplary system comprises a file configured to store a list of a plurality of servers in the server pool. The exemplary system further comprises a session distributor configured to distribute communication sessions among the plurality of servers by directing multiple requests for a common communication session to a specific one of the plurality of servers based on the list. The exemplary method includes selecting a server from a list of a plurality of servers stored in a file, selecting a port number, generating login information, and linking the server, port number, and login information such that multiple requests for a common communication session are directed to the server. | 04-30-2009 |
20090119759 | Method and Arrangement for Secure Authentication - A method and arrangement for utilising a generally available personal data terminal as a secure and reliable authentication factor for user authentication is described. Also, a method for secure transfer of data between two parties, a user and a service provider, where the user generates a unique authentication factor adapted for user authentication ( | 05-07-2009 |
20090119760 | METHOD FOR RECONFIGURING SECURITY MECHANISM OF A WIRELESS NETWORK AND THE MOBILE NODE AND NETWORK NODE THEREOF - A method for reconfiguring the security mechanism of a wireless network system includes steps of: sending a packet from a network node to a mobile node; sending a negotiation packet from the mobile node to the network node according to a selected authentication protocol; the mobile node and the network node proceeding the authentication process if the received negotiation packet is valid; the mobile node and the network node generating a security association after the authentication process is completed. | 05-07-2009 |
20090119761 | Apparatus and computer program product for password generation - The generation of a unique password using a secret key and an application name is disclosed. Other passwords may be generated for other applications using the same key. A user provides a key that is not easily able to be guessed by third parties. The user also inputs a name of an application for which a password is desired. The system utilises the application name and the secret key to generate a unique password for that application, using standard encryption techniques. The system generates the same password for that application and secret key combination every time. Alternate embodiments generate a user identifier from the same secret key and application name. | 05-07-2009 |
20090125992 | SYSTEM AND METHOD FOR ESTABLISHING SECURITY CREDENTIALS USING SMS - The present invention provides a system and method for establishing security credentials for using an Internet or other network application requiring user authentication. In an exemplary embodiment, a user electronic device may connect to an application server to initiate use of the application. The application server may respond by transmitting to the user electronic device session identification information (a Session ID). The user electronic device may then transmit an SMS message containing the Session ID back to the application server, which permits the application server to link to the user electronic device. The application server may generate for the user encrypted security credentials and transmit an encryption key for them to the user electronic device in a response SMS message. In a separate message, the security credentials are transmitted to the user. In this manner, only the legitimate user electronic device has both the encryption key and the encrypted security credentials. The user electronic device may then decrypt the security credentials using the encryption key, and use the security credentials to access the network application. | 05-14-2009 |
20090125993 | METHOD FOR PROTECTING AGAINST KEYLOGGING OF USER INFORMATION VIA AN ALTERNATIVE INPUT DEVICE - A method for protecting against keylogging, the method includes: detecting from a host browser application, a request for a password input by a user of an alphanumeric input device in an entry field of a transaction; inserting a temporary indicator password in the entry field; sending an identifier of the host application with the temporary indicator password to an alternative device; retrieving a user assigned password stored in a table in the alternative device in response to matching the identifier of the host application and the temporary indicator password; sending the user assigned password to the host application; inserting the user assigned password in place of the temporary indicator password in the entry field; and sending the transaction to a server for verification and further processing. | 05-14-2009 |
20090125994 | Communication between a human user and a computer resistant to automated eavesdropping - Communication between a human user and a computer over an insecure channel is accomplished by encoding user input using one or more character substitution tables. The character substitution tables are transmitted to the user over the insecure channel in a perceptually modified form which renders them difficult for use by automated adversaries but keeps them easily understandable by humans. | 05-14-2009 |
20090125995 | Method and System For Accounting Access by Users to Data Networks, Related Computer Program Product - A system for the time-based accounting of access by users to services provided by a data network includes a primary access node to provide access by users by establishing via the primary access node a steady connectivity between the users and the network. A secondary access node is associated with the primary access node, such secondary access node being configured for acting as a backup node to maintain connectivity in the case of failure involving the primary access node. The primary access node is configured for issuing a request for credentials for any user requesting access to said data network and, as a result of receiving valid credentials from the user, starts time-based accounting for the user. An authentication node cooperative with the primary access node and the secondary access node stores the secondary access node information items concerning the time-based accounting started for the user. The time-based accounting is thus maintained in the case of failure involving the primary access node as connectivity is maintained by the secondary access node. | 05-14-2009 |
20090125996 | VIRTUAL SUBSCRIBER IDENTITY MODULE - A mobile trusted platform (MTP) configured to provide virtual subscriber identify module (vSIM) services is disclosed. In one embodiment, the MTP includes: a device manufacturer-trusted subsystem (TSS-DM) configured to store and provide credentials related to a manufacturer of the MTP; a mobile network operator-trusted subsystem (MNO-TSS) configured to store and provide credentials related to a mobile network operator (MNO); and a device user/owner-trusted subsystem (TSS-DO/TSS-U) configured to store and provide credentials related to user of the MTP. The TSS-MNO includes a vSIM core services unit, configured to store, provide and process credential information relating to the MNO. The TSS-DO/TSS-U includes a vSIM management unit, configured to store, provide and process credential information relating to the user/owner of the MTP. The TSS-DO/TSS-U and the TSS-MNO communicate through a trusted vSIM service. | 05-14-2009 |
20090125997 | Network node with one-time-password generator functionality - Structures and methods are disclosed for facilitating secure connectivity of a remote client to an enterprise network using OTP-enabled nodes of a remote access platform. Embodiments described herein include an OTP device associated with a client device (for example and without limitation, an OTP device residing within a PC card associated with a laptop or desktop computer) defining a first node of a remote access platform; and an OTP server defining a second node of a remote access platform that generates and maintains the same OTP as the OTP device at the first node, for purposes of authenticating the client device and/or user of the client device. | 05-14-2009 |
20090133107 | Method and device of enabling a user of an internet application access to protected information - A method and a system are disclosed, of enabling a user of an Internet application to access protected information. An idea behind at least one embodiment of the invention is that a user identifier token is created, after a user has been authenticated by way of a logon mechanism of the Internet application. The user identifier token is then associated with the authenticated user and stored at an Internet client of the authenticated user. When protected information is to be made available for a requesting user, the concerned set of protected information is associated with the authenticated user and an information identifier token is created and associated with the protected information. The information identifier token is delivered to the authenticated user via e-mail. When a request is received from a requesting user, it is verified that the request comprises a user identifier token and an information identifier token, that there exists an association between these tokens and the previously authenticated user and the protected information, respectively, and that the requested protected information is associated with the authenticated user. If so, the requesting user is allowed to access the protected information. | 05-21-2009 |
20090138948 | System and method for over the air communication authentication using a device token - A system and method are described for securing over the air communications between a service and a communication device. For example, one embodiment of a method for creating a security token on a communication device for communication between the communication device and a service includes combining a device identification of the communication device with a device capability to create a device information, the device capability known by the service. The method further includes encrypting the device information. | 05-28-2009 |
20090138949 | POSITION AND VELOCITY-BASED MOBILE DEVICE MANAGEMENT - A set of one or more positional control parameters includes at least one of a geographic limit, a velocity limit, and a direction of travel limit. A control list identifies at least one feature in a mobile device. The at least one feature may be associated with at least one of the positional control parameters. | 05-28-2009 |
20090144814 | Automated Credentialing for Physicians and Other Professionals - An automated system for credentialing physicians or practitioners in other professions employs a databank of verified practitioner data on a central computer server. The file for each practitioner can include education, employment history, board certification record, and derogatory information, such as disciplinary proceedings, if any. A remote computer station can access the central computer server to download a credentialing profile on the computer screen. The computer station can have an RFID reader for inputting a practitioner identity code that uniquely identifies the respective practitioner. There may be RFID tags embedded in diplomas or certificates to aid in verifying authenticity. | 06-04-2009 |
20090158407 | API TRANSLATION FOR NETWORK ACCESS CONTROL (NAC) AGENT - An application programming interface (API) translation agent and method for converting a message from one application configured according to a first API to a message configured according to a second API so that the first application, which is configured to communicate only in accordance with the first API, can communicate with a second application, which is configured to communicate only in accordance with the second API. The first and second applications can include a security application and a network access control (NAC) agent installed on an end point computing device, and the API translation agent can be used by the NAC agent to obtain information regarding a security status of the end point computing device, the information being used to determine whether the end point computing device is in compliance with the security policies of a network. | 06-18-2009 |
20090158408 | METHODS, SYSTEMS, AND COMPUTER PRODUCTS FOR PROVIDING AND ACCESSING MEDIA - Methods, systems, and computer products for providing media over an Internet Protocol (IP) based network. The methods, systems, and computer products include receiving a handle and/or password input by a user, associating the handle and/or password to a channel inaccessible by the public, mapping the handle and/or password input by the user to the inaccessible channel, and providing the inaccessible channel to the user. | 06-18-2009 |
20090158409 | REMOTE CONFIGURATION, PROVISIONING AND/OR UPDATING IN A LAYER TWO AUTHENTICATION NETWORK - A device capable of remote configuration, provisioning and/or updating comprising a network detector capable of detecting a network regardless of the state of the operating system on the device, wherein the network requires layer two authentication, and an Embedded Trust Agent capable of generating an authentication credential for layer two authentication and communicating the authentication credential via a layer two authentication protocol without a functioning operating system. | 06-18-2009 |
20090165101 | Domain Membership Rights Object - A method of providing permissions to consume content objects within a domain includes creating a domain and a domain membership rights object for each member. The domain facilitates the sharing of content objects amongst the members of the domain. The domain membership rights objects for each member include permissions for each member in the domain to consume content objects in the domain. | 06-25-2009 |
20090165102 | ONLINE PASSWORD MANAGEMENT - This disclosure describes, generally, methods and systems for password management. In one embodiment, a method may include receiving, at a centralized password repository, requests from users. Each request may be configured to request a password to allow access to an associated application. In one embodiment, at least two of the users are at different locations. The method may further include performing a validation analysis for the users' credentials, and in response to verification of a user's credentials, transmitting a response including the password configured to provide access to the associated application. | 06-25-2009 |
20090165103 | APPARATUS AND METHOD FOR SHARING USER CONTROL ENHANCED DIGITAL IDENTITY - The present invention provides an apparatus for sharing a user control enhanced digital identity that allows a user to have all controls and control the flow of identity sharing on the user basis when the user shares user's personal information. According to the present invention, a user can decrease infringement of personal information due to illegal usage of the personal information by allowing a user to control usage of user's personal information and prevent the user's personal information from being carelessly used. Further, a provider that provides the services can efficiently associate the services between providers. | 06-25-2009 |
20090165104 | METHOD FOR IMPROVING SECURITY IN LOGIN AND SINGLE SIGN-ON PROCEDURES - In a method for improving client's login and sign-on security in accessing services offered by service providers over shared network resources such as Internet and particularly working within the framework of the www, a password is created for the client at a first attempt to access the service provider. The client's password is generated either at an authentication authority in trust relationship with the service provider and transmitted to the client, or the client is allowed to create his or her password on the basis of random character sequences transmitted from the authentication authority. For subsequent access to the service provider the authentication authority presents a client for characters in ordered sequences or in a diagram containing in an appropriate order a single occurrence of each password character. The client performs a selection of the password for validation and transmits the validation back to the authentication authority, which verifies the password and informs the service provider of the verification. In a most preferred embodiment the password characters are never transmitted between the authentication authority and the client in a validation and verification procedure, and the former is wholly disconnected from either the client's credentials or any transactions subsequently to be undertaken between the service provider and the client. | 06-25-2009 |
20090172792 | APPARATUS, SYSTEM, AND METHOD FOR ASYNCHRONOUS JAVA SCRIPT AND XML (AJAX) FORM-BASED AUTHENTICATION USING JAVA 2 PLATFORM ENTERPRISE EDITION (J2EE) - An apparatus, system, and method are disclosed for Asynchronous Java Script and XML (AJAX) form-based authentication using Java 2 Platform Enterprise Edition (J2EE). The apparatus for AJAX form-based authentication using J2EE is provided with a plurality of modules configured to functionally execute the necessary steps for redirecting an AJAX client request to an authentication required servlet, issuing an AJAX response to the client, authenticate the user security credentials, and process the client request for secure data. In addition, a method of the present invention is also presented for programming Asynchronous Java Script and XML (AJAX) form-based authentication that avoids a page change using Java 2 Platform Enterprise Edition (J2EE). | 07-02-2009 |
20090172793 | SYSTEMS AND METHODS FOR DELEGATING ACCESS TO ONLINE ACCOUNTS - Computer-implemented methods for delegating access to online accounts and for facilitating delegates' access to these online accounts are disclosed. In one embodiment, a method for delegating access to an online account comprises receiving a request to delegate access to a first online account to a first delegate, identifying the first online account, identifying a contact record for the first delegate, and delegating access to the first online account to the first delegate by associating the contact record for the first delegate with the first online account. Corresponding systems and computer-readable media are also disclosed. | 07-02-2009 |
20090178124 | REMOTE DEVICE COMMUNICATION PLATFORM - Managing via a web portal a remote device from a source device connected to a communication network. A device ID is assigned to the remote device, and a remote management software for remote management of the remote device is not installed on the source device or the remote device. Based on the assigned device ID, a connection is established with the remote device via the communication network. A first instruction is received from a user for authenticating access to the web portal. The user is authenticated in response to the received first instruction. An online status is established for the authenticated user. A second instruction is received from the authenticated user requesting access to the remote device. The device ID of the remote device is validated. The validated device ID is associated with the authenticated user. A connection is established between the remote device and the web portal. | 07-09-2009 |
20090178125 | Method and System for Creation and Validation of Anonymous Digital Credentials - A method and system for providing an online reputation of a client participating in one or more online forums. The method includes providing a unique client identifier associated with the client. In addition, a plurality of forum identifiers is provided for a plurality of online forums within which the client is participating, wherein each online forum is associated with a corresponding user profile. A plurality of unique verification codes is provided that is based on the plurality of forum identifiers and the client identifier. A plurality of verification sequences is provided for purposes of verifying a plurality of user profiles of the client associated with the plurality of online forums, wherein each of the plurality of verification sequences includes a corresponding verification code. Verification of a plurality of credentials associated with the plurality of user profiles is performed. A request is received that includes a corresponding verification sequence from a verifying entity for an online reputation of the client. The request is made in association with a first online forum within which the client is participating. A verified credential of a user profile that is associated with a second online forum is provided without revealing a user identity of the client that is associated with the second online forum. | 07-09-2009 |
20090178126 | SYSTEMS AND METHODS FOR PROVIDING USER-FRIENDLY COMPUTER SERVICES - A system for providing computer services includes a camera and an electronic device. The camera obtains recognition information for a user. The electronic device is operable for executing a first operating system for conducting user authentication according to the recognition information and for automatically operating a user-defined application program after the user passes said user authentication. | 07-09-2009 |
20090183244 | AUTOMATION TOOL FOR PROVIDING USERS WITH SECURITY ACCESS TO AN ELECTRONIC SYSTEM - A method for providing multiple users with security access to an electronic system is provided. The method comprising: providing a plurality of parent security roles, wherein each parent security role includes a plurality of transactions authorized to be performed in the electronic system, providing a plurality of child security roles, wherein each child security role is derived from one of the plurality of parent security roles, setting up the multiple users in the electronic system and their associated user passwords, assigning one of the plurality of child security roles to each of the multiple users to provide the multiple users with security access to the electronic system at once, and providing each of the multiple users with security access to the electronic system, via the associated user password, in accordance with the child security role assigned to the user. | 07-16-2009 |
20090187980 | METHOD OF AUTHENTICATING, AUTHORIZING, ENCRYPTING AND DECRYPTING VIA MOBILE SERVICE - The present invention provides a method of authenticating, authorizing, encrypting and decrypting an application by utilizing a mobile secure server as the platform that can allow the subscriber to authenticate, authorize, encrypt or decrypt a document or an application through the mobile secure server. The account user can register and activate the service to have a secure banking transaction, such as online payment. A request message is submitted via an electronic device to an application server, which performs specific operations in accordance with the instruction of the request message, and sends the request message to the mobile secure server, wherein the mobile secure server will forward the request message to the account mobile telecommunication device that hosts the digital ID and certificates to be sued to authenticate, authorize, encrypt or decrypt the request message and then sends back a reply message to electronic device via the account mobile telecommunication device, application server and mobile secure server. | 07-23-2009 |
20090193505 | Issuing Secure Certificate Using Domain Zone Control Validation - A requester requests a secure certificate for a domain name from a validating entity, such as a certification authority. To verify that the requestor has control over the domain name, the validating entity generates a pass string. The requestor enters the pass string into a domain zone. The validating entity determines if the pass string was entered in the domain zone. If the pass string is present in the domain zone, the validating entity may issue the secure certificate. If the pass string is not in the domain zone, the validating entity may deny issuing the secure certificate to the requestor. | 07-30-2009 |
20090193506 | CRYPTOGRAPHIC PEER DISCOVERY, AUTHENTICATION, AND AUTHORIZATION FOR ON-PATH SIGNALING - A method is disclosed for cryptographic peer discovery, authentication, and authorization. According to one embodiment, a data packet, which is addressed to a destination device other than an intermediary network device, is intercepted at the intermediary network device. The data packet contains a request and a group identifier. A shared secret cryptographic key, which is mapped to the group identifier, is selected. A challenge is sent toward an upstream device from whence the data packet came. A response is received. A verification value is generated based on the cryptographic key and the challenge. It is determined whether the response matches the verification value. If the response matches the verification value, then it is determined whether the request is allowed by an authorization set that is mapped to the group identifier. If the request is allowed, then a policy of the intermediary network device is configured based on the request. | 07-30-2009 |
20090199278 | System and method for authenticating a user of a wireless data processing device - A system and method for authenticating a user with a wireless data processing device. For example, a method according to one embodiment of the invention comprises: generating a new authentication code for a user at a data service, the data service communicatively coupled to a wireless device over a wireless network and to a client data processing device over a data network; transmitting the new authentication code to the wireless device; receiving a request from the user to connect to the service through the client data processing device over the data network; requesting the new authentication code from the user over the data network; receiving an authentication code entered by the user on the client data processing device over the data network; comparing the new authentication code with the authentication code entered by the user on the client data processing device; allowing access to resources on the service if the authentication code entered by the user matches new the authentication code; and denying access to resources on the service if the authentication code entered by the user does not match the new authentication code. | 08-06-2009 |
20090199279 | METHOD FOR CONTENT LICENSE MIGRATION WITHOUT CONTENT OR LICENSE REACQUISITION - Techniques for migrating content from a first set of conditions to a second set of conditions are disclosed herein. In particular, a content migration certificate is utilized to enable content migration and set forth under what conditions content may be accessed after migration. The content migration certificate may, for example, be stored as a file in a removable storage unit or transferred online once an indication that conditions have changed is received. The change in conditions may involve a new device attempting to access the content file, a new user attempting to access the content, or any other similar conditions. Access to the information in the content migration certificate may be protected by encryption so that only devices and/or users meeting the conditions of the certificate are permitted to transfer content. By accessing the content migration certificate in the prescribed manner, migration of content is enabled in a controlled and easy process. | 08-06-2009 |
20090199280 | AUTHENTICATION SERVER, AUTHENTICATION SYSTEM AND ACCOUNT MAINTENANCE METHOD - An authentication server, on receipt of a request to delete a user account, determines whether the account exists in a user authentication table. If the account exists, the authentication server deletes the account, and retrieves, from a requesters list in which information of devices from which users have to date requested user authentication is saved, an address of a device from which the user targeted for deletion has previously issued an authentication request, and issues a deletion request to that device together with account information. Similar processing to change a user account is performed in response to a change request. | 08-06-2009 |
20090205027 | Album drive - The present invention is a system and method of selectively distributing media content to consumers, the system comprising essentially of a USB-type storage device loaded with media content, a network and a user interface system. The method comprises essentially of providing a USB-type storage device loaded with media content, distributing the device to retail outlets, instructing a user to contact a network that is in electronic communication with the USB-type storage device, selectively registering the media content on the network, activating the USB-type storage device, displaying the activated media content to the consumer on a display device associated with the user interface system, and providing a means to upload media content onto the USB-type storage device in the event the media content becomes corrupted or erased. | 08-13-2009 |
20090205028 | Method and System for Mobile Device Credentialing - Methods and systems taught herein allow communication device manufacturers to preconfigure communication devices to use preliminary access credentials to gain temporary network access for downloading subscription credentials, and particularly allow the network operator issuing the subscription credentials to verify that individual devices requesting credentials are trusted. In one or more embodiments, a credentialing server is owned or controlled by the network operator, and is used by the network operator to verify that subscription credentials are issued only to trusted communication devices, even though such devices may be referred to the credentialing server by an external registration server and may be provisioned by an external provisioning server. Particularly, the credentialing server interrogates requesting devices for their device certificates and submits these device certificates to an external authorization server, e.g., an independent OCSP server, for verification. A common Public Key Infrastructure (PKI) may be used for operator and device certificates. | 08-13-2009 |
20090205029 | MANAGEMENT APPARATUS - A management apparatus comprising memory to store owner information, dependence relationship information, and authorized user information are associated with file information identifying the secret file, an authorized user determination unit to determine whether a source user of the browse request is registered as the authorized user of the browse request file, a dependent file specifying unit to specify a dependent file having a dependence relationship with the browse request file by referring to the dependence relationship information when the source user is authorized; and a browse permission response transmitting unit to transmit the browse permission response to the source user based on whether or not the source user is registered as the authorized user of the dependent file by referring to the authorized user information. | 08-13-2009 |
20090205030 | Controlling Access to a Process Using a Separate Hardware Device - A method and apparatus for automatic user authentication are described. The method includes receiving information at a device, the device including a credential container; storing the information at the credential container and performing cryptographic calculations on the received information and providing the encrypted information upon request. | 08-13-2009 |
20090210933 | System and Method for Online Content Production - A system and method for online content production is provided. Customized orders for content, such as a customized video to be used by a content requester (e.g., a business), can be created using a central website. The business can specify a location at which the content is to be produced, as well as desired shots to be included in the content. A plurality of content providers can register with the present invention to obtain assignments to produce content in response to the orders. The content provider creates the content at the location(s) specified in the order, including shots specified in the order. After the content has been produced, the content provider uploads the content to the central website, wherein the uploaded content is reviewed to determine whether it complies the specifications of the order. Content can be downloaded by the business, and payments for the content can be disbursed in accordance with pre-defined royalty distributions. | 08-20-2009 |
20090217364 | Method and Apparatus for Managing Subscription Credentials in a Wireless Communication Device - According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials. | 08-27-2009 |
20090222896 | NETWORK SYSTEM, METHOD FOR CONTROLLING ACCESS TO STORAGE DEVICE, MANAGEMENT SERVER, STORAGE DEVICE, LOG-IN CONTROL METHOD, NETWORK BOOT SYSTEM, AND UNIT STORAGE UNIT ACCESS METHOD - A network boot system including one or more client terminals, a DHCP (Dynamic Host Configuration Protocol) server, a PXE (Preboot Execution Environment) server, a TFTP (Trivial File Transfer Protocol) server, a database administration server, one or more storage devices, and an authentification server (such as a Radius server) connected to each other via a TCP/IP (Transmission Control Protocol)/Internet Protocol) network. A plurality of LU provided in the storage devices as separated into a system area LU and a user area LU prepared per user. | 09-03-2009 |
20090222897 | Systems and methods for authorization of information access - Systems and methods according to the present invention provide a proactive approach to controlling access to information that may be correlated with a governmentally issued personal identifier. Included are systems and methods for proactive control of information access and liability incursion. Further included are systems and methods for emulating information access to an authorized person. Generally, a method according to the present invention includes the steps of requesting verification from a subscriber at any time that information is requested from registered information holders and any time that liability may be incurred through registered information holders. In this way, the subscriber, rather than reacting to invasive information or identity theft, may proactively control access to such information, thereby preventing the theft in the first place. | 09-03-2009 |
20090249456 | SYSTEM AND METHOD FOR AUTHORIZING AND VALIDATING USER AGENTS BASED ON USER AGENT LOCATION - An embodiment of a method includes receiving a request from a user agent to use a communication network, determining that the user agent is not recognized on the communication network, and requiring submission of location information prior to allowing the user agent to use the network. An embodiment of a system includes a recognition module configured to determine whether the communication device is recognized in response to a request to use a communication network from the communication device, a notification module configured to notify the communication device that the communication device is not recognized, wherein notification that the communication device is not recognized indicates that location information must be submitted prior to the communication device using the communication network; and a location update module configured to receive submitted location information and update the location of the communication device based on the location information. | 10-01-2009 |
20090249457 | ACCESSING SECURE NETWORK RESOURCES - The disclosed implementations generally provide a user access to a secure network resource (e.g., a website, chat application). In some implementations, access to a secure network resource is provided by a communication terminal in communication with a secure access service. The communication terminal detects a presence of a unique identifier (e.g., a Bluetooth MAC address stored in a mobile device), and passes the unique identifier and cryptographic information (e.g., a key code or digital certificate) to the secure access service. The secure access service validates the integrity of the unique identifier and authenticates the user of the device by reading the cryptographic information (e.g., reading the certificate). | 10-01-2009 |
20090260066 | Single Sign-On To Administer Target Systems with Disparate Security Models - A method and apparatus are provided for signing a user into a computer network associated with an automatic contact distribution system. The method includes the steps of providing a sign-on list that identifies a plurality of subsystems of the computer network of the automatic contact distribution system that the user had previously signed onto, detecting the user signing into the system, retrieving the sign-on list and automatically signing the user into each of the plurality of subsystems identified by the list. | 10-15-2009 |
20090265769 | METHOD FOR AUTOMATICALLY GENERATING AND FILLING IN LOGIN INFORMATION AND SYSTEM FOR THE SAME - A system for automatically generating and filling login information to improve the security in storage and use of the login information. The system comprises a monitoring module, a registration module, and a login module; the monitoring module is coupled to the registration module and the login module; the monitoring module is adapted to check for an entry of login information corresponding to the identifier of the current page, and prompt a result to the user, and transmit a signal to the registration module and the login module to perform a registration and/or login operation; the registration module comprises a login information generation unit, a login information storage unit, and a first user confirmation unit; and the login module comprises a login information input unit and a second user confirmation unit. A method for the same is also disclosed. | 10-22-2009 |
20090271847 | Methods, Apparatuses, and Computer Program Products for Providing a Single Service Sign-On - An apparatus may include a processor configured to receive a request for an access token from a remote entity, wherein the request includes an indication of a requested service. The processor may be further configured to determine a request type, wherein the request type may be a user identification and password combination, a request token exchange, or an access token exchange. The processor may be additionally configured to extract one or more parameters included in the request based upon the determined request type and to perform one or more security checks based at least in part upon the one or more extracted parameters. The processor may be further configured to create an access token based at least in part upon the results of the one or more security checks and to provide the access token to the remote entity. | 10-29-2009 |
20090271848 | METHOD AND SYSTEM FOR COORDINATING DATA SHARING IN A NETWORK WITH AT LEAST ONE PHYSICAL DISPLAY DEVICE - An apparatus for coordinating data sharing in a computer network with at least one physical display device is provided. The apparatus includes a code generator generating at least one unique temporary session connection code (SCC), and a storage device storing associations between each of the at least one SCC and one or more of the at least one physical display device. An interface receives requests from one or more source computers to establish communications sessions for sharing data, and a processor in response to a request establishes a communications session between the requesting source computer and at least one physical display device only in the event that at least one condition is met. The at least one condition includes that a valid SCC is received with the request. The establishing is based on the received SCC. Related methods and computer programs are disclosed. | 10-29-2009 |
20090271849 | CONTENT TRANSFER SYSTEM AND METHOD, AND HOME SERVER - When an authentication request is made, processing for the authentication request is executed based on information about a first device even if account information set for a first storage system does not exist. | 10-29-2009 |
20090271850 | System and Method for installing Authentication Credentials On a Network Device - A method for installing authentication credentials on a network device. An intermediary computing device (e.g., client computer) downloads an application for installing the authentication credentials from a secure website. The application on the intermediary computing device requests authentication credentials from a Network Access Control (NAC) credential service. The application passes the authentication credentials received from the NAC credential service through the intermediary computing device to an endpoint (e.g., video conferencing device). The application installs the authentication credentials on the endpoint. | 10-29-2009 |
20090271851 | System and Method for Installing Authentication Credentials on a Remote Network Device - A method for installing authentication credentials on a remote network device. A remote network device without valid authentication credentials may be connected to a port of an authenticating network switch, and the authentication protocols of the port may be enabled. A Network Access Control (NAC) credential service validates the remote network device comparing a received remote device identifier against a previously stored remote device identifier. The received remote device identifier may be received from the remote network device using a network when the remote network device attempts to access a private network. The NAC credential service disables the authentication protocols of the port in response to validating the received remote device identifier. The NAC credential service installs authentication credentials on the remote network device using encrypted data, so an untrusted entity cannot view the authentication credentials. | 10-29-2009 |
20090271852 | System and Method for Distributing Enduring Credentials in an Untrusted Network Environment - A system and method for distributing enduring credentials for a secure network in an untrusted network environment is disclosed. The method includes providing temporary credentials to an untrusted user. The temporary credentials can be communicated to a computing device connected to a network switch. The network switch can relay the temporary credentials to an authentication server within the secure network. The computing device can be authenticated to verify it is authorized to be connected to the secure network. Enduring credentials can be transmitted from the secure network to the computing device in an encrypted format to enable the computing device to communicate within the secure network through the network switch without providing access to the enduring credentials to the untrusted user. | 10-29-2009 |
20090271853 | SYSTEMS AND METHODS FOR TIME VARIABLE FINANCIAL AUTHENTICATION - The systems and methods of the invention provide a technique for authenticating a finance related transaction. The method may include providing a token which contains a token counter, the token counter periodically advancing to generate a changing token value, the token counter being synchronized to a base counter that generates an authenticating value; transforming the token value into a token output sequence using logic; and outputting at least part of the token output sequence to an authenticating authority, the authenticating authority having access to the authenticating value. Further, the method includes the authenticating authority verifying the validity of the transaction based on the token output sequence and the authenticating value, from which the authenticating authority obtains a verification sequence using the logic, the verifying the validity including the authenticating authority comparing the token output sequence to the verification sequence to determine if there is a match between the token output sequence and the verification sequence. | 10-29-2009 |
20090282465 | MANAGEMENT APPARATUS AND CONTROL METHOD OF MANAGEMENT APPARATUS - A management apparatus capable of communicating with a plurality of external devices includes a storage unit to store management information including authentication information for authenticating a user in the external device, a first transmission unit to transmit an authentication result of the user in the external device and user information necessary for authenticating the user by the external device among the management information to the external device by referring to the management information stored in the storage unit in response to a request from the external device, a selection unit to, when a content of the management information is changed, select an external device to be a transmission destination of the changed management information based on the change thereof, and a second transmission unit to transmit the changed management information to the external device selected by the selection unit. | 11-12-2009 |
20090288152 | AUTOMATIC POPULATION OF AN ACCESS CONTROL LIST TO MANAGE FEMTO CELL COVERAGE - System(s) and method(s) provide access management to femto cell service through access control list(s) (e.g., white list(s)). White list(s) includes a set of subscriber station(s) identifier numbers, codes, or tokens, and also can include additional fields for femto cell access management based on desired complexity. White list(s) can have associated white list profile(s) therewith to establish logic of femto coverage access based on the white list(s). Various example aspects such as white list(s) management, maintenance and dissemination; automatic population or pre-configuration; and inclusion of wireless device(s) or subscriber(s) are also provided. A component can implement automatic population of white list fields based at least in part on a set of received identifiers. In addition, autonomously determined identifiers can be employed to populate a white list. Identifier(s) available for automatic population are validated prior to inclusion in a white list, to ensure the identifier(s) are allowed for inclusion therein. | 11-19-2009 |
20090288153 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD - An information processing apparatus that can easily and safely transmit data. A registering unit registers first authentication information in association with user information indicating a first user. The first authentication information is necessary for the first user to log on to the information processing apparatus. A generating unit generates an address data that is used to transmit data from an external apparatus to the information processing apparatus and includes the user information and second authentication information. A transmitting unit transmits the address data to the external apparatus. An authenticating unit authenticates by utilizing the second authentication information included in the address data when the data is transmitted based on the address data from the external apparatus. A storing unit stores the received data in association with the first user when the authentication by the authenticating unit succeeds. | 11-19-2009 |
20090293108 | Method and System for User Management of Authentication Tokens - A computer implemented method, a computer program product, and a data processing system manage a set of federated log-in authentications at secure web sites. A client logs into a security context using a first alias from a list of existing federated single sign-on authentication aliases associated with an account. Responsive to logging into the security context, the client can receive the list of existing federated single sign-on authentication aliases. The client can then manage the list of authentication aliases. | 11-26-2009 |
20090293109 | SYSTEM AND METHOD FOR REFLECTING INFORMATION FROM PARTICIPANTS - An approach is provided for a method including initiating an information distribution session based on instructions from a first participant of a plurality of participants. The method also includes assigning access information and a passcode to the information distribution session, receiving posting information sent from two or more active participants of the plurality of participants using the access information with the passcode, and transmitting to the active participants the posting information of other active participants. | 11-26-2009 |
20090293110 | Upload apparatus, server apparatus, upload system, and upload method - An upload apparatus includes: an outputter configured to output a code image including information of an ID and a password necessary for uploading content onto a network; and an uploader configured to upload the content onto said network by use of said code image outputted by the outputter. | 11-26-2009 |
20090293111 | THIRD PARTY SYSTEM FOR BIOMETRIC AUTHENTICATION - A method of authenticating an identity of a user includes launching a user interface and obtaining biometric data of a user at the user interface. The method further includes comparing the biometric data of the user to stored biometric information of the user that was previously obtained during an enrollment process. A comparison result is generated and provided to a third party system documenting if the stored biometric information was satisfied, wherein the third party system is configured to utilize the comparison result to authenticate an identity of the user | 11-26-2009 |
20090300738 | Authentication Methods and Systems - A method of generating an authentication token using a cryptographic based application downloaded to a mobile telephony device and a method of authenticating an online transaction using such a token. The method may be employed in a two factor authentication method uitilising a user password and an authentication token. The method allows a two factor authentication method to be provided by a wide range of mobile telephony devices operating either online or offline. Other authentication systems and methods of authentication are also disclosed. | 12-03-2009 |
20090300739 | Authentication for distributed secure content management system - Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy. | 12-03-2009 |
20090300740 | PROACTIVE CREDENTIAL CACHING - In wireless networking, such as per the IEEE 802.11 standard, a technique automatically republishes an authentication credential to a global credential repository. A station can have a first credential, as is created when the station connects to a first access node of a wireless network. Upon trying and failing to connect to a second access node of the wireless network, the station can have a second credential created and published to the global credential repository. In some situations, the station then roams back to the first access node using the first credential. Efficiently, when the station uses the first credential at the first access node, the first credential can be automatically republished as a global credential. The automatic republishing of the first credential can ensure that the station is able to access the wireless network via various access nodes when roaming. | 12-03-2009 |
20090300741 | GRANTING SERVER/WORKSTATION ACCESS USING A TELEPHONE SYSTEM - A method of granting access to a computing system includes: receiving a connection request from a remote computing system; generating a first message indicating a session identification number and an access number; receiving the session identification number from a telephone system; performing a verification of the session identification number; and granting access to the computing system based on the verification of the session identification number. | 12-03-2009 |
20090300742 | IDENTITY SELECTOR FOR USE WITH A USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - An identity selector manages the identity requirements of an online interaction between a user and a service provider environment. The identity selector is adapted for interoperable use with a user-portable computing device. The user device enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The identity selector includes an agent module that facilitates communication with the user device. The identity selector imports the user identities from the user device and determines which user identities satisfy a security policy of a relying party. After the user selects one of the eligible user identities, the identity selector generates a token request based on the selected identity and forwards it to the user device, which in response issues a security token. The security token is returned to the identity selector and used to facilitate the authentication process. | 12-03-2009 |
20090300743 | METHODS AND SYSTEMS FOR USER AUTHENTICATION - Method and systems for user authentication are provided according to the embodiments of the invention. The method mainly includes: sending, by a management station, an authentication request message of an authentication protocol to a managed device via a management protocol, and sending user authentication information to the managed device; and authenticating the user by the managed device via the authentication protocol or a authentication server based on the received user authentication information, and returning an authentication acknowledgement message of the authentication protocol carrying the authentication result to the management station via the management protocol. The system mainly includes a management station and a managed device; or, a management station, a managed device and a backend authentication server. With the present invention, methods and systems for user authentication with a good extensibility and a widened application are provided. | 12-03-2009 |
20090320107 | SECURE PASSWORD RESET FOR APPLICATION - A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account. Access is granted upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is no security hold on the access account. The method includes granting access which is limited to permitting changing of the access password and prompting a change of the access password upon receipt of a login request when the login password matches the access password and the access password is a temporary password. | 12-24-2009 |
20090320108 | Generating And Changing Credentials Of A Service Account - Technologies are described herein for generating and changing credentials of a service account. In one method, a credential schedule is retrieved. The credential schedule specifies when a plurality of credentials are scheduled to be changed. A determination is made whether a current credential associated with the service account is scheduled to be changed according to the credential schedule. Upon determining that the current credential is scheduled to be changed, at least part of a new credential is generated. The current credential is replaced with the new credential for the service account. | 12-24-2009 |
20090320109 | SIGNED EPHEMERAL EMAIL ADDRESSES - Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user's creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address. | 12-24-2009 |
20090320110 | SECURE BOOT WITH OPTIONAL COMPONENTS METHOD - A method is executed which is for managing the optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit which stores a plurality of pieces of software and a plurality of certificates; a receiving unit which receives the certificates; and a selecting unit which selects one of the certificates. The device further includes an executing unit which verifies an enabled one of the plurality of pieces of software using the selected and updated one of the certificates. | 12-24-2009 |
20090320111 | SECURE LEGACY MEDIA PERIPHERAL ASSOCIATION WITH AUTHENTICATION IN A MEDIA EXCHANGE NETWORK - Aspects for secure access and communication of information in a distributed media network may include detecting when a legacy media peripheral is connected to a PC and/or a media processing system on the distributed media network. One or more identifiers associated with the legacy media peripheral may be established and utilized to facilitate communication of the legacy media peripheral over the distributed media network. At least one legacy media peripheral identifier and at least one identifier of a user utilizing the legacy media peripheral may be requested. The legacy media peripheral identifier may be a serial number of the legacy media peripheral, while the user identifier may be a user password and/or a user name. Media peripheral association software may be executed on the PC and/or the media processing system and utilized for media peripheral association and authentication in accordance with various embodiments of the invention. | 12-24-2009 |
20090328165 | Method and apparatus for generating one-time passwords - A method and apparatus are provided to allow a user of a communications device to utilize one-time password generators for two-way authentication of users and servers, i.e., proving to users that servers are genuine and proving to servers that users are genuine. The present invention removes the need for a user to have a separate physical device, e.g., token, per company or service, reduces the cost burden on the companies and allows for two-way authentication via multiple access methods, e.g., telephone, web interfaces, automatic teller machines (ATMs), etc. Also, the present invention may be utilized in consumer and enterprise applications. | 12-31-2009 |
20090328166 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 12-31-2009 |
20090328167 | NETWORK ACCESS METHOD AND SYSTEM - A method for controlling access to a communication network such as a Wi-Fi network includes a user device ( | 12-31-2009 |
20090328168 | METHOD FOR REGISTERING AND CERTIFICATING USER OF ONE TIME PASSWORD BY A PLURALITY OF MODE AND COMPUTER-READABLE RECORDING MEDIUM WHERE PROGRAM EXECUTING THE SAME METHOD IS RECORDED - The present invention relates to a method of registering a one-time-password user in a one-time-password terminal by the one-time-password terminal, in an environment including the one-time-password terminal loaded with a program for creating one-time-passwords in a plurality of modes, an authentication server for authenticating authenticity of the one-time-password user, a one-time-password server, and a one-time-password database server for storing information on the one-time-password user. | 12-31-2009 |
20100005515 | SYSTEMS AND METHODS FOR ASSOCIATE TO ASSOCIATE AUTHENTICATION - Systems, methods and consumer-readable media for providing a platform between a requesting associate and an authenticating entity associate are provided. The method may include receiving a request for authentication from the requesting associate and transmitting the request to the authenticating associate. The method may include receiving a request for a single-use verification code from the authenticating associate in response to the request for authentication. The method may also include generating the single-use verification code, or, perhaps retrieving the single-use verification code from storage and transmitting the single-use verification code to the authenticating associate. Once the requesting associate has receiving the code from the authenticating associate, the requesting associate may enter the code. The system may then display the identity of the requesting associate on a workstation associated with the authenticating associate. | 01-07-2010 |
20100005516 | METHOD AND SYSTEM FOR SECURE AGENT-LESS ENTERPRISE INFRASTRUCTURE DISCOVERY - A method and system for securing dynamic discovery of an enterprise computing infrastructure is provided. One implementation involves maintaining enterprise credential information in a secured trust store, receiving an access request through a secure connection for access to a remote infrastructure component, determining the type of the access request, for a root-level type access request, responding to the request via the secure connection with enterprise root credentials from the trust store, and for an unprivileged type access request, responding to the request via the secure connection with unprivileged access enterprise credentials from the trust store. | 01-07-2010 |
20100005517 | IPTV CONTENT SHARING IN IMS NETWORK - A Content Sharing AS facilitates the sharing of IPTV content distribution sessions between users in an IMS network. A first user's request to share an ongoing IPTV session is routed to the Content Sharing AS, with a SIP URI of a second user with whom to share the content, identification of the desired content, and the Mcast address of the IPTV session. The Content Sharing AS joins the IGMP session group and sends the first user a SIP URI for the content and a unique authentication token. The first user sends the content URI and token to the second user, such as via a SMS message. The second user may then send an SIP INVITE message toward the URI, which the IMS system routes to the Content Sharing AS. The second user provides the authentication token, which the Content Sharing AS uses to authenticate the second user, and share the IPTV content. | 01-07-2010 |
20100005518 | ASSIGNING ACCESS PRIVILEGES IN A SOCIAL NETWORK - A system and method of assigning access privileges in a social network includes a first step ( | 01-07-2010 |
20100005519 | SYSTEM AND METHOD FOR AUTHENTICATING ONE-TIME VIRTUAL SECRET INFORMATION - A system for authenticating one-time virtual secret information includes a display device and an input device separated from each other, the display device having a central processing unit (CPU) and a memory and the input device having a CPU and a memory. An authentication server generates matching information, for display on the display device via a communication network. A user views this matching information and inputs the one-time virtual secret information to the input device. The input device then transmits the input one-time virtual secret information to the authentication server via a communication network, and the authentication server interprets the input one-time virtual secret information. | 01-07-2010 |
20100005520 | PERSONAL AREA SOCIAL NETWORKING - Techniques for managing the exchange of contact information are provided. Requests to establish connections on social networks and/or exchange contact information between users are held in escrow. The level of contact information and/or social network information shared between the users is configurable on a per user basis. Users may define levels of contact information and social network information to be shared with others based on the type of contact. Spam protection may be provided by requiring that both parties consent to a connection request before connections between the users are established. | 01-07-2010 |
20100024014 | HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT - Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests. | 01-28-2010 |
20100024015 | SYSTEM AND METHOD FOR SIMPLIFIED LOGIN USING AN IDENTITY MANAGER - A system and method for simplifying a login process makes use of a set of bookmarks that can be used to playback a series of actions and provide a stored username and password to a website or webservice. A user can access a bookmark manager component of the system and an identify manager component of the system either locally or remotely and have the two components act independently of each other but in communication to store the bookmarking and identity information. | 01-28-2010 |
20100031331 | Remote Access Method - All operations available on an intranet are securely performed from an outside of the intranet without taking out a file on the intranet from the intranet. A file on the intranet is not taken out, but, instead of this, image information on a target computer | 02-04-2010 |
20100031332 | SECURE ACCESS - Secure access to a resource is provided by receiving a user request associated with a username for access for a resource and checking the username associated with the request against a reference username associated with the user. The reference username is linked to a second username associated with the user. If the received username matches the reference username, the request is modified by replacing the received username with the second username, and the modified request is forwarded towards the resource. A new username can be recorded upon receiving a request for the user. In response to the received request, the new username is recorded at a reference location linked to the location of the second username. | 02-04-2010 |
20100037303 | Form Filling with Digital Identities, and Automatic Password Generation - In one implementation, form field(s) of a form of a website or application are populated with data obtained using a digital identity, and the populated form field(s) are submitted to the website or application. A form field specification specifying information about the form fields of the form is obtained. A user selects or creates a digital identity. Data is obtained using the digital identity, and the data is used to provide values to the form. The data is submitted to the website or application. In another implementation, a username and password are automatically generated. The username and password that are generated meet parameters that may be specified by the website or application. The username and password are submitted to the website or application for a purpose such as registration or authentication, and stored away for future authentication. | 02-11-2010 |
20100043062 | Methods and Systems for Management of Image-Based Password Accounts - The invention provides methods and systems for management of image-based password accounts. A password management account may be accessed by a user undergoing image-based authentication. The invention may allow a user to manage parameters relating to image-based authentication. The invention may also allow a user to manage authentication at one or more web site. | 02-18-2010 |
20100043063 | SYSTEM, METHOD AND PROGRAM FOR OFF-LINE USER AUTHENTICATION - Disclosed is an off-line user authentication system, which is designed to present a presentation pattern to a user subject to authentication, and apply a one-time-password derivation rule serving as a password to certain pattern elements included in the presentation pattern at specific positions so as to create a one-time password. An off-line authentication client pre-stores a plurality of pattern element sequences each adapted to form a presentation pattern, and a plurality of verification codes created by applying a one-time-password derivation rule to the respective presentation patterns and subjecting the obtained results to a one-way function algorism. A presentation pattern is created using one selected from the stored pattern element sequences, and presented to a user. A one-time password entered from the user is verified based on a corresponding verification code to perform user authentication. The present invention provides an off-line matrix authentication scheme with enhanced security. | 02-18-2010 |
20100050242 | GRAPHICAL PASSWORD AUTHENTICATION BASED ON PIXEL DIFFERENCES - A password, unknown to a user to be authenticated by the password, is created by comparing an image provided by the user to a master image. Random differences between the images are found and used to create the password. The password is then validated to determine whether the user is authorized and/or to determine whether a communication provided by the user is to be processed. | 02-25-2010 |
20100050243 | METHOD AND SYSTEM FOR TRUSTED CLIENT BOOTSTRAPPING - Bootstrapping a trusted cryptographic certificate or other credentials into a client web browser application can be used to provide protection against “phishing” and “man-in-the-middle” attacks made over a computer network. Verification credentials are provided to users who connect directly to an authentication server and provide sufficient authentication information. The authentication server can rely upon the use of private URLs associated with each user as part of the verification process and can reject users who connect by clicking on a hyperlink directed to the authentication server. | 02-25-2010 |
20100058448 | METHODS AND A DEVICE FOR ASSOCIATING A FIRST DEVICE WITH A SECOND DEVICE - Methods for associating a first and a second device. Each device broadcasts an identity, the first device stores new identities and counts them. Upon user instruction and if there just one new identity, the first device sends a request for association to the second device that acknowledges this. The second device then sends, upon user instruction, a confirmation to the first device that verifies that the confirmation was sent by the second device and acknowledges this. The method is particularly suitable for use on devices that are unable to display identities of other devices. | 03-04-2010 |
20100058449 | AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - An authentication system includes a plurality of personal authentication servers, a client terminal, a replacing portion and a renewing portion. The plurality of personal authentication servers store at least a part of enrolled data different from each other for user personal authentication and perform authentication with stored enrolled data according to authentication request from a client terminal. The client terminal stores identification information for specifying the personal authentication server storing each enrolled data, and requests an authentication to the personal authentication server specified with the identification information. The replacing portion replaces at least a part of the enrolled data between the plurality of personal authentication servers according to the authentication request condition to the plurality of personal authentication servers from the client terminal. The renewing portion renews the identification information according to the replacing result of the replacing portion. | 03-04-2010 |
20100064357 | Business Processing System Combining Human Workflow, Distributed Events, And Automated Processes - Techniques are provided for designing, deploying, and executing mashups that integrate human workflows with automated processes. In an example embodiment, a system for executing mashups comprises a human interaction module, an event manager module, and a process orchestration module. The human interaction module is configured to receive user input while a human workflow included in a mashup is being executed, and to raise an event in response to the user input. The event manager module is configured to: receive the event from the human interaction module; based on the event, identify a particular automated process from one or more automated processes that are included in the mashup; and invoke the process orchestration module to execute the particular automated process based on the event. The process orchestration module is configured to execute the particular automated process in response to being invoked by the event manager module. | 03-11-2010 |
20100064358 | APPARATUS AND METHOD FOR MANAGING INFORMATION - A method and apparatus are provided for managing system identification information for workforce members such as employees, contractors and consultants that are affiliated with a business entity such as a corporation. The method and apparatus provide for the association of system identification information of a workforce member with each such workforce member in memory and further provides a review process of the same information by the relevant workforce member and one or more of the workforce member's supervisors. The review process allows each of the workforce member and the applicable supervisor(s) to confirm and, in some instances, reject the system identification information as being valid or not valid. The method and apparatus further maintains the review status of the workforce member and the applicable supervisor(s) and in one embodiment, provides for an audit of the same so that any discrepancies in the reviews are brought to light. | 03-11-2010 |
20100071040 | SECURE SERVER CERTIFICATE TRUST LIST UPDATE FOR CLIENT DEVICES - A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device | 03-18-2010 |
20100071041 | IDENTIFICATION INFORMATION INTEGRATED MANAGEMENT SYSTEM, IDENTIFICATION INFORMATION INTEGRATED MANAGEMENT SERVER, AND COMPUTER READABLE RECORDING MEDIUM RECORDING IDENTIFICATION INFORMATION INTEGRATED MANAGEMENT PROGRAM THEREON - The present application relates to a technique applied to a system for performing authentication of a user by a one-to-one verification method by using an ID and biometric information of the user. When the user registers the ID and reference biometric information in a service providing system, the information is transmitted from the relevant service providing system to a management server. Then, in the management server, ID management by the reference biometric information is performed, and when the user inputs a wrong ID at the time of verification before the relevant service providing system starts to provide a service, a correct ID of the relevant user is found. | 03-18-2010 |
20100077465 | KEY PROTECTING METHOD AND A COMPUTING APPARATUS - A key protecting method includes the steps of: (a) in response to receipt of an access request, configuring a control application program module to generate a key confirmation request; (b) in response to receipt of the key confirmation request, configuring a hardware control module to generate, via the control application program module, a key input request to prompt a user for a key input; (c) upon receipt of the key input, configuring the hardware control module to determine if the key input matches a predefined key preset in the hardware control module; (d) configuring the hardware control module to enter an execution mode if it is determined in step (c) that the key input matches the predefined key; and (e) configuring the hardware control module to enter a failure mode if it is determined in step (c) that the key input does not match the predefined key. | 03-25-2010 |
20100077466 | SYSTEM AND METHOD FOR REMOTELY ASSIGNING AND REVOKING ACCESS CREDENTIALS USING A NEAR FIELD COMMUNICATION EQUIPPED MOBILE PHONE - The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system. | 03-25-2010 |
20100083357 | REMOTE REGISTRATION OF BIOMETRIC DATA INTO A COMPUTER - Systems and arrangements for permitting the transmission of fingerprint authentication data to a system remotely, while also permitting the system to employ such data as well as passwords in order to operate a computer system, while ensuring a reliable level of security for any group or organization using such systems and arrangements. | 04-01-2010 |
20100083358 | Secure Data Aggregation While Maintaining Privacy - Disclosed herein is a computer implemented method and system that securely aggregates and manages user related data in an online environment while maintaining privacy of a user. The user provides access credentials at a client device for each of multiple data sources. The access credentials are transformed to an unreadable format at the client device using a public key transmitted by a web server. The transformed access credentials in the unreadable format are stored locally on the client device. A communicating software agent on the client device communicates the stored access credentials to the web server. The web server transforms the communicated access credentials to a readable format using a private key and retrieves the user related data by accessing the data sources using the access credentials in the readable format. The web server presents the retrieved user related data to the user in one or more presentation modes. | 04-01-2010 |
20100088752 | Identifier Binding for Automated Web Processing - A process for the automatic handling of requests has a first step of receiving a session request, which results in the issuance of a session token. Upon receipt of a content transfer message accompanied by the previously issued session token, a routing tuple identifying a sender, receiver, and type, the content transfer message also containing content to be transferred, the routing tuple is compared to entries in a process table which resolves into an action and destination. The action and destination associated with the routing tuple and request type are performed if a match is found, or a default action is taken if no match is found, such as placing the content in a user INBOX for future handling. Additionally, the later actions the user takes on the INBOX are examined, and new entries are created in the process table based on the user actions. | 04-08-2010 |
20100095357 | Identity theft protection and notification system - An information monitoring and alert system is provided which registers subscribers and verifiers with a central alert system. The alert system provides an interface for the verifiers to submit queries relating to identification information. Information in this query is compared to the stored data submitted by the subscriber during registration and if a match occurs the subscriber is notified that the identification has been used for a certain purpose. The alert system only stores an encrypted value of the identification with only contact information which is preferably anonymous. Any other information is deleted after registration. The subscriber upon being alerted of the use of the identification is instructed to authorize or reject the transaction pertaining to the query. | 04-15-2010 |
20100095358 | Method and Base Station for Creating an Account in a Network Featuring a VoIP Protocol for DECT Mobile Parts - When registering a DECT mobile part (MT) with the base station (BS), the VoIP user ID (user) is formed from the DECT user ID (IPUI) according to a mapping rule and is used for registering an SIP account (SIPA). In addition, the SIP password (pw(AC)) is formed from the DECT authentication code (AC). Roaming or handover of DECT mobile parts (MT) in DECT systems featuring a VoIP connection can be accomplished in a simple manner by adjusting the DECT user ID (IPUI) to the SIP user ID (user (IPUI)) and adjusting the authentication code (AC) to the password (pw(AC)). The DECT mobile parts (MT) can continue to be used without change even when the same are connected to IP-oriented networks (IN), while said DECT mobile parts (MT) can be marketed for a wider range of uses. | 04-15-2010 |
20100095359 | Systems and Methods for Identifying a Network - Exemplary systems and methods for identifying a wireless network are provided. In exemplary embodiments, a method includes at least a digital device receiving network information associated with a network, generating an access identifier based on the network information, generating a credential request including the access identifier, providing the credential request to a credential server, receiving a credential request response from the credential server, the credential request response comprising network credentials to access the network, and providing the network credentials to a network device to access the network. | 04-15-2010 |
20100100947 | SCHEME FOR AUTHENTICATING WITHOUT PASSWORD EXCHANGE - Aspects relate to systems and methods implementing a scheme allowing a Verifier (V) to authenticate a Prover (P). The scheme comprises pre-sharing between V and P a graph of nodes. Each node is associated with a polynomial. V sends P data comprising data for selecting a polynomial of the graph, such as traversal data for proceeding from a known node to another node, a time interval, and a number k. P uses the time interval in an evaluation of the polynomial. P then uses the evaluation as a λ in a Poisson distribution, and determines a value related to a probability that a number of occurrences of an event equals k. P sends the determined value to V. V performs a similar determination to arrive at a comparison value. P authenticates V if the separately determined values match, or otherwise meet expectations. The process can be repeated to increase confidence in authentication. | 04-22-2010 |
20100100948 | RULES DRIVEN MULTIPLE PASSWORDS - A rules driven multiple passwords system is provided wherein a list of stored passwords are used in rotation over time in accordance with a set of rules or conditions managed by the system. With such an arrangement, the currently active password of a system User may automatically be changed, in accordance with the rules or conditions, to the next password in the list. The User is notified as to the newly assigned password. | 04-22-2010 |
20100107229 | Method and Apparatus for Mobile Time-Based UI for VIP - A method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication are described. The computer-implemented method comprising detecting launch of a security code generation application on a wireless communications device, generating a first unique security code upon launching the application, displaying the first security code on the wireless communications device, determining based on time whether to generate a new unique security code, and displaying the new unique security code. | 04-29-2010 |
20100107230 | SYSTEM, METHOD AND APPARATUS FOR AUTHENTICATING AND PROTECTING AN IP USER-END DEVICE - A system, method and apparatus authenticates and protects an Internet Protocol (IP) user-end device by providing a client-based security software resident on the IP user-end device, authenticating the IP user-end device using the client-based security software and a network security node communicably coupled to the IP user-end device, authenticating a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, and protecting the IP user-end device by: (a) screening incoming IP traffic to the IP user-end device using the client-based security software, and (b) detecting an attack or a threat involving the IP user-end device using the network security node. | 04-29-2010 |
20100122327 | SECURE AUTHENTICATION FOR ACCESSING REMOTE RESOURCES - Methods, systems, and apparatus, including computer program products, for secure authentication for accessing remote resources are disclosed. In some implementations, a user is authenticated for a first time on an interface using a first communications channel; the user is authenticated a second time on the interface using a second communications channel; access privileges are determined based on authenticating the user for the second time; and a random Uniform Resource Locator (URL) is generated based on the access privileges, where the random URL is single-use and indirectly associated with a requested resource. | 05-13-2010 |
20100122328 | METHOD, HARDWARE PRODUCT, AND COMPUTER PROGRAM PRODUCT FOR OPTIMIZING SECURITY IN THE CONTEXT OF CREDENTIAL TRANSFORMATION SERVICES - Security is optimized in the context of a credential transformation service (CTS) by utilizing a web services client runtime to gather information for determining whether or not a target web service is hosted in a security domain used by a client application and for determining whether or not the target web service uses an authentication mechanism substantially identical to that used by the client application. The gathered information is carried in an endpoint reference (EPR) of the target web service. In response to the client receiving the EPR, the client applies an optimization process to eliminate a possible unnecessary invocation of the CTS, wherein the target web service is an authoritative manageable resource having minimal or no responsibility for providing its identity, and having minimal or no responsibility for advertising any creation and destruction lifecycle related events. | 05-13-2010 |
20100122329 | AUTHENTICATION BASED ON USER BEHAVIOR - One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity. | 05-13-2010 |
20100122330 | AUTOMATIC LOCAL LISTING OWNER AUTHENTICATION SYSTEM - A method and apparatus for verifying that a user is the owner of a public listing is provided. The user selects an option to claim ownership of the public listing offered by an online service provider. The online service provider uses information regarding the user and the public listing to generate a verification code. The online service provider delivers the verification code to the owner of the public listing via the contact information provided by the public listing. If the user owns the public listing, the user receives the verification code via contact information associated with the public listing. The user verifies ownership by inputting a code to the online service provider. If the inputted code matches the verification code, then the online service provider identifies the user as the owner of the listing. Once verified, the user modifies the listing. | 05-13-2010 |
20100122331 | SINGLE USE WEB BASED PASSWORDS - Embodiments are directed towards employing a plurality of single use passwords to provide phishing detection and user authentication. A user receives a plurality of single use passwords that expire within a defined time period after having been sent to a registered device. During a login attempt, the user enters a user name and a requested one of the passwords, which once entered expires. If valid, the user then enters a portion of another password to complete a displayed portion of a password, and a specified other one of passwords. If the displayed portion of the other passwords does not match any portion of one of passwords, then the user may detect a phishing attempt and terminate the login. If the user correctly the password data, the user may then access secured data. Each new login request requires a different set of passwords to be used. | 05-13-2010 |
20100122332 | FILE SERVER FOR TRANSLATING USER IDENTIFIER - A file server including: a first interface coupled to a client computer which manages a client side user identifier used by the client computer to identify a client computer user; a second interface coupled to a first storage storing first file system data and a first file system side user identifier used by the first file system to identify the client computer user, and a second storage storing second file system data and a second file system side user identifier used by the second file system to identify the client computer user; a processor which receives a client computer's first access request to the first file system, obtains a first file system identifier which identifies the first file system and the first file system side user identifier, and translates the first file system side user identifier to a first client side user identifier using the first file system identifier. | 05-13-2010 |
20100132019 | REDUNDANT MULTIFACTOR AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM - A redundant multifactor identity authentication system provides users with a secure mechanism for providing identity information through the use of redundant independent identity providers in concert with each other so that resources are accessed only through a combination of providers. By eliminating reliance on a single provider, security is increased as is reliability. Similarly, redundant credentials can be provided to relying parties to ensure that the relying party receives proof of a credential without requiring a specific credential. | 05-27-2010 |
20100138903 | Ticket-Based Implementation of Content Leasing - The present invention is a method and system for accessing digital content stored on a computing device. An agreement between a subscriber and a content provider allows the subscriber to lease the digital content from the content provider, and download the digital content from a content server operated by the content provider. The method retrieves a service ticket for the computing device, and retrieves content rights for the digital content. The service ticket includes authorization data, and a session key, where the authorization data include authorized subscription services for the computing device. The content rights include required subscription services for the digital content and are delivered authenticated with the session key. The method allows access to the digital content when the authorized subscription services included with the authorization data match the required subscription services included with the content rights. | 06-03-2010 |
20100146601 | Method for Exercising Digital Rights via a Proxy - A system and method for accessing digital content purchased by a rights owner for a first computing device. The method receives a proxy from the rights owner that includes rights to the digital content granted to the rights owner, stores the proxy on a second computing device, and determines whether the rights owner is present at the second computing device. When the rights owner is present at the second computing device, the method enables the proxy, and accesses the digital content on the second computing device through the proxy. | 06-10-2010 |
20100146602 | CONDITIONAL SUPPLEMENTAL PASSWORD - A password protected machine where a primary alternative password and a secondary alternative password are assigned, but the secondary alternative password cannot be used to gain access unless and until the primary alternative password has been deactivated. Also, a password protected machine where a user is assigned at least two alternative passwords, and where the use of one alternative password will automatically deactivate the other password. Preferably, there is a primary password and a secondary password such that: (i) the use of the primary password does not deactivate the secondary password, but (ii) the use of the secondary password does deactivate the primary password. | 06-10-2010 |
20100146603 | ANONYMOUS AUTHENTICATION-BASED PRIVATE INFORMATION MANAGEMENT SYSTEM AND METHOD - An anonymous authentication-based private information management (PIM) system and method are provided. The PIM method includes receiving an anonymous certificate not including user information from an anonymous certification authority; generating an anonymous document including the anonymous certificate and some of the user information; and providing the anonymous document to a web service provider so as to be authenticated and thus provided with a web service by the web service provider. Thus, only a minimum of user information may be provided to the web service provider. In addition, it is possible to strengthen a user's right to self-determination and control over the exposure and use of his or her personal information by allowing a user to manage his or her own personal information or entrusting the PIM server to manage user information. Moreover, it is possible to protect the privacy of a user by preventing the exposure of user information. | 06-10-2010 |
20100146604 | Password protection system and method - A system and method for providing a password to a user on a network, the network having provider computer and a user computer, the provider computer comprising a password system configured to issue a password to a user of the user computer for use in accessing age-restricted content once a determination has been made that the user is age appropriate. | 06-10-2010 |
20100154041 | TRANSFORMING CLAIM BASED IDENTITIES TO CREDENTIAL BASED IDENTITIES - Claim based identities are transformed to a set of credentials and securely stored in a secure data store using a number of encryption schemes. The credentials are then used to authenticate applications requiring specific credential types. For each call to the secure store system, a client application may provide a claims token issued by a trusted source, which is used to search for corresponding credentials in the secure data store if the credentials have been created previously for the user. | 06-17-2010 |
20100162373 | MANAGEMENT OF HARDWARE PASSWORDS - In the context of computer systems, the generation of preboot passwords at a server instead of at a client. Preferably, preboot passwords generated at the server are distributed to the client, and a process is offered whereby a user can establish his/her own proxy, not known to the server, that can be used to release the stored passwords to the client hardware. Since the passwords are generated at the server, management of the passwords is greatly facilitated since they are generated at the site where they are stored. This also makes it easy to implement management features such as a group policy, since the password generation software will be able to make logical connections between users and hardware. | 06-24-2010 |
20100169958 | Method for generating and using composite scene passcodes - One disclosed embodiment for creating a composite scene passcode comprises presenting a system-generated composite scene passcode to a user, allowing the user to generate a composite-scene passcode by selecting one scene element per scene dimension, or allowing the user to enter an alphanumeric password that encodes the composite scene passcode. Certain embodiments also comprise combining the passcode with an alphanumeric password. The composite scene may be two dimensional, three dimensional, or greater than three dimensions, and/or the scene may be animated. A computer system using a composite scene passcode also is disclosed. One embodiment of the system comprises a display for displaying a composite scene passcode or plural scene dimensions for generating the composite scene passcode. Authentication may comprise using scene elements arranged categorically and requiring the user to select the correct scene element from among distracter elements within the same category. The system may also include an input device. | 07-01-2010 |
20100175115 | MANAGEMENT OF CREDENTIALS USED BY SOFTWARE APPLICATIONS - An identity management (“IdM”) system can change the credentials at certain intervals. If credentials change, there is no way for an application that uses the credentials to know that the credentials have changed because the application dependency relationships are unknown. When service account credentials change, credentials are typically manually updated for each dependent application. Some embodiments of the inventive subject matter allow IdM systems to track application dependencies for service accounts. The IdM systems can detect when service account credentials change and automatically notify dependent applications of the new service account credentials. | 07-08-2010 |
20100175116 | LOCATION-BASED SYSTEM PERMISSIONS AND ADJUSTMENTS AT AN ELECTRONIC DEVICE - Securing access to a portable electronic device (PED), securing e-commerce transactions at an electronic device (ED) and dynamically adjusting system settings at a PED are disclosed. In an example, usage or mobility characteristics of the PED or ED (e.g., a location of the ED or PED, etc.) are compared with current parameters of the PED or ED. A determination as to whether to permit an operation (e.g., access, e-commerce transaction, etc.) at the ED or PED can be based at least in part upon a degree to which the current parameters conform with the usage or mobility characteristics. In another example, at least a current location of a PED can be used to determine which system settings to load at the PED. | 07-08-2010 |
20100175117 | SYSTEM AND METHOD FOR PERSONAL IDENTIFICATION NUMBER MESSAGING - A relay site associated with a wireless network can send messages between mobile devices associated with the wireless network without having to transmit the messages to a host system. The messages include PIN messages and each of the mobile devices has a PIN address. The relay site includes a relay server for controlling the operation of the relay site, and sending the PIN messages between the mobile devices. The relay site also includes a relay data store having PIN information for users associated with the mobile devices. The relay server can access the relay data store to allow users that use the mobile devices to query the relay data store for PIN information of other users. | 07-08-2010 |
20100180324 | Method for protecting passwords using patterns - A method, system and computer program for protecting the password by limiting the password's validity to the user's active session. The present invention provides for password to automatically change for each session and only the user will be able to construct the valid password for the session. The user provides to the authentication system, a password pattern, embedding symbols in to a string. The embedded symbols are substituted by elements of parameters. The parameter elements and the symbols that represent them are defined by the authenticating system. The parameters contain either time driven or random string of characters and digits as elements. The user builds a password using the values of the elements in the session parameters and the user's password pattern's memory hint recalled from memory. The authenticating system generates the valid password for the session using the password pattern the user has provided. If the users built password matches the authenticating system generated password, secured access is allowed otherwise access is denied. | 07-15-2010 |
20100180325 | SYSTEM AND METHOD FOR PROVIDING A NORMALIZED SECURITY LIST - A system and method for providing a normalized security list including a first module configured to generate a first normalized security list of user identifications within a network and a second module configured to generate a second normalized security list of user identifications within the network. The system and method may also include an equalizer module configured to compare the first normalized security list with the second normalized security list, equalize the first normalized security list based on the second normalized security list, and equalize the second normalized security list based on the first security list. The system and method may also include a processing module configured to perform an audit of user identifications within the network by processing the first equalized normalized security list and the second equalized normalized security list and generating audit results based on the processing. | 07-15-2010 |
20100180326 | SECURE REMOTE AUTHENTICATION THROUGH AN UNTRUSTED NETWORK - A method for securely authenticating a user of a consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the consumer device from the access device. Next, the consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device. | 07-15-2010 |
20100180327 | SECURE REMOTE AUTHENTICATION THROUGH AN UNTRUSTED NETWORK - A method for securely authenticating a user of a portable consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the portable consumer device from the access device. Next, the portable consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the portable consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device. | 07-15-2010 |
20100180328 | AUTHENTICATION SYSTEM AND METHOD - An authentication system and method axe provided, the method comprising, storing a user identification code associated with said user, generating a plurality of functions for producing a pass code based on at least one input by a user, said at least one input comprising said user identification code, storing at least one function and associating said function with a user, generating an application adapted to implement said at least one function on the user device, supplying the application to said user device, generating a transaction code associated with said transaction and supplying the transaction code to said application; and receiving a pass code for said transaction from the user device and authenticating the transaction on the basis of the received pass code, the function associated with said user, the user identification code and the transaction code associated with said transaction. | 07-15-2010 |
20100192207 | Virtual service provider systems - Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a network device executes a service controller for a plurality of device groups, in which the service controller includes a capability to securely partition one or more device group database partitions, each device group partition includes service controller system settings, and each device group includes a plurality of communication devices controlled by a virtual service provider. | 07-29-2010 |
20100192208 | METHOD AND SYSTEM FOR PREVENTING IMPERSONATION OF A COMPUTER SYSTEM USER - A system and method for preventing an administrator impersonating a user from accessing sensitive resources on a target system is provided. The method comprises receiving a first request from a user to change the user's password on a target system to be changed, sending a “change password” request for the user to the target system, storing the user's new password, receiving a second request from the target system on behalf of the user for access to a sensitive resource, wherein the second request contains information about the user's password, and denying the second request if the information about the user's password is not consistent with the user's stored new password. | 07-29-2010 |
20100199335 | COMMUNICATION SYSTEM-DECENTRALIZED TERMINAL ACCOMODATING SWITCHING DEVICE AND COMMUNICATION SYSTEM-DECENTRALIZED TERMINAL CONTROL METHOD - Provided is a communication system-decentralized terminal control method that can prevent terminals from having the same communication system. The communication system-decentralized terminal control method includes a writing step of writing, when there is a connection request from a given terminal, user identification information of the terminal, a password corresponding to the identification information, identification information of a communication system that the terminal is equipped with, and an IP address and port number that the terminal uses for the communication system in a storage so that the user identification information, the password, the identification information of the communication system, the IP address and the port number are associated with one another; and a logoff step of logging off, when the same user identification information, password, and identification information of communication system as the above are already so written in the storage as to be associated with one another, the other terminal that has the IP address and port number that are already so written in the storage unit as to be associated with the user identification information, the password, and the identification information of communication system. | 08-05-2010 |
20100199336 | TRANSFORMING STATIC PASSWORD SYSTEMS TO BECOME 2-FACTOR AUTHENTICATION - The present invention provides systems and processes for transforming any system that implements a static password authentication or 1 | 08-05-2010 |
20100199337 | SYSTEM AND METHOD FOR ESTABLISHING AND AUTHORIZING A SECURITY CODE - A system and method for controlling access to a resource is provided. A user provides input to the system. Based on the user inputs, a security code may be automatically assembled by extracting stored data. If the assembled security code matches a required value, access may be granted. Otherwise, the user may be denied access to the resource. | 08-05-2010 |
20100205660 | SYSTEM, METHOD AND PROGRAM PRODUCT FOR RECORDING CREATION OF A CANCELABLE BIOMETRIC REFERENCE TEMPLATE IN A BIOMETRIC EVENT JOURNAL RECORD - A system, method and program product for recording the creation of a cancelable biometric reference template in a biometric event journal record. The method includes providing a base biometric reference template having a unique base reference template identifier that uniquely identifies base biometric data collected for an individual, applying a data transform function having a first function key value to the base biometric reference template to create one cancelable biometric reference template and recording the one cancelable biometric reference template in a biometric event journal record. The method further includes creating additional cancelable biometric reference templates using different function key values of the data transform function. The method further includes encrypting the data transform function and the function key value applied to the base biometric reference template. The method further includes signing the cancelable biometric reference template and signing the biometric event journal with a digital signature. | 08-12-2010 |
20100205661 | METHOD OF ESTABLISHING PROTECTED ELECTRONIC COMMUNICATION BETEEN VARIOUS ELECTRONIC DEVICES, ESPECIALLY BETWEEN ELECTRONIC DEVICES OF ELECTRONIC SERVICE PROVIDERS AND ELECTRONIC DEVICES OF USERS OF ELECTRONIC SERVICE - A method of establishing protected electronic communication between various electronic devices equips users beforehand with a personal electronic identity gadget bearing no information about the user identity. Only at the first connection of the blank personal gadget to the electronic devices of an arbitrary electronic service provider, and/or to local electronic devices, the personal electronic identity gadget and the electronic devices and/or the local electronic devices mutually generate a verifiable electronic identity, which is stored in the personal electronic identity gadget and in the electronic devices and/or local electronic devices, for the needs of further mutual electronic communication, separately from other identities and without the knowledge of personal data about the user. Consequently only the generated and stored information is utilized for verification of the identity at every subsequent connection of the user to the electronic devices of the given electronic service provider and/or to the local electronic devices. | 08-12-2010 |
20100212000 | SYSTEM, METHOD AND PROGRAM FOR USER AUTHENTICATION, AND RECORDING MEDIUM ON WHICH THE PROGRAM IS RECORDED - A method, and system, and computer program product for authenticating a user. A first server of a plurality of servers receives an access request from the user to access a federated computing environment that comprises multiple servers. After receiving the access request, the first server: receives input authentication information from the user, obtains a server address of a second server having an authentication policy that matches an authentication policy of the first server, transmits the input authentication information to the second server via the server address of the second server, receives from the second server a notification that the second server has successfully authorized the user, and permits the user to access the federated computing environment. | 08-19-2010 |
20100218242 | SYSTEM AND METHOD FOR PROVIDING SECURITY BACKUP SERVICES TO A HOME NETWORK - Methods and systems of providing security backup services to a home network are described. In one embodiment, the gateway for a home network is registered with a service provider. A network device is enrolled with the home network, and periodically reenrolls. The device detects whether the gateway has been replaced between enrolling and reenrolling, and if it has been replaced, determines whether the new network gateway has been endorsed by the service provider. | 08-26-2010 |
20100223662 | PROGRAMMABLE ELECTRONIC ACCESS CONTROL SYSTEM - The invention relates to a programmable electronic access control system including: an updating unit which operates in conjunction with a central control unit and is provided with management software for global control of installation access. Access elements are associated with the entrance/exit routes, and a credential is associated with each system user. In addition, each updating unit includes means for the bi-directional transfer of data in relation to user credentials, and the central control unit. The updating unit transfers only the information concerning a particular user and the installation closure plan to the user credentials, while receiving information stored on the user credential relating to past events associated therewith, which have been transferred to each of the access elements. | 09-02-2010 |
20100229225 | SYSTEM AND METHOD FOR SECOND FACTOR AUTHENTICATION - As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate through a Second Factor Authentication facility. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor. | 09-09-2010 |
20100229226 | Function-Based Authorization to Access Electronic Devices - Systems and methods to secure authorized access are disclosed. A method includes receiving, an electronic device, a request to generate function-authorization settings including function-access data associated with a particular function of the electronic device to be protected. The method also includes prompting for and receiving function-access data. The received function-access data includes first function-access data that specifies access credentials of a first user to access the particular function and second function-access data that specifies access credentials of a second user to access the particular function. The method also includes associating the received function-access data with the particular function and storing the function-authorization settings including the received function-access data at a memory of the electronic device. | 09-09-2010 |
20100229227 | Online authentication system - A hardware device connected to a network access point to authenticate itself to a server is disclosed. The device stores authentication software, and applicative data. The device is used to generate a one-time password to uniquely identify itself to a server. | 09-09-2010 |
20100229228 | METHOD AND APPARATUS FOR ASSOCIATING TICKETS IN A TICKET HIERARCHY - A method and apparatus for associating session ticket includes a ticketing authority server. The ticketing authority server receives a ticket generation request and information about a client node. It identifies a master session ticket associated in a storage element with the client node. The ticketing authority server then generates a derivative session ticket for the client node and associates the derivative session ticket with the master session ticket. Finally, the ticketing authority server stores information about the client node and the derivative session ticket in the storage element. | 09-09-2010 |
20100235892 | SYSTEM FOR, AND METHOD OF, PROVIDING THE TRANSMISSION, RECEIPT AND CONTENT OF A REPLY TO AN ELECTRONIC MESSAGE - A server transmits a message from a sender to a recipient. The server receives from the recipient an attachment relating to the message route between the server and the recipient. The server transmits to the sender the message and the attachment and their encrypted digital fingerprints and expunges the transmitted information. To subsequently authenticate the message and the attachment, the sender transmits to the server what the server has previously transmitted to the sender. The server then prepares a digital fingerprint of the message and decrypts the encrypted digital fingerprint of the message and compares these digital fingerprints. to authenticate the message. The server performs the same routine with the attachment and the encrypted digital fingerprint of the attachment to authenticate the attachment the recipient replies to the sender's message through the server. The server records proof of the delivery and content of the reply to the sender and the recipient. | 09-16-2010 |
20100235893 | SYSTEM AND METHOD FOR ASSOCIATING MESSAGE ADDRESSES WITH CERTIFICATES - A system and method for associating message addresses with certificates, in which one or more secondary message addresses are identified and associated with a user-selected certificate. The secondary message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device. When a message is to be encrypted and sent to an individual using a particular certificate, an address mismatch would not be detected so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses associated with the certificate include any message addresses contained within the certificate itself (“primary message addresses”) as well as any secondary message addresses that have been subsequently associated with the certificate. | 09-16-2010 |
20100242101 | METHOD AND SYSTEM FOR SECURELY MANAGING ACCESS AND ENCRYPTION CREDENTIALS IN A SHARED VIRTUALIZATION ENVIRONMENT - A computing system for managing a virtual server includes a machine remote from the virtual server that operates a provisioning service, a credentials server remote from the virtual server, and at least one guest server manager running on a guest host associated with the virtual server. The provisioning service obtains credentials from the credentials server and delivers them to the at least one guest server manager. The server manager acts under the direction of the provisioning service. | 09-23-2010 |
20100263029 | METHOD AND SYSTEM FOR GENERATING ONE-TIME PASSWORDS - A method for one-time password generation, the one-time password being used for user authentication by a restricted resource. The one-time password is generated by means of a mathematical algorithm in a user-specific device, and the one-time password is generated by the mathematical algorithm using at least one user-specific password generation parameter. A first password generation parameter is used for generating a first one-time password for use in user authentication by a first restricted resource, and a second password generation parameter is used for generating a second one-time password for use in user authentication by a second restricted resource, the second restricted resource being different from the first restricted resource, and the first and second password generation parameters being distinct. | 10-14-2010 |
20100263030 | METHOD FOR ESTABLISHING AN AGENCY RELATIONSHIP TO PERFORM DELEGATED COMPUTING TASKS - A method is disclosed for establishing an agency relationship to perform delegated computing tasks. The method provides for initiation of the agency relationship, establishment of credentials to perform a delegated computing task, and performance of the delegated computing task. Benefits of establishing an agency relationship in a computing environment include improved security, efficiency, and reliability in performing delegated computing tasks. | 10-14-2010 |
20100269162 | WEBSITE AUTHENTICATION - Embodiments of website authentication including receiving a request from a user to view a website within a graphical user interface (GUI); generating a one time password (OTP); storing the generated OTP in a database; displaying the generated OTP on the GUI; verifying an identity of the user by receiving an identification datum from a communication device; receiving an entered OTP from the user; comparing the entered OTP with the generated OTP; and communicating whether the website is authenticated. | 10-21-2010 |
20100269163 | COMPUTER ACCESS SECURITY - A method is provided for improved computer access security, the method including protecting an access record to prevent password access to a computer via the access record, creating an alternate access record corresponding to the protected record, enabling password access to the computer via the alternate record, providing the alternate record with the access level of the protected record, and configuring the alternate record to indicate a supplemental security program to be executed once a correct password for the alternate record is provided. | 10-21-2010 |
20100275250 | ACCOUNT RECOVERY VIA AGING OF ACCOUNT DATA POINTS - Embodiments are directed towards providing an aging of account data points usable in recovering access to an account. The aging functionality of account data points is configured to enable users who may have had access to their account compromised or otherwise denied, still be able to recover access. Account data points are time stamped when associated with an account. When a request is received to delete the account data point, the account data point is instead placed into an aging status for a time period. During the aging status time period, the account data point may still be used to recover access to the account. Moreover, after access is recovered using a certain account data point, any account data points created after the certain account data point may be deleted to minimize unauthorized access to the account. | 10-28-2010 |
20100275251 | TRANSFERRING CREDENTIAL INFORMATION - Credential information is received from a credential transfer server. The credential transfer server is identified by sending a credential transfer message to a network entity identified by a dynamic host configuration protocol server. | 10-28-2010 |
20100287603 | FLEXIBLE IDENTITY ISSUANCE SYSTEM - Techniques for implementing flexible identity issuance systems to allow users to specify one or more evaluation processes to be carried out by the issuance system based on input identity information. These evaluation processes may be specified in any suitable manner to allow an issuance system to carry out any process for generating output identity information for a content consumer. In some embodiments, an evaluation process may be specified to the issuance system as a series of tasks to be carried out, where each task corresponds to a conditions and an action to be taken when the condition is met. In this way, an evaluation process may be simply and easily specified by what operations are to be carried out, rather than how the operations are to be carried out. An issuer may interpret the specification to determine a functional process for carrying out the tasks. | 11-11-2010 |
20100287604 | IDENTIFICATION OF INTEGRATED CIRCUITS - Techniques are generally described for generating an identification number for an integrated circuit (IC). In some examples, methods for generating an identification of an IC may comprise selecting circuit elements of the IC, evaluating measurements of an attribute of the IC for the selected circuit elements, wherein individual measurements are associated with corresponding input vectors previously applied to the IC, solving a plurality of equations formulated based at least in part on the measurements taken of the attribute of the IC for the selected circuit elements to determine scaling factors for the selected circuit elements, and transforming the determined scaling factors for the selected circuit elements to generate an identification number of the IC. Additional variants and embodiments may also be disclosed. | 11-11-2010 |
20100299731 | Electronic System for Securing Electronic Services - A method of accessing an internet based service, involves using a cellular telephony device to obtain a token from the provider of the internet based service, and within the cellular telephony device, using the token to calculate a time-limited password. The time-limited password is used in combination with at least one further user identification parameter to obtain access to the internet based service. | 11-25-2010 |
20100299732 | TIME WINDOW BASED CANARY SOLUTIONS FOR BROWSER SECURITY - Tools and techniques related to time window based canary solutions for browser security are provided. These tools may receive requests to generate canary values in connection with providing content maintained on server systems, and compute canary values in response to these requests. These canary values may be based on identity information associated with different users, site-specific values associated with websites accessed by these users, and representations of time windows associated with the requests. | 11-25-2010 |
20100299733 | SYSTEM AND METHOD FOR DISTRIBUTING PERSONAL IDENTIFICATION NUMBERS OVER A COMPUTER NETWORK - The present invention comprises a system and method for managing an inventory of PINs in a PIN distribution network. The distribution network includes a hub coupled to a one or more servers and each of the servers is coupled to at least one client terminal. The system includes a hub for dynamically allocating PINs of the inventory among the servers so as to substantially maintain a quantity of PINs at each server at a desired level for each server. Additionally, the hub acquires additional PINs in response to at least one PIN in the inventory being distributed to at least one user from at least one of the client terminals. In variations, the hub maintains centralized databases and synchronizes the centralized databases with corresponding databases at each server. | 11-25-2010 |
20100299734 | METHOD AND APPARATUS TO AUTHENTICATE AND AUTHORIZE USER ACCESS TO A SYSTEM - A method, apparatus, and system are provided for authenticating a user. According to one embodiment, a request for authentication of a user is received via a secondary site, the request for authentication of the user including user information corresponding to the user. The user information is verified and, based on the verifying, a token associated with the user is generated, the token to be used to enable the secondary site to perform a task on the primary site on behalf of the user. The token is then transmitted to the secondary site. | 11-25-2010 |
20100313251 | Method and Apparatus for Coordinating a Change in Service Provider Between a Client and a Server with Identity Based Service Access Management - A method of configuring a network access device connected to an access network connected to a plurality of service networks, the network device having a first network address allocated to a subscriber of services of a first service provider provided by a first service network, with a new network address allocated to a second subscriber of services of either the first service provider, or a second service provider provided by a second service network. The method comprises the steps of: sending a request from the network access device to the access network with user credentials for the second subscriber requesting access to the first service provider or a change to the second service provider; receiving a response from the access network; and initiating a network address change request using a configuration protocol. In this manner, a second network address allocated to the second subscriber of services of either the first or second service providers is assigned to the network access device to enable the network access device to communicate data packets to the service network providing the selected service. | 12-09-2010 |
20100319058 | METHOD USING ELECTRONIC CHIP FOR AUTHENTICATION AND CONFIGURING ONE TIME PASSWORD - A method using an electronic chip for authentication and configuring an one time password uses a one time password generated at a one time password service end replacing a personal identification number required in authenticating operations on an electronic chip (IC cards, such as smart card, hardware secure module(HSM)e, EMV chip . . . etc.). Before operating on the electronic chip, a request for the one time password is sent to the one time password service end; or the one time password with access condition is applied in advance, and is used as a key to authenticate operations on the electronic chip. The method enhances privacy of the password and provides added application method for improved confidentiality. | 12-16-2010 |
20100325705 | Systems and Methods for A2A and A2DB Security Using Program Authentication Factors - In various embodiments, security may be provided for application to application (A2A) and application to database (A2DB) implementations. In some embodiments, a method comprises receiving a registration request at a first digital device for a first application, receiving a first program factor associated with the first application, confirming the first program factor, generating a first password for a second application based, at least, on the confirmation of the first program factor, and providing the first password to a second digital. | 12-23-2010 |
20100325706 | AUTOMATED TEST TO TELL COMPUTERS AND HUMANS APART - Techniques for verifying a user is human as opposed to a machine are provided. A series of images may be presented to the user sequentially along with a challenge question that instructs the user to select the image that is responsive to the challenge question. If the user selects the correct image, there likelihood that the user is a human as opposed to a machine is greatly increased. Techniques for varying certain parameters associated with display of images and challenge question are also provided. The variations in these parameters may further help distinguish human users from machines. | 12-23-2010 |
20100325707 | Systems and Methods for Automatic Discovery of Systems and Accounts - In various embodiments, a method comprises scanning a directory structure to generate a scan result comprising a plurality of discovered systems, identifying one or more accounts associated with at least one of the plurality of discovered systems, configuring a security appliance to change one or more old passwords to one or more new passwords for the one or more accounts, and changing, with the configured security appliance, the one or more old passwords to the one or more new passwords. | 12-23-2010 |
20100325708 | SYSTEM AND METHOD FOR PROVIDING A MULTI-CREDENTIAL AUTHENTICATION PROTOCOL - A system and method for providing secure communications between remote computing devices and servers. A network device sends characteristics of a client computing device over the network. A network device receives characteristics of a client computing device over the network. A plurality of credentials are generated where at least one of the plurality of credentials based on both the received characteristics of the client computing device and a unique client key, and at least one of the plurality of credentials based on both the received characteristics of the client computing device and a generic key. A network device sends the plurality of credentials over the network. A network device receives the plurality of credentials via the network. | 12-23-2010 |
20100333185 | GENERATING SECURITY MATERIAL - An apparatus and method establish a secure, direct, station-to-station communication between a first station and a second station in a topology (e.g., PBSS) having a central secret holder/provider that allows secure, direct, station-to-station communications and that allows secure station-to-station broadcast communications. The first station and the second station will have previously established a security association (SA) with a topology control point (PCP). The method includes creating pair-wise unique material for the first station. The pair-wise unique material is computed as a function of (i) a known shared secret associated with the PCP, (ii) a first piece of unique data associated with the first station, and (iii) a second piece of unique data associated with the second station. The method includes securely communicating the pair-wise unique material from the first station to the second station. | 12-30-2010 |
20110010763 | TOOL AND METHOD FOR GENERATING PASSWORDS - A grid is provided for creating secure and confidential passwords for use in sign-in procedures on electronic user accounts. The tool includes a grid having multiple rows and columns defining cells, with each cell having randomly assigned keyboard characters, such as letters, numbers, and symbols. A user creates a password by selecting a starting cell, and progressing in a user-selected pattern through a pre-selected number of cells. Multiple unique grids may be provided in hard copy or digital form for use in creating multiple passwords which may be created using the same or different starting cells and/or patterns. | 01-13-2011 |
20110016515 | REALTIME MULTICHANNEL WEB PASSWORD RESET - The need for realtime password resetting is providing by using a converged HTTP/SIP container. The container allows interaction between the different protocols of HTTP and SIP. When a user needs to reset a password that would normally require sending a new temporary password through the mail, the user can be appropriately authenticated and provided with a temporary key. After a temporary key is created and sent electronically to the user via the computer system which initiated the request, a telephony application calls the user. The user is prompted for authentication information and then enters the temporary key. The temporary key entered is compared with the temporary key created, and if matched, the user can reset the password in realtime. | 01-20-2011 |
20110023100 | Device Ownership Transfer From A Network - A home relationship is established between a device and a network by storing an ownership record in the device that identifies the network, and storing in the network a device identifier that identifies the device. Thereafter, communication is established between the device and the network. The ownership record is then transmitted from the network to the device, and automatic access to the device is granted to the network once the device verifies the transmitted ownership record against the ownership record stored in the device. In addition, the device identifier is transmitted from the device to the network, and automatic access to the network is granted to the device once the network verifies the transmitted device identifier against the device identifier stored in the network. | 01-27-2011 |
20110035791 | Method for Device Insertion Into a Community of Network Devices - A method for performing at least one evolution operation in a dynamic, evolutive community of devices in a network comprising at least a first device. The method comprises a step of sending at least one message over the network from the first device to a second device, wherein the first device continues the method without acknowledgement of the at least one message from the second device. The method is suitable for execution on clockless devices. A device for performing the method is also claimed. | 02-10-2011 |
20110041166 | Method of Password Assignment - A method is provided in which a user registers a Session Initiation Protocol (SIP) address with a server that uses digest access authentication; If the user has another address already registered with the server, the server requests the user name and password for the existing address. The user enters the user name and password into a client application. The client application transmits the user name and password to the registration server as clear text over an encrypted channel. The registration server generates a digest from the received user name and password and compares the generated digest with the digest stored on the registration server for the existing address in order to determine whether the user submitted a valid user name and password. If the generated and stored digests match, the registration server sets the password for the existing email account of the user as the password for the new email. | 02-17-2011 |
20110041167 | TECHNIQUES FOR PROVIDING SECURE COMMUNICATIONS AMONG CLIENTS WITH EFFICIENT CREDENTIALS MANAGEMENT - A method, server and client for protecting communications among a plurality of clients, for use in a networked communication system comprising a server and the plurality of clients, the plurality of clients comprising at least a first client and a second client, are provided. The method includes communicating, from the first client to the server, a request for a credential token for a communication between the first client and the second client, selecting, by the server, the credential token for the communication between the first client and the second client, communicating, from the server to each of the first client and the second client, the selected credential token, and communicating, between the first client and the second client using security algorithms and information contained in the credential token received from the server. | 02-17-2011 |
20110055909 | METHODS, APPARATUS, AND COMPUTER PROGRAM PRODUCTS FOR SUBSCRIBER AUTHENTICATION AND TEMPORARY CODE GENERATION - Method, apparatus, and computer products are provided for providing temporary generated codes by a server. Responsive to triplet authentication of a device to service provider network, a server receives an initial code from the device to request a temporary generated code. The server verifies the triplet authentication of device. The server determines whether there is a user account match to the initial code. The server determines a corresponding application server based on the initial code and the user account match. The server generates a temporary generated code to access the application server. The temporary generated code is transmitted to both the application server and the communication device, is set to expire at a preset time, is generated to allow the user access to a single session on the application server, and is generated to expire after the temporary generated code is input to access the single session on application server. | 03-03-2011 |
20110055910 | USER-CENTRIC INTERCEPTION - The present invention relates to methods and arrangement for user-centric interception in a telecommunication system wherein correlated identities are federated in an Identity Management Controller. The method comprises: Sending from an Intercept Unit to the Identity Management Controller, a request for identities correlated with a specified key target identity. The Intercept Unit receives identities federated to the specified key target identity. The received identities are utilized for user-centric interception purposes. | 03-03-2011 |
20110067092 | AUTOMATIC PROVISIONING OF AUTHENTICATION CREDENTIALS - Methods and systems of automatically provisioning authentication credentials on a plurality of network devices. The method may include determining a process for provisioning the authentication credentials for the plurality of devices. The process may include steps of gaining access to a network device, entering a command to reach a network service interface associated to the network device, indicating a location of the authentication credentials, and initiating installation of the authentication credentials. The method may also include providing a computer program to follow the process. The computer program may be a script that is automatically executed without a user intervention. The method may further include developing a list of the plurality of devices that need to be provisioned, associating the list of the plurality of devices to the computer program, executing the computer program for each device, and outputting whether each of the plurality of network devices has a successful authentication credential update. | 03-17-2011 |
20110072498 | TEARING AND CONFORMAL TRANSFORMATION HUMAN INTERACTIVE PROOF - The HIP creation technique described herein pertains to a technique for creating a human interactive proof (HIP) by applying tearing and/or a conformal transformation to a string of characters while maintaining readability of text. In one embodiment, the technique tears a character string into two or more pieces and applies conformal transformation to warp the pieces in order to create a HIP. The transformation changes the shape and orientation of the characters but preserves angles of the characters which makes it easy for humans to recognize the characters after the transformation. Other embodiments of the technique create HIPs by applying tearing only to a string of characters, or by applying conformal transformation only to the character string. | 03-24-2011 |
20110072499 | METHOD OF IDENTITY AUTHENTICATION AND FRAUDULENT PHONE CALL VERIFICATION THAT UTILIZES AN IDENTIFICATION CODE OF A COMMUNICATION DEVICE AND A DYNAMIC PASSWORD - A method of identity authentication and fraudulent phone call verification uses an identification code of a communication device and a dynamic password. The “dynamic password” is directly sent to an Internet user via a dynamic web-page of a specific website instead of by means of a traditional telephone short message. Thus, the “dynamic password” cannot be copied from the spyware infected communication device of the Internet user. Furthermore, even if the “dynamic password” is intercepted or otherwise discovered by a hacker or intruder, authentication is still secure because the dynamic password must be sent back to the specific website via a short message or the like from the same communication device having the corresponding identification code that was initially input by the Internet user in order to generate the dynamic password. | 03-24-2011 |
20110078775 | METHOD AND APPARATUS FOR PROVIDING CREDIBILITY INFORMATION OVER AN AD-HOC NETWORK - An approach for providing credibility information over an ad-hoc network is described. A trust manager receives content from a transmitting node over an ad-hoc network. The trust manager retrieves one or more trust values associated with the content, the transmitting node, or both, wherein the trust values are assigned by a trust server and further adjusted based on locally collected credibility information. The trust manager conducts a local evaluation of credibility information regarding the content, the transmitting node, or both. The trust manager then generates one or more combined trust values for the content, the transmitting node, or both from the trust values and the local evaluation. | 03-31-2011 |
20110078776 | Secure digital credential sharing arrangement - A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired. | 03-31-2011 |
20110078777 | Computer-readable recording medium recording remote control program, portable terminal device and gateway device - A computer-readable recording medium which records a remote control program for allowing data on a network protected by a gateway device to be transferred to an external device by external remote-control operations; a portable terminal device; and a gateway device. The terminal device transmits to the gateway device an access ticket issue request. The gateway device generates key information and transmits to the terminal device an access ticket including the key information. The terminal device transfers to a data acquisition device a data acquisition instruction including the acquired access ticket. The acquisition device transmits to the gateway device a data request including the key information. When the key information added to the access ticket and the key information included in the data request are the same, the gateway device transfers the data request to a data server device. The server device transfers the data to the acquisition device. | 03-31-2011 |
20110083172 | INCREASE ENTROPY OF USER-CHOSEN PASSWORDS VIA DATA MANAGEMENT - A method, computer readable medium and apparatus for providing data security for a computing environment having a plurality of nodes are provided. The apparatus comprises of a password mechanism residing in a storage location in the computing environment; and a user specific dictionary including entries generated by the password mechanism about each user by retrieving available data from one or more databases. The password mechanism rejects a proposed password for the user by comparing it with entries in the user specific dictionary when the proposed password matches at least part of any entry in the user specific dictionary. | 04-07-2011 |
20110093935 | CONTROL OVER ACCESS TO DEVICE MANAGEMENT TREE OF DEVICE MANAGEMENT CLIENT - Provided is a control over access to a Device Management (DM) tree of a client. The client receives a secure area creation password from a server, creates a secure area by using the received creation password, and moves the DM tree to the secure area. In addition, the client receives a secure area access password from the server, accesses the secure area by using the received access password, and performs a remote management through a DM command received from the server. The authority to access the DM tree is given to only the client acquiring a password from the server, which effectively prevents an unauthorized change of a DM tree. | 04-21-2011 |
20110093936 | NETWORK SYSTEM, METHOD OF CONTROLLING ACCESS TO STORAGE DEVICE, ADMINISTRATION SERVER, STORAGE DEVICE, LOG-IN CONTROL METHOD, NETWORK BOOT SYSTEM, AND METHOD OF ACCESSING INDIVIDUAL STORAGE UNIT - A network boot system including one or more client terminals, a DHCP (Dynamic Host Configuration Protocol) server, a PXE (Preboot Execution Environment) server, a TFTP (Trivial File Transfer Protocol) server, a database administration server, one or more storage devices, and an authentification server (such as a Radius server) connected to each other via a TCP/IP (Transmission Control Protocol)/Internet Protocol) network. A plurality of LU provided in the storage devices as separated into a system area LU and a user area LU prepared per user. | 04-21-2011 |
20110093937 | AUTHENTICATED DATABASE CONNECTIVITY FOR UNATTENDED APPLICATIONS - A custom database connectivity component is deployed in conjunction with a native database connectivity component and a credential manager. The custom connectivity component has a requestor interface for communicating with a requestor application, a credential service interface for communicating with the credential manager, a native database connectivity interface for communicating with native connectivity components, and a decision engine for determining how to convert a request from a requestor to an appropriate API call to the credential manager. The custom connectivity component provides an authenticated and authorized database connection for a requestor application. The component transparently serves retrieves database, or other target resource, credentials on a real time basis, without requiring code changes to the requestor application. | 04-21-2011 |
20110099612 | AUTOMATIC USER AUTHENTICATION AND IDENTIFICATION FOR MOBILE INSTANT MESSAGING APPLICATION - Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device. This technology obviates the need for the user to remember and enter a user ID and password to access backed-up application data on a server. This is particularly useful for instant messaging applications, e.g. PIN messaging, in which the unique device identifier is used to identify the user and is also the transport address. Once registered, the user who has switched to a new device or has wiped his existing device, can restore contacts or other application data from the server based on the registration identifier. | 04-28-2011 |
20110099613 | MODIFICATION OF A SECURED PARAMETER IN A USER IDENTIFICATION MODULE - There is provided a user identification module configured for use in a mobile communication device. An exemplary user identification module comprises a first data item being accessible for reading a value of a parameter used in the operation of the user identification module. The exemplary user identification module also comprises at least two second data items, the second data items being unmodifiable and each second data item including a value of the parameter. The first data item includes a modifiable reference addressing one second data item. | 04-28-2011 |
20110099614 | NETWORK SYSTEM, METHOD OF CONTROLLING ACCESS TO STORAGE DEVICE, ADMINISTRATION SERVER, STORAGE DEVICE, LOG-IN CONTROL METHOD, NETWORK BOOT SYSTEM, AND METHOD OF ACCESSING INDIVIDUAL STORAGE UNIT - A network boot system including one or more client terminals, a DHCP (Dynamic Host Configuration Protocol) server, a PXE (Preboot Execution Environment) server, a TFTP (Trivial File Transfer Protocol) server, a database administration server, one or more storage devices, and an authentification server (such as a Radius server) connected to each other via a TCP/IP (Transmission Control Protocol)/Internet Protocol) network. A plurality of LU provided in the storage devices as separated into a system area LU and a user area LU prepared per user. | 04-28-2011 |
20110099615 | SECURE FALLBACK NETWORK DEVICE - A network device and method may provide secure fallback operations. The device includes a port allowing the device to communicate with a network and a processor to generate a security credential, provide the security credential to a call manager during initialization, and provide the security credential to a secondary device during fallback operations. The network device may include a memory to store the security credential and routing information for fallback operations. | 04-28-2011 |
20110107406 | SYSTEMS AND METHODS TO SECURE A VIRTUAL APPLIANCE - The present disclosure relates to systems and methods for providing secure support to virtual appliances delivered to customer sites without passwords or enabled ports for service. A virtual appliance may be established on a first device. The virtual appliance may comprise a self-contained virtual machine with a pre-installed operating system and may be established with no root password enabled and a remote access port disabled. An administration tool may receive from a requestor a request to enable maintenance for the virtual appliance. The administration tool may generate, responsive to the request, a random password. The administration tool may enable, responsive to the request, the remote access port. The virtual appliance may wait for a connection to the remote access port for a predetermined period of time. The administration tool may transmit the random password to a service of a second device remote to the first device. | 05-05-2011 |
20110107407 | NEW METHOD FOR SECURE SITE AND USER AUTHENTICATION - The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the'web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user. | 05-05-2011 |
20110113476 | METHOD AND DEVICE FOR GENERATING A TIME-DEPENDENT PASSWORD - There is provided a system and method for generating a time-dependent password in a security device using time information. An exemplary method comprises checking whether the security device has access to an external time signal. The exemplary method also comprises requesting a user of the security device to enter the time information, if it is determined that the security device has no access to the external time signal. The exemplary method additionally comprises generating a time-dependent password using the time information entered in response to the request. | 05-12-2011 |
20110119743 | COMMUNICATION OF CONTENT TO EVENT ATTENDEES - A method is provided for enrolling and authenticating an attendee of an event or activity so that content can be delivered to a mobile device associated with the attendee. The method includes receiving an identifier of a mobile communication device associated with an authorized attendee while the attendee and the mobile communication device are in a venue at which the event or activity takes place. The mobile communication device is registered by storing the identifier in a database of authorized attendees who have entered the venue. Entitlement credentials are communicated to the mobile device that are to be further communicated from the mobile device to a content server when requesting event or activity related content therefrom. | 05-19-2011 |
20110119744 | PSEUDONYMOUS IDENTIFICATION MANAGEMENT APPARATUS, PSEUDONYMOUS IDENTIFICATION MANAGEMENT METHOD, PSEUDONYMOUS IDENTIFICATION MANAGEMENT SYSTEM AND SERVICE ADMISSION METHOD USING SAME SYSTEM - A pseudonymous ID (identification) management apparatus includes a token processing unit for validating an authentication token; a pseudonymous ID generation unit for issuing a pseudonymous ID corresponding to the authentication token; a temporary ID generation unit for issuing a temporary ID for use in an offline subscription; and an ID validation unit for validating a pseudonymous ID received from a web service apparatus along with a pseudonymous ID validation request and transmitting pseudonymous ID validation result to the web service apparatus, and validating a temporary ID received from the web service apparatus along with a pseudonymous ID exchange request and transmitting a pseudonymous ID corresponding to the temporary ID to the web service apparatus. The web service apparatus provides a service to which a user desires to subscribe. | 05-19-2011 |
20110126272 | APPARATUS AND METHOD OF IDENTITY AND VIRTUAL OBJECT MANAGEMENT AND SHARING AMONG VIRTUAL WORLDS - A system for centrally managing credential information of a user and a virtual object of a user across a plurality of virtual world (or corresponding virtual world servers) is disclosed. The system includes an identity service module for managing an authentication request (e.g., verifying credential information of a user) from a user and an inventory service module for managing virtual properties of a user. Furthermore, a method for logging in a virtual world by using the system is disclosed. A method for teleporting a virtual property from a virtual world to another virtual world by using the system is disclosed. A method for logging out from a virtual world by using the system is also disclosed. | 05-26-2011 |
20110131638 | PROCESS OF REMOTE USER AUTHENTICATION IN COMPUTER NETWORKS TO PERFORM THE CELLPHONE-ASSISTED SECURE TRANSACTIONS - This invention relates to processes of personal user authentication in computer and mobile wireless communications networks to perform transactions including payments. The process provides remote user authentication in various computer networks, the Internet inclusive, to perform secure transactions such as e-commerce and remote banking (on-line banking, remote banking, direct banking, home banking, internet banking, PC banking, phone banking, mobile-banking, WAP-banking, SMS-banking, GSM-banking, TV banking). | 06-02-2011 |
20110131639 | Secure PIN Management of a User Trusted Device - A mechanism is provided for secure PIN management of a user trusted device. A user trusted device detects a memory card coupled to the user trusted device. The user trusted device receives user input of an external PIN (ext_PIN). The user trusted device identifies a key (K) associated with the external PIN, wherein the key is stored in the persistent memory. The user trusted device computes a card PIN (card_PIN) using a function (f) and the key as stored on the persistent memory, wherein the card PIN is computed using the following equation: card_PIN=f(K, ext_PIN). The user trusted device unlocks the memory card using the card PIN, thereby forming an unlocked memory card. | 06-02-2011 |
20110145897 | UBIQUITOUS WEBTOKEN - A first device receives, from a second device, a first request to set up an account, where the first request includes a shared key and information associated with the second device, where the shared key is calculated based on a private key, of a private key/public key pair, and information regarding an identity selection, from user identity information, associated with a user of the second device; and store the shared key in a memory. The first device receives, from the second device, a second request to log in to the account, where the second request includes a first webtoken and information associated with the second device, where the first webtoken is calculated based on the shared key and a first time interval; retrieves the shared key; generates a second webtoken based on the shared key and a second time interval; performs an authentication operation by comparing the first webtoken and the second webtoken; and permits the second device to access the account when the first webtoken matches the second webtoken. | 06-16-2011 |
20110145898 | CONTROLLING ACCESS OF A CLIENT SYSTEM TO AN ACCESS PROTECTED REMOTE RESOURCE - The present invention provides a security module for Web application, especially a portal application, using a rewriter proxy. The security module ensures that the rewritten URIs are appended by an authentication identifier for determining whether the rewritten URI has not been changed. Preferably, the authentication identifier can be generated by applying a secure hash algorithm and/or secret key to the original URIs of the remote resource or the entire rewritten URIs. When a client activates those URIs, a request is sent to the rewriter proxy. Before a connection to the access protected remote resource is established, the security module validates whether the URIs contained in the user client request have been changed by the user. | 06-16-2011 |
20110154455 | Security management framework - A framework is provided for securing and managing sensitive credential information required for a software program, such as an application or a script, to access a resource. The centralized framework validates a request for access to a resource received from the software program, retrieves the encrypted credentials associated with the requested resource, decrypts the encrypted credentials, and provides decrypted credentials to the software program for use in accessing the resource. | 06-23-2011 |
20110154456 | System & Method for Sharing Data - A system and method for sharing data is provided. A request is received from a mobile device to transfer a set of data to a recipient. The set of data is stored by a server and controlled by a user of the mobile device. The request is authenticated, and the data is encrypted. The set of data is transmitted to a recipient specified by the user via the mobile device. | 06-23-2011 |
20110154457 | AUTHENTICATING METHOD, CONVERSION DEVICE, AND RELAY DEVICE - A conversion device receives service data including first connection destination data and the authentication information about an authenticated user, generates second connection destination data for designation of the first connection destination data, then associates the authentication information, the first and second connection destination data with one another, transmits them to a relay device, and transmits to a client the service data in which the first connection destination data is replaced with the second connection destination data; the client transmits the second connection destination data selected by the user to the relay device; the relay device transmits the authentication information to a server indicated by the first connection destination data using the authentication information and the first connection destination data corresponding to the second connection destination data, and transmits the address of the server to the client; and the client communicates with the server using the address and the authentication information. | 06-23-2011 |
20110154458 | METHOD AND SYSTEM FOR CREATING A PRE-SHARED KEY - There is provided a system and method for creating a pre-shared key. More specifically, in one embodiment, there is provided a method comprising accessing an identifier associated with a computer system, and performing at least one mathematical function on the identifier to create a pre-shared key for the computer system. | 06-23-2011 |
20110154459 | METHOD AND SYSTEM FOR SECURING ELECTRONIC TRANSACTIONS - A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided. | 06-23-2011 |
20110162053 | SERVICE ASSISTED SECRET PROVISIONING - A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device. | 06-30-2011 |
20110162054 | FIRMWARE AND METHOD FOR GENERATING ONE TIME PASSWORDS (OTPs) FOR APPLICATIONS - The invention describes a method, firmware, and computer program product for generating one or more One Time Passwords (OTPs) for one or more applications. The firmware embedded in a computational device receives one or more registration details corresponding to an application from a user. Thereafter, the firmware generates a Dynamic Information Number (DIN) based on at least one of the registration details and an application identifier (SIID). The user registers with the application with the DIN and at least one of the registration details. Further, the user may access the application using an OTP generated by the firmware based on the DIN and the application identifier. | 06-30-2011 |
20110167483 | ROLE-BASED ACCESS CONTROL UTILIZING TOKEN PROFILES HAVING PREDEFINED ROLES - A method and system for managing role-based access control of token data using token profiles having predefined roles is described. | 07-07-2011 |
20110167484 | APPARATUS AND METHOD FOR INTEGRATING AUTHENTICATION PROTOCOLS IN THE ESTABLISHMENT OF CONNECTIONS BETWEEN COMPUTING DEVICES - An apparatus and method for integrating authentication protocols in the establishment of connections between a controlled-access first computing device and at least one second computing device. In one embodiment, network access user authentication data needed to access the at least one second computing device is transmitted to an authentication server automatically if the user has access to use the first computing device, thereby not requiring the user to manually enter the authentication data needed for such access at the first computing device. The network access user authentication data may be, for example, retrieved from a memory store of the first computing device and/or generated in accordance with an authentication data generating algorithm. | 07-07-2011 |
20110167485 | SYSTEM AND METHOD FOR TOY ADOPTION AND MARKETING - Provided are a method and computer system that provide a virtual world. A server of the computer system includes a storage subsystem that stores two or more items of different personalized information about multiple different users, including different user identifications and passwords associated with the user identifications respectively representing the users. The server computer system is programmed to accept login credentials including a user identification and password and validate the login credentials. The server computer system is also programmed to control formation of a first user account and storage of the first user identification and first password. The storage subsystem stores information about registration codes that have not yet been entered. Further, the server computer system is programmed to accept entry of one or more of the registration codes that have not yet been entered and, based on entry of the registration codes, to associate stored information indicative of the one registration code with the first user identification. | 07-07-2011 |
20110173684 | ANYTIME VALIDATION FOR VERIFICATION TOKENS - Systems and method for producing, validating, and registering authentic verification tokens are disclosed. Such systems and methods include generating verification token specific key pairs. The key pairs can be signed by a verification token manufacturer master key or public key certificate for an additional level of authenticity. Related methods and systems for authenticating and registering authorized verification token manufacturers are also disclosed. Once a verification token manufacturer is authenticated, it can be assigned a manufacturer-specific key pair or certificate and in some cases, a predetermined set of serial numbers to assign to the verification tokens it produces. Each serial number can be used to generate a verification token specific key pair specific to the associated verification token. One component of the verification token key pair can be stored to the verification token. Optionally, the component of the verification token key pair stored to the verification token can be signed by the manufacturer specific master key or certificate and stored a verification token public certificate. | 07-14-2011 |
20110173685 | METHOD FOR TERMINAL CONFIGURATION AND MANAGEMENT AND TERMINAL DEVICE - A method for terminal configuration and management includes: acquiring a configuration file, where the configuration file includes server account information; configuring the server account information in the acquired configuration file onto a Device Management Tree (DMT) of a terminal; based on the server account information, establishing a management session between the terminal and the server, and performing management and subsequent configuration on the terminal during the session. A corresponding terminal device and a corresponding system are also provided. Through the method, the terminal can determine, according to protocol version information supported by or corresponding to the corresponding server and carried in a configuration packet, a protocol that should be used for communication with a server, and perform configuration according to the correct protocol version, thus improving the operation efficiency. | 07-14-2011 |
20110173686 | IMAGE FORMING APPARATUS, AUTHENTICATION INFORMATION MANAGING SYSTEM, AUTHENTICATION INFORMATION MANAGING METHOD, AND AUTHENTICATION INFORMATION MANAGING PROGRAM - An image forming apparatus communicates with an authenticating server which stores user information for identifying a user and authentication information included in a storing medium. An authentication requesting unit transmits the user information input to the image forming apparatus to the authenticating server to authenticate the user. An authentication result obtaining unit obtains the user authentication result from the authenticating server. A display unit displays a registering mode for registering the authentication information corresponding to the input user information and a deleting mode for deleting the authentication information corresponding to the input user information so that the modes can be selected according to the obtained authentication result. When the deleting mode has been selected, the authentication information deletion instructing unit instructs the authenticating server to delete one or a plurality of authentication information corresponding to the user information in response to a deleting instruction by the user. | 07-14-2011 |
20110179472 | METHOD FOR SECURE USER AND SITE AUTHENTICATION - The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user. | 07-21-2011 |
20110179473 | METHOD AND APPARATUS FOR SECURE COMMUNICATION BETWEEN MOBILE DEVICES - Methods and apparatuses for secure communication are provided. The secure communication method includes receiving a first credential of a remote device; receiving first authentication information of the remote device; storing a user record including the first credential and the first authentication information; and evaluating a security level of the received first authentication information. | 07-21-2011 |
20110179474 | METHOD AND SYSTEM FOR CREATING A MOBILE INTERNET PROTOCOL VERSION 4 CONNECTION - A method for creating a unique and secure mobile internet protocol version 4 connection for a packet data network is provided. The method includes generating an extended master session key to create a mobile internet protocol root key. The method also includes creating a mobile internet protocol security parameter index based on the mobile internet protocol root key and an access point name. The method further includes deriving a mobile node home agent key based on the access point name. Furthermore the method includes associating the derived mobile node home agent key to the created security parameter index. Moreover the method includes providing the unique and secure mobile internet protocol version 4 connection to transfer data for the packet data network connectivity. | 07-21-2011 |
20110179475 | METHOD FOR PROVIDING ACCESS TO A SERVICE - A system is described comprising a service provider and an identity provider. A user requests access to the service provider and the service provider seeks user credentials from the identity provider. In use, the service provider issues an authentication request, which request specifies details of a plurality of acceptable authentication formats. The identity provider responds to the request either by providing authentication details for said user in one of the formats specified in the request, or by returning an error message indicating that it cannot support any of the specified authentication formats. | 07-21-2011 |
20110179476 | AUTHENTICATION OF SERVICES ON A PARTITION - Embodiments of the disclosure describe systems and methods for authenticating services running on a partition. In this regard, one embodiment of a system for authenticating a service includes a partition including a list of authorized services, and a service running on the partition; and a management processor in communication with the partition, wherein the management processor is configured to generate credentials for the service running on the partition if the service is listed in the list of authorized services. | 07-21-2011 |
20110185403 | METHOD AND APPARATUS FOR CONTROLLING ACCESS TO A NETWORK RESOURCE - According to one aspect, there is provided a method of controlling access to a network resource. The method comprises receiving a request to grant a user access to the network resource, the request including a user identifier, determining whether the received user identifier is stored in a local user data store associated with the resource, and where it is not so determined determining, from user details stored in a master user data store, whether the user is authorized to access the resource, and where it is so determined obtaining a password, and storing the obtained password and user details in the local data store associated with the network resource. | 07-28-2011 |
20110185404 | STAGED USER DELETION - A method, system, and computer program product for staged user identifier deletion are provided. The method includes checking a status of a user identifier in response to a triggering event. In response to determining that the status of the user identifier indicates a marked for deletion status, a notification action is performed. The method also includes monitoring a time value to determine whether a time for deletion associated with the user identifier with the marked for deletion status has been reached, and automatically deleting the user identifier with the marked for deletion status in response to determining that the time for deletion has been reached. | 07-28-2011 |
20110185405 | METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT - To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret. | 07-28-2011 |
20110185406 | Systems and Methods to Authenticate Users - Systems and methods are provided to facilitate online transactions via mobile communications. In one aspect, a system includes a data storage facility to store account information with a phone number of the user and an interchange coupled with the data storage facility. The interchange includes a common format processor and a plurality of converters to interface with a plurality of different controllers of mobile communications. The converters are configured to communicate with the controllers in different formats; and the converters are configured to communicate with the common format processor in a common format to facilitate authentication of the user to sign in the account. | 07-28-2011 |
20110185407 | Authentication System - The invention relates to an authentication system for a user possessing a means ( | 07-28-2011 |
20110185408 | SECURITY BASED ON NETWORK ENVIRONMENT - A method comprises assessing a network environment in which an electronic device is present and implementing a security feature based on the assessment of the network environment. Assessing the network environment comprises identifying other network entities on a network to which the electronic device is coupled. | 07-28-2011 |
20110191834 | Maintaining the Domain Access of a Virtual Machine - A method for maintaining domain access of a virtual machine is described. According to one embodiment, a generation of a new computer account password by an operating system is identified. The new computer account password is copied to an auxiliary storage location. An existing computer account password is replaced with the new computer account password when it is determined that a file system of the computer has been restored to a previous state. The copying of the new computer account password may be performed in response to the generation of the new computer account password. The replacing of the existing computer account password may be performed in response to the restoring of file system to the previous state. | 08-04-2011 |
20110191835 | METHOD AND APPARATUS FOR IDENTITY REUSE FOR COMMUNICATIONS DEVICES - An apparatus and method for identity reuse operable in a communications system, the method comprising selecting an identity value for a device; registering the device onto a network with the selected identity value; determining if the registration of the device is successful; and establishing a communication session for the device and deregistering the selected identity value upon termination of the communication session if the registration is successful, or determining whether to try a different identity value if the registration is not successful. In one aspect, the apparatus and method further comprising waiting a predetermined time period before either re-registering with the selected identity value or registering with the different identity value. | 08-04-2011 |
20110191836 | Apparatus For Real-Time Management Of The Performance Of Security Components Of A Network System - An apparatus for real-time management of a plurality of security components (SCs) connected to a network. The apparatus comprises a network interface for communication with the plurality of SCs connected to the network; a permanent storage unit for storing at least logon information to each of the plurality of SCs; a security component management unit (SCMU) having a plurality of integration point components (IPCs) enabled to identify the plurality of SCs connected to the network; a temporal storage unit for storing at least data collected from the plurality of SCs in the form of information units, each of the information units has a predefined limited lifetime after which such information unit is voided, thereby rendering the apparatus stateless; and a processing unit for carrying out at least one process designated to perform a specific generic task irrespective of a physical manifestation of each of the plurality of SCs. | 08-04-2011 |
20110191837 | AUTHENTICATING A DEVICE AND A USER - A method of authenticating a device and a user comprises receiving a user input, generating a first key from the user input, performing a physical measurement of the device, obtaining helper data for the device, computing a second key from the physical measurement and the helper data, and performing an operation using the first and second keys. In a preferred embodiment, the method comprises performing a defined function on the first and second keys to obtain a third key. Additionally security can be provided by the step of receiving a user input comprising performing a biometric measurement of the user and the step of generating a first key from the user input comprises obtaining helper data for the user and computing the first key from the biometric measurement and the user helper data. | 08-04-2011 |
20110197268 | CAPTCHAS THAT INCLUDE OVERLAPPED CHARACTERS, PROJECTIONS ON VIRTUAL 3D SURFACES, AND/OR VIRTUAL 3D OBJECTS - Techniques are described herein for generating CAPTCHAs that include overlapped characters, projections on virtual three-dimensional (3D) surfaces, and/or virtual 3D objects. A CAPTCHA is a type of challenge-response test that a content provider may present to users for authorizing the users to access content that the content provider hosts. For example, when a user attempts to access content, a CAPTCHA may be generated in accordance with one or more of the techniques described herein and provided to the user. The user may be asked to identify characters that overlap in the CAPTCHA, characters that are projected on a virtual 3D surface, and/or a designated virtual 3D object, so that the user may be authorized to access the content. The user may enter the characters and/or select the designated virtual 3D object that is identified in the CAPTCHA using an input device, such as a keyboard, touch screen, pointing device, etc. | 08-11-2011 |
20110197269 | METHOD AND SYSTEM FOR SPLIT MEDIUM MAIL SOLUTION FOR CUSTOMER COMMUNICATIONS - The present teachings provide and method and system for a split medium mail for customer communications. The present application relates to techniques and equipment used to create a single page summary communication included in a mailpiece to be mailed to a customer. The single page summary contains information necessary to access a full version of the customer communication by way of secure web access. | 08-11-2011 |
20110202981 | CONTENT PRESENTATION-TYPE AUTHENTICATION SYSTEM - It is intended to achieve a user authentication system capable of forcibly presenting a content to a user. Provided is a content presentation-type authentication system designed to allow a client to perform a content presentation-type user authentication in which user authentication is performed in such a manner that a plurality of pattern elements arranged in a given pattern are presented as a presentation pattern to a user who intends to be authenticated, and a one-time password derivation rule is used as a password of the user and applied to certain ones of the pattern elements located at specific positions in the presentation pattern to create a one-time password, and a content is forcibly presented to the user in connection with the user authentication. The content presentation-type authentication system comprises an authentication-service providing server configured to manage respective user IDs and passwords of users, content data indicative of a detail of each of a plurality of contents, and respective content IDs of the plurality of contents, and provide content-added authentication information to each of the users, and a client having a content presentation-type user authentication program and a processor. | 08-18-2011 |
20110219437 | AUTHENTICATION INFORMATION CHANGE FACILITY - A system, method, and computer program product are provided to facilitate changing authentication information in an environment having two or more configuration items. Establishing a connection between the configuration items may require matching authentication information corresponding to the first configuration item with authentication information transmitted from the second configuration item. The system may include a repository storing at least one predetermined attribute corresponding to a configuration item, and a relation between the configuration item and another configuration item. The attribute and/or the relation may be updated by discovery that detects information regarding configuration items. In response to a request to change authentication information corresponding to the first configuration item, and based on the relation, an identification unit may identify a second configuration item influenced by the change. An instruction unit may initiate a change of authentication information transmitted from the second configuration item. | 09-08-2011 |
20110219438 | METHODS AND APPARATUS FOR SECURITY OVER FIBRE CHANNEL - Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented. | 09-08-2011 |
20110225634 | CAPTCHA (Completely Automated Public Test to Tell Computers and Humans Apart) Data Generation Methods and Related Data Management Systems and Computer Program Products Thereof - CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) data generation methods for use in a server and related management systems are provided. First, the server determines a first data set according to at least one first data corresponding to an operation to be performed, wherein the first data represents a sensitive data corresponding to the operation. Then, the server generates a group of CAPTCHA data corresponding to the first data set according to the first data. | 09-15-2011 |
20110225635 | NON-OBTRUSIVE SECURITY SYSTEM FOR DEVICES - A security system is provided including providing a device including: storing a security rule for operation of the device when an event occurs; and implementing the security rule upon the occurrence of the event to allow non-obtrusive user access to the device. | 09-15-2011 |
20110231910 | TECHNIQUES FOR VIRTUAL PRIVATE NETWORK (VPN) ACCESS - Techniques for virtual private network (VPN) access are provided. A dynamic determination, in response to privileges, is made as to whether a principal and a device of a principal are to receive a thin client virtual private network (VPN) installation for a thin client VPN session between the principal and a remote site or whether a clientless VPN session is appropriate. Dynamic switching between the clientless VPN session and thin client VPN session is permissible when the principal supplies the appropriate credentials for such a switch. | 09-22-2011 |
20110239283 | SECURITY TOKEN DESTINED FOR MULTIPLE OR GROUP OF SERVICE PROVIDERS - An authentication server generates a security token to be used by a client for accessing multiple service providers by obtaining a secret key for each specified service provider, generating a saltbase, generating a salt for each service providers using the saltbase, the secret key, and a hashing algorithm, generating a session key that includes the salt, assigning an order to each of the generated salts, and arranging the salts based on the orders, generating a presalt for each provider using the salt for each previous provider, generating a postsalt for each of the specified service providers using the salt for each following provider, generating a blob for each of the specified service providers using the saltbase, the respective presalt, and the respective postsalt, inserting the generated blobs for the specified service providers in the security token, and providing the generated security token to the client workstation. | 09-29-2011 |
20110239284 | ID BRIDGE SERVICE SYSTEM AND METHOD THEREOF - An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate. | 09-29-2011 |
20110247059 | Methods and Apparatus for Role-Based Shared Access Control to a Protected System Using Reusable User Identifiers - Methods and apparatus are provided for role-based shared access control to a protected system using reusable user identifiers while maintaining individual accountability. Role-based access control is provided for a protected system by receiving a request from an end user to access a given protected system; determining a role of the end user for the access to the given protected system; receiving a privileged reusable user identifier and password for the given protected system and role; and providing the privileged reusable user identifier and password to the given protected system on behalf of the end user. Role-based access control is also provided for a protected system by receiving a request to verify an end user requesting access to a given protected system; determining a role of the end user for the access to the given protected system; and providing a privileged reusable user identifier and password for the given protected system and role. A status of the privileged reusable user identifier and password can optionally be maintained. One or more events associated with the privileged reusable user identifier and password can be logged and investigated. | 10-06-2011 |
20110247060 | PORTABLE PASSWORD KEEPER WITH INTERNET STORAGE AND RESTORE - A system for portable storage of information with Internet storage and restore, including a portable memory device, the portable memory device being thumb-sized or smaller and readily attachable to computers, a server, at least one database in communication with the server including password information pertaining to each of a plurality of users, at least one user computer in communication with the server via the Internet, an interface providing each of the plurality of users with access to the server via the Internet, software executing on the server for receiving user-identifying data via the interface pertaining to a particular user, software executing on the server for retrieving password information associated with the particular user from the database, software executing on the server for transferring a copy of the retrieved encrypted password information from the database to the portable memory device via the user computer. | 10-06-2011 |
20110247061 | COMPUTATION TO GAIN ACCESS TO SERVICE - Access to some aspect of a service may be limited until a user has invested in performing some amount of computation. Legitimate users typically have excess cycles on their machines, which can be used to perform computation at little or no cost to the user. By contrast, computation is expensive for for-profit internet abusers (e.g., spammers). These abusers typically use all of their computing resources to run “bots” that carry out their schemes, so computation increases the abuser's cost by forcing him or her to acquire new computing resources or to rent computer time. Thus, the providers of free services (e.g., web mail services, blogging sites, etc.), can allow newly registered users to use some limited form of the service upon registration. However, in order to make more extensive use of the service, the user can be asked to prove his legitimacy by investing in some amount of computation. | 10-06-2011 |
20110247062 | ELECTRONIC TRANSACTION SECURITY SYSTEM - A system and method for generating a limited use login credential associated with an account maintained by an institution, where the credential facilitates secure access to the account. | 10-06-2011 |
20110247063 | Mutual Mobile Authentication Using a Key Management Center - A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity. | 10-06-2011 |
20110258686 | Alias Management and Value Transfer Claim Processing - An alias management and value transfer claim processing system is disclosed. A sending entity initiates value transfer identifying a recipient entity using an alias that is unregistered with the system. The value transfer is authorized, but not settled until the recipient entity registers with the system and claims the value transfer. The registered alias can be used for subsequent value transfers. | 10-20-2011 |
20110258687 | System and Method for Providing a Secure Connection between Networked Computers - Embodiments disclosed herein provide a system, method, and computer program product for establishing a secure network connection between a client and a server. The client may send a connection request over a public network to the server. The server may prepare a response containing a controller and session-specific credentials. The controller may be selected to configure a tunneling protocol on the client. After being downloaded to the client, the controller configures the tunneling protocol and establishes a secure network connection with the server without user intervention. The session-specific credentials are valid until the secure network connection between the client and the server is severed. | 10-20-2011 |
20110265157 | ONE STEP SECURITY SYSTEM IN A NETWORK STORAGE SYSTEM - This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud. | 10-27-2011 |
20110265158 | METHOD AND APPARATUS FOR ENABLING MACHINE TO MACHINE COMMUNICATION - A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed. | 10-27-2011 |
20110265159 | System and Methods for Online Authentication - A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server. | 10-27-2011 |
20110265160 | PASSWORD MANAGEMENT SYSTEMS AND METHODS - Password management systems include a plurality of child nodes and a mother node. Each child node includes a secure resource, a target account, and a password management service. The target account can be password-protected, and the secure resource can be accessible through the target account. The password management service can periodically update a password of the target account by requesting a new password from the mother node. In response to such requests, the mother node can generate new passwords and forward the new passwords to the appropriate child nodes. The mother node can store the new passwords in a database of current passwords. When an authorized user of the mother node requests a current password for a target account of a child node, the mother node can provide the requested current password to the authorized user. Other aspects, features, and embodiments are also claimed and described. | 10-27-2011 |
20110265161 | MODIFYING A USER ACCOUNT DURING AN AUTHENTICATION PROCESS - Techniques are described for repairing some types of user account problems that interfere with granting a user access to a computer system and doing so during a process to authenticate the user in a way that does not require the user to re-enter authentication information or require the user to restart a communication session with the computer system. In response to a determination that a user's account has a problem during an authentication process, techniques are provided to enable a user to execute an appropriate process or processes to fix the user account, after which the authentication process continues. In this way, the correction to the user account may appear to be seamless to the user. | 10-27-2011 |
20110271331 | Assignment and Distribution of Access Credentials to Mobile Communication Devices - A server storing a pool of unassigned access credentials selects an access credential from the pool, assigns it to an individual, identifies a mobile communication device associated with the individual, and pushes the access credential to the mobile communication device over a secure and authenticated channel such that the access credential is receivable by the mobile communication device. If the mobile communication device supports a proximity technology and is proximate to an access node that supports the proximity technology, the mobile communication device employs the proximity technology to present the access credential to the access node. | 11-03-2011 |
20110277021 | AUTHENTICATION SYSTEM - An authentication system by which character strings in squares are selected by a rule determined by a user out of a table in which character strings are assigned to obtain a one-time password. The user memorizes a rule of successively selecting three out of the positions of the squares in a table having five rows and five columns, for example. To each square ( | 11-10-2011 |
20110289566 | ENTITY REGISTRATION IN MULTIPLE DISPERSED STORAGE NETWORKS - A method begins by a processing module outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN. The method continues with the processing module receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID. The method continues with the processing module generating a global public-private key pair and a local public-private key pair and generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair. The method continues with the processing module generating a local CSR based on the local UUID and a private key of the local public-private key pair, sending the global and local CSRs to a certificate authority (CA), and receiving a signed global certificate and a signed local certificate. | 11-24-2011 |
20110289567 | SERVICE ACCESS CONTROL - A USB memory stick, or similar device, is provided having software installed thereon to enable a user to access restricted applications without a user device needing to handle user credential data. In use, the stick receives a request from the user device for access to an application, obtains first user identification information from the user device, uses the first user identification information and the application information to obtain user credentials from an identity management system, which user credentials are required by the application in order to grant the user access to the application, and provides the user credentials to the application without the user credentials needing to be provided to the user device. | 11-24-2011 |
20110289568 | ACCESS MANAGEMENT APPARATUS, COMMUNICATION TERMINAL, ACCESS MANAGEMENT METHOD ACCESS METHOD, ACCESS MANAGEMENT PROGAM, ACCESS PROGAM, AND RECORDING MEDIUM - An access management apparatus manages access to a local network via a wide area network and includes an access information acquiring unit that acquires access information that is used in accessing the local network; an authenticating unit that performs an authentication process for a portable storage device; and a recording unit that stores the access information acquired by the access information acquiring unit to a storage device authenticated by the authenticating unit. | 11-24-2011 |
20110289569 | METHOD AND SYSTEM FOR IMPLEMENTING AND MANAGING AN ENTERPRISE IDENTITY MANAGEMENT FOR DISTRIBUTED SECURITY - An Enterprise Identity Management system includes a registration component, an ownership component, and an audit component. The registration component is configured to associate a user ID with specific accounts that are accessible via a computer system. The ownership component is configured to verify the ownership of the accounts. The audit component is configured to perform periodic checks to ensure the validity of the association between the user ID and the ownership of the accounts. | 11-24-2011 |
20110296504 | MULTIPLE ACCESS AUTHENTICATION - Apparatus, systems, and methods may operate to receive, at a generating identity provider (IDP), original user credentials sufficient to authenticate a user directly from a user machine, or indirectly from an initial identity provider. Additional activities may include generating, by the generating IDP, generated user credentials having the lifetime of a login session associated with the user, the lifetime initiated approximately when the original user credentials or a token associated with the user are/is validated at the generating IDP. Still further activities may include receiving a request associated with the user during the login session to access an application protected by an agent, and transmitting at least part of the generated user credentials from the generating IDP to the application to authenticate the user to the generating IDP while the login session is not terminated or expired. Additional apparatus, systems, and methods are disclosed. | 12-01-2011 |
20110296505 | CLOUD-BASED PERSONAL TRAIT PROFILE DATA - A system and method is disclosed for sensing, storing and using personal trait profile data. Once sensed and stored, this personal trait profile data may be used for a variety of purposes. In one example, a user's personal trait profile data may be accessed and downloaded to different computing systems with which a user may interact so that the different systems may be instantly tuned to the user's personal traits and manner of interaction. In a further example, a user's personal trait profile data may also be used for authentication purposes. | 12-01-2011 |
20110296506 | METHODS AND APPARATUS FOR INTERACTIVE MULTIMEDIA COMMUNICATION - Embodiments of the invention provide a method and apparatus for establishing a synchronized interactive multimedia communication among a plurality of users. The method includes generating, at a first device, first information associated with a multimedia content selected by a first user. The first information is generated based on parameters. The method includes transmitting the first information to a second user. The first and second user is associated with a social computer network. Further, the method includes, at second devices, receiving the first information from the social network. The method includes processing the first information to establish a synchronized multimedia interactive communication between the second and the first user. The presentation of the multimedia content in the synchronized interactive multimedia communication is synchronized among the first device and the second device(s). The synchronized interactive multimedia communication is performed along with the presentation of the multimedia content. | 12-01-2011 |
20110302638 | Staged Control Release In Boot Process - Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages. | 12-08-2011 |
20110302639 | SERVER APPARATUS, AND CONTROL METHOD AND COMPUTER-READABLE STORAGE MEDIUM THEREFOR - A server apparatus capable of preventing unauthorized use of services by a third party through an electronic appliance that stores information used for user authentication by the server apparatus. The server apparatus receives, from an information processing apparatus, pieces of user identification information, pieces of appliance identification information, and pieces of use permission/prohibition information representing on a per service type basis whether uses of services are permitted or prohibited, and stores them so as to be associated with one another. When determining based on use permission/prohibition information, which is associated with a combination of user identification information and appliance identification information that are accepted from an electronic appliance, that use of a service represented by service type information accepted from the electronic appliance is permitted, the server apparatus transmits screen information for use of the service to the electronic appliance. | 12-08-2011 |
20110302640 | CYBER GENE IDENTIFICATION TECHNOLOGY BASED ON ENTITY FEATURES IN CYBER SPACE - A new identification (ID) technology comprising unified and standardized object identification within Cyber Space is disclosed based upon intrinsic properties of the entity to be identified. This Cyber Gene ID (or Cyber ID) technology extracts intrinsic information from either the physical users or their cyberspace counterparts, and such information is categorized into client parameters, dynamic parameters, static parameters, cloud parameters, connection parameters and user parameters. | 12-08-2011 |
20110307945 | Slave Device for a Bluetooth System and Related Authentication Method - An active slave device for a Bluetooth system comprises a non-volatile memory unit for storing a plurality of link keys corresponding to a master device capable of switching among a plurality of operating modes, wherein the plurality of link keys correspond to the plurality of operating modes and are generated by a key pairing performed between the active slave device and the master device; and a key fishing unit for searching whether any of the plurality of link keys conforms to a qualified link key that can enable the active slave device under the current operating mode of the master device. | 12-15-2011 |
20110314526 | SYSTEM AND METHOD FOR HANDLING PERSONAL IDENTIFICATION INFORMATION - A system, method, and client registration and verification device for handling personal identification information. The client device collects from an individual, a sufficient amount of biometric information to uniquely identify the individual, as well as historical mobility information providing a history of locations where the individual has lived. A caching manager stores the collected biometric information at a selected cache node in a hierarchical database having a plurality of cache nodes at multiple levels of the database. The caching manager selects the cache node based on the historical mobility information collected from the individual. The client device sends subsequent requests to verify the identity of the individual to a local cache node where newly input biometric information is compared with the cached information. When the individual's biometric information is not stored in the local cache node, the request is forwarded upward in the database until the cached information is found and compared. | 12-22-2011 |
20110314527 | INTERNET PROTOCOL-BASED FILTERING DEVICE AND METHOD, AND LEGITIMATE USER IDENTIFYING DEVICE AND METHOD - Provided are an Internet Protocol (IP)-based filtering device and method and a legitimate user identifying device and method. The IP-based filtering method includes receiving packets from terminals, determining whether the packets are transmitted based on legitimate user IPs, transmitting the packets to a web server when it is determined that the packets are transmitted based on the legitimate user IPs, and determining whether a capacity capable of processing the packets exists in the web server when it is determined that the received packets are not the packets transmitted based on the legitimate user IPs, and transmitting the packets to the web server when it is determined that the capacity exists in the web server, and blocking the packets when the capacity does not exist. | 12-22-2011 |
20110321143 | CONTENT PROTECTION USING AUTOMATICALLY SELECTABLE DISPLAY SURFACES - Embodiments of the invention are directed to systems and methods for protecting content by automatically identifying a display surface viewable only to authorized users and displaying protected content on the identified display surface. In one example embodiment, content is displayed on a first display surface in viewable range of a first user authorized to view the content. The entrance of a second user into viewable range of the first display surface is detected, and automatically determined to be unauthorized to view the content. A second display surface in viewable range of the first user but not viewable by the second user is automatically identified in response to detecting the entrance of the second, unauthorized user into viewable range of the first display surface. The display of the content is automatically moved from the first display surface to the second display surface to prevent the content from being viewed by the unauthorized user. | 12-29-2011 |
20110321144 | SYSTEMS AND METHODS OF AUTHENTICATION IN A DISCONNECTED ENVIRONMENT - A communication system and method are disclosed for establishing a secure communication channel including: a server for generating and storing a first instance of a unique personalized client application associated with a first-time user on the server, a client terminal for the user to communicate with the server over a communication channel and a standalone computing device having a second instance of the unique personalized application. The user authenticates the server based on a first dynamic identifier (DI- | 12-29-2011 |
20120005731 | HANDOVER METHOD OF MOBILE TERMINAL BETWEEN HETEROGENEOUS NETWORKS - A handover method of a mobile terminal between heterogeneous networks for facilitating the handover with pre-authentication procedure is provided. A handover method between heterogeneous networks includes receiving, at a mobile terminal connected to a source network, information on at least one target authenticator of a target network from a source authenticator in response to an attach request; creating an authentication key between the mobile terminal and the target authenticator selected among the at least one target authenticator through a pre-authentication process; determining, when the mobile terminal transmits a handover request to the selected target authenticator, whether the authentication key contained in the handover request matches with the authentication key stored in the selected target authenticator; and connecting, when the authentication keys match with each other, to the target network via the selected target authenticator. | 01-05-2012 |
20120005732 | PERSON AUTHENTICATION SYSTEM AND PERSON AUTHENTICATION METHOD - A person authentication system includes: an authentication server storing biometric data for matching related to an anonymous ID of a user; a biometric sensor acquiring biometric data of the user; and a terminal acquiring an anonymous ID stored in an electronic storage medium and transmitting the anonymous ID to the authentication server together with the biometric data acquired by the biometric sensor, wherein the authentication server transmits data needed for an access to personal data stored in the electronic storage medium to the terminal when there is a correspondence to a predetermined extent between the biometric data acquired by the biometric sensor and biometric data for matching related to the anonymous ID. | 01-05-2012 |
20120005733 | VERIFICATION ENGINE FOR USER AUTHENTICATION - Computer-implemented system and methods for authenticating the identity of a person, for example a customer ( | 01-05-2012 |
20120005734 | USER AUTHENTICATION METHOD AND USER AUTHENTICATION SYSTEM - A system for registering a password derivation pattern for deriving a password to be used in user verification includes a terminal device and a server. The terminal device is configured to display a presentation pattern, the presentation pattern including a plurality of elements, each of the plurality elements being assigned with predetermined characters, so as to cause the user to input a character assigned to a specific element with respect to the presentation pattern. The server is connected with the terminal device via a communication channel. The server is configured to repeat the process of displaying a new presentation pattern until the password derivation pattern is specified based on the character inputted by the user. The server is configured to store the specified password derivation pattern. | 01-05-2012 |
20120023558 | SYSTEMS AND METHODS FOR AN EXTENSIBLE AUTHENTICATION FRAMEWORK - The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials. The flexible, configurable and extendable authentication framework supports a wide variety of authentication scheme and supports third party, proprietary and customized authentication schemes. | 01-26-2012 |
20120023559 | TELECOMMUNICATION METHOD, COMPUTER PROGRAM PRODUCT AND COMPUTER SYSTEM - The invention relates to a telecommunication method having the following steps:
| 01-26-2012 |
20120023560 | INFORMATION PROCESSING APPARATUS - An information processing apparatus includes: a memory that stores, for each of a plurality of items that can be described in extensions included in a certificate signing request, item names and item contents with associating each of the item names with a respective one of the item contents; an acquiring unit that acquires specific information; a preparation unit that makes out a specific certificate signing request including specific extensions in which a specific item name and a specific item content are described, according to a condition for making out specific extensions which is determined in response to a user's instruction, by acquiring the specific item name and the specific item content from the memory and using the acquired specific information, specific item name and specific item content; and an output unit that outputs the specific certificate signing request to an outside. | 01-26-2012 |
20120023561 | ID AUTHENTICATION SYSTEM, ID AUTHENTICATION METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING ID AUTHENTICATION PROGRAM - To prevent specification and tracking of a terminal across a plurality of service providers when a user uses a plurality of services. An ID authentication system according to the present invention is an ID authentication system including a terminal apparatus, a service providing apparatus, and an authentication server. A terminal apparatus | 01-26-2012 |
20120030738 | DIGITAL MEDIA CONTROLLER AND METHOD FOR SHARING MEDIA DATA BETWEEN NETWORKS USING THE DIGITAL MEDIA CONTROLLER - Digital media controller and a method for sharing media data include setting an account and a password. The method further includes when the second DMC sending input account and input password and logging on legally, searching and storing first shared media data in a first DMS into the shared folder and informing the second DMC to obtain a list of the first shared media data from the shared folder. The method further includes sending the first shared media data using a stream packet to the second DLNA network, in response that the first DLNA network receiving a request of accessing the first shared media data in the shared folder from the second DLNA network through a VPN. | 02-02-2012 |
20120030739 | METHOD AND APPARATUS FOR SECURITY OF MEDIUM INDEPENDENT HANDOVER MESSAGE TRANSMISSION - A method and an apparatus for securing media independent handover message transportation are provided. The method for securing media independent handover message transportation, include: performing an authentication procedure by a terminal with an access router to generate a master session key; transmitting the generated master session key and address information of the terminal to an information server by the access router; generating an information server key to be used in transmitting and receiving a message by the information server with the terminal using the received master session key and the address information of the terminal; and forming a secure channel by the terminal and the information server using the generated information server key. Since a key formed at a layer 2 is used in an MIH authentication step being a layer 3 not to repeatedly create a secure key, a security procedure may be rapidly performed. | 02-02-2012 |
20120030740 | AUTHENTICATION OF DEVICES OF A DISPERSED STORAGE NETWORK - A method begins by a first processing module generating a dispersed storage network (DSN) authentication request frame that includes authenticating data and an authenticating code, wherein the authenticating code references a valid authenticating process. The method continues with the first processing module transmitting the DSN authentication request frame to a second processing module. The method continues with the second processing module determining whether the second processing module includes the valid authentication process referenced by the authentication code. When the second processing module includes the valid authentication process, processing, by the second processing module, the authenticating data in accordance with the valid authentication process to produce processed authenticating data. The method continues with the second processing module generating a DSN authentication response frame that includes the processed authenticating data and transmitting the DSN authentication response frame to the first processing module. | 02-02-2012 |
20120030741 | METHOD FOR TERMINAL CONFIGURATION AND MANAGEMENT AND TERMINAL DEVICE - A method for terminal configuration and management includes: acquiring a configuration file, where the configuration file includes server account information; configuring the server account information in the acquired configuration file onto a Device Management Tree (DMT) of a terminal; based on the server account information, establishing a management session between the terminal and the server, and performing management and subsequent configuration on the terminal during the session. A corresponding terminal device and a corresponding system are also provided. Through the method, the terminal can determine, according to protocol version information supported by or corresponding to the corresponding server and carried in a configuration packet, a protocol that should be used for communication with a server, and perform configuration according to the correct protocol version, thus improving the operation efficiency. | 02-02-2012 |
20120030742 | METHODS AND APPARATUS FOR PROVIDING APPLICATION CREDENTIALS - Methods and apparatus for providing an application credential for an application running on a device. In one embodiment, a method provides an application credential to an application running on a device, wherein the application credential is used by the application to authenticate to a data server. The method comprises receiving a request to generate the application credential, wherein the request includes an application identifier. The method also comprises generating the application credential using the application identifier and a master credential associated with the device. | 02-02-2012 |
20120042364 | PASSWORD PROTECTION TECHNIQUES USING FALSE PASSWORDS - A password manager may receive a password, and a false password generator may generate at least one false password, based on the password. A false password selector may store the at least one false password together with the password. A password handler may receive a login attempt that includes the at least one false password, and an attack detector may determine that the login attempt is potentially unauthorized, based on the receipt of the at least one false password. | 02-16-2012 |
20120047563 | AUTHENTICATION - An arrangement for authenticating a transaction between a user's mobile device and an entity such as a corporate server is disclosed. The user's universal integrated circuit card (UICC) is adapted to generate a time-dependent authentication code which is dependent on a time value and which is usable to authenticate the transaction only during a predetermined period. A time verification processor verifies a time value to ensure that the time-dependent authentication code was generated based on the correct time value. The time value is based on the UTC time obtained from UTC clock. The verified time is used to generate a “one-time” password (authentication code) by the authentication code calculator of the UICC. This is used to authenticate a transaction with the corporate network. | 02-23-2012 |
20120047564 | SECURITY SYSTEM AND METHOD - A method of operating a security system includes accessing a database and obtaining a user PIN. A normal keypad is defined in which a plurality of alphanumeric characters are displayed in defined normal positions. A scrambled keypad is also defined including the PIN so that at least some of a plurality of alphanumeric characters are displayed on the scrambled keypad in positions which are different to the positions in which they would be displayed in the defined normal keypad. In addition, for each of the alphanumeric characters of the PIN the alphanumeric character which is normally displayed in the normal keypad in the position in which the alphanumeric characters of the PIN are displayed in the scrambled keypad is determined thereby to arrive at a scrambled PIN Data defining the scrambled keypad is then transmitted to a user over a first communications network. | 02-23-2012 |
20120060208 | METHOD AND APPARATUS FOR CONNECTING TO ONLINE SERVICE - A method of connecting to an online service where a terminal transmits information regarding a selected online service and first authentication information to an external device, receives second authentication information detected based on the transmitted information, from the external device, and is then logged into the selected online service based on the received second authentication information. | 03-08-2012 |
20120066748 | METHOD AND APPARATUS FOR AUTHENTICATING ACCESS BY A SERVICE - An approach is presented for authenticating access by a service. The server receives a request, from a service, for the server, wherein the request includes, at least in part, a service-specific secret or a derivation of the service-specific secret. Further, the server determines to generate a server-computed secret. Then, the server determines to authenticate the request based, at least in part, on a comparison of the service-specific secret or the derivation of the service-specific secret against the server-computed secret or a derivation of the server-computed secret. | 03-15-2012 |
20120066749 | METHOD AND COMPUTER PROGRAM FOR GENERATION AND VERIFICATION OF OTP BETWEEN SERVER AND MOBILE DEVICE USING MULTIPLE CHANNELS - A method and computer program for generation and multi channel verification of OTP (One Time Password) between two parties consisting of a service provider and a user, wherein said user has access to at least two communication channels, and wherein said user is logging into said service provider with a user ID via one communication channel and the service provider has the ability to communicate with an authentication server which again has the ability to communicate with said user via at least one other communication channel than the service provider. | 03-15-2012 |
20120072975 | Circumstantial Authentication - An authentication system is provided. The authentication system comprises a first component configured to obtain information specific to an individual, a second component configured to dynamically formulate at least one challenge question based on the information, a third component configured to cause the at least one challenge question to be presented on a device when the device is used to perform an act that involves authentication, and a fourth component configured to judge authenticity based on an answer to the at least one challenge question. | 03-22-2012 |
20120072976 | Dynamic Account Creation With Secured Hotspot Network - A secure network access point transmits a beacon transmission. A user device receiving it determines it does not have credentials necessary to attach with the secure network access point oint, and so a preliminary association is formed between the user device and the secure network access point. During the preliminary association, the user device receives or creates credentials necessary to associate with the secure network access point, forms an association with the secure network access point using the received or created credentials, and obtains internet connectivity via the secure network access point. In this embodiment there is only the secure network access point, but in another embodiment there is also a non-secure network access point which transmits a beacon using the same SSID as the secure network access point, and the preliminary association is with the non-secure network access point. | 03-22-2012 |
20120072977 | Method and Apparatus for Securely Synchronizing Password Systems - A centralized password repository (CPR) provides network users with a password portal through which the user can manage password access to domains and applications on the network. A subset of the domains and applications on the network may be required, by design, to maintain a separate password infrastructure. For these systems, the CPR establishes a secure and authenticated communication channel and software on the system interfaces with the password infrastructure to synchronize the password in the system password infrastructure with the password in the CPR. For other systems not required to maintain a separate password infrastructure, the CPR performs password services by responding to requests from those systems seeking to validate user IDs and passwords. The CPR enables an administrator to modify network privileges and enables a user to alter passwords on the network through a single interface. | 03-22-2012 |
20120079571 | AUTOMATED ENCRYPTION AND PASSWORD PROTECTION FOR DOWNLOADING DOCUMENTS - A method receives a user login from a user. The method grants, to the user, access to a user account of the user maintained by a computerized document management system based on the user login. The computerized document management system is accessible to a plurality of users. The method receives a request from the user to provide a requested document and the method determines whether the requested document should be password protected. If the requested document should be password protected, the method generates a unique password for the requested document. The unique password is unique to the user and is based upon information contained within the user account by the computerized document management system. Again, if the requested document should be password protected, the method adds the unique password to the requested document to generate a password-protected document and sends the password-protected document to the first user. | 03-29-2012 |
20120079572 | SYSTEM AND METHOD FOR MANAGING USER TOKEN IN CLIENT DEVICE ON NETWORK - A user token management system in a client device on a network comprises an obtaining module, a web controller and a processing module. The obtaining module obtains a user token from a database in response to a retrieving request for retrieving authorization of a web service provider on the network. The web controller transmits an authenticating request for authenticating the user token to the web service provider and receives an authentication result authenticating the user token. The processing module deletes the user token from the database when that user token is not authenticated by the web service provider. | 03-29-2012 |
20120079573 | INFORMATION PROCESSING DEVICE, PASSWORD DIAGNOSING METHOD AND COMPUTER-READABLE MEDIUM - A user terminal includes a diagnosing unit | 03-29-2012 |
20120079574 | Predictive Mechanism for Multi-Party Strengthening of Authentication Credentials with Non-Real Time Synchronization - A mechanism for strengthening authentication credentials for accessing any number of applications across multiple access interfaces and across multiple remote access sites is disclosed. The applications can be accessed by a set of authorized users by using multiple instances of a predictive scheme for generating and synchronizing the authentication credentials and by leveraging pre-existing infrastructure associated with the applications. | 03-29-2012 |
20120084844 | FEDERATION CREDENTIAL RESET - Techniques for federated credential reset are presented. A principal requests a credential reset with a first service. The first service provides a link to a third party service previously selected by the principal. The principal separately authenticates to the third party service and cause the third party service to send a federated token to the first service. When the federated token is received by the first service, the first service permits the principal to reset an original credential to a new credential for purposes of accessing the first service. | 04-05-2012 |
20120084845 | FIXED CLIENT IDENTIFICATION SYSTEM FOR POSITIVE IDENTIFICATION OF CLIENT TO SERVER - A tamperproof ClientID system to uniquely identify a client machine is invoked upon connection of a client application to a backend. Upon initial connection, the backend issues a unique ClientID containing a checksum. The client application prepares at least two different scrambled versions of the ClientID and stores them in respective predetermined locations on the client machine. Upon subsequent connection to the backend, the client application retrieves and unscrambles the values at the two locations, verifies the checksums and compares the values. If the checksums are both correct and the values match, the ClientID value is sent to the backend, otherwise the client application sends an error code. | 04-05-2012 |
20120084846 | IMAGE-BASED KEY EXCHANGE - This disclosure is directed for improved techniques for configuring a device to generate a secondary password based at least in part on a secure authentication key. The techniques of this disclosure may, in some examples, provide for capturing, by a computing device, an image of a display of another computing device. The captured image includes at least one encoded graphical image, such as a barcode, that includes an indication of the content of a secure authentication key. The computing device may use the secure authentication key to generate a secondary password to be used in conjunction with a primary password to gain access to a password-protected web service. | 04-05-2012 |
20120096525 | Supporting Compliance in a Cloud Environment - Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information. | 04-19-2012 |
20120096526 | FLEXIBLE MODULES FOR VIDEO AUTHENTICATION AND SHARING - A method for managing video authentication and sharing includes storing a playlist of video clips in a storage device, allowing a manager to define a degree of privacy for the playlist by the computer system, defining roles for a plurality of users in relation to the video clips, creating user tokens for the plurality of users according to the respective roles of the users, receiving a user token over a computer network, authenticating the user token and the role of a user associated with the user token, deciding on whether the user has the right to access the playlist of video clips based on the role of the user and the degree of privacy defined for the playlist, and if it is determined that the user has the right to access the playlist, allowing the user to access the playlist of video clips over the computer network. | 04-19-2012 |
20120102553 | Mixed-Mode Authentication - Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources. | 04-26-2012 |
20120102554 | METHODS AND SYSTEMS FOR ESTABLISHING SECURE AUTHENTICATED BIDIRECTIONAL SERVER COMMUNICATION USING AUTOMATED CREDENTIAL RESERVATION - A method of authenticating communications includes receiving, by a computer, a first set of credentials, verifying the first set of credentials by comparing the first set of credentials to a plurality of sets of credentials stored in a database, subsequent to verifying the first set of credentials, deriving a second set of credentials, and transmitting notification of the second set of credentials to a remote computer. | 04-26-2012 |
20120102555 | System and Method of Enabling Access to Remote Information Handling Systems - A system and method of enabling access to remote information handling systems is disclosed. In one form, a method of enabling an initialization of an information handling system is disclosed. The method can include receiving a request to initialize a remote information handling system, and determining an access information operable to enable an initialization sequence of the remote information handling system. The access information can be configured to enable an initialization of the remote information handling system. The method can also include communicating the access information via a network to the remote information system. | 04-26-2012 |
20120124653 | Certificate Based Access Control in Open Mobile Alliance Device Management - A wireless communication device provides a method of certificate-based access control. Particularly, the device establishes a secure communications session with a device management server. Rather than use access control lists to control access to the functions and services on the device, however, the device uses the certificate that was employed to establish the secure session to control access. | 05-17-2012 |
20120131652 | HARDWARE-BASED CREDENTIAL DISTRIBUTION - This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile. | 05-24-2012 |
20120131653 | SYSTEM, DEVICES AND METHOD FOR SECURE AUTHENTICATION - A system, devices and method for authenticating a user requesting access, through a computing device connected to a network, to an on-line resource hosted by a server in communication with the network. The system, devices and method employing an authentication server and a mobile communications device in communication over a wireless network. The authentication server forwarding an authentication to the mobile communications device. Optionally, the authentication server also returning security information related to the authentication in response to the request. The mobile communications device operative to receive and process the authentication, and forward the processed authentication to the computing device over a short-range communications link. | 05-24-2012 |
20120131654 | PROPAGATING SECURITY IDENTITY INFORMATION TO COMPONENTS OF A COMPOSITE APPLICATION - Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined. The composite application may then continue to be executed for the entity. | 05-24-2012 |
20120131655 | User Authentication Device and Method - An authentication device ( | 05-24-2012 |
20120131656 | Secure Information Storage and Delivery System and Method - A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is configured to receive at least one data entry. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device. A synchronization utility determines whether the at least one data entry on the secure vault is transferable to or storable on the mobile vault. and transfers the data entry from the secure vault to a corresponding data entry on the mobile vault if the at least one data entry on the secure vault is determined to be transferable to or storable on the mobile vault. | 05-24-2012 |
20120131657 | Apparatus and Method for Authenticated Multi-User Personal Information Database - A method of assuring integrity of a personal information in a data base, containing personal information provided by multiple users, uses in various embodiments physiological identifiers associated with each of the users. Related systems are also provided. A user may be notified if a merchant verification request to the data base has produced a non-match event. | 05-24-2012 |
20120137350 | SECURITY SYSTEM AND METHOD USING AUTOMATIC METER READING PROTOCOL - The present invention relates to a security system using an automatic meter reading protocol. The security system includes a Device Language Message Specification (DLMS) transmission unit for transmitting security DLMS data that includes security key update information and a first authentication value, and a DLMS reception unit for receiving the security DLMS data, searching the security key update information in the security DLMS data, and generating an updated security key using a second authentication value according to the security key update information. The security system can solve various problems occurring due to the operation of a separate security protocol, and can be easily implemented and managed. | 05-31-2012 |
20120137351 | SECURE LAUNCHING OF BROWSER FROM PRIVILEGED PROCESS - Methods and apparatus include securely launching a web browser from a privileged process of a workstation to minimize enterprise vulnerabilities. The workstation includes a restricted-capability web browser pointed toward a web server. An executable file is wrapped about the browser and imposes restrictions, such as preventing the writing to a registry or installing ActiveX controls. It also has functionality to prevent users from linking to web locations in other than an https protocol or following links beyond an original host. Upon indication of a forgotten password/credential, the restricted-capability web is launched browser toward a web server. Upon authentication of identity, the user changes their password/credential for later logging-on to the workstation, but in a capacity without the limited functionality or the imposed browser restrictions. | 05-31-2012 |
20120144462 | SYSTEM, APPARATUS AND METHODS FOR HIGHLY SCALABLE CONTINUOUS ROAMING WITHIN A WIRELESS NETWORK - In one embodiment, an apparatus includes a first access point within a wireless network. The first access point is configured to identify a communication device within a radio frequency (RF) range of the first access point. The first access point is also configured to request a session key associated with the communication device from a first network controller associated with the first access point in response to the communication device being identified. The first access point is further configured to receive the session key associated with the communication device from a second network controller associated with a second access point having an RF range partially overlapping the RF range of the first access point. | 06-07-2012 |
20120144463 | SYSTEM AND METHOD FOR EXTENDING SECURE AUTHENTICATION USING UNIQUE SESSION KEYS DERIVED FROM ENTROPY - In some aspects of the present disclosure a device is disclosed that includes a processor; a storage unit; a user interface; a transceiver; a device identifying unit arranged to store device identifying data; a memory unit arranged to store machine-executable instructions that when executed by the processor causes a password to be generated, based on the device identifying data, that is arranged to allow the device to access a public wireless local area network (PWLAN). | 06-07-2012 |
20120144464 | METHOD AND SYSTEM FOR IMPROVED SECURITY - An improved authentication method and system is provided where a user securely accesses a variety of target servers for online email, online banking, credit card purchases, ecommerce, brokerage services, corporate databases, and online content (movies, music and software). The method involves a bridge server performing authentication tasks that allow a user to access a server or a group of servers with multiple security levels. The method eliminates the need for the user to remember multiple usernames/passwords for each target server. The method also allows one bridge server and one set of security devices to be used to authenticate the user for multiple servers, thereby reducing security costs and increasing user convenience. A location-based password-ID generating device is also described for secure location-based access. | 06-07-2012 |
20120144465 | DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs. | 06-07-2012 |
20120144466 | MANAGING PASSWORDS USED WHEN DETECTING INFORMATION ON CONFIGURATION ITEMS DISPOSED ON A NETWORK - Disclosed embodiments include a method for receiving, at a configuration information server, an encrypted password associated with a configuration item, where the encrypted password is encrypted using an encryption key. The method further includes encrypting a decrypted password to generate a reencrypted password, where the decrypted password is derived from the encrypted password. The method further includes transmitting the reenrypted password to the configuration item and removing the decrypted password from the configuration information collection server. | 06-07-2012 |
20120151563 | AUTOMATED MANAGEMENT OF SYSTEM CREDENTIALS - One disclosed aspect of the present invention includes authentication and user account automation within a compute cluster for each cluster node that requires password or other credential administration. For example, a storage appliance computing system may rely on a plurality of subsystems (such as databases, storage management software, and application servers) that each have internal user accounts with associated passwords and credential keys that need to be changed at frequent intervals. Rather than requiring an administrator to manually manage all of these accounts, the presently described invention includes techniques and an authentication manager component to automatically manage, update, and refresh authentication information as required. Further, the authentication manager component may be used to perform and propagate automatic credential changes such as new sets of SSH keys or updated passwords as required within a computing system, and respond to new nodes or out-of-sync credentialing scenarios. | 06-14-2012 |
20120159586 | METHOD AND APPARATUS FOR IMPLEMENTING SECURITY MEASURES ON NETWORK DEVICES - A method for providing security measures on a network device, such as a router, is disclosed. In one embodiment, a method includes receiving a request for a network resource. The method further includes determining a classification of the request, and generating, based on the determined classification of the request, a security measure corresponding to the determined classification of the request for authentication of the request. The method also includes permitting access to the network resource when a correct response is received to the security measure corresponding to the determined classification of the request. | 06-21-2012 |
20120159587 | METHOD AND SYSTEM FOR PRE-SHARED-KEY-BASED NETWORK SECURITY ACCESS CONTROL - A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester(REQ) and Authentication Access Controller(AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network. | 06-21-2012 |
20120159588 | DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs. | 06-21-2012 |
20120159589 | DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs. | 06-21-2012 |
20120167186 | METHOD FOR PRODUCING A SOFT TOKEN - The invention relates to a method for reading the at least one attribute stored in an ID token ( | 06-28-2012 |
20120174198 | Shared Registration Multi-Factor Authentication Tokens - A system and method for more efficiently establishing a chain of trust from a registrant to a registry. A registrant credential is associated with a Shared Registration command and is sent by a registrar to a registry. Upon successful validation, a token is generated and bound to a registrant identifier. The token is included along with the registrant identifier in subsequent discrete Shared Registration commands submitted to the registry on behalf of the registrant. The registrant thus needs to submit its credential only once for changes that require several discrete commands. Also, it is more efficient for the Shared Registration System to validate a token for a set of commands than to validate different registrant credential for each discrete command. | 07-05-2012 |
20120174199 | PAIRING OF BASE AND DETACHABLE DEVICE - An apparatus and method for pairing a base and a detachable device. A query module queries a detachable device in response to the detachable device connecting to a base. The detachable device provides a display for the base if the detachable device and base are connected. A determination module determines if the detachable device is paired with the base. A credential module obtains a pairing credential for a pairing in response to the determination module determining that the detachable device is unpaired with the base. | 07-05-2012 |
20120174200 | DIGITAL IDENTITY MANAGEMENT - One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer. | 07-05-2012 |
20120174201 | System and Method for Managing Feature Enablement in an Information Handling System - A system to manage a key license includes an information handling system having non-volatile memory accessible to a processor. The non-volatile memory stores feature enablement information related to a feature that the information handling system is adapted to provide. The non-volatile memory stores instructions that are accessible to the processor and executable by the processor to send the feature enablement information to an external system after the information handling system is deployed, and to request the feature enablement information, or other feature enablement information, from the external system in response to receiving a request for the information handling system to provide the feature. | 07-05-2012 |
20120174202 | METHODS AND SYSTEMS FOR PROVIDING DATA OBJECTS ON A TOKEN - A computer system, method and/or computer-readable medium provide independent data objects to a token in compressed form. The independent data objects are representative of security information associated with the token. The system includes an interface operable to communicate with a token, and a processor cooperatively operable with the interface. The processor is configured to determine a set of independent data objects that are associated with the token, and to aggregate the set of independent data objects associated with the token into a group. Also, the processor is configured for compressing the group into a unit of contiguous data, and writing the unit of contiguous data to the token via the interface. | 07-05-2012 |
20120185924 | RECORD CREATION FOR RESOLUTION OF APPLICATION IDENTIFIER TO CONNECTIVITY IDENTIFIER - A method of creating a DNS record in a DNS is provided. The method includes receiving one of an allocation record or information for obtaining the allocation record from a wireless device. The allocation record includes an expression. In addition, the method includes creating a DNS record for the expression. Furthermore, the method includes associating the DNS record with a credential. | 07-19-2012 |
20120192255 | METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT - To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret. | 07-26-2012 |
20120198527 | IP Multimedia Security - A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. | 08-02-2012 |
20120198528 | METHODS AND SYSTEMS TO DETECT ATTACKS ON INTERNET TRANSACTIONS - A method and system are disclosed for detecting interference with a remote visual interface, such as a HTML webpage, at a client computer, particularly to determine if a malicious attack such as at HTML attack has occurred. When the web server receives a request for a page, a script is embedded in the page, and as a consequence the client computer requests at least one session key and at least one one time password from an enterprise server. The client computer also performs a check of the HTML interface present on the client computer, which an attack of this type would change. The result of the interface check, encrypted with the session key and one time password, is sent to the enterprise server, so that a comparison with the expected value for the website can be performed. | 08-02-2012 |
20120198529 | BLACKLISTING OF FREQUENTLY USED GESTURE PASSWORDS - A method of maintaining a blacklist for gesture-based passwords is provided. A data store of index values corresponding to gestures is maintained on a blacklist server. Upon receiving a new gesture based password, an electronic device converts the password to an index value and forwards that index value to the blacklist server. The blacklist server increases an occurrence of the received index value by one in a data store and if the increase results in a blacklist threshold being exceeded, the index value is inputted to the blacklist. A notification can be sent back to the electronic device if the forwarded index value is on the blacklist or is inputted to the blacklist. | 08-02-2012 |
20120198530 | REAL TIME PASSWORD GENERATION APPARATUS AND METHOD - A method and apparatus for generating a password in real time by creating at least one password map during creation of an account associated with a user, and generating and providing a random password hint sequence grid to the user in real time, authenticating the user for accessing the account using a password created by the user, where the password is created by the user using the random password hint sequence grid and the at least one password map. | 08-02-2012 |
20120204245 | SECURE AUTHENTICATION USING ONE-TIME PASSWORDS - Embodiments of the invention facilitate the use of a contactless memory token to automate log-on procedures to a remote access server using dynamic one-time passwords (OTPs). A series of workflow steps establishes the identity of the user and charges a token with a number of dynamic OTPs that can be subsequently verified using, for example, a Radius server sitting behind a VPN or SSL/VPN server. | 08-09-2012 |
20120210403 | Mobile communications device-operated electronic access system - A mobile communications device is disclosed for use in an electronic access system for communicating with a central server for processing at least access authorization for an application running on the server. In at least one embodiment, an optical identification signal in the form of a barcode or a photographic recording of the user is captured on the mobile communications device in the form of an identification code and sent together with the mobile number to the server for further processing. The access authorization of the user for the respective application can therefore be verified on the central server. At least one embodiment relates in particular to medical and healthcare-related applications. | 08-16-2012 |
20120210404 | Seamless Wi-Fi Subscription Remediation - The exemplary embodiments include a method to perform, based on at least one of hypertext transport protocol and non-hypertext transport protocol traffic tests failing, sending an hypertext transport protocol message to a subscription remediation server URI that carries a package1 message, receiving an hypertext transport protocol response from the subscription mediation server with a package2 message, and automatically replacing a password with a new value, automatically initiating creation of a new client certificate, or launching a browser to a URI provided in the response to enable user intervention. In addition, to receive an access request from a device, determining whether credentials are valid, and if the credentials are determined valid, sending an access-accept message with a success indication, and if the credentials are determined not valid, sending an access-accept message with a success indication and an indication that access by the device is limited to only a subscription remediation server. | 08-16-2012 |
20120210405 | SYSTEM AND METHODS FOR UNIVERSAL PASSWORD CONTROL - A system and method is described for controlling the password(s) of one or more programs through a universal program. The universal control program allows access to one or more other programs and allows editing of the passwords of the other programs directly through the universal access program. | 08-16-2012 |
20120210406 | FORMING CREDENTIALS - Techniques are disclosed for issuing inoperative credentials, and making the inoperative credential operative at a subsequent point in time. For example, a method of forming a credential comprises the step of forming, at a first point in time, an inoperative credential. The inoperative credential is adapted to become operative, at a second point in time, to form an operative credential. The second point in time occurs after the first point in time. | 08-16-2012 |
20120210407 | ENABLING AUTHENTICATION OF OpenID USER WHEN REQUESTED IDENTITY PROVIDER IS UNAVAILABLE - A method and computer program product for enabling authentication of an OpenID user when a requested identity provider is unavailable. A relying party receives a login request from the OpenID user, where the login request includes a username. The relying party reads a list of trusted identity providers that are associated with the received username and selects one of those identity providers. The relying party generating an OpenID identifier using an identification (e.g., Uniform Resource Locator) of the selected identity provider and the username. The relying party transmits an authentication request (request to authenticate the OpenID user) to the selected identity provider using the formed OpenID identifier. If the selected identity provider is unavailable, then the relying party selects another identity provider from the list of identity providers that are associated with the received username and repeats the above process. | 08-16-2012 |
20120210408 | VERIFICATION METHOD AND SYSTEM THEREOF - The invention discloses an authenticating method and a system thereof, which relates to information security field and solves the problem that the user information is not safe in transaction process. The embodiment of the invention comprises that the server side receives user data information and a first dynamic password sent from the user side; the server side generates the first authenticating dynamic password according to the user data information; server side verifies the first dynamic password according to the first authenticating dynamic password and generates the second authenticating dynamic password after successful verification; the server side sends the second authenticating dynamic or the first password to the user side; the server side executes the transaction data in the user data information or permits the user to log on after using a third authenticating dynamic password generated by the server side to verify the user data information or the third dynamic password sent from the user side successfully. The invention enhances the safety of transaction for the user and prevents the user from loss caused by logging on phishing website by the user. | 08-16-2012 |
20120216263 | Authentication in Communication Systems - A user of a first packet-based communication network is authorised to access a second packet-based communication network. In at least some embodiments, an authorisation request is received from a user terminal of the user at a first network element of the first packet-based communication network, the authorisation request comprising a first user identity. Responsive to the authorisation request, a request is transmitted to create a second user identity from the first network element to a second network element of the second packet-based communication network. The second network element creates the second user identity for use in the second packet-based communication network, the second user identity being derivable from the first user identity according to a predetermined rule. The second user identity in the second packet-based communication network is stored for use with subsequent communication events over the second packet-based communication network. | 08-23-2012 |
20120216264 | GENERALIZED CREDENTIAL AND PROTOCOL MANAGEMENT OF INFRASTRUCTURE - A workflow request having a set of device specific operations and credentials is obtained. The workflow request is parsed to locate at least one of the set of device specific operations and credentials. The located device specific operations and credentials are replaced with at least one logical device operation and logical credentials to create a generalized credential and protocol workflow. | 08-23-2012 |
20120222099 | MULTIFACTOR AUTHENTICATION SERVICE - A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy. | 08-30-2012 |
20120233674 | SECURITY FOR REMOTE ACCESS VPN - Techniques are disclosed for improving security in virtual private network. In one embodiment, key information is generated for a virtual private network (VPN) connection between a first device and a second device. A plurality of shares is then generated based on the key information. A first set of one or more shares is stored on a dongle that is paired to the first device. A second set of one or more shares is stored on the first device. In response to a request to resume the VPN connection, the first set of shares is retrieved from the dongle. The key information is reconstructed based on the first set of shares and the second set of shares. The reconstructed key information may then be used to resume the VPN connection. | 09-13-2012 |
20120233675 | AUTHENTICATION WITH MASSIVELY PRE-GENERATED ONE-TIME PASSWORDS - Embodiments of the invention provide systems and methods for the storage of One-Time Passwords (OTPs) on a device (principal) that needs to authenticate from time to time. It utilizes recent availability of data storage capacity not previously exploited in this arena. Also disclosed is the means to initialize and modify the system (all principals) in a secure manner, and the means to store the OTP production means on a device in a secure manner, even if the device has no built-in protected storage. | 09-13-2012 |
20120240206 | Configuration of a Data Collection Agent and Its Distribution System - A wireless device user controls participation in a study panel. The device contains a data collection agent installed by the user, the manufacturer, or a distributor. The user enlists in a study panel. The essential steps include: a user obtains a panel identification identity and provides it to a data collection agent; the data collection agent receives the panel identification identity and uses it to initiate the transfer of a data collection profile. Upon receiving the data collection profile, the data collection agent on the wireless device is configured to participate in a specific study. The agent is controlled by the profile to record metrics and user selections, transform the data into a package, and transmit the package to a destination package reception server determined in the profile. | 09-20-2012 |
20120254957 | User impersonation/delegation in a token-based authentication system - A “trusted service” establishes a trust relationship with an identity provider and interacts with the identity provider over a trusted connection. The trusted service acquires a token from the identity provider for a given user (or set of users) without having to present the user's credentials. The trusted service then uses this token (e.g., directly, by invoking an API, by acquiring another token, or the like) to access and obtain a cloud service on a user's behalf even in the user's absence. This approach enables background services to perform operations within a hosted session (e.g., via OAuth-based APIs) without presenting user credentials or even having the user present. | 10-04-2012 |
20120254958 | METHOD TO ACHIEVE COEXISTENCE OF MULTIPLE WIRELESS NETWORKS USING UNIQUE NETWORK IDENTIFIERS - The techniques of this disclosure generate a random network identifier to a network device to set up a wireless network. The generated random network identifier may be compared to network identifiers of other wireless networks within the range of the network device. If the generated network identifier matches any of the network identifiers within the range, a new random network identifier may be generated, until a generated network identifier does not match any of the network identifiers within the range. The network device may then assign the generated unique network identifier as the wireless network's network identifier and send the network identifier to all the devices that wish to join the wireless network. | 10-04-2012 |
20120254959 | IDENTITY MANAGEMENT ON A WIRELESS DEVICE - A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider. | 10-04-2012 |
20120260322 | FLEXIBLE AUTHENTICATION FOR ONLINE SERVICES WITH UNRELIABLE IDENTITY PROVIDERS - A flexible authentication system is described herein that fluidly switches between a federated authentication model and a local short-lived token model that does not require sophisticated authentication infrastructure at the relying party site. Upon detecting an event that causes the identity provider to be unavailable for authentication, the relying party switches to a temporary token model. The system generates a bearer token or challenge associated with the user's identity and (optionally) associated with time data that limits the period during which the token is valid. The relying party communicates the short-lived token to the user using contact information associated with the user and already stored by the relying party. Upon receiving the short-lived token, the user provides the short-lived token to the relying party, and the relying party processes the token to validate the user's identity and then allows the user to access the relying party's online services. | 10-11-2012 |
20120260323 | SYSTEMS AND METHODS FOR PROCESSING AND TRANSMITTING SENSOR DATA - Systems and methods for continuous measurement of an analyte in a host are provided. The system generally includes a continuous analyte sensor configured to continuously measure a concentration of analyte in a host and a sensor electronics module physically connected to the continuous analyte sensor during sensor use, wherein the sensor electronics module is further configured to directly wirelessly communicate sensor information to one or more display devices. Establishment of communication between devices can involve using a unique identifier associated with the sensor electronics module to authenticate communication. Times tracked at the sensor electronics module and the display module can be at different resolutions, and the different resolutions can be translated to facilitate communication. In addition, the frequency of establishing communication channels between the sensor electronics module and the display devices can vary depending upon whether reference calibration information is being updated. | 10-11-2012 |
20120260324 | METHOD AND A SYSTEM FOR VALIDATING IDENTIFIERS - A method of validating an identifier is disclosed. In one embodiment an authenticating party system receives an identifier for validation and determines a first validation code associated with a current value of a counter. The first validation code is compared with the received identifier and, in the event that the identifier does not match the first validation code, the authenticating party system compares the identifier with one or more further validation codes associated with respective other values for the counter, said respective other values comprising N consecutive counter values succeeding the current value of the counter. If the identifier matches one of the further validation codes associated with a respective other value for the counter, the current value of the counter is updated to correspond with the respective other value for the counter associated with the matching further validation code. | 10-11-2012 |
20120260325 | Secure and Usable Protection of a Roamable Credentials Store - A tool facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices. Access to the multiple secure sites and locations occur by utilizing a roamable credential store (RCS), which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately. | 10-11-2012 |
20120266219 | METHOD AND SYSTEM FOR DYNAMIC IDENTITY VALIDATION - An approach is provided for electronic delivery of documents to a digital postal address. A user identifier is correlated with collected information. The user identifier is dynamically validated based on the correlation for delivery of postal mail in electronic form. | 10-18-2012 |
20120266220 | System and Method for Controlling Access to a Third-Party Application with Passwords Stored in a Secure Element - A system for controlling access to an application on a portable communication device having a secured element and a user interface comprises memory associated with the secure element; a card management module operably associated with the portable communication device and with the secure element capable of controlling the secured element to facilitate writing to and reading from the memory; and a password management module operably associated with the card management module, the portable communication device user interface, and the application, the password management module receiving an application identifier associated with the application, a user name, and a password from the user interface, and providing an access command to the application based on whether the received user name and password match information stored in the memory. | 10-18-2012 |
20120266221 | METHOD FOR SECURE COMMUNICATION BETWEEN DEVICES - A method for communicating between a first device and a second device, includes the steps of the first and second device communicating by exchanging messages that are based on signals that are transmitted through a first communication channel and/or through a second communication channel, wherein the first and second communication channel have different signal propagation velocities; at least one of the first and second device computing the distance to the other device based on communication signal delays caused by the signal propagation velocities; wherein the method includes the further steps of controlling access of the second device to the first device depending on the computed distance. | 10-18-2012 |
20120272301 | CONTROLLED USER ACCOUNT ACCESS WITH AUTOMATICALLY REVOCABLE TEMPORARY PASSWORD - Systems and computer-implemented methods are disclosed for providing controller access to a normally single-user account. In an example system, a primary user is provided with a primary password to the user account. A secondary user may be temporarily authorized by generating a temporary password selected independently of the primary password. The user account may be accessed by entering either the primary password or the temporary password. The temporary password is automatically revoked in response to granting access with the primary password. The secondary user is thereby provided with temporary access to the user account that is revocable by the primary user at any time without having to share the primary password with the secondary user and without having to change the primary password. | 10-25-2012 |
20120272302 | Human User Verification - Techniques for generating a human user test for online applications or services may include splitting the visual objects in an image into multiple partial images, and forming one or more alignment positions. At each of the alignment positions, some of the visual objects appear recognizable while some bogus visual objects also appear to prevent robots from recognizing the alignment positions. A user is requested to find the multiple alignment positions to return recognizable visual objects. A system determines that the user is a human user if the recognizable visual objects input by the user match the visual objects in the image. | 10-25-2012 |
20120272303 | METHOD AND DEVICE FOR ENHANCING SECURITY OF USER SECURITY MODEL - The disclosure discloses a method and system for enhancing the security of a user security model. In the solution of the disclosure, after a Simple Network Managing Protocol (SNMP) server acquires a multi-byte original password of a user, detects whether the original password is composed of a specific byte string repeated multiple times; and if so, the user is prompted to reconfigure a password. In accordance with the solution provided by the disclosure, the disclosure greatly enhances the security of version V3 for the SNMP server side, solves the problem that the vulnerability exists in the security defined in version V3 in the prior art, and avoids the security hidden danger caused by the fact that illegal users can use the password different from the password of the authorized user to log on the SNMP server. | 10-25-2012 |
20120272304 | CRAWLING SECURE DATA SOURCES - It is desirable to provide a secure search mechanism to provide for searching over any and all content, such as across an enterprise. A secure search, however, requires access to the secure content repositories holding the data to be searched. In some cases the credentials required to crawl a repository may be extremely sensitive, or the user may be reluctant or unwilling to store user identification information in memory or on disk for any longer than is absolutely necessary. An approach is provided that allows a user or an administrator to provide security credentials to be stored and used only during a crawl, and to erase the credentials from the system when the crawl is complete. | 10-25-2012 |
20120272305 | CREATING TESTS TO IDENTIFY FRAUDULENT USERS - Member profile information for a control set of one or more control members and for a fraudulent set of one or more fraudulent members are obtained. Each member in the control set is at least believed to be legitimate and each member in the fraudulent set is at least suspected of being fraudulent. A test associated with identifying fraudulent members is generated using the member profile information for the control set and for the fraudulent set; the test inputs one or more pieces of member profile information for a member being tested. | 10-25-2012 |
20120284780 | TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE - Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment. | 11-08-2012 |
20120284781 | SYSTEM AND METHOD FOR USER FRIENDLY DETECTION OF SPAMMERS - A computer-implemented method is disclosed. The method involves: providing to a first client computing device a first instance of a first software program that includes a first secret ID value; receiving a first account creation request that includes the first secret ID value; associating the first account creation request with the first client computing device; and approving the first account creation request and creating a first account for the first client computing device if less than a first threshold of previous account creation requests that include the first secret ID value have been previously received, and a presumption that the first client computing device is a spammer does not apply; or denying the first account creation request if either the number of previously received account creation requests that include the first secret ID value is equal to or greater than the first threshold, or the presumption that the first client computing device is a spammer applies. | 11-08-2012 |
20120284782 | Method and system for facilitating secure electronic transactions - A computer-implemented method for securing data and facilitating transactions. The method including the steps of collecting data from a sender party into a memory of a computer and generating an encrypted code representative of the sender party data stored in the memory of the computer. A graphic image representative of the encrypted code in the computer is generated and is provided from the computer to the sender party. The generated graphic image is then captured in an electronic device associated with a recipient party that the sender party desires to perform a transaction with whereafter the generated graphic image or the encrypted code it represents is transmitted from the recipient party electronic device to the computer to perform the transaction with the sender party. | 11-08-2012 |
20120284783 | PASSWORD CHECK BY DECOMPOSING PASSWORD - A proposed password is decomposed into basic components to determine and score transitions between the basic components and create a password score that measures the strength of the proposed password based on rules, such as concatenation, insertion, and replacement. The proposed password is scored against all known words, such as when a user is first asked to create a password for an account or access. The proposed password can also be scored against one or more previous passwords for the user, such as when the user is asked to change the user's previous password, to determine similarity between the two passwords. | 11-08-2012 |
20120284784 | AIRBORNE PICO CELL SECURITY SYSTEM - Security is provided in a wireless communication system in a moving vehicle by requiring user input of one or more security codes for validation before the system permits communication. One code, a security access code, corresponds to the vehicle travel segment and is given to the passenger(s) in transit. The second type of code, a personal identification number (PIN), is given to the passenger after baggage check-in. The PIN code is correlated to the passenger and/or seat assignment. PIN use enables associated data systems to report the seat number or location of all parties engaging in wireless communications within the vehicle. | 11-08-2012 |
20120291108 | SECURE USER CREDENTIAL CONTROL - In some embodiments, a user has use a single universal text- or image-based secret for generating a service-provider specific identity credential, for example username plus password, for authentication is derived. A human (i.e., the user) must interpret an image to enter this universal text (or image) based secret. For example, an image based challenge is presented to the user, and a credential is obtained based on the user's response to the challenge. | 11-15-2012 |
20120291109 | USER INFORMATION UTILIZATION SYSTEM, DEVICE, METHOD, AND PROGRAM - A user information utilization system includes: a user information storage means that stores user information; a temporary ID acquisition means that acquires a temporary ID for identifying the identicalness of a user between a plurality of devices or a plurality of service providers, the temporary ID being an identifier corresponding to a user of the stored user information; a user information comparing/determining means that compares legitimately-read user information of a plurality of users read in response to acquired two or more temporary IDs and a user information comparison/determination request that designates a predetermined condition that represents a desired relationship between a plurality of users represented by the two or more temporary IDs to thereby determine whether the relationship between the designated users satisfies the predetermined condition, and outputs the determination result; and a process execution means that receives the comparison/determination result for the user information and executes a predetermined process based on the received comparison/determination result. | 11-15-2012 |
20120297465 | USER IDENTIFICATION METHOD APPLICABLE TO NETWORK TRANSACTION AND SYSTEM THEREOF - A user identification method and a system thereof are provided. A user device delivers a certificate packet with a user identification number to a certificate server, and receives a reply packet with a code from a password server. The user device uses the code to produce a user terminal identification code, and delivers an identification packet with the user terminal identification code to the certificate server. After having received the certificate packet, the certificate server delivers an inquiry packet with the user identification number to the password server, for the password server to inquire about the password and expiration time according to the user identification number. After having received the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine whether the user is allowed to proceed to the subsequent transaction. | 11-22-2012 |
20120304262 | AUTOMATING CLOUD SERVICE RECONNECTIONS - Technologies are generally described for automatically reconnecting a security principal to cloud services through correlation of security principal identifier attributes. A new security principal for a user may be detected and automatically reconnected to the user's cloud based services. An administrator for the security domains may specify a value of a unique security principal metadata attribute for the original security principal in a customizable security principal metadata attribute in the new security principal in the same or new security domain. A secondary verification metadata attribute may optionally be specified to ensure the correct security principal is reconnected to the user's cloud based resources. The correlation between the original security principal for the user and the new security principal may be used to reconnect the user's cloud resources. | 11-29-2012 |
20120304263 | SYSTEM AND METHOD FOR SINGLE SIGN-ON - A server generates a first ID in response to a user inputting a username on a web portal provided by the server. If the user selects a link page displayed through the web portal, the server generates a second ID and sends the first ID and the second ID to the selected link page. The server detects if the user can access the selected link page by reference to the first ID and the second ID. If the server verifies the information successfully, the link page may be entered using the portal information. | 11-29-2012 |
20120304264 | KEY PROTECTING METHOD AND A COMPUTING APPARATUS - A key protecting method includes the steps of: (a) in response to receipt of an access request, configuring a control application program module to generate a key confirmation request; (b) in response to receipt of the key confirmation request, configuring a hardware control module to generate, via the control application program module, a key input request to prompt a user for a key input; (c) upon receipt of the key input, configuring the hardware control module to determine if the key input matches a predefined key preset in the hardware control module; (d) configuring the hardware control module to enter an execution mode if it is determined in step (c) that the key input matches the predefined key; and (e) configuring the hardware control module to enter a failure mode if it is determined in step (c) that the key input does not match the predefined key. | 11-29-2012 |
20120311683 | NETWORK SECURITY PARAMETER GENERATION AND DISTRIBUTION - Disclosed are various embodiments for facilitating network security parameter distribution and generation in a converged network incorporating multiple heterogeneous link layer networking technologies. Embodiments are provided for connecting network devices through multiple heterogeneous link layer networking technologies using a converged network password. Embodiments are provided for connecting network devices through multiple heterogeneous link layer networking technologies using a pairing event protocol, such as, for example, a push button protocol. | 12-06-2012 |
20120311684 | SYSTEMS AND METHODS FOR REGISTERING A USER ACROSS MULTIPLE WEBSITES - Various embodiments provide systems for registering a user with one or more websites. Such systems comprise at least one processor configured to: receive an IP address for a computing device being used by the user; and after receiving the IP address: (1) obtain a location associated with the IP address; and (2) identify whether the user is in a jurisdiction that permits the user to register with a website. The systems may then receive one or more parameters obtained from the user, upon which the systems verify an age of the user; determine which of the one or more types of transaction activities the user is permitted to conduct; query one or more registration attempts over a predetermined previous time period to identify duplicate or similar parameters; and verify the user's identity based at least on one of the one or more parameters. Associated methods are also provided. | 12-06-2012 |
20120317629 | REVERSE MAPPING METHOD AND APPARATUS FOR FORM FILLING - In the presently preferred embodiment of the invention, every time a user submits a form the client software tries to match the submitted information with the stored profile of that user. If a match is discovered, the program tags the field of the recognized data with a corresponding type. The resulting profile can be used after that to help all subsequent users to fill the same form. | 12-13-2012 |
20120324552 | System and Method for Securing Embedded Media - Set forth herein are systems, methods, and non-transitory computer-readable storage media for processing media requests in a secure way. A server configured to practice the method receives, from a media player client, a request for media content. The server requests a playback token from a playback service associated with the media content and generates a tag containing the playback token. Then the server transmits to the media player client a response to the request for media content based on the tag, wherein the media player client retrieves the media content by presenting the playback token to the playback service. The media player client can be an embedded media player or other player in a web browser. The server and the playback service can operate based on a common, pre-shared feed token. Other playback client and playback service embodiments exist. | 12-20-2012 |
20120324553 | METHOD FOR THE DISCOVERY AND SECURE ACCESS TO MOBILE DEVICES IN PROXIMITY BY MEANS OF THE USE OF A VISUAL CHANNEL - Disclosed is a method for the secure access of a mobile device to a nearby client device that includes the following: | 12-20-2012 |
20120324554 | AUTOMATIC DEVICE PAIRING - One embodiment relates to a security apparatus. The apparatus includes a security controller. The security controller is within a secure domain. The controller is configured to receive a trigger event from a first device outside the secure domain and a second trigger event. The controller is configured to automatically generate a secure password from a provisional password using a secure password provisioning protocol in response to the first trigger event and the second trigger event. The controller is also configured to pair the first device with the secure domain by establishing secure communications using the secure password. | 12-20-2012 |
20120324555 | LUHN VALIDATION AND DATA SECURITY ACROSS MULTIPLE ACTIVE DOMAINS - Systems and methods for maintaining data security using Luhn validation in a multiple domain computing environment are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The token generation algorithm includes a Luhn validation routine for producing a tokenized data string that either passes or fails Luhn. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found. | 12-20-2012 |
20120331534 | Systems and Methods for Managing Secure Communication Sessions with Remote Devices - According to various embodiments, a session manager generates, stores, and periodically updates the login credentials for each of a plurality of connected IEDs. An operator, possibly via an access device, may provide unique login credentials to the session manager. The session manager may determine the authorization level of the operator based on the operator's login credentials, defining with which IEDs the operator may communicate. According to various embodiments, the session manager does not facilitate a communication session between the operator and a target IED. Rather, the session manager maintains a first communication session with the operator and initiates a second communication session with the target IED. Accordingly, the session manager may forward commands transmitted by the operator to the target IED. Based on the authorization level of the operator, a session filter may restrict what may be communicated between an operator and an IED. | 12-27-2012 |
20120331535 | METHODS AND SYSTEMS FOR COMPLETING, BY A SINGLE-SIGN ON COMPONENT, AN AUTHENTICATION PROCESS IN A FEDERATED ENVIRONMENT TO A RESOURCE NOT SUPPORTING FEDERATION - A system for distributed authentication includes a client machine, in a first domain in a federation, that receives from a user a first set of authentication credentials. The system also includes an intermediate machine in a second domain in the federation, a server, also in the second domain, a password management program executing on the server and a non-federated resource. The intermediate machine authenticates the user responsive to receiving the first set of authentication credentials and identifies a second set of authentication credentials. The server in the second domain authenticates the user, responsive to the second set of authentication credentials. The password management program, executing on the server, retrieves a third set of authentication credentials associated with the user. The non-federated resource authenticates the user, responsive to receiving, from the password management program, the third set of authentication credentials. | 12-27-2012 |
20130007856 | RENEWAL OF USER IDENTIFICATION INFORMATION - A method, data processing system, and computer program product for managing user identification information. A determination is made whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with a first application server in response to receiving the token. A determination is made whether the instance of the security information is managed by a set of rules for a group of users of the first application server. A determination is made whether a user identifier from the token is authorized to access the first application server. The token is renewed in response to determining that the user identifier is authorized to access the first application server. | 01-03-2013 |
20130007857 | Anti-shoulder surfing authentication method - Disclosed is a client device that includes: a user interface to receive a username and a first password associated with a server site visited by a user; a random number generator to generate a random number; and a processor to generate a second password by implementing a function based upon the first password and the random number and to command storage of the random number, the username, and the associated server site. If the user attempts to log onto the server site by inputting their username and the second password, the processor extracts the random number associated with the username and the server site and implements the function based upon the second password and the random number to generate the first password which replaces the second password entered by the user and is submitted to the server site. | 01-03-2013 |
20130007858 | AUTHENTICATION AND SECURE CHANNEL SETUP FOR COMMUNICATION HANDOFF SCENARIOS - Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers. | 01-03-2013 |
20130007859 | WEBSITE AUTHENTICATION - Embodiments of website authentication including receiving a request from a user to view a website within a graphical user interface (GUI); generating a one time password (OTP); storing the generated OTP in a database; displaying the generated OTP on the GUI; verifying an identity of the user by receiving an identification datum from a communication device; receiving an entered OTP from the user; comparing the entered OTP with the generated OTP; and communicating whether the website is authenticated. | 01-03-2013 |
20130014236 | METHOD FOR MANAGING IDENTITIES ACROSS MULTIPLE SITES - A method, data processing system, and computer program product for managing passwords. A computer system receives a notification from a website that indicates a password for the website needs to be changed. If the computer system determines the website is in a list of websites and a classification of the website matches one or more of a set of website classifications, a notification is sent to a password vault that indicates the password for the website needs to be changed. A set of passwords in the password vault is selected based upon the set of passwords meeting a policy for password management. | 01-10-2013 |
20130014237 | ONE TIME PASSWORD AUTHENTICATION OF WEBSITES - A method including generating a first and second One Time Password (OTP) token from a shared clock, receiving a third OTP token, and comparing the second and the third OTP tokens. A system including a number generator residing on a first server to generate first and second One Time Password (OTP) tokens from a shared clock, a transmitter residing on the first server to transmit the first and the second OTP tokens, a receiver residing on a second server to receive the first, the second, and a third OTP tokens, and a comparator residing on the second server to compare the second and the third OTP tokens to authenicate an identity of a party who generates the third OTP token. | 01-10-2013 |
20130014238 | Deterministic User Authentication Service For Communication Network - A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network. Log-in attempts are recorded so that the identity and whereabouts of network users may be monitored from a network management station. | 01-10-2013 |
20130019289 | ONLINE SIGNATURE IDENTITY AND VERIFICATION IN COMMUNITY - Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. Electronic identity cards managed by the ESS may also be shared or included in other contexts, such as via a user's profile page on a social network, a user's email signature, or the like. | 01-17-2013 |
20130019290 | SYSTEM AND METHODS FOR WEAK AUTHENTICATION DATA REINFORCEMENT - Systems and methods for weak authentication data reinforcement are described. In some embodiments, authentication data is received in a request to authenticate a user. In response to detecting weak authentication data, the systems and methods determine whether the user was previously authenticated as a human user. An example embodiment may include initiating an authentication process based on determining that the user was previously authenticated as a human user. | 01-17-2013 |
20130019291 | SERVICE OPENING METHOD AND SYSTEM, AND SERVICE OPENING SERVER - Embodiments of the present invention relate to a service opening method and system, and a service opening server. The method includes: receiving a service request from a third-party application, where the service request carries type and parameter information of the requested service; querying, according to the type information of the service, a service directory to obtain an access address and authentication type information of the requested service; when it is determined that the invoking of the service needs an authorization of an end user, obtaining an authorization notification message of the end user according to the type information of the service and the parameter information of the service; and forwarding, the service request to a capability server, and forwarding, to the third-party application, a service response message returned by the capability server. The control of the end user on the authorized service is ensured to the greatest extent. | 01-17-2013 |
20130024918 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS OVER NETWORKS - A method for authenticating users over networks includes requesting a one-time password, entering a personal identification number into a communications device, and retrieving a replaceable shared secret stored in the communications device. Moreover, the method includes generating a hashed personal identification number from the entered personal identification number, combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret, and generating a one-time password with the modified shared secret and the time of requesting the one-time password. | 01-24-2013 |
20130024919 | CLOUD SERVICE AUTHENTICATION - One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider. | 01-24-2013 |
20130024920 | VIRTUAL COMPUTER AND SERVICE - A virtual computer service includes receiving, at a network server computer over a network, an encrypted image and user credentials for a user of a computer, and storing the encrypted image and the user credentials in an image repository that is communicatively coupled to the network server computer. The virtual computer service also includes receiving a request to initiate a session, the request including the user credentials. Upon successful validation of the user credentials, the virtual computer service includes selecting the encrypted image from the image repository, decrypting the encrypted image, activating a session for a virtual computer associated with the computer, and synchronizing session details of the session, once completed, with the image and storing a synchronized image in the image repository. | 01-24-2013 |
20130024921 | SECURE ON-LINE SIGN-UP AND PROVISIONING FOR WI-FI HOTSPOTS USING A DEVICE-MANAGEMENT PROTOCOL - Embodiments of a mobile device and method for secure on-line sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, the mobile device may be configured to establish a transport-layer security (TLS) session with a sign-up server through a Wi-Fi Hotspot to receive a certificate of the sign-up server. When the certificate is validated, the mobile device may be configured to exchange device management messages with the sign-up server to sign-up for a Wi-Fi subscription and provisioning of credentials, and retrieve a subscription management object (MO) that includes a reference to the provisioned credentials for storage in a device management tree. The credentials are transferred/provisioned securely to the mobile device. In some embodiments, an OMA-DM protocol may be used. The provisioned credentials may include certificates in the case of certificate-based credentials, machine-generated credentials such as username/password credentials, or SIM-type credentials. | 01-24-2013 |
20130024922 | VIRTUAL COMPUTER AND SERVICE - A virtual computer service includes receiving, at a network server computer over a network, an encrypted image and user credentials for a user of a computer, and storing the encrypted image and the user credentials in an image repository that is communicatively coupled to the network server computer. The virtual computer service also includes receiving a request to initiate a session, the request including the user credentials. Upon successful validation of the user credentials, the virtual computer service includes selecting the encrypted image from the image repository, decrypting the encrypted image, activating a session for a virtual computer associated with the computer, and synchronizing session details of the session, once completed, with the image and storing a synchronized image in the image repository. | 01-24-2013 |
20130024923 | METHOD FOR MUTUAL AUTHENTICATION OF A USER AND SERVICE PROVIDER - The present invention relates to a method and system for mutual authentication of a user and service provider, said method comprising acts of: authenticating an event by a key generation module (KGM), said event is generated on a computing device by a user, sending a shared secret of registered user for the event by an authentication server to the key generation module (KGM), generating one time key by the KGM for the event, transmitting the one time key by appending the shared secret to registered user mobile device, and performing at least one of: authenticating the user for said event by the KGM when a registered user enters the one-time key on the computing device within a predetermined time period, or terminating the event upon receipt of predefined key sequence from the mobile device. | 01-24-2013 |
20130036458 | METHODS AND SYSTEMS FOR IDENTITY VERIFICATION - The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein. | 02-07-2013 |
20130036459 | METHODS AND SYSTEMS FOR IDENTITY VERIFICATION - The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein. | 02-07-2013 |
20130047224 | METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE ABSTRACTION - According to one embodiment, an apparatus may store a plurality of tokens associated with a session. The session may facilitate access to a resource by a user. The session may be identified by a session token. The apparatus may determine, based on a token-based rule, a second plurality of tokens required to facilitate determination of a risk token. The risk token may be used to facilitate determination of an access decision to the resource. The apparatus may determine that the plurality of tokens comprises the second plurality of tokens and generate a dataset token that represents the plurality of tokens. The apparatus may then communicate the dataset token to facilitate the generation of the risk token. The apparatus may receive the risk token and correlate it with the session token to facilitate determination of the access decision. | 02-21-2013 |
20130047225 | Method and Apparatus for Token-Based Tamper Detection - According to one embodiment, an apparatus may store: a hard token representing identification information of the device, a network token representing the status of a network, and a resource token representing information associated with a resource. The apparatus may further store secured copies of the hard token, network token, and resource token. The apparatus may receive a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered, and in response, determine to inspect at least one of the hard token, network token, and resource token. The apparatus may then compare the at least one of the hard token, network token, and resource token with its corresponding secured copy. If at least one of those tokens does not match its corresponding secured copy, the apparatus may communicate a revalidation token indicating at least one token has been tampered. | 02-21-2013 |
20130047226 | Method And Apparatus For Token-Based Re-Authentication - According to one embodiment, an apparatus may store a plurality of tokens that indicate a user is using a device to access a resource over a network. The apparatus may detect at least one token indicating a change associated with at least one of the device, the network, or the resource. The apparatus may then determine to re-authenticate the user in response to the change. The apparatus may then request a password generated using personal information of the user, and receive a re-authentication token comprising the password generated using personal information of the user. The apparatus may then request, from the user, a second password. The request for the second password may include instructions on how to form the second password. The apparatus may receive a response comprising the second password and determine that the second password matches the password. The apparatus may then re-authenticate the user. | 02-21-2013 |
20130055365 | Credential Provider That Encapsulates Other Credential Providers - Systems, methods, and computer readable media for encapsulating multiple Windows® based credential providers (CPs) within a single wrapping CP are described. In general, CP credentials and fields from two or more encapsulated or wrapped CPs may be enumerated and aggregated in such a way that the order of fields from each CP is preserved, fields that may be used only once are identified and appear only once, and fields are given a new unique field identifier. The union of all such fields (minus duplicates of any one-use-only fields) may be used to generate a mapping so that the wrapping CP and CP credential may “pass-through” calls from the operating system's logon interface to the correct wrapped CP and CP credential. The disclosed techniques may be used, for example, to provide single sign-on functionality where a plurality of sign-on credentials may be used (e.g., user name/password and smart card PIN). | 02-28-2013 |
20130055366 | DYNAMICALLY PROVIDING ALGORITHM-BASED PASSWORD/CHALLENGE AUTHENTICATION - Provided are a computer program product, method and system for dynamically providing algorithm-based password/challenge authentication. A page is generated including selectable conversion operators to enable generation of an algorithm that applies at least one selected conversion operator of the selectable conversion operators on a string to generate a password. A created algorithm created using the at least one selected conversion operator in the page is received. The created algorithm is associated with a username for use in authenticating access by a presenter of the username to a computer service. | 02-28-2013 |
20130055367 | Multi-Factor Profile and Security Fingerprint Analysis - A security fingerprint architecture is disclosed. A security fingerprint comprises one or more behavioral factors which store a history of events associated with one or more users. The data in the security fingerprint is exposed by one or more modes, each of which determines the conditions that data in the security fingerprint may be accessed. Security fingerprints support a number of primitive operations that allow set operations to be performed. Security fingerprints may be used in for authentication, advertising, and other operations either alone, or in conjunction with third party data sources. An exemplary platform of security fingerprints built upon a cellular infrastructure is also disclosed. | 02-28-2013 |
20130061298 | AUTHENTICATING SESSION PASSWORDS - A method for authenticating a password is provided. An authentication server device receives a plurality of password segments associated with a password from a client device over a plurality of communication channels. The authentication server device reconstructs the password from the plurality of password segments based on a particular set of parameters identified by a selected session key identification number. The authentication server device sends the reconstructed password to a target device for comparison with a stored password associated with the client device. If the stored password matches the reconstructed password, then the target device establishes a session with the client device so that the client device may access a resource located on the target device. In addition, the authentication server device closes the plurality of communication channels established with the client device in response to the authentication server receiving a notification that the reconstructed password matches the stored password. | 03-07-2013 |
20130061299 | DISTRIBUTED COMPUTER SYSTEMS WITH TIME-DEPENDENT CREDENTIALS - A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential. | 03-07-2013 |
20130061300 | DISTRIBUTED COMPUTER SYSTEMS WITH TIME-DEPENDENT CREDENTIALS - A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential. | 03-07-2013 |
20130061301 | DISTRIBUTED COMPUTER SYSTEMS WITH TIME-DEPENDENT CREDENTIALS - A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential. | 03-07-2013 |
20130061302 | Method and Apparatus for the Protection of Computer System Account Credentials - There is described methods, systems and software for creating, managing and using authentication credentials. The invention maintains for each user two authentication credentials—external and internal authentication credentials that share the same number of authentication factors of the same type. These are stored in a data store [ | 03-07-2013 |
20130061303 | Authentication System and Method in a Contactless Environment - A method of providing continuous authentication in a contactless environment is provided. The method includes providing a reader having a contactless interface, as well as a device, operable to communicate with the reader. The method further includes the steps of receiving at the reader a first authentication request from the device, and communicating from the reader a second authentication request to a secure transaction service. The secure transaction service holds authentication credentials relating to the device. Authentication credentials relating to the device are received at the reader from the secure transaction service, and the reader provides continuous authentication based at least in part on the authentication credentials received from the secure transaction service. | 03-07-2013 |
20130067545 | Website Security - A system and method for employing fingerprints for user authentication on a website is described. Embodiments of the invention employ a fingerprint scanner integrated into a USB device to scan a current user's fingerprint, and compare it against a stored fingerprint associated with the authorized user. If the current user is determined to be the authorized user, a user name and password associated with a requested website and stored on the USB device is entered onto the website. In one embodiment, the USB device is a password bank that both generates and stores passwords for various websites, removing the need for user memorization altogether. | 03-14-2013 |
20130074166 | SYSTEMS AND METHODS FOR SECURE AND EFFICIENT ENROLLMENT INTO A FEDERATION WHICH UTILIZES A BIOMETRIC REPOSITORY - A method includes receiving data related to an individual, the data comprising a plurality of elements of personally-identifying information (PII). The method further includes building, via the plurality of elements of the PII, a compositional key for the individual. In addition, the method includes storing the compositional key and a biometric print for the individual as a biometric record in a biometric repository. The method also includes, via the compositional key, providing a plurality of federated entity (FE) computer systems with access to the biometric repository. | 03-21-2013 |
20130074167 | Authenticating Linked Accounts - Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account. | 03-21-2013 |
20130081118 | METHOD, SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR ESTABLISHING A LOGIN SESSION - A method, system, and computer-readable storage medium are provided. Embodiments of the invention include receiving notification of a log-in event associated with a first login session wherein a user is authorized to access a resource of a computing system based on a credential. During the first login session and in response to determining the credential is valid, a second login session is established by granting the user access to a resource of an application associated with the computing system. During the first login session and in response to receiving information indicating an event has occurred, the second login session is terminated such that the user does not have access to the resource of the application. And during the first login session and in response to determining again that the credential is valid, a third login session is established by granting the user access to a resource of the application. | 03-28-2013 |
20130086655 | PASSWORD CHANGING - In one example, a computing device generates a new password for accessing a user account and/or computing system and inspires a change of an existing password for the user account and/or computing system to the new password. Thereafter, the computing device detects occurrence of a condition to trigger another change of the password for the user account and/or computing system and, responsively, inspires another change of the password for the user account and/or computing system. | 04-04-2013 |
20130086656 | Method and Apparatus for Protecting a Single Sign-on Domain from Credential Leakage - Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication of the user authentication credential in the received cookie, the server responds to the access request by forwarding, to the browser client, a limited-use cookie for the domain. The server receives a request from the content server to validate a session identifier of the limited-use cookie received from the browser client. Upon validation of the session identifier of the limited-use cookie, the server provides a valid session message to the content server for enabling the content server to forward requested content to the browser client. | 04-04-2013 |
20130086657 | RELYING PARTY PLATFORM - A framework is provided for integrating Internet identities in enterprise identity and access management (IAM) infrastructures. A framework is provided for open authorization. A framework is also provided for relying party functionality. | 04-04-2013 |
20130086658 | PRIVILEGED ACCOUNT MANAGER, ACCESS MANAGEMENT - Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed. | 04-04-2013 |
20130086659 | DATA PROCESSING APPARATUS, ACTIVATION CONTROL METHOD, AND COMPUTER-READABLE STORAGE MEDIUM - According to one embodiment, a storage stores secret data, first identification data, and a first random key. A generation module generates first authentication data from the secret data, first identification data, and second identification data of a removable medium. A first verification module determines whether the first authentication data and second authentication in the removable medium are identical. A second verification module determines whether the first random key and a second random key in the removable medium are identical, if the first and second authentication data are identical. An activation module activates the data processing apparatus if the first and second random keys are identical. | 04-04-2013 |
20130086660 | SYSTEM FOR PREVENTING ILLEGAL COPY OF SOFTWARE AND METHOD FOR PREVENTING ILLEGAL COPY OF SOFTWARE - Disclosed herein are a system for preventing an illegal copy of software and a method for preventing an illegal copy of software. The system for preventing an illegal copy of software includes: a terminal where software to be authenticated is installed and executed; a first Zigbee device connected with the terminal in a wired method and storing a plurality of unique passwords; and a second Zigbee device connected with the first Zigbee device in a wireless method and storing at least all the unique passwords of the first Zigbee device. Utilization is improved as compared with a known hardware lock type and an illegal copy possibility by hooking is excluded and since an authentication process is performed through encoded communication by using random variables, the illegal copy of software can be thoroughly stopped. | 04-04-2013 |
20130097680 | HIGH-DENSITY MULTI-TENANT DISTRIBUTED CACHE AS A SERVICE - A multi-tenant, elastically scalable cache as a service is disclosed. Embodiments of the cache service eliminate the need for applications to manage their own cache tier. The multi-tenant cache service is implemented by maintaining/creating multiple named caches in a cache cluster and mapping each tenant's cache to a named cache in the cluster. Strict quotas are enforced on cache sizes This allows caches with different replication attributes to co-exist on the same cache server, allows migration of a cache from one cluster to another for load balancing purposes, and allows a cache to inflate/deflate to meet business needs. A network load balancer is used to route cache items to servers. | 04-18-2013 |
20130097681 | SECURE CACHING OF SERVER CREDENTIALS - A credential caching system includes receiving a set of authentication credentials, storing the set of authentication credentials in a credential cache memory, wherein the credential cache memory is coupled with a management controller, and supplying the set of authentication credentials for automatic authentication during a reset or reboot. In the event of a security breach, the credential caching system clears the set of authentication credentials from the credential cache memory so that the set of authentication credentials may no longer be used for a reset or reboot. | 04-18-2013 |
20130104205 | ACCOUNT CREATING AND AUTHENTICATING METHOD - An account creating and authenticating method is provided. Firstly, an account is created according to a face image included in a photo. A password corresponding to the face image is also generated by a service system. During an account authenticating method, an image pickup device is used to shoot a face of a login person on the spot. If the service system judges that the shot face image of the login person on the spot complies with a predetermined face image corresponding to an existing account, the login person is allowed to login into the service system and the password is displayed. In a case that the image pickup device is provided, the service system may be authenticated by inputting the password. The method of the present can simplify the process of creating and authenticating the account. | 04-25-2013 |
20130104206 | System and Method for Providing User Lifecycle Management and Service Orchestration of Multiple Media Services Across Multiple Display Screens - A system and method are provided for enabling personalization and service coordination of media services across multiple devices. The method comprises providing a first module to interface with information technology infrastructure and media services provided by an operator or third parties; and providing, using the first module, service orchestration and user lifecycle management components to enable authorized and personalized access to multiple network operator services across multiple devices and services. | 04-25-2013 |
20130104207 | Method of Connecting a Mobile Station to a Communcations Network - A method of connecting a mobile station to a communications network is provided, and includes performing an authentication of the mobile station at the network. A secure identifier, generated at the mobile station, is received at a gateway node and at an access node from an authentication node of the network if it is determined by the authentication that the mobile station is a subscriber to the network. A first secure communications tunnel is established from the access node to the mobile station using a value of the secure identifier and a second secure communications tunnel is established from the access node to the gateway node of the network using the value of the secure identifier. The first and second communications tunnels are bound together to form a communications path between the mobile station and the network. | 04-25-2013 |
20130111571 | SYSTEMS AND METHODS FOR CREATING A USER CREDENTIAL AND AUTHENTICATION USING THE CREATED USER CREDENTIAL | 05-02-2013 |
20130117830 | MANAGING THE PROGRESSIVE LEGIBLE OBFUSCATION AND DE-OBFUSCATION OF PUBLIC AND QUASI-PUBLIC BROADCAST MESSAGES - Obfuscating a message, in one aspect, may include detecting sensitive information in a message to be broadcast into public or quasi-public computer network environment; replacing the sensitive information in the message with a representation that preserves general aspects of the sensitive information and a user interface element, the user interface element for enabling a viewer of the message to request access to details of the sensitive information; and transmitting the replaced message for broadcasting into the public or quasi-public computer network environment. De-obfuscating the message, in one aspect, may include authenticating one or more viewers or receivers of the message and based on the authentication, presenting details associated with the sensitive information. | 05-09-2013 |
20130117831 | METHOD AND SYSTEM FOR ENABLING COMPUTER ACCESS - The present invention relates to the filed of computer access and in particular remote authentication. In one form, the invention relates to one time passwords used in computer or web-based systems. In one particular aspect, the present invention is suitable for use with certificate based credentials. | 05-09-2013 |
20130125221 | System and Method for Secure Password-Based Authentication - Various embodiments of a system and method for secure password-based authentication are described. The system and method for secure password-based authentication may include an authentication component configured to request and receive authentication from an authenticating system according to a secure password-based authentication protocol. The authentication component may be configured to participate in an attack-resistant password-based authentication protocol such that an attacker who has compromised the authorizing system and/or a communication channel between the authentication component and the authenticating system may not determine a user's password and/or impersonate the user. In one embodiment, the authentication component may be configured to provide its attack-resistant password-based authentication functionality to an application (e.g., through a stand-alone application, plugin, or application extension). For instance, the authentication component may enable a web browser to participate in the attack-resistant password-based authentication protocol in order to access an online bank account from a web server. | 05-16-2013 |
20130125222 | System and Method for Vetting Service Providers Within a Secure User Interface - A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The security component may send the address of the relying party to a reputation service and query the reputation service about the reputation of the relying party. The reputation service may return reputation information about the relying party. The security component may display an indication of the relying party's reputation. If the reputation information indicates the relying party is reputable, the security component will allow the network-enabled application to exchange information with the relying party. Otherwise, the component may not allow the network-enabled application to exchange data with the relying party. | 05-16-2013 |
20130125223 | System And Method For Transparently Authenticating A User To A Digital Rights Management Entity - Various embodiments of a system and method for transparently authenticating a user to a digital rights management entity are described. In various embodiments, a digital rights management server may be configured to receive an authentication token from a first remote computer system. Such authentication token may indicate that a particular user of the first remote computer system was authenticated by a first content provider of one or more content providers. In various embodiments, the digital rights management server may also be configured to verify the authentication token by determining that one or more portions of the authentication token were generated based on respective authentication information issued to the first content provider. In various embodiments, the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials. | 05-16-2013 |
20130133049 | METHODS AND SYSTEMS FOR DETERMINING BIOMETRIC DATA FOR USE IN AUTHENTICATION TRANSACTIONS - A method for determining biometric data for use in conducting authentication transactions is provided that includes capturing biometric data from a user during an authentication transaction and capturing conditions of the authentication transaction with a device. The captured biometric data corresponds to desired biometric data. The method also includes transmitting the captured biometric data and conditions to an authentication system that stores biometric data and conditions therein. Moreover, the method includes determining that stored biometric data corresponding to the desired biometric data, associated with conditions that best match the captured conditions, is to be used for authenticating the user. | 05-23-2013 |
20130133050 | DEVICE FOR SHARING ANONYMIZED INFORMATION, AND METHOD FOR SHARING ANONYMIZED INFORMATION | 05-23-2013 |
20130139231 | SYSTEM AND METHOD OF VERIFYING A NUMBER OF A MOBILE TERMINAL - A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit. | 05-30-2013 |
20130139232 | Method and Apparatus for Coordinating a Change in Service Provider Between a Client and a Server with Identity Based Service Access Management - A method of configuring a network access device connected to an access network connected to a plurality of service networks, the network device having a first network address allocated to a subscriber of services of a first service provider provided by a first service network, with a new network address allocated to a second subscriber of services of either the first service provider, or a second service provider provided by a second service network. The method comprises the steps of: sending a request from the network access device to the access network with user credentials for the second subscriber requesting access to the first service provider or a change to the second service provider; receiving a response from the access network; and initiating a network address change request using a configuration protocol. In this manner, a second network address allocated to the second subscriber of services of either the first or second service providers is assigned to the network access device to enable the network access device to communicate data packets to the service network providing the selected service. | 05-30-2013 |
20130145445 | MECHANISM FOR FACILITATING DYNAMIC AND CONTINUOUS TESTING OF SECURITY ASSERTION MARKUP LANGUAGE CREDENTIALS IN AN ON-DEMAND SERVICES ENVIRONMENT - In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic and continuous testing of security assertion markup language (SAML) credentials in an on-demand services environment. In one embodiment and by way of example, a method includes identifying, at a computing device, an organization using a SAML process in an on-demand service environment, obtaining SAML credentials relating to the identified organization, and testing the SAML credentials relating to the identified organization. The testing includes asserting a set of test credentials against the SAML credentials relating to the identified organization. The method may further include generating one or more new codes based on testing results obtained from testing. | 06-06-2013 |
20130145446 | SYSTEMS AND METHODS FOR FAST AUTHENTICATION WITH A MOBILE DEVICE - A system for authenticating a user to a service includes a service, an authentication server and a device. The service includes first signal interface, first processing hardware and first user interface. The authentication server includes second signal interface and second processing hardware. First signal interface transmits a request to the authentication server to authenticate a user. Second processing hardware creates a session identifier and encodes it into a pictogram. Second signal interface transmits the pictogram to the service. The device includes third processing hardware that scans the pictogram and extracts the session identifier, and a third signal interface that transmits the credentials and the session identifier to the authentication server. Second processing hardware verifies the credentials, and second signal interface securely transmits the result of the authentication to the service. | 06-06-2013 |
20130145447 | CLOUD-BASED DATA BACKUP AND SYNC WITH SECURE LOCAL STORAGE OF ACCESS KEYS - Methods and systems are provided for secure online data access. In one embodiment, three levels of security are provided where user master passwords are not required at a server. A user device may register with a storage service and receive a user device key that is stored on the device and at the service. The user device key may be used to authenticate the user device with the storage service. As data in the storage service is encrypted with a master password, the data may be protected from disclosure. As a user master key or derivative thereof is not used in authentication, the data may be protected from a disclosure or breach of the authentication credentials. Encryption and decryption may thus be performed on the user device with a user master key that may not be disclosed externally from the user device. | 06-06-2013 |
20130152178 | SECURE ENTERPRISE SERVICE DELIVERY - A device receives enterprise information associated with enterprises supported by a network, and determines enterprise identifiers for one or more enterprises identified in the enterprise information. The device also receives information associated with devices and subscribers of the network, and determines security key parameters based on the information associated with the devices and the subscribers of the network. The device further generates, based on the security key parameters, a security key for each of the enterprise identifiers. | 06-13-2013 |
20130152179 | SYSTEM AND METHOD FOR USER AUTHENTICATION USING ONE-TIME IDENTIFICATION - A system for user authentication using OTIDs (one-time identifications), includes a client terminal configured to generate n number of OTIDs which is used in the user authentication, and sequentially select one of the generated n number of OTIDs to use the selected OTID as a user identification in each authentification session. Further, the system includes an authentication server configured to receive the generated n number of OTIDs from the client terminal to store same, when the one OTID selected from the n number of OTID and a secret key are transmitted, inquire the OTID in a DB (database), and determine whether a secret key which is associated with the inquired OTID and stored in the DB and the received secret key is matched to performing the user authentication. | 06-13-2013 |
20130152180 | DEVICE USING SECURE PROCESSING ZONE TO ESTABLISH TRUST FOR DIGITAL RIGHTS MANAGEMENT - A DRM client on a device establishes trust with a DRM server for playback of digital content. The client executes in a secure execution environment, and the process includes (1) securely loading loader code from secure programmable memory and verifying it using a digital signature scheme and first key securely stored in the device; (2) by the verified loader code, loading DRM client code from the memory and verifying it using a digital signature scheme and second key included in the loader code; (3) by the verified DRM client code (a) obtaining a domain key from the memory; (b) encrypting the domain key with a device identifier using a DRM system key included in the DRM client code; and (c) sending the encrypted domain key and device identifier to the DRM server, whereby the device becomes registered to receive content licenses via secure communications encrypted using the domain key. | 06-13-2013 |
20130160097 | METHODS, APPARATUS, AND COMPUTER PROGRAM PRODUCTS FOR SUBSCRIBER AUTHENTICATION AND TEMPORARY CODE GENERATION - A mechanism is provided for providing temporary generated codes by a server. Responsive to triplet authentication of a device to service provider network, a server receives an initial code from the device to request a temporary generated code. The server verifies the triplet authentication of device. The server determines whether there is a user account match to the initial code. The server determines a corresponding application server based on the initial code and the user account match. The server generates a temporary generated code to access the application server. The temporary generated code is transmitted to both the application server and the communication device, is set to expire at a preset time, is generated to allow the user access to a single session on the application server, and is generated to expire after the temporary generated code is input to access the single session on application server. | 06-20-2013 |
20130160098 | FAMILIAR DYNAMIC HUMAN CHALLENGE RESPONSE TEST CONTENT - Embodiments of the invention are directed to human challenge response test delivery systems and methods. Specifically, embodiments of the present invention are directed to secure human challenge response test delivery services of configurable difficulty for user devices. One embodiment of the present invention is directed to methods and systems for implementing a familiar and dynamic human challenge response test challenge repository created from transaction data. The dynamic human challenge response test challenge repository may be created by a server computer receiving a plurality of transaction data. Challenge items may be extracted from the transaction data using an extraction algorithm. Furthermore, in some embodiments a challenge message may be sent to a requestor, a verification request may be received, and the verification request may be compared to the challenge message. Another embodiment may be directed at using user information in a human challenge response test to mutually authenticate a user and a service provider. | 06-20-2013 |
20130167209 | SYSTEM AND METHOD FOR ACCESSING A SOFTWARE APPLICATION - Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service. | 06-27-2013 |
20130167210 | METHOD OF ASSIGNING A USER KEY IN A CONVERGENCE NETWORK - Discussed is a method of operating a CPNS (converged personal network service) gateway apparatus. The method includes transmitting a registration request message including user information to a server; transmitting an installation request message including the user information to a terminal; generating first authentication data on the basis of authentication information received by a user input; transmitting a trigger message including the first authentication data to the terminal; receiving a key assignment request message including second authentication data from the terminal in response to the trigger message; transmitting the received key assignment request message to the server; receiving a key assignment response message including a user key for the terminal in response to the key assignment request message; and transmitting the received key assignment response message to the terminal. | 06-27-2013 |
20130174234 | LIGHT-WEIGHT CREDENTIAL SYNCHRONIZATION - Aspects of the subject matter described herein relate to credential synchronization. In aspects, an entity may have access to resources on two or more systems. After the entity's credentials are changed on a first system, the first system updates the credentials on a second system so that the entity can access resources on the second system using the new credentials. The first system maintains a mapping data structure that maps between the credentials data of the two systems. The first system may obtain credential requirements from the second system and provide these requirements in conjunction with receiving a request to change credentials so that a user changing the credentials may satisfy both systems. | 07-04-2013 |
20130174235 | Dynamically Updating Current Communication Information - A method, system and computer readable media for dynamically updating current communication information, for enabling access to current communication based upon biometric information and/or for allowing communication information to be associated with biometric information and then allowing this communication information to be provided to desired recipients. | 07-04-2013 |
20130174236 | SERVER AND METHOD FOR PASSWORD RECOVERY - An exemplary password recovery method is applied on a server. The server is connected to one user terminal. The server stores email addresses and email boxes associated with the corresponding email address. Each email box includes emails sent to each corresponding email address. Each email may be a registration email that includes a website and a username. The method receives a password recovery request for a submitted email address of a user, and determines whether there is a registration email in the email box. If yes, the method obtains the website and the username. The method then controls the user terminal to display the prompt information corresponding to the obtained website. Further, the method receives the input username, and determines whether the input username matches the obtained username. If yes, the method generates a new email password, and controls the user terminal to display the new email password. | 07-04-2013 |
20130179951 | Methods And Apparatuses For Maintaining Secure Communication Between A Group Of Users In A Social Network - Embodiments address various methods and apparatuses that attempt to minimize the time that the security communication between group members may be at risk due to a user joining or leaving. For example, embodiments include methods of minimizing the time for which a joining member receives a secure commonly shared key and other embodiments include methods of minimizing the time that a user leaving the group has access to data shared within the group through updating the secure commonly shared key. | 07-11-2013 |
20130179952 | Refreshing group membership information for a user identifier associated with a security context - A method for selectively refreshing group membership for an identifier associated with an authenticated user. The identifier represents an application server security context, and it is generated to enable a user credential associated with the authenticated user to be persisted. Following such authentication, the client is provided with a time-bounded, renewable security token. The method begins by configuring an option whether group membership information is refreshed during renewal of an expired security token. During renewal of an expired security token, the method determines whether the option is set. If so, an attempt is made to refresh information. This attempt performs a set of checks to verify certain conditions. If these checks are valid, the identifier is refreshed and the security token renewed with updated group membership information. If any check is not valid, the identifier is refreshed and the security token renewed with existing information. | 07-11-2013 |
20130185777 | Methods And Apparatus For Reliable And Privacy Protecting Identification Of Parties' Mutual Friends And Common Interests - Systems and techniques for authenticating joint friends of users of wireless devices. An authenticating authority delivers a token to a wireless device for each party identified as a friend of a user of the wireless device, such as through relationships in an online social network. Two wireless devices can use information relating to the tokens to determine information relating to joint friends of the users of the devices, such as the identities of joint friends or simply the numbers of joint friends. Tokens can be further refined to allow for analysis that provides information relating to the degree of intimacy of the relationship between a user and a party identified as a friend. | 07-18-2013 |
20130185778 | SYSTEM, METHOD AND PROGRAM FOR OFF-LINE TWO-FACTOR USER AUTHENTICATION - Provided is an off-line two-factor user authentication system with a reduced risk of leakage of authentication information. The two-factor user authentication system is designed to use, as a password, a one-time-password derivation rule to be applied to certain pattern elements included in a presentation pattern at specific positions so as to create a one-time password, and further use, as a second authentication factor, information identifying a client to be used by a user. A plurality of pattern seed values each adapted to uniquely specify a presentation pattern in combination with a client ID, and a plurality of verification codes corresponding to respective ones of the pattern seed values, are stored in an off-line two-factor authentication client. A presentation pattern is created based on a selected one of the pattern seed values and a client ID, and an entered one-time password is verified based on a verification code corresponding to the selected pattern seed value. | 07-18-2013 |
20130185779 | SYSTEM AND METHOD FOR TWO-FACTOR USER AUTHENTICATION - Provided is a two-actor user authentication system with a reduced risk of leakage of authentication information. | 07-18-2013 |
20130185780 | COMPUTER IMPLEMENTED METHOD AND SYSTEM FOR GENERATING A ONE TIME PASSWORD - This technology provides methods, non-transitory computer readable medium and apparatuses that generate a OneTime Password (OTP) such that no hardware token is used. The technology uses some functions and parameters generated and transmitted to the client machine, by the server. The server generates a token for each session, cyclic groups G | 07-18-2013 |
20130185781 | METHOD AND DEVICE FOR REALIZING REMOTE LOGIN - The present disclosure provides a method and a device for realizing remote login. The method includes: a terminal server responding to a login request to an internal system from an end user, and recording and saving login information of the end user for logging in to the internal system; and the terminal server judging and analyzing the way the end user logs in to the internal system according to the login information and pre-configured rule, and allowing the end user to log in to and access the internal system if the analyzed result matches the pre-configured rule. The method and device allows for implementations of the SSO authentication and user bind authentication on the aspect of the data flow in the terminal server, simplifies the process of logging in to and accessing the internal system, and improves the information security of the system. | 07-18-2013 |
20130185782 | SYSTEMS AND METHODS FOR DUAL READER EMULATION - Systems and methods for emulating credentials are disclosed. In some cases, the systems include an access credential reader and an access credential writer. The access credential reader is communicably coupled to the access credential writer. The access credential reader is operable to receive information from an access credential, and to transfer at least a portion of the information to the access credential writer. The access credential writer is operable to transfer at least the portion of the information to an emulation access credential. | 07-18-2013 |
20130191893 | System and Method for Ensuring Anonymity to Provide Self Help Guidance - User access to a help system is provided in an anonymous manner. A provider organization distributes unique pre-generated unique user access codes to potential users. The user access codes include a general information portion and a random portion. When accessing the system for the first time, the user enters their unique user access code, a username, and password. The system associates the username with the password and with the user access code. Subsequent, the user logs into the system using the username and password. Data may be compiled and stored in association with the user access code for later retrieval and analysis to calculate statistics for provider organizations. | 07-25-2013 |
20130191894 | Integrating Server Applications with Multiple Authentication Providers - Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications. | 07-25-2013 |
20130191895 | Recovery of Information from Commercial Web Portals - Novel tools and techniques for automated recovery of information from commercial web portals, including commercial web portals requiring credentials for access. In some instances images are captured and pushed to external processes for improving system performance. In some instances access to automated software agent remote control modules is balanced across a system comprising a plurality of processors hosting the automated software agent remote control modules. Some instances provide provisioning of credentials, in particular indicating credentials available for an unlimited or a select limited number of users and monitoring credential use of those credentials usable by a select number of users. Some instances provide cache management optimizes retrieval of data by external processes and ensures reliability of such data to reduce unnecessary web portal inquiries. | 07-25-2013 |
20130191896 | AUTOMATIC PROVISIONING OF RESOURCES FOR MEETING COLLABORATION - A system for provisioning an output device, may include a processor; a memory; and a records display program. The records display program may be executed by the processor to maintain an indication of availability dates and times of one or more output devices connected to the network; to receive an output device invitation indicating a first output device to reserve at a meeting conducted over a conferencing system; to determine whether the first output device is available for reservation during a date and time period of the meeting; and to communicate to the first output device activation information indicating that the first output device is to become active at a first predetermined date and time related to the date and time period of the meeting and login information including a first credential for the first output device to use for logging into the conferencing system for the meeting. | 07-25-2013 |
20130191897 | Field Provisioning a Device to a Secure Enclave - This invention includes apparatus, systems, and methods to add a new device to a secure enclave, without requiring the new device to enter close proximity to the security entity and protected area. A new device is able to gain access to the secure enclave by first obtaining a temporary credential from an existing device in the field. The new device presents the temporary credential to the security entity which authenticates, provisions, and if appropriate fully associates the new devices to the secure enclave. The invention also includes a process for creating and distributing the temporary credentials to existing devices in the field including using secure connections to transmit electronic version of the temporary credentials and methods to securely distribute physical copies of the credentials. This invention enables rapid deployment of new devices, or replenishment of lost or damaged devices in the field without compromising the security of the device or the secure enclave. The invention also reduces the resources required, provides a solution that is available at any time, and reduces the technical skill required to add a device to a secure enclave. | 07-25-2013 |
20130191898 | IDENTITY VERIFICATION CREDENTIAL WITH CONTINUOUS VERIFICATION AND INTENTION-BASED AUTHENTICATION SYSTEMS AND METHODS - A system providing features for facilitating the authentication and verification of a consumer, facilitating and sharing trust between the consumer and third parties, and for continuously updating such information. The system can create an online identity credential based on verifying the identity of an individual subject. The system can include adding first, second, and third party information to the credential, analyzing the data in the credential to create metadata stored within the credential, continuously and periodically updating the elements and metadata of the identity credential, and for sharing selected data and metadata elements of the credential with second and third parties. The system can be used as a standalone identity credential or in support of biometric identity applications. The system can include rewards to encourage subjects to continuously verify their identity. The system can include a Knowledge-Based-Authentication based on intention analysis derived from second-party data, rather than factual third-party data. | 07-25-2013 |
20130191899 | ONE-TIME PASSWORD AUTHENTICATION WITH INFINITE NESTED HASH CLAIMS - Systems and methods for One-Time Password (OTP) authentication with infinite nested hash chains are described. In one aspect, a methodology includes a client device that provides a one-time password (OTP) authentication server with certain registration information. The client device generates, via the OTP authentication server, an authenticated OTP with infinite nested hash chains, These generating operations use a first hash function (hA (−)) for updating a seed chain, a second hash function (h | 07-25-2013 |
20130191900 | COMMUNICATION APPARATUS, REMINDER APPARATUS, AND INFORMATION RECORDING MEDIUM - Provided is a communication apparatus ( | 07-25-2013 |
20130198821 | Account Management for Multiple Network Sites - Disclosed are various embodiments for account management for multiple network sites. Multiple accounts of a user are maintained for multiple network sites in a computing device. A secured resource of a network site is to be accessed by the computing device. A new account is created, or an existing account is upgraded, in response to determining that the accounts are not capable of accessing the secured resource. A set of information about the user is provided to the network site to create, or upgrade, the account. | 08-01-2013 |
20130198822 | Authentication Management Services - Disclosed are various embodiments for authentication management services, where authentication services of network sites may support authentication management clients associated with different authentication management services. An authentication request is obtained by way of an authentication protocol from an authentication management client executed in a client computing device. The authentication request specifies a security credential associated with a user account. The user account at the client computing device is authenticated for access to at least one secured resource of a network site in response to the authentication request and in response to the authentication management client being supported. | 08-01-2013 |
20130198823 | Presenting Managed Security Credentials to Network Sites - Disclosed are various embodiments for providing managed security credentials to network sites for authentication. Multiple accounts of a user are maintained for multiple network sites. A secured resource of a network site is to be accessed by a computing device. One of the accounts is identified according to a domain name of the network site. The account is associated with a different network site having a different domain name from the domain name. The computing device is automatically authenticated with the network site using a security credential associated with the account. | 08-01-2013 |
20130198824 | Recovery of Managed Security Credentials - Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid. | 08-01-2013 |
20130198825 | Method of Securing Access to Data or Services That Are Accessible Via A Device Implementing the Method and Corresponding Device - The invention allows to secure access to data or services that are available for devices and applications via a device implementing the method. In order to secure the access to data or to one or more services that is/are accessed via a network device, the invention proposes a method that among others avoids unauthorized access to a data or one or more services and a device implementing the method. | 08-01-2013 |
20130198826 | AUTHENTICATE A FINGERPRINT IMAGE - A computing machine including a sensor to capture a fingerprint image from a user and generate a password in response to the user accessing the sensor, a component to create a package of the fingerprint image and the password, and a processor to authenticate the fingerprint image from the package before decrypting an encryption of the password if a request for the password has been received before a predefined time has elapsed. | 08-01-2013 |
20130205376 | SYSTEM AND METHOD FOR SECURING DISTRIBUTED EXPORTING MODELS IN A NETWORK ENVIRONMENT - A method is provided in one example implementation and includes identifying a plurality of exporters that are authorized to communicate data to a collector on behalf of a secure domain; generating secure credentials for the secure domain; communicating the secure credentials to the collector; and authenticating the exporters using the secure credentials. In more particular implementations, the method can include receiving the secure credentials; receiving certain data that includes identifying information, which further includes an Internet protocol (IP) address of a source associated with the certain data; accepting the certain data if the secure credentials validate the identifying information; and rejecting the certain data if the secure credentials do not validate the identifying information. | 08-08-2013 |
20130212656 | Dynamic PSK for Hotspots - Systems and methods for providing secured network access are provided. A user device located within range of a hotspot initiates a request sent via an open communication network associated with the hotspot. The request concerns secured network access at the hotspot by the user device. A unique pre-shared key is generated for the user device based on information in the received request and transmitted over the open communication network for display on a webpage accessible to the user device. The unique pre-shared key is stored in association with information regarding the user device. The user device may then use the unique pre-shared key in subsequent requests for secured network access. | 08-15-2013 |
20130212657 | ELECTRONIC DEVICE AND METHOD FOR RESETTING UNLOCKING PASSWORD OF THE ELECTRONIC DEVICE - A computerized method resets an unlocking password of an electronic device. Verification information used for resetting a first unlocking password currently used for unlocking the electronic device, and a destination for receiving a second unlocking password in place of the first unlocking password are preset in the electronic device. A request message from a terminal device is monitored in real-time, and checked for the inclusion of the verification information. The second unlocking password is generated, the first unlocking password of the electronic device is replaced by the second unlocking password, and the second unlocking password is sent to the destination if the verification information is included in the request message. | 08-15-2013 |
20130212658 | SYSTEM FOR AUTOMATED PREVENTION OF FRAUD - A system for preventing fraud of a web service offered by a service provider at a website, which comprises: | 08-15-2013 |
20130212659 | TRUSTED CONNECTED VEHICLE SYSTEMS AND METHODS - This disclosure relates to systems and methods for facilitating a security and trust architecture in connected vehicles. In certain embodiments, a method for creating a trusted architecture in a connected vehicle may include generating a connected vehicle ecosystem map including information relating to a plurality of electronic control units and network connections included in the connected vehicle. Based on the vehicle ecosystem map, trusted relationships involving electronic control units may be identified. Trusted credentials may be generated and issued to electronic control units that meet one or more trust requirements. Using the trusted credentials, trusted communication within the connected vehicle may be achieved. | 08-15-2013 |
20130212660 | CREDENTIAL MANANGEMENT SYSTEM - A server may communicate with a mobile device and/or a reader device via an Internet connection. The server may be configured to generate a credential and transmit the credential to the mobile device. The mobile device may use the credential in an access control system, a payment system, a transit system, a vending system, or the like. | 08-15-2013 |
20130212661 | CREDENTIAL MANAGEMENT SYSTEM - A server may communicate with a mobile device and/or a reader device via an Internet connection. The server may be configured to generate a credential and transmit the credential to the mobile device. The mobile device may use the credential in an access control system, a payment system, a transit system, a vending system, or the like. | 08-15-2013 |
20130219478 | REDUCED AUTHENTICATION TIMES FOR SHARED-MEDIA NETWORK MIGRATION - In one embodiment, a management device in a computer network determines when nodes of the computer network join any one of a plurality of field area routers (FARs), which requires a shared-media mesh security key for that joined FAR. The management device also maintains a database that indicates to which FAR each node in the computer network is currently joined, and to which FARs, if any, each node had previously joined, where the nodes are configured to maintain the mesh security key for one or more previously joined FARs in order to return to those previously joined FARs with the maintained mesh security key. Accordingly, in response to an updated mesh security key for a particular FAR of the plurality of FARs, the management node initiates distribution of the updated mesh security key to nodes having previously joined that particular FAR that are not currently joined to that particular FAR. | 08-22-2013 |
20130219479 | Login Using QR Code - Systems and methods are disclosed herein for a user to use a trusted device to provide sensitive information to an identity provider via QR (Quick Response) code for the identity provider to broker a website login or to collect information for the website. A user may securely transact with the website from unsecured devices by entering sensitive information into the trusted device. The identity provider may generate the QR code for display by the website on an unsecured device. A user running an application from the identity provider on the trusted device may scan the QR code to transmit the QR code to the identity provider. The identity provider may validate the QR code and may receive credential information to authenticate the user or may collect information for the website. Advantageously, the user may perform a safe login to the website from untrusted devices using the trusted device. | 08-22-2013 |
20130227661 | SYSTEMS AND METHODS FOR GENERATING AND AUTHENTICATING ONE TIME DYNAMIC PASSWORD BASED ON CONTEXT INFORMATION - The invention relates to a system and method for generating and authenticating one time dynamic password based on the context information related to a user. It involves retrieving user context information and generating a dynamic value based on that. The first one time dynamic password is generated at the user device using the first dynamic value and the user PIN. The first dynamic value along with the user identifier is sent to the authentication server. The authentication server sends the user identifier to the context management server. The context management server has access the context information used to generate the first dynamic value and based on that they generate a second dynamic value. The authentication server receives this value and generates the second one time dynamic password and if it matches with the first one time dynamic password then the authentication server authenticates the first one time dynamic password. | 08-29-2013 |
20130227662 | Method of Generating a Token to be Used in a Uniform Resource Identifier - A method of generating a token to be used in a Uniform Resource Identifier (URI) for use in the retrieval of a data item by a user device is provided. Security setting data relating to the data item is received. A token to be used in a URI is generated. The token is associated with the data item. The token is transmitted to a user device. Generating comprises selecting a length of the token at least partly on the basis of the security setting data. | 08-29-2013 |
20130227663 | METHOD, A SYSTEM AND A NETWORK ELEMENT FOR IMS CONTROL LAYER AUTHENTICATION FROM EXTERNAL DOMAINS - The method comprises: i) obtaining, an authentication registrar (S-CSCF) of a IMS control layer, two sets of IMS credentials for a user: a first set from a user equipment (UE) and a second set from a Home Server Subscriber, or HSS ( | 08-29-2013 |
20130239187 | Physiological Response PIN Entry - Methods and systems are provided for facilitating the secure entry of a user's PIN for electronic transactions such as merchant checkout, payment authorization, or access authorization. A physiological response of the user can indicate which one of a random sequence of numbers is a number of the user's PIN. For example, the user can blink, wink, or make a subtle facial movement to provide the indication. | 09-12-2013 |
20130239188 | Authentication Method for a Universal Serial Bus Device and Related Universal Serial Bus Device - The present invention discloses an authentication method for a Universal Serial Bus (USB) device. The authentication method includes performing two-way authentication with an authentication server via a server, to generate an authentication result indicating whether the authentication is successful; and generating a one time password according to the authentication result. | 09-12-2013 |
20130239189 | Bootstrap Authentication Framework - A bootstrap authentication framework may automatically provide stored authentication credentials to an application server on behalf of an application. The bootstrap authentication framework may receive an access request from a protocol handler to access the authentication credentials stored in a subscriber identity module (SIM) of the electronic device. The access request may be initiated by an application that uses the authentication credentials to access a network service on an application server. In turn, the bootstrap authentication framework may provide the authentication credentials to the protocol handler when a digital signature associated with the protocol handler indicates that the protocol handler is allowed to access the authentication credentials. | 09-12-2013 |
20130239190 | PREVENTING IMPERSONATION OF A COMPUTER SYSTEM USER - A system and method for preventing an administrator impersonating a user from accessing sensitive resources on a target system is provided. The method comprises receiving a first request from a user to change the user's password on a target system to be changed, sending a “change password” request for the user to the target system, storing the user's new password, receiving a second request from the target system on behalf of the user for access to a sensitive resource, wherein the second request contains information about the user's password, and denying the second request if the information about the user's password is not consistent with the user's stored new password. | 09-12-2013 |
20130247158 | Secure Group Communications - A device for use in a system with multiple receiving units, and multiple intermediate units each configured to communicate with the device and at least some of the multiple receiving units, includes a communication module configured to send information toward and receive information from the receiving units and the intermediate units, a memory, and a processor coupled to the memory and the communication module. The processor is configured to: cause the communication module to send information toward each of the receiving units sufficient for the receiving units to obtain a key chain corresponding to that receiving unit, each key chain containing a plurality of keys, each key in each key chain being related to other keys in the respective key chains by at least one inverse of a one-way function; select a key from a key chain associated with a particular receiving unit and stored in the memory; and cause the communication module to send the selected key, and an indication of which receiving unit the selected key is associated with, toward the intermediate unit associated with the particular receiving unit. | 09-19-2013 |
20130247159 | METHOD AND SYSTEM FOR ONLINE THIRD-PARTY AUTHENTICATION OF IDENTITY ATTRIBUTES - A method for online authentication includes receiving membership authenticating information specific to members of a particular affiliation from the members and from one or more remote databases. The information is aggregated and stored in an aggregate database. An individual is authenticated, via a widget at least one of integrated into, and accessible by, at least one of a mobile application and a website of a provider of at least one of a particular program and a particular service, as a member of the particular affiliation based on a comparison of authenticating indicia provided online by the individual and the information stored in at least one of the aggregate database and the remote databases. Digital credentials are provided to the individual for access to the at least one of the particular program and the particular service when the individual is authenticated. The credentials include a unique identifier, a login and password. | 09-19-2013 |
20130254856 | Password Generation And Management - A computer implemented method and system for generating and managing multiple passwords associated with multiple online accounts is provided. The computer implemented method and system provides a password management platform accessible by a computing device via a network. The password management platform acquires information on the online accounts and user passwords associated with the online accounts via a graphical user interface (GUI) provided by the password management platform. The password management platform generates one or more unique secure random passwords to replace the user passwords for each of the online accounts on receiving an indication via the GUI. The password management platform stores the generated unique secure random passwords associated with each of the online accounts for managing access to each of the online accounts. The password management platform provides direct and secure access to the online accounts using the stored user passwords or the generated unique secure random passwords. | 09-26-2013 |
20130263235 | DATA PACKET GENERATOR FOR GENERATING PASSCODES - A data packet generator periodically generates a data packet including a passcode comprising a plurality of characters. The data packet is sent to a server or a computing device for validation. If validated, the data packet is used, for example, to identify the location of a user or device. Additional systems and methods involving such a data packet generator are also disclosed. | 10-03-2013 |
20130269008 | KEY ASSIGNMENT FOR A BRAND - Systems and methods for providing secured network access are provided. A user device located within range of a branded hotspot initiates a request for the secured network access. The request concerns secured network access at the hotspot by the user device and includes a unique pre-shared key. A query regarding the unique pre-shared key is sent to a database, which retrieves information regarding a corresponding pre-shared key. That information is sent to the hotspot controller, which allows the user device secured network access as governed by one or more parameters associated with the pre-shared key. | 10-10-2013 |
20130269009 | Method And System Using A Cyber ID To Provide Secure Transactions - A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU. | 10-10-2013 |
20130269010 | PATTERN ENTROPY PASSWORD STRENGTH ESTIMATOR - A password evaluation system is provided for determining the password strength of a password. A password is provided for evaluation. The password is parsed and substrings are identified from the password. Each substring is associated with a pattern that can generate the substring. The substrings are scored to determine a substring strength measure for the substring. The substrings are combined to identify non-overlapping substring combinations, which together make up the password. The combinations are assigned a combination strength score based in part on the substring strength of the substrings contained in the substring combinations. The substring combination with the lowest combination strength measure is identified and the associated combination strength measure is used as the password strength measure for the password. | 10-10-2013 |
20130269011 | SYSTEM AND METHOD FOR PROVISIONING A UNIQUE DEVICE CREDENTIALS - According to one embodiment of the invention, a method for controlling access to a network comprises a first operation of determining a type of electronic device to join the network. Then, unique device credentials are sent to the electronic device. These unique device credentials are used in authenticating the electronic device, and the format of the unique device credentials is based on the type of electronic device determined. | 10-10-2013 |
20130269012 | System and Method for Securely Provisioning and Generating One-Time-Passwords in a Remote Device - A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages stand | 10-10-2013 |
20130276077 | PASSWORD RESETTING METHOD AND ELECTRONIC DEVICE HAVING PASSWORD RESETTING FUNCTION - A computerized method for resetting a password of a user, the user uses an electronic device to access to an information system provided by a server according to a user ID of the user and the password. An index code and device information of the electronic device are stored in the server corresponding to the user ID. When the password is to be reset, the user ID and the index code are inputted by the user and the device information of the electronic device is acquired. A verification string is generated using the index code and the user ID inputted by the user and the acquired device information, and is sent to the server for verification, thereby requesting to reset the password. | 10-17-2013 |
20130283360 | DISTRIBUTED GROUP TEMPORAL KEY (GTK) STATE MANAGEMENT - In one embodiment, each security protocol supplicant in a computer network determines its group temporal key (GTK) state, and exchanges the GTK state with one or more neighbor supplicants in the computer network. Based on the exchange, a supplicant may determine whether any inconsistencies exist in its GTK state, and in response to any inconsistencies in the GTK state, may perform a GTK state synchronization with a security protocol authenticator by indicating to the authenticator what is needed to resolve the inconsistent GTK state at the particular supplicant. In another embodiment, the authenticator, which is configured to not store per-supplicant GTK state, may transmit beacons containing GTK identifiers (IDs) of GTKs currently enabled on the authenticator, and also responds to supplicants having inconsistent GTK states with one or more needed GTKs as indicated by the supplicants. | 10-24-2013 |
20130291076 | DYNAMIC REPLACEMENT OF SECURITY CREDENTIALS FOR SECURE PROXYING - A subscription proxy receives, from an end user system, a request for a resource provided by a content delivery network, the request comprising a local credential associated with the end user system. The subscription proxy identifies a remote credential associated with the content delivery network and corresponding to the local credential. The subscription proxy replaces the local credential in the request with the corresponding remote credential and sends the request for the resource with the remote credential to the content delivery network. | 10-31-2013 |
20130291077 | IMAGE PROCESSING DEVICE AND IMAGE PROCESSING METHOD - An image processing device controls a local resource, retrieves data files from a network, generates partial images from data included in the data files, and displays an image by combining the plurality of partial images. The partial images include first partial images that require access to the local resource and second partial images that do not require such access. Access to the local resource takes place by request and is controlled so that generation of the first partial images requires authentication of the retrieved data files. While authentication is in progress, the image processing device disallows access to the local resource and displays an image by combining the second partial images with a notification image indicating that authentication is being performed. | 10-31-2013 |
20130291078 | Secure Distribution of Non-Privileged Authentication Credentials - An authentication credentials push service (ACPS) that securely pushes non-privileged authentication credentials to registered client entities. The ACPS comprises a classification server and a push server to provide access to non-privileged authentication credentials absent a pull transaction. The classification server in the ACPS classifies authentication credentials as either privileged (i.e. private, forgeable) or non-privileged (i.e. non-forgeable, non-sensitive). Credentials identified as being of a privileged nature are treated with restricted access. Alternatively, credentials classified as being of a non-privileged nature are made available for the push service. Authentication servers register with the ACPS to become consumers of the push service. A push server within the ACPS pushes non-privileged authentication credentials to registered authentication servers at predetermined intervals. Individual authentication credentials push services (ACPS) have access to different authentication credentials. An authentication server can use a dynamic name service (DNS) lookup to find a specific authentication credentials push service (ACPS). | 10-31-2013 |
20130298208 | SYSTEM FOR MOBILE SECURITY - A method and apparatus for mobile security using a short wireless device. The method and device increases mobile device security and data security and reduces false alerts. | 11-07-2013 |
20130298209 | ONE ROUND TRIP AUTHENTICATION USING SNGLE SIGN-ON SYSTEMS - Systems, methods, and apparatus embodiments are described herein for enabling one-round trip (ORT) seamless user/device authentication for secure network access. For example, pre-established security associations and/or credentials may be leveraged between a user/device and a network entity (e.g., application server) on a network to perform an optimized fast authentication and/or to complete security layer authentication and secure tunnel setup in an on-demand and seamless fashion on the same or another network. | 11-07-2013 |
20130305328 | SYSTEMS AND METHODS FOR PASSING PASSWORD INFORMATION BETWEEN USERS - Systems and methods are provided for sharing passwords from one user to another. In one embodiment, a system is provided. The system generates a password based on the phone number, resource, and an encryption method. The system then generates an encrypted resource, based on the email address, phone number, file, and the encryption method. The encrypted resource may then be decrypted using the password received from the second user, after successfully identifying the second user and the file, and allowing the second user to access the file using the web page. | 11-14-2013 |
20130305329 | ESTABLISHING ACCESS TO A SECURE NETWORK BASED ON USER-CREATED CREDENTIAL INDICIA - In various aspects, code-based indicia contain secured network access credentials. In some aspects, a computer processor receives user input that specifies secured network access credentials, and the computer processor creates or modifies credentials for establishing a secured network connection. In these aspects, the computer processor generates code-based indicia that contain at least part of the secured network access credentials. In other aspects, a computer processor scans the code-based indicia and extracts the network access credentials. In these aspects, the computer processor employs the network access credentials to establish the secured network connection. In additional aspects, a network router apparatus renders the code-based indicia to an active display. In further aspects, a network router apparatus conditions grant of network access to a device on receipt from the device of an answer to a security question included in the secured network access credentials. | 11-14-2013 |
20130305330 | SYSTEMS AND METHODS FOR REMOTE CREDENTIALS MANAGEMENT - The present application relates generally to wireless communication systems and more specifically to systems, methods, and devices for remote credentials management within wireless communication systems. In one aspect, a method of obtaining provisioning information via a service provider network, such as a cellular network, for a device is provided. The method includes transmitting an attach request via the service provider network for provisioning service, the attach request including device vendor information which includes a unique identifier for the device. The method further includes receiving provisioning information from the service provider upon authentication of the device vendor information. In other aspects, systems and methods for providing provisioning information are described. | 11-14-2013 |
20130305331 | AUTHENTICATION AND MANAGEMENT SERVICE SYSTEM FOR PROVIDING LOCATION INFORMATION AND METHOD FOR PROVIDING THE SAME - The present invention relates to an authentication and management service system for providing location information wherein in providing location information on an individual through a mobile network by using a certificate for location information sharing, the certificate for location information sharing is issued previously to a wireless terminal (mobile phone) of a designated person (parent) of a location information sharing object (child), the location information of the location information sharing object is requested and received from a mobile communication system, and the certificate for location information sharing is selectively provided and managed to other designated person and organization. | 11-14-2013 |
20130312071 | METHOD AND SYSTEM FOR INITIATING SECURE TRANSACTIONS WITHIN A DEFINED GEOGRAPHIC REGION - An approach for enabling contextual categories to be associated and scored in connection with a defined geographic region is described. A transient services platform establishes, based on biometric authentication of a user, a limited session for completing a transaction. The transient services platform then determines, based on a defined geographic region, a context to associate with the transaction. Credentials associated with the user are transferred to the transaction agent based on the authentication and the determined context. | 11-21-2013 |
20130312072 | METHOD FOR ESTABLISHING SECURE COMMUNICATION BETWEEN NODES IN A NETWORK, NETWORK NODE, KEY MANAGER, INSTALLATION DEVICE AND COMPUTER PROGRAM PRODUCT - According to an aspect of the invention, a method for establishing secure communication between nodes in a network is conceived, wherein the network comprises a key manager which accommodates a key-manager-specific public key and a corresponding key-manager-specific private key; wherein a copy of the key-manager-specific public key is stored in an installation device; wherein the installation device provides a new node with the copy of the key-manager-specific public key; and wherein said new node is registered with the key manager by providing a node-specific public key and an identifier of said new node to the key manager, such that other nodes in the network may setup end-to-end secure connections with said new node by requesting the node-specific public key of said new node from the key manager. | 11-21-2013 |
20130318578 | PASSWORD MANAGEMENT AND SMART HONEY POT SYSTEM - A system creates a weak password using a regular expression, and stores the weak password. The system receives a password from a user or a third party, and executes a first action when the password from the user or the third party is the weak password. In another embodiment, the system stores a strong password as a weak password and creates a new strong password. The system receives a password from a user or a third party, and executes a first action when the password is the new strong password and executes a second action when the password is the weak password. | 11-28-2013 |
20130318579 | Method of Initiating Randomized Communication Links among Persons Belonging To an Organization by Executing Computer-Executable Instructions Stored On a Non-Transitory Computer-Readable Medium - A method of initiating randomized communication links among persons belonging to an organization by executing computer-executable instructions stored on a non-transitory computer-readable medium allows members within an organization to submit requests to be engaged with other organization members for various activities such as eating or exercising. Engagement requests specify a time frame and a location to meet with other users. Engagement requests are time dependent and confined to a particular location. Engagements may be randomized, or prioritized for members who have not previously engaged with each other and filtered based on various other criteria. | 11-28-2013 |
20130326599 | Validating Pointer Records In A Domain Name System (DNS) Service - In one embodiment a method for receiving a request from a user to update a pointer record of a domain name system (DNS) in a DNS service includes issuing a query from the DNS service to a resource of a first service of the data center from the DNS service using a uniform resource indicator (URI) of the request corresponding to the resource, receiving a list of Internet protocol (IP) addresses in the DNS service from the first service, determining whether an IP address received in the request corresponds to one of the IP addresses of the list, and if so, enabling the user to update the pointer record. | 12-05-2013 |
20130326600 | Authenticating Users Based Upon an Identity Footprint - Disclosed are various embodiments of generating a user signature associated with a user and authenticating a user. At least one behavior associated with at least one sensor in a computing device is identified. A timestamp is generated and associated with the behavior. A user signature corresponding to a user based at least in part upon the behavior and the timestamp is generated and stored. | 12-05-2013 |
20130326601 | COMMUNICATION SYSTEM - A content distribution server receives from an information processing device, a first password generated from first data indicating a key and server specific information specific to the server with the use of a predetermined function. Then, the received first password and processing designation information designating processing are transmitted to a terminal. The terminal generates a second password from second data indicating a key matching with the key indicated by the first data and the server specific information obtained from the information processing device, with the use of the function. Then, the first password from the server and the generated second password are checked against each other, and whether or not to perform processing designated by the processing designation information from the server is determined based on a result of checking. | 12-05-2013 |
20130326602 | Digital Signatures - Apparatus and methods of creating digital signatures include storing a credential received from an external issuing entity at a host device associated with a signature engine. After agreeing on a message with a verifying entity, the host device may transmit a version of the credential with a signature from the associated signature engine for the message to the verifying entity. The verifying entity may determine from the version of the credential and the digital signature whether the credential originated from a trusted issuing entity. | 12-05-2013 |
20130326603 | WIRELESS DEVICE, REGISTRATION SERVER AND METHOD FOR PROVISIONING OF WIRELESS DEVICES - The present invention relates to auto-provision of wireless devices. A wireless device ( | 12-05-2013 |
20130333006 | ENTERPRISE TRIGGERED 2CHK ASSOCIATION - A method of operating a security server to securely transact business between a user and an enterprise via a network includes receiving, at the security server from an enterprise with which the user is currently connected via the network, a request of the enterprise to activate a secure communications channel over the network between the user and the security server. The request includes contact information for contacting the user via other than the network. The security server, in response, transmits an activation code for delivery to the user via other than the network and in a manner corresponding to the received contact information. The security server receives, from the user via the network, an activation code and compares the received activation code with the transmitted activation code to validate the received activation code. The secure communications channel is then activated based on the validation of the received activation code. | 12-12-2013 |
20130340057 | Image Facilitated Password Generation User Authentication And Password Recovery - User authentication systems and supporting methods and devices are described. For instance, the disclosed subject matter describes image-facilitated generation of user authentication credentials, user authentication, etc. for a user and related functionality, where a selection of images can correspond to a grammatical structure comprising disparate parts of speech according to various non-limiting aspects. The disclosed details enable various refinements and modifications according to system design and tradeoff considerations. | 12-19-2013 |
20130340058 | SECURE SYSTEM AND METHOD FOR COLLECTING, AUTHENTICATING, AND USING PERSONAL DATA - A system for collecting, storing, authenticating, and managing personal information, such as identity data, skill data, qualification data, certification data, for individuals and/or organizations. The system surely collects identity, skill, qualification, and certification data and enables the generation of a personal identification credential that can be used to securely authenticate the identity of an individual and, thereafter, retrieve skill, qualification, certification data, and/or other personal information for the individual. The system also enables an individual with an issued personal identification credential via third party verification to securely update personal information, such as skills, qualifications, and certifications data for storage in a secure cloud database system. | 12-19-2013 |
20130347084 | Security Mode for Mobile Communications Devices - A system and method of implementing a security mode in a mobile communications device, including a mobile communications device comprising a processor, and a computer readable storage medium storing programming for execution by the processor, the programming including instructions to activate a security mode of the mobile communications device, and pursuant to activation of the security mode, disable a first class of features of the mobile communications device, wherein other features of the mobile communications device remain enabled after activation of the mobile security. | 12-26-2013 |
20130347085 | DATA EXFILTRATION ATTACK SIMULATION TECHNOLOGY - Novel systems and methods for testing network security are disclosed. In one example, at least one specified data message and at least one specified access credential to at least one third-party web-based service is stored on a monitoring system. At least one software agent configured with the specified data message and the specified access credential to the third-party web-based service is installed on at least on system to be tested. The software agent is executed on the testing system to send the specified data message to the third-party web-based service using the specified access credential. A monitoring system which is independent of the network, access the third-party web-based service with the access credential. The monitoring system compares, if data on the third-party web-based service is equivalent to the specified data message sent by the software agent. In another example, the software agent is configured with a custom start-logging command. | 12-26-2013 |
20130347086 | METHODS AND SYSTEMS FOR CAPTURING BIOMETRIC DATA - A method of capturing biometric data is provided that includes activating a security application in a device. The security application is activated by an operator of the device and is configured to cause the device to display an outline image. Moreover, the method includes displaying the outline image in a stationary position on a display of the device, positioning desired biometric data proximate the device such that the desired biometric data appears as a biometric image on the device display, and monitoring the outline and biometric images shown on the device display. Furthermore, the method includes positioning the device and the desired biometric data to better align the outline and biometric images when the outline and biometric images do not align and capturing the desired biometric data from an individual after approximately aligning the outline image with the biometric image. | 12-26-2013 |
20140007205 | No-Click Log-In Access to User's Web Account Using a Mobile Device | 01-02-2014 |
20140007206 | Notification of Security Question Compromise Level based on Social Network Interactions | 01-02-2014 |
20140007207 | METHOD AND DEVICE FOR GENERATING LOCAL INTERFACE KEY | 01-02-2014 |
20140013407 | METHOD AND SYSTEM FOR REMOTE OPERATION OF AN INSTALLATION - The present invention relates to a method and a system for operating a device ( | 01-09-2014 |
20140020071 | Methods and Systems for Sharing Digital Assets - Aspects of the present invention relate to systems and methods for providing non-subscriber access to a digital asset and, in particular, to methods and systems for providing non-subscriber access to a digital asset while providing provider protection. A temporary guest credential may be generated that may allow access to a limited workspace on a resource server. The temporary guest credentials may expire after a guest-account duration limit. | 01-16-2014 |
20140026199 | Using Metadata In Security Tokens to Prevent Coordinated Gaming In A Reputation System - To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client. | 01-23-2014 |
20140026200 | METHOD AND APPARATUS FOR PROVIDING SECRET DELEGATION - A method for providing secret delegation may comprise receiving a credential secret applied to an algorithm associated with a distributed application in a trusted execution environment, causing delegation of the credential secret from one communication device to at least one other communication device, and modifying the credential secret prior to transfer of a modified version of the credential secret to the at least one other communication device in a manner that enables a generation of the credential secret to be determined. An apparatus and computer program product corresponding to the method are also provided. | 01-23-2014 |
20140033285 | ENTERPRISE SECURITY SYSTEM - A platform of Trust Management software which is a single, customizable, complete distributed computing security solution designed to be integrated into an enterprise computing environment. Digital Network Authentication (DNA) is the centerpiece of the system of the present invention. It is a unique means to authenticate the identity of a communicating party and authorize its activity. The whole mechanism can be thought of as a trusted third party providing assurances to both clients and servers that each communicating entity is a discrete, authenticated entity with clearly defined privileges and supporting data. Furthermore, the level of trust to be placed in the authorization of every entity communicating within the system is communicated to every entity within a distributed computing environment. | 01-30-2014 |
20140047520 | TECHNIQUES FOR CREDENTIAL AUDITING - Techniques for credential auditing are provided. Histories for credentials are evaluated against a principal credential policy for a user and an enterprise credential policy for an enterprise as a whole. An audit trail is produced within a report for the histories. The report indicates whether compliance with the principal and enterprise credential policies occurred and if not at least one reason is provided as to why compliance was not met within the histories. | 02-13-2014 |
20140047521 | TECHNIQUES FOR CREDENTIAL AUDITING - Techniques for credential auditing are provided. Histories for credentials are evaluated against a principal credential policy for a user and an enterprise credential policy for an enterprise as a whole. An audit trail is produced within a report for the histories. The report indicates whether compliance with the principal and enterprise credential policies occurred and if not at least one reason is provided as to why compliance was not met within the histories. | 02-13-2014 |
20140047522 | REQUEST AUTHENTICATION TOKEN - An authentication mechanism for use in network-based services generates an authentication token. The authentication token is provided to a client device as part of the code comprising a content page. The content page code is received and loaded by a browser application at the client device. When the content page code is received and loaded by the browser application, the authentication token is loaded by the browser as well. Upon receiving subsequent input, the browser application may send a content request to the server. The content request includes the authentication token maintained by the browser application in the content page. A server may validate the authentication token provided in the request using version information and one or more master authentication tokens. | 02-13-2014 |
20140053251 | USER ACCOUNT RECOVERY - A user account recovery method is described. The method includes storing an account recovery token at both an identity management system (IDM) and a service provider. In response to an indication that a user cannot access an account, a request for the account recovery token is sent by the relevant service provider to the IDM. On confirming the identity of the user, the IDM retrieves the account recovery token and returns the token to the service provider. The service provider compares the token received from the IDM with one or more locally stored tokens to initiate an account recovery process (which process may, for example, include prompting the user to provide a new password for the account). | 02-20-2014 |
20140053252 | System and Method for Secure Document Distribution - A system and method for secure document distribution is provided. The system includes a computer system and a secure document distribution engine. The system includes a two-factor authentication system that includes a password and a hardware component. Documents can be accessed from a network (e.g., the Internet, a cloud computing resource, etc.), via a link as an e-mail attachment, or as a stored file. Redistribution of documents by malicious authorized users is not possible without attribution due to the view-only nature of the system in combination with other measures that include event logging and document watermarking. Access can be revoked or blocked in real time, regardless of how the files were distributed or where they reside. | 02-20-2014 |
20140059662 | Shared circuit switched security context - Creation of update of a security context between user equipment and MSC/VLR (Mobile Switching Centre/Visitor Location Register) for circuit switched domain services is provided. The creation or update is based on conversion of the security context used in an evolved Universal Terrestrial Radio Access Network (E-UTRAN) in the Mobility Management Entity (MME) to a security context for the circuit switched domain target system and transferring it to a MSC/VLR. When user equipment is moved from E-UTRAN to GSM EDGE Radio Access Network/Universal Terrestrial Radio Access Network (GERAN/UTRAN), a MME does not need to perform authentication and key agreement procedures to establish shared circuit switched security context for the user equipment. | 02-27-2014 |
20140059663 | SYSTEM AND METHOD FOR CREATING AND IMPLEMENTING SCALABLE AND EFFECTIVE MULTI-MEDIA OBJECTS WITH HUMAN INTERACTION PROOF (HIP) CAPABILITIES - Embodiments of the invention provide a method and apparatus (“system”) that overcome the above-mentioned problems among others and provide an innovative solution aimed at creating an interactive, dynamic and effective multi-media object with HIP capabilities which may be used in online advertising, security, and user-defined security. The system leverages the existing HIP CAPTCHA real estate to create multi-media objects that guarantee a captivated audience, especially in online advertising. Combining interactive multi-media objects with HIP capabilities helps to meet a very critical need faced by advertisers and websites today—creating an effective impression of any multi-media object on a user (a guaranteed eyeball). Embodiments of the current invention introduce a variety of formats that involve interacting with a multi-media object to provide a more natural user interaction and ease of use while maintaining security. | 02-27-2014 |
20140059664 | Hardware-Based Credential Distribution - This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile. | 02-27-2014 |
20140068731 | MANAGING PASSWORD STRENGTH - A method, system or computer usable program product for managing password strength including receiving a password on a data processing system for a user, filtering for personal information about the user from multiple independent data sources accessible across a computer network, computing the password strength by the data processing system using an algorithm which compares the password to the filtered personal information about the user, and presenting feedback to the user through a user interface on a data processing system display regarding the computed password strength. | 03-06-2014 |
20140068732 | Single tenant audit view in a multi-tenant environment - A method correlates audit information in a multi-tenant computing infrastructure. The method leverages a user's authentication to the infrastructure, such as via federated single sign-on (F-SSO) from an identity provider. Preferably, the user's tenant identifier in the environment is derived based on identity information obtained during the F-SSO exchange. This tenant identifier is propagated to one or more other components in the infrastructure that are accessed by the user. As audit event from multiple components in the computing infrastructure are generated, these audit events are annotated with the tenant identifier and stored in an audit repository. In response to a request to view the tenant's audit data, a collection of tenant-specific audit events are then retrieved from the audit repository and displayed in a single tenant view. This approach ensures that audit event information is not leaked inadvertently between tenants. | 03-06-2014 |
20140068733 | MANAGING PASSWORD STRENGTH - A method for managing password strength including receiving a password on a data processing system for a user, filtering for personal information about the user from multiple independent data sources accessible across a computer network, computing the password strength by the data processing system using an algorithm which compares the password to the filtered personal information about the user, and presenting feedback to the user through a user interface on a data processing system display regarding the computed password strength. | 03-06-2014 |
20140075523 | METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR SHARING WIRELESS NETWORK CREDENTIALS - Example method, apparatus, and computer program product embodiments are disclosed to improve user experience and security in sharing Wi-Fi network credentials. A method embodiment comprises receiving in a wireless device, a wireless message including private credential information to access a wireless network; determining by the wireless device, that the received private credential information is not stored in a cache of known network access points in the wireless device; and storing by the wireless, the received private credential information, in a credential database for network access points. | 03-13-2014 |
20140075524 | SYSTEM AND METHOD TO ESTABLISH AND USE CREDENTIALS FOR A COMMON LIGHTWEIGHT IDENTITY THROUGH DIGITAL CERTIFICATES - A system and method for authentication of a user using “lightweight” identities. The system and method provides for establishment of user credentials for a particular electronic mail address by an identity server through the recordation of a mail token and private token after receiving a request for credentials from the user. The identity server sends a private token to the user and sends a verification message to the user containing a specific link to the identity server for verification of the user along with the mail token, and then can verify the user by confirming that a mail token and private token recorded by the identity server match a mail token and a private token received from the user. After the verification process is successful, the identity server issues credentials that consist of a certificate either with or without a private key to the user which serves as an authenticated, unique, lightweight identity that a user can assume to access various services. | 03-13-2014 |
20140075525 | STRONG AUTHENTICATION BY PRESENTATION OF THE NUMBER - Authentication method by one-time password from a user ( | 03-13-2014 |
20140082709 | DYNAMIC PASSWORD AUTHENTICATION METHOD AND SYSTEM THEREOF - The present invention discloses a dynamic password authentication method and a system thereof. The method comprises: a server receives first information sent from the client, generates second information according to the first information, sets every transmission bit in the second information to be in corresponding brightness status or color status to obtain a third information and sends it to a client; the client transforms the third information into impulse optical signal and outputs it; a dynamic password device transforms the impulse optical signal into intermediate information, extracts part or all of it and transforms it into display information; the dynamic password device receives trigger information, generates a first dynamic password; the server generates a second dynamic password or a set of second dynamic passwords and verifies whether the first dynamic password is legitimate by it. Security of authentication is improved by the present invention. | 03-20-2014 |
20140082710 | METHOD FOR AUTHENTICATING AN OTP AND AN INSTRUMENT THEREFOR - A method for authenticating an OTP (one time password) and an instrument therefor, in which the method includes determining whether the OTP token is authenticated successfully, if the OTP token is not authenticated successfully, setting size of an authentication window to be a first predetermined time length and authenticating the obtained OTP according to the authentication window; if the OTP token is authenticated successfully, determining whether the interval between the authentication success time and the current system time is longer than a second predetermined time length, if yes, setting size of the authentication window to be a third predetermined time length and authenticating the obtained OTP according to the authentication window and the authentication success time, in which the third predetermined time length is shorter than the first predetermined time length; otherwise, setting size of the authentication window to be a fourth predetermined time length and authenticating the obtained OTP according to the authentication window and the authentication success time, in which the fourth time length is shorter than the third predetermined time length. The invention can ensure both the authentication success rate and the authentication security. | 03-20-2014 |
20140082711 | CREDENTIAL PROVIDER THAT ENCAPSULATES OTHER CREDENTIAL PROVIDERS - Systems, methods, and computer readable media for encapsulating multiple Windows® based credential providers (CPs) within a single wrapping CP are described. In general, CP credentials and fields from two or more encapsulated or wrapped CPs may be enumerated and aggregated in such a way that the order of fields from each CP is preserved, fields that may be used only once are identified and appear only once, and fields are given a new unique field identifier. The union of all such fields (minus duplicates of any one-use-only fields) may be used to generate a mapping so that the wrapping CP and CP credential may “pass-through” calls from the operating system's logon interface to the correct wrapped CP and CP credential. The disclosed techniques may be used, for example, to provide single sign-on functionality where a plurality of sign-on credentials may be used (e.g., user name/password and smart card PIN). | 03-20-2014 |
20140082712 | Systems and Methods for Authorization of Information Access - Systems and methods according to the present invention provide a proactive approach to controlling access to information that may be correlated with a governmentally issued personal identifier. Included are systems and methods for proactive control of information access and liability incursion. Further included are systems and methods for emulating information access to an authorized person. Generally, a method according to the present invention includes the steps of requesting verification from a subscriber at any time that information is requested from registered information holders and any time that liability may be incurred through registered information holders. In this way, the subscriber, rather than reacting to invasive information or identity theft, may proactively control access to such information, thereby preventing the theft in the first place. | 03-20-2014 |
20140090035 | Authentication System and Method - Security is improved as compared to the security of conventional authentication systems, only by requesting a user to perform operations involving the same number of operations as that of the conventional authentication systems. When login information is registered, an authentication system ( | 03-27-2014 |
20140090036 | ONLINE CREDENTIAL PLATFORM - An online credential platform enables organizations and people to create, manage, exchange and verify professional and personal credentials to support trust, reputation and transactions. The platform can allow credential issuers to create credential types and then assign them to proxies that represent real world persons or entities. Following this, it can allow other sites and applications to verify a person's or entity's credentials within the scope of their site or application reliably and with maximum privacy/anonymity. | 03-27-2014 |
20140096211 | SECURE IDENTIFICATION OF INTRANET NETWORK - A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer. | 04-03-2014 |
20140101735 | SYSTEM AND METHOD FOR ASSEMBLING AND ANALYZING A CANDIDATE APPLICATION FOR A CREDENTIAL - An automated system and method for assembling and analyzing a candidate application to determine a type of credential in a professional credentialing area for the candidate is provided. The automated system may facilitate the receipt of application materials from various sources and may enable review and appraisal of the application by multiple parties. The application may be tailored to a specific type of requested credential. | 04-10-2014 |
20140101736 | Authenticating Credentials For Mobile Platforms - Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service. | 04-10-2014 |
20140101737 | MOBILE DEVICE AND CONTROL METHOD THEREOF - A mobile device and a method are provided. A mobile device includes a display, a sensor configured to sense a user operation with respect to the display, a fingerprint sensor configured to sense a fingerprint of the user that input the user operation, a storage configured to store preregistered fingerprint information, and a controller configured to perform an operation corresponding to the user operation when the fingerprint sensed by the fingerprint sensor matches the stored fingerprint information and perform a fingerprint registration operation when the fingerprint sensed by the fingerprint sensor does not match the stored fingerprint information. | 04-10-2014 |
20140101738 | APPLYING A PARTIAL PASSWORD IN A MULTI-FACTOR AUTHENTICATION SCHEME - A method includes transmitting a User ID and a full Password of a user of a client device to a server via the client device, and then establishing a network connection between the client device and the server after the User ID and the full Password. The method also includes receiving, from the server via the client device, an encrypted secret PIN (ESPIN) and a challenge for corresponding positions of a Partial Password, entering the Partial Password via the client device, and computing a secret PIN (SPIN) from the ESPIN via the client device in response to a correct entry of the Partial Password. The Additional Factor is unlocked using the SPIN, and the unlocked Additional Factor is transmitted to the server to request authentication of the user of the client device. The client device includes a processor and memory having instructions for the above method. | 04-10-2014 |
20140109205 | DYNAMIC MESSAGING IN A PERSONAL DATA PROTECTION SUITE - An online protection suite provides password management and a dashboard set of services combining single-click access to user accounts and a simple browser window automatically filled with offers for a variety of related products and services targeted especially for particular users. Each user is identified to a business partner server with a unique customer automatically sent from a simple browser embedded in the password management dashboard. The business partner server returns a webpage back to the simple browser that has been constructed especially for this user by leveraging sensitive and proprietary information collected by the business partner. Such customer information is not directly accessible to the password manager. | 04-17-2014 |
20140109206 | Multi-Control Password Changing - Multi-control password changing includes initiating a password change cycle to change a target user's password, selecting a plurality of administrators to provide password part inputs, receiving password part inputs separately and confidentially from the plurality of administrators, generating a multi-control password comprised of multiple password part inputs, changing the target user's password to the multi-control password, and transmitting either the single multi-control password or multiple password parts each separately to target user. In an exemplary embodiment, a system for multi-control password changing includes a multi-control password changing module configured to change a target user's password, a recruitment module configured to select a plurality of administrators to provide password part inputs, a regulation module configured to receive and process password part inputs from the plurality of administrators, and a change value module configured to generate a multi-control password comprised of multiple password part inputs. | 04-17-2014 |
20140109207 | System and Method of Generating Verification Code - The present disclosure provides techniques for generating an authentication code. These techniques may modularize processing diagram, noise element and words content as several modules. Then, a context message is added in individual modules by a computing device. The computing device may generate a plurality of contexts based on a configuration rendering style. Individual contexts correspond to one kind of diagram style allocation of authentication code. The computing device may define an executing sequence of the context based on a predetermined algorithm rule, and execute the drawing of diagram authentication code of the context based on the executing sequence of the sharp context. | 04-17-2014 |
20140115675 | SMART CARD SERVICE METHOD AND APPARATUS FOR PERFORMING THE SAME - Provided are a smart card service method and an apparatus for performing the same. The smart card service method includes receiving a certificate generation request from a terminal, transmitting the certificate generation request to an authentication processing device, and storing credential information with respect to the generated certificate in a virtual machine associated with the terminal in response to a certificate generation success message provided from the authentication processing device. Thus, it is possible to reduce costs in accordance with manufacturing smart card hardware, and support smart card services in a more enhanced security environment. | 04-24-2014 |
20140115676 | DEVICE AUTHENTICATION METHOD AND DEVICES - In a method for authenticating a device on a wireless local area network (WLAN) there is a once-off registration phase in which the device sends registration data in a MO SMS via the mobile network to the authentication system, and the authentication system performs a query to this mobile network to validate the subscriber and resolve the subscriber and device identifiers. The device receives network access information from the authentication system, allowing it to generate network access credentials on an on-going basis. This is permanent unless the registration is revoked due, for example, to the device being stolen. The network access information may be provided by the authentication system generating and signing a unique subscriber certificate during registration, and the device downloading it. The device uses the signed certificate to generate and encrypt the network access credentials for the network access. | 04-24-2014 |
20140115677 | TOKEN AUTHENTICATION SYSTEM AND METHOD - A method for calculating a One Time Password. A secret is concatenated with a count, where the secret is uniquely assigned to a token. The secret can be a private key or a shared secret symmetric key. The count is a number that increases monotonically at the token with the number of one-time Passwords generated at the token. The count is also tracked at an authentication server, where it increases monotonically with each calculation of a one-time Password at the authentication server. An OTP can be calculated by hashing a concatenated secret and count. The result can be truncated. | 04-24-2014 |
20140115678 | Methods and Apparatus for Authenticating Identity of Web Access From a Network Element - A network configuration having various network elements and user equipments configured to authenticate web access requests is disclosed. Upon receipt of web addresses from various subscribers, the web addresses such as online advertisements are stored in a memory. The network traffic in the communication network is monitored in accordance with the web addresses stored in the memory. After detecting a website assess request such as a click of an online advertisement, an authentication record which authenticates the origin of the network equipment issuing the request. The authentication record is forwarded to a subscription partner via a predefined messaging mechanism. | 04-24-2014 |
20140123252 | Integrating a Router Based Web Meter and a Software Based Web Meter - A method for associating a web event with a member of a group of users is implemented at a first computing device. The method includes: receiving a data access request from a second computing device; determining whether the user has previously provided personal information and authorization to the first computing device through the second computing device; if the user's personal information and authorization are found: generating a record for the data access request; if the user's personal information is found but the user's authorization is not found: generating a record for the data access request; and if neither of the user's personal information and authorization is found: identifying one or more user identifiers that are associated with the second computing device; and returning personal information associated with the one or more user identifiers to the second computing device. | 05-01-2014 |
20140123253 | Behavioral Fingerprinting Via Inferred Personal Relation - Disclosed herein are example embodiments for behavioral fingerprinting via inferred personal relation. For certain example embodiments, at least one indication of personal relation for at least one authorized user may be inferred via at least one user-device interaction, and the at least one indication of personal relation may be incorporated into at least one behavioral fingerprint that is associated with the at least one authorized user, with the at least one behavioral fingerprint including one or more indicators of utilization of one or more user devices by the at least one authorized user. | 05-01-2014 |
20140123254 | WEBSITE RELATIONSHIP AND SHARING ACCOUNT - A relationship and sharing account system includes computing devices configured to execute modules including a user account module configured to store a plurality of user accounts, each corresponding to a user and including user information, at least some of which is accessible to other users, a login module, a communication module configured to obtain information sharing requests, which specify the sharing of information to other users, a sharing account creation module configured to create a user sharing account linked to an existing user account and corresponding to a subsidiary user, and an information duplication module configured to a) automatically copy information in a user sharing request input by the subsidiary user to the linked user account; or b) notify the user corresponding to the linked user account when an information sharing request is input by the subsidiary user and require approval before sharing the information with other users. | 05-01-2014 |
20140137218 | MANAGING SECURITY CREDENTIALS FOR SCALED-OUT SERVICES - Embodiments are directed to establishing separate security identities for a shared service and shared service instances, and to managing shared and service instance credentials. In one scenario, a computer system establishes a shared credential for a shared service that includes multiple shared service instances, where the shared credential uniquely identifies the shared service. The computer system establishes a service instance credential for each shared service instance that uniquely identifies each shared service instance and maintains a relationship between the service instance and the shared service. The relationship provides service instance access to the shared credentials as the shared credentials are updated over time. Then, upon determining that the shared credentials have been updated and are no longer valid, the shared service instance accesses the updated shared credentials using the established relationship. | 05-15-2014 |
20140137219 | AUTOMATICALLY GENERATING CHALLENGE QUESTIONS INFERRED FROM USER HISTORY DATA FOR USER AUTHENTICATION - User authentication is provided. At least one of a social network and a business network of each user in a plurality of users is accessed. User history data of each user in the plurality of users is monitored in the at least one of the social network and the business network. Challenge questions requiring a user response are generated based on monitoring the user history data of the users. The user response to a generated challenge question is evaluated. A set of events is triggered based on evaluating the user response. | 05-15-2014 |
20140137220 | Obtaining Password Data - A method of obtaining password data for entry to an application running on a device. The method may include running a password manager application on a device. The password manager application may identify one or more applications installed on the device. The password manager application may display the identified applications on a display of the device. The password manager application may receive a user selection of a displayed application. The password manager application may determine whether an entry exists for the selected application in a memory associated with the password manager application. If no entry exists, the password manager application may generate an entry comprising password data for the selected application. If an entry exists, the password manager application may retrieve password data relating to the selected application. | 05-15-2014 |
20140143845 | System and Method for Password Recovery - A method and system for password recovery in computer applications is disclosed. Passwords in the same computer application may be recovered according to different criteria. Criteria for password recovery vary according to the sensitivity of the password-protected material. Criteria for recovery of a password protecting sensitive information have more stringent criteria than criteria for recovery of passwords protecting less sensitive information. In certain embodiments, passwords may be recovered through the use of third party agents. Recovered passwords are associated with unique identifiers, such as email addresses and phone numbers that facilitate communication with a user. Recovered passwords may be transmitted to users via email, phone, and text message or by any other means associated with the unique identifier. | 05-22-2014 |
20140157378 | CLOUD BASED APPLICATION ACCOUNT MANAGEMENT - An aspect provides a method, including: receiving at a remote device a client log in to a cloud based account issued from a client device; determining the client device is not associated with the client log in; issuing an instruction to unbind at least one client device application log in credential and bind a cloud client log in credential to the at least one client device application; and providing an instruction to unbind the cloud client log in credential from the at least one client device application in response to at least one predetermined criteria being satisfied. Other aspects are described and claimed. | 06-05-2014 |
20140165165 | Device Credentialing for Network Access - Various embodiments provide techniques for sharing network service access credentials among multiple devices that share a common user or are associated in a device group. After connecting to a network service (e.g., a wireless network, wired network, or web site), a first device can upload the credentials used to access the network service to a cloud-hosted credential service. The credential service can store the credentials and associate them with the first device and/or its user. Later, a second device can log in to the credential service and receive a download of one or more sets of credentials to enable access to one or more network services that are authorized for the second device. Various embodiments include a credential management interface to enable an authorized user to manage device/network service pairings, permissions, and/or restrictions for network service access. | 06-12-2014 |
20140165166 | LIMITING ACCESS TO A DIGITAL ITEM - In a method for limiting access to a digital item, a count for the digital item is stored, wherein the count is a number of accesses permitted for the digital item. A password for accessing the digital item is received. A one-way hash function is performed on the password based on the number of accesses of the count to generate a password hash based on the count. The password hash is stored as the stored password hash. | 06-12-2014 |
20140165167 | SCALABLE AND AUTOMATED SECRET MANAGEMENT - A secret (e.g. a password, key, certificate) is automatically generated by a system. For example, at the time of deployment of a computing machine, a password may be generated and securely stored by the system with other secrets. The password may be used by the system to perform various operations (e.g. configuring the machine, . . . ). When a secret is requested by a user to access a resource, a secret is provided to the user. Once the secret has been utilized by the user, the secret is reset and replaced with a newly generated secret. All/portion of the secrets may also be automatically regenerated. For example, when a breach occurs and/or is suspected, each of the secrets may be replaced with newly generated secrets and securely stored. Auditing and reporting may also be provided (e.g. each request/access to a secret is logged). | 06-12-2014 |
20140165168 | Secure Information Storage and Delivery System and Method - A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is associated with a service level including at least one of a data type or a data size limit associated with the secure vault, the secure vault being adapted to receive and at least one data entry and securely store the at least one data entry if the at least one of a size or a type of the at least one data entry is consistent with the service level. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device. A synchronization utility determines whether the at least one data entry on the secure vault is transferable to or storable on the mobile vault based on at least one of the size or the type of the at least one data entry and transfers the at least one data entry from the secure vault to a corresponding data entry on the mobile vault if the at least one data entry on the secure vault is determined to be transferable to or storable on the mobile vault. | 06-12-2014 |
20140173705 | DISTRIBUTED AUTHENTICATION USING PERSISTENT STATELESS CREDENTIALS - Techniques and tools are described for performing distributed authentication using persistent stateless credentials. Distributed authentication can be performed during egress by obtaining a principal identifier, generating an expiration time, obtaining a secret key identifier that identifies a secret key, generating an initialization vector, encrypting the principal identifier and the expiration time to produce a ciphertext, creating a credential, and providing the credential for persistence at a client device. The credential comprises the ciphertext, the initialization vector, the secret key identifier. Distributed authentication can be performed during ingress by obtaining a credential, extracting a ciphertext, an initialization vector, and a secret key identifier from the credential, obtaining a secret key identified by the secret key identifier, decrypting the ciphertext to produce a principal identifier and an expiration time and authenticating the credential using, at least in part, the principal identifier and the expiration time. | 06-19-2014 |
20140173706 | APPARATUS AND DATA PROCESSING SYSTEMS FOR ACCESSING AN OBJECT - A system and method for providing access to an object over a network may comprise hosting an object on a distributed data processing system accessible over the network, the object contained within a cell; generating, by a cell access provider, a unique and random address for the cell containing the object, utilizing an address resolution module and providing, by the cell access provider, the unique and random address to a computing device of a unique consumer; and upon receipt of the unique and random address from the unique user, matching the unique and random address with the cell to facilitate access by the unique user to the object. The object may comprise a virtual object acting as a cell for facilitating access to one or more additional objects. The virtual object cell may contain one or more unique and random addresses facilitating access to one or more additional objects. | 06-19-2014 |
20140181925 | Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine - In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed. | 06-26-2014 |
20140181926 | METHOD AND MOBILE DEVICE FOR GENERATING A DATA AUTHENTICATION KEY - The invention relates to a method for generating a data authentication key for allowing data communication over a wireless channel between a first mobile device and a second mobile device, comprising: associating said mobile devices to each other by means of said key. The invention comprises: allowing a shared physical or mechanical condition to be applied generally simultaneously upon said devices; detecting, in said first mobile device, said condition; defining, in said first mobile device, said authentication key based on the detected condition; and transmitting said key to said second mobile device. The invention also relates to a mobile device configured for generating a data authentication key for allowing data communication over a wireless channel to a further mobile device. | 06-26-2014 |
20140181927 | FILE FORMAT AND PLATFORM FOR STORAGE AND VERIFICATION OF CREDENTIALS - In various embodiments, a computer-implemented method for generating and verifying officially verifiable electronic representations may be disclosed. The method may comprise receiving, by a credential database, a request for a credential action. The credential database may be configured to store one or more credentials comprising a status indicator. The method may further comprise determining, by the credential database, a response to the credential action based on the one or more user credentials stored in the credential database and transmitting, by the credential database, the response to a client device. | 06-26-2014 |
20140181928 | METHOD AND SYSTEM FOR PLANNING AND MANAGEMENT OF DIGITAL EVENTS - A method and system is provided that manages events involving an individual's digital assets and/or external services that the individual interfaces with using external service credentials. The method and system allow the individual to securely store digital assets and external service credentials used to login to external services. The method and system further allow the individual to create a plan of actions to be executed on specified dates, where the actions involve one or more of the individual's digital assets and/or involve one or more external services that the individual interfaces with using one or more external service credentials. The plan of actions takes the format of a timeline that includes one or more timeline events, where an action and a date are associated with a timeline event. | 06-26-2014 |
20140181929 | METHOD AND APPARATUS FOR USER AUTHENTICATION - The disclosure generally relates to methods and apparatuses for user authentication. According to embodiments of the present invention, authentication-related information may be encoded in an image such as a QR code. By communicating and decoding such image information and other authentication information between one or more devices of the user and an authentication server, the authentication server may perform an effective authentication to the user and his/her device. In the meantime, it is possible to avoid the risk of invalid authentication due to the disclosure of the password. Embodiments of the present invention may be used in combination with the existing static password and/or dynamic password authentication and thus they have a good compatibility. | 06-26-2014 |
20140181930 | METHOD, SYSTEM AND APPARATUS FOR PROTECTING ABSF ENTITY FROM ATTACK - A method, system and apparatus for protecting a bootstrapping service function (BSF) entity from attack includes: a first temporary identity and a second temporary identity are generated after a BSF entity performs a mutual authentication with a user equipment (UE) by using an initial temporary identity sent from the UE; the BSF entity receives a re-authentication request carrying the first temporary identity from the UE; and the UE sends a service request carrying the second temporary identity to a network application function (NAF) entity. The present disclosure prevents attackers from intercepting the temporary identity at the Ua interface and using the temporary identity to originate a re-authentication request at the Ub interface, thus protecting the BSF entity from attack and avoiding unnecessary load on the BSF entity and saving resources. | 06-26-2014 |
20140181931 | MULTI-PLATFORM USER DEVICE MALICIOUS WEBSITE PROTECTION SYSTEM - A security system for defending online users against fraudsters and malicious websites comprises a back-end network server and appropriate apps for each protected user device. An otherwise conventional network server is enhanced with application software instructions for a centralized software-as-a-service (SaaS) to respond to network requests from user devices operating variously under ANDROID-type, APPLE IOS-type, and MICROSOFT WINDOWS-type operating systems. The SaaS investigates, surveys, and watches websites. It calculates confidence scores related to financial fraud and the acceptability and risk to said users of visiting particular websites. It maintains a trusted network database of website URL's calculated to belong to financial websites that can be trusted and present acceptable levels of fraud and financial risk to its visitors. Each user device application provides for secure password management and access via a security browser to websites in the trusted network. | 06-26-2014 |
20140181932 | METHOD FOR MANAGING AND CHECKING DATA FROM DIFFERENT IDENTITY DOMAINS ORGANIZED INTO A STRUCTURED SET - The invention relates to a method and system for managing and checking different identity data relating to a person. According to the invention, a derived-identity management server generates for the person at least part of the identity data with which said person can be authenticated in relation to a service provider for the derived-identity domain, on the basis of information derived from identity data from parent domains. The identity data generation processing ensures that no link can be established from two authentications in two separate domains in the absence of link information. If necessary, said link information is transmitted by a parent domain to a derived-identity server so that the latter establishes the link between the identity data of the derived-identity domain and the identity data of the parent domain, e.g. for the cascade revocation of a person from various domains. | 06-26-2014 |
20140189826 | TECHNIQUES FOR DYNAMIC GENERATION AND MANAGEMENT OF PASSWORD DICTIONARIES - Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable. | 07-03-2014 |
20140189827 | SYSTEM AND METHOD FOR SCOPING A USER IDENTITY ASSERTION TO COLLABORATIVE DEVICES - A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion. | 07-03-2014 |
20140189828 | SYSTEM AND METHOD FOR PROCESSING RANDOM CHALLENGES WITHIN AN AUTHENTICATION FRAMEWORK - A system, apparatus, method, and machine readable medium are described for transparently requesting a new random challenge from a server within an authentication framework. For example, one embodiment of a method comprises: transmitting a random challenge and an indication of a timeout period associated with the random challenge from a server to a client within the context of a network registration or authentication process using authentication devices communicatively coupled to the client; automatically detecting that the random challenge is no longer valid based on the timeout period; and responsively transmitting a request for a new random challenge from the client to a server, wherein transmitting is performed transparently to a user of the client. | 07-03-2014 |
20140189829 | ADAPTIVE SECONDARY AUTHENTICATION CRITERIA BASED ON ACCOUNT DATA - An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices. | 07-03-2014 |
20140189830 | Multi-Component Signature Generation - A method, system, and computer program product for multi-component signature generation are provided in the illustrative embodiments. A set of original signature components is received comprising original signature components of different types. A subset of original signature components from the set of original signature components is modified to create a set of modified signature components. Members of a subset of the set of modified signature components are arranged in a modified order. The modified order is different from an original order in which original signature components corresponding to the members of the subset of the set of modified signature components appear in the set of original signature components. The multi-component signature is generated in response to the arranging. | 07-03-2014 |
20140189831 | TIME-BASED AUTHENTICATION - Time-based authentication apparatus deploys a seed record to user equipment such as a mobile telephone pre-equipped with an app. When a user initiates login access to a protected product or service, using a computing device, they run the app on their mobile equipment which delivers an output such as a QR code (or other local communication such as NFC) containing two time-based codes. The login process on the computing device accepts the output and sends the time-based codes to the authentication apparatus, either together or the second code on request. The authentication apparatus now locates the codes and automatically resynchronises to any time zone across the world plus 1 hour of clock drift (+/−13 hours UTC). | 07-03-2014 |
20140189832 | Transcoding Content Based on Verification of Ownership of the Content - A computer-implemented method includes generating data indicative of one or more times in which to sample content of a first resource and content of a second resource; receiving, from a client device, content of the first resource sampled at the one or more times; comparing the sampled content from the first resource to content sampled from the second resource at the one or more times; determining, based on comparing, that the first resource includes a same resource as the second resource; verifying, based on determining, ownership of the second resource; generating, based on a verifying, a user key specifying ownership of the second resource; and transmitting the user key to the client device. | 07-03-2014 |
20140189833 | INFORMATION PROCESSING APPARATUS CAPABLE OF AUTHENTICATION PROCESSING WITH IMPROVED USER CONVENIENCE, CONTROL PROGRAM FOR INFORMATION PROCESSING APPARATUS, AND RECORDING MEDIUM HAVING CONTROL PROGRAM FOR INFORMATION PROCESSING APPARATUS RECORDED THEREON - An information processing apparatus determines whether a device accesses a box region of the information processing apparatus. When it is determined that the box region is accessed, a box ID entry screen is displayed on the device. The information processing apparatus determines whether a box ID is entered by a user of the device. If it is determined that a box ID is entered, then device information about the device is obtained. After the device information is obtained, the information processing apparatus determines whether the device possesses a hardware keyboard. If it is determined that the device possesses a hardware keyboard, a password authentication screen is displayed on the device. If it is determined that the device does not possess a hardware keyboard, an image authentication screen is displayed on the device. | 07-03-2014 |
20140196129 | USER CREDENTIAL MANAGEMENT SYSTEM AND METHOD THEREOF - The present invention provides a user credential management system and a method thereof. The system includes a profile creation module configured to facilitate creation of one or more context specific user profiles. Each context specific user profile comprises a set of user credentials. A profile linking module is configured to link the one or more context specific user profiles to a web browser. A profile selection module is configured to facilitate a selection of a context specific user profile from one of web account creation and a first time access to existing web account post creation of the context specific user profiles. The selection is subsequent to display of a web form associated with the web account. The profile selection module is further configured to populate entries corresponding to one or more credential entry fields on the web form based on the selected context specific user profile and auto populate the web form at the subsequent access to the web account. | 07-10-2014 |
20140196130 | TECHNIQUES FOR CREDENTIAL GENERATION - Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events. | 07-10-2014 |
20140201824 | SYSTEMS AND METHODS FOR PROVIDING ACCESS TO DATA ACCOUNTS WITHIN USER PROFILES VIA CLOUD-BASED STORAGE SERVICES - A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile, (4) locating a unique account name that identifies the data account in the request, and then (5) satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service. Various other methods, systems, and computer-readable media are also disclosed. | 07-17-2014 |
20140208403 | METHOD FOR IDENTIFYING PULSE OPTICAL SIGNAL AND DEVICE THEREOF - The invention provides a method for identifying pulse optical signal, including: a. receiving first trigger information; b. collecting and identifying pulse optical signal with a predetermined method to obtain a unit of data; c. parsing the unit of data and determining type of it, if the unit of data is a unit of data representing header information, step d is executed; or if the unit of data is other type of unit of data, step b is executed; d. going on collecting and identifying pulse optical signal with the predetermined method to obtain a unit of data; e. determining whether all units of data corresponding to the unit of data representing the header information is received; f. packeting the unit of data representing the header information with all corresponding units of data into a group of data packets. The invention converts the pulse optical signal into bits, packets and converts the bits into a data packet, and receives the photosensitive-transfer information which accelerates the process of obtaining required data by a signal identifying device. | 07-24-2014 |
20140208404 | CONFLICT RESOLUTION FOR KEYCHAIN SYNCING - Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item. | 07-24-2014 |
20140215584 | Use of Resource Up to Extension Value by Subscription Device - A pin associated with an identification number (ID) of a subscription device and a sequence number of a credit is output to a user. The pin is inputted to the subscription device. The subscription device is to allow the user to use a resource up to an extension value stored in the subscription device, if the entered pin correlates to a stored pin of the subscription device. | 07-31-2014 |
20140215585 | SYSTEM AND METHOD FOR SYNCHRONIZING CONNECTION CREDENTIALS - In one embodiment, a method includes establishing a connection with an access-point (AP) device via a first communication path. The method further includes establishing a connection with a proxy device for the AP device via a second communication path that is distinct from the first communication path. In addition, the method includes determining a set of connection credentials maintained by the AP device. Furthermore, the method includes determining a set of connection credentials maintained by the proxy device. Additionally, the method includes identifying a correct set of connection credentials. The correct set includes at least one of the first set and the second set. The method also includes synchronizing the first set and the second set according to the correct set. | 07-31-2014 |
20140215586 | METHODS AND SYSTEMS FOR GENERATING AND USING A DERIVED AUTHENTICATION CREDENTIAL - A method for generating a derived authentication credential includes determining whether a first authentication credential obtained from an individual is valid. The first authentication credential includes device data. Moreover, the method includes verifying the individual is a first authentication credential legitimate user after the first authentication credential is validated, and determining that a second authentication credential associated with the individual is valid after the individual is determined to be the legitimate user. Furthermore, the method includes capturing authentication data from the individual with a communications device, and after successfully authenticating the individual with an authentication computer system with the captured authentication data, combining the second authentication credential with the device data. | 07-31-2014 |
20140215587 | REMOTE KEYCHAIN FOR MOBILE DEVICES - An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset. | 07-31-2014 |
20140215588 | FOCUSED AND SEMI-PRIVATE LOCATION BASED ASYNCHRONOUS THREAD COMMUNICATIONS - Communication by location method that geoplaces asynchronous message threads to a specific first geographic location geo-fence within which they are visible, and a second sub geo-fence for replies. The message threads have a first viewing distance parameter, a second reply parameter, and other parameters such as optional user set password prefixes. Users with mobile devices such as GPS equipped smart phones may set their devices to discover non-password protected message threads that are within a specified radius of the actual device itself, or a device virtual map location, and may use passwords to find password protected message threads. Generally only users with a real geographic proximity to the thread within the specified reply distance may reply to the thread. The method will generally be implemented by software residing on mobile devices and host servers, and may additionally use data from map servers to place the treads in a map context. | 07-31-2014 |
20140215589 | METHOD FOR GENERATING A SOFT TOKEN, COMPUTER PROGRAM PRODUCT AND SERVICE COMPUTER SYSTEM - A method is provided for generating a soft token by which attributes of a user may be authenticated. A request to generate the soft token is transmitted from an electronic device of the user to a service provider computer via a first secure connection. After receiving the request, the service computer generates a one-time password, records the password as a session identifier, and transmits the password to the electronic device. The password is output by the electronic device via a user interface. The user enters the password into a user computer system, from where it is transmitted, via a second secure connection, to the service computer system. If the recorded password agrees with the received password, one or more attributes are read from an ID token of the user and a corresponding soft token is generated and transmitted to the electronic device or user computer system. | 07-31-2014 |
20140215590 | MULTI-TENANT CLOUD STORAGE SYSTEM - A multi-tenant cloud storage system is provided. The cloud storage system a plurality of tenants, each tenant is configured to utilize an isolated logical partition of the cloud storage system accessible to a respective tenant portal, wherein the plurality of tenants includes at least a first type tenant and a second type tenant, each of the first type tenant and the second type tenant are configured to provision its respective set of members with a different storage policy. | 07-31-2014 |
20140223524 | KEY UPDATING METHOD AND SYSTEM THEREOF - A key updating method and system are provided. In the method, (1) a back-end authentication system receives a current dynamic password generated by a dynamic token and authenticates the current dynamic password, and if the authentication succeeds, generates key updating information and goes to (2); (2), the back-end authentication system generates a first updating key according to the key updating information and a first initial key stored therein and copies the first updating key to a buffer of the first initial key; the dynamic token obtains and authenticates the key updating information, and if the authentication succeeds, generates a second updating key according to the key updating information and a second initial key stored in the dynamic token and copies the second updating key to a buffer of the second initial key; or if authentication fails, quits the key updating. The solution avoids risk incurred by accidental key leakage. | 08-07-2014 |
20140223525 | Access to Vaulted Credentials Using Login Computer and Mobile Computing Device - According to an example computer-implemented method, a password management server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated for enabling release of the vaulted credentials. The session ID is linked to the login computer and to the requested resource. The session ID is transmitted to the login computer. Responsive to receiving a value indicative of the session ID from a mobile computing device, the password management server transmits the vaulted credentials to the login computer or to the mobile computing device. | 08-07-2014 |
20140223526 | SYSTEM AND METHOD FOR PROVIDING PRIVACY IN SMART METER DEPLOYMENT - Privacy-preserving smart metering for a smart grid. Issuing a privacy-enhanced credential to a consumer node having smart meter. Operating the consumer node to associate an id with the credential and to use the id to report usage. Other systems and methods are disclosed. | 08-07-2014 |
20140223527 | CLIENT APPLICATION ASSISTED AUTOMATIC USER LOG IN - Some systems allow a user to access content using both a native client application and a web interface. In these systems, the client application authorized to access a user account can assist with automatically logging a user into the web interface through the use of authentication tokens. In response to an authentication request, the client application can select a token and split it into multiple parts. One piece can be embedded in a URL and a second piece can be stored in a file. The file can also contain browser executable instructions that when executed combine the two pieces to re-create the token and send the re-created token to a server to authenticate the user. The client application can forward the URL to the browser, which can direct the browser to the file. The browser can execute the instructions thereby authenticating the user. | 08-07-2014 |
20140223528 | CERTIFICATE INSTALLATION AND DELIVERY PROCESS, FOUR FACTOR AUTHENTICATION, AND APPLICATIONS UTILIZING SAME - A process/method is provided, which facilitates the secure, streamlined and authenticated installation of an end user's personally associated electronic identification, such as but not necessarily limited to Public Key Infrastructure digital certificates, a biometric authentication system, a location-based authentication system, a token-based system, and any ancillary software necessary for facilitating electronic security approaches associated with these technologies onto Mobile Devices with minimal Mobile Device end user interaction and without need for sending the personally associated electronic identification across potentially insecure communication protocols. The invention utilizes proprietary communication between Mobile Device software applications, personally associated electronic identification authority servers, and web-based application servers to verify Mobile Device identity and to authenticate end user credential factors and requests for end user credential factors with minimal end user interaction. The disclosed process/method may provide a system for verifying identity by authenticating Mobile Device end users via the submission of multiple credential factors. | 08-07-2014 |
20140223529 | Method of Sharing Credential and Wireless Communication System thereof - A method of sharing credential in a wireless communication system comprising a first user equipment, a second communication device and a network, includes transmitting a temporal credential and a credential custody request, from the first communication device, to the network; transmitting first custody information, by the network, to the first communication device; transmitting a credential acquiring request and second custody information, by the second communication device, to the network; and determining whether to transmit the temporal credential to the second communication device according to the second custody information. | 08-07-2014 |
20140223530 | Secure Network Deployment - In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile. | 08-07-2014 |
20140237564 | SECURE ACCESS CREDENTIAL UPDATING - One or more first servers may receive a token, generated by a second server based on the second server validating an authorization parameter received by a third server; receive, from the second server, a token parameter, associated with the token and being associated with the authorization parameter and identifying a credential associated with the third server; receive, from the third server, a request to update the credential, the request including the token; validate the token; form an updated credential based on the token parameter and based on validating the token; and provide the updated credential to the third server. The credential may be replaced, by the third server, with the updated credential without interaction with a user of the third server. | 08-21-2014 |
20140237565 | METHOD AND SYSTEM FOR GENERATION OF DYNAMIC PASSWORD - A method and system of independent generation of dynamic password by a client and a server for subsequent verification of the generated password by either the server or the client is provided. The method includes registration of user ID for identification of the client and associating client's related information. Then the client provides one or more static values and one or more variable values for the registered user ID. The server then drives the base value and further the instructions are then applied on the registered ID. Thus generating the random password and further verifying the generated password with the random password and thus authorizing the client. | 08-21-2014 |
20140237566 | PASSWORD AUDIT SYSTEM - A password audit system is provided for determining the strength of user passwords in a computer system, application or network to which users have access via a user identification and password. The password audit system may include: an interface for establishing a data connection between the password audit system and the computer system, application or network, configured to retrieve cipher text user passwords stored thereon; a central processing unit, configured to successively generate different plain text passwords, encode them into corresponding cipher text passwords, and compare the encoded cipher text passwords to a given one of the retrieved cipher text passwords, until a match is found or a predetermined time has elapsed; and data storage means for storing data relating to the strength of the user passwords, the strength being dependent on the employed method to generate the different plain text passwords and/or the time needed to find a match. | 08-21-2014 |
20140237567 | AUTHENTICATION METHOD - An improved authentication method for authenticating user identity for access to a computer service. | 08-21-2014 |
20140237568 | UNIQUE IDENTIFICATION FOR AN INFORMATION HANDLING SYSTEM - A mobile information handling system (IHS) includes an application (app) that may include a unique-identification tool and a device capability determination tool. The unique-identification tool may generate a signature string that is unique to the mobile IHS. The device capability determination tool may determine the hardware capability of the mobile IHS, the network capability of the mobile IHS and the capability of a network between the mobile IHS and a server IHS, and generate a device determination therefrom. The app may transmit the signature string and the device determination to a server IHS. In response to the signature string and device determination that the server IHS receives, the server IHS may generate and transmit a corresponding response containing specific data to the mobile IHS. The app may output the specific data by displaying the specific data on a display of the mobile IHS. | 08-21-2014 |
20140237569 | DATA STORAGE SYSTEM AND METHOD FOR SECURITY INFORMATION INTERACTION - The present invention proposes a data storage system and method used for the security information interaction. Said data storage system used for the security information interaction comprises a security information storage device, an unlock password generating device and an unlock server. The data storage system and method used for the security information interaction disclosed in the present invention reduce the potential security risks due to the divulgement of unlock passwords, and reduce the complexity of the unlock process, as well as reduce to the potential security risks existed in the generating and writing process of the unlock password on the whole. | 08-21-2014 |
20140245408 | BIOMETRIC APPROACH TO TRACK CREDENTIALS OF ANONYMOUS USER OF A MOBILE DEVICE - A system includes one or more mobile devices and a shared server. Each of the one or more mobile devices is associated with a unique identification tag and configured to send biometric information about anonymous users to a shared server space. The shared server provides the shared server space. The shared server is generally configured to store biometric information about a plurality of anonymous users associated with the unique identification tag of each of the one or more mobile devices. In response to a query about a lost or stolen mobile device, the shared server is enabled to track credentials of anonymous users associated with the unique identification tag of the lost or stolen mobile device. | 08-28-2014 |
20140245409 | Extension of the Attributes of a Credential Request - In order to issue a security credential, a client of a system is configured to send a credential request in order to have a credential issuer prepare a security credential. The credential request is received by a credential attribute intermediary connected between the client and the credential issuer. At least one attribute of the requesting client is ascertained by the credential attribute intermediary. The at least one attribute ascertained by the credential attribute intermediary is confirmed to the credential issuer. The security credential is issued by the credential issuer based on the credential request received by the credential attribute intermediary and based on the at least one attribute confirmed by the credential attribute intermediary. | 08-28-2014 |
20140245410 | METHOD AND SYSTEM FOR AUTHENTICATING A NETWORK NODE IN A UAM-BASED WLAN NETWORK - The invention relates to a method and system for authenticating a mobile network node in a Wireless Local Area Network, wherein the mobile network node requests access to the WLAN at an access point. Within a closed first network region, before authentication all network protocol layers up to the Layer 3 protocol layer (L3) are set up. An authenticator based on Extensible Authentication Protocol (EAP) is generated on the Web server as captive portal and the Layer 3 protocol layer between the authenticator and the mobile network node comprising an EAP peer is extended bidirectionally by means of a defined bit sequence. In case of an access request, the Web server transmits an authentication stimulus to the mobile node by encoding an EAP message request and transmitting it in the Layer 3 protocol layer by means of the defined bit sequence. The mobile node decodes the EAP message request and transmits, in the Layer 3 protocol layer, by means of the defined bit sequence, an encoded EAP response message to the authenticator, the EAP response message comprises authentication data of the mobile network node. The Web server decodes the EAP response message from the bit sequence, transmits it to an AAA server including an EAP server by means of an authentication inquiry. On the basis of an authentication response by the AAA Server, access is enabled to a second network region for use by the mobile network node by means of a Network Access Server. | 08-28-2014 |
20140250508 | System and Method for Creating and Managing Object Credentials for Multiple Applications - A method includes storing a credential object for a user to an encrypted silo on an information handling system. The credential object operates to authenticate the user to use an application. The method also includes copying the encrypted silo from the information handling system to a second information handling system, retrieving at the second information handling system the credential object from the copy of the encrypted silo, and authenticating the user to use the application on the second information handling system using the credential object. | 09-04-2014 |
20140250509 | Simplified Configuration of a Network Device - Methods, systems, and computer readable media can be operable to pair a client device with a CPE device. The methods, systems and computer readable media described in this disclosure can enable the pairing of a client device with a CPE device upon a connection of the client device to a whole-network associated with the CPE device. Further, methods, systems and computer readable media can enable the secure pairing of a client device with a CPE device with little to no user-input. | 09-04-2014 |
20140250510 | IDENTITY VERIFICATION VIA SELECTION OF SENSIBLE OUTPUT FROM RECORDED DIGITAL DATA - A digital data sampler operating in a computer processor selects and stores digital data samples from a data stream used for generating audio-visual output during a session with a client operated by a user. The session generates the data stream independently of the data sampler. The data sampler may collect parameter data correlated to a probability will be remembered by the user at some future time, for each sample. The data sampler may store the data samples and parameter data as shared secret data for use in a future authentication session. During a future authentication session, an authentication device selects test data from the shared secret data to generate sensible output in an authentication process. The authentication process grants access to a controlled resource in response to user input indicating specific knowledge of the shared secret data selected from a presentation of similar sensible outputs. | 09-04-2014 |
20140250511 | SECURE SINGLE SIGN-ON FOR A GROUP OF WRAPPED APPLICATIONS ON A COMPUTING DEVICE AND RUNTIME CREDENTIAL SHARING - A mobile device user is able to execute an app in a federation of wrapped apps without having to login to that app provided that the user has already logged into another app in that federation. The federation of apps on the device uses multi-app authentication to enable the user to start subsequent apps after explicitly entering login credentials for another app in that federation. This feature is loosely referred to as single sign-on for apps in the federation. The multi-app authentication is implemented by giving the second app a chance to prove two facts. One that it knows where in the operating system keychain a login ticket is stored and two, what the hash value of a random byte array is. By showing these facts, the logged-into app can safely provide login credentials to subsequent app without the user having to enter a login name or password. | 09-04-2014 |
20140250512 | USER AUTHENTICATION - User Authentication A mobile user authentication application is operable to perform one or more of the following operations: •authenticate a user in a voice call to a telephony service, by passing an authentication code to the telephony service within the voice call [FIGS. | 09-04-2014 |
20140259130 | SECURITY CHALLENGE ASSISTED PASSWORD PROXY - Systems, apparatus, and methods of authentication utilizing contextual data to authenticate individuals and prevent security breaches are described herein. An example proxy engine may monitor interactions with a computing device to obtain contextual data unique to a user. The contextual data may be utilized to generate unique challenge questions in response to requests for access to a secure resource, and may eliminate the need for a user to remember credentials to access the resource. Challenge questions may be limited to a single use and vary in difficulty in proportion to the value of the resource. In response to correct responses to challenge question(s), the proxy engine may access a vault containing a credential authorizing access to the resource. The vault and proxy engine may be entirely contained on the computing device or they may be implemented on a remote apparatus accessed via an application or interface on the computing device. | 09-11-2014 |
20140259131 | METHOD FOR CREATING A SECURITY CERTIFICATE - A system and method for creating a security certificate is presented. A request for a security certificate is received from a requester. The request includes an identification of a web site or an entity associated with the web site. An applicant for the security certificate is identified using the request, and information about the applicant for the security certificate is retrieved. The information about the applicant includes a name of the applicant. The information about the applicant is analyzed to determine whether the information about the applicant includes personal information of an individual. When the information about the applicant includes personal information of an individual, the security certificate is generated, wherein the security certificate does not include the personal information of an individual. | 09-11-2014 |
20140259132 | SYSTEM FOR CREATING A SECURITY CERTIFICATE - A system and method for creating a security certificate is presented. A request for a security certificate is received from a requester. The request includes an identification of a web site or an entity associated with the web site. An applicant for the security certificate is identified using the request, and information about the applicant for the security certificate is retrieved. The information about the applicant includes a name of the applicant. The information about the applicant is analyzed to determine whether the information about the applicant includes personal information of an individual. When the information about the applicant includes personal information of an individual, the security certificate is generated, wherein the security certificate does not include the personal information of an individual. | 09-11-2014 |
20140259133 | Method for Anonymously Associating Measurement Device Measurements to a Source ID - Proposed invention refers to a method for anonymously associating health monitoring device measurements to a user ID. The invention comprises the steps of: registering in a server a user associated with an ID and a first set of metadata; registering a health monitoring device associated to a second ID and a second set of metadata; then, sending through a first communication channel the ID associated to the user and the first set of metadata to the server by a communication device; taking a measurement of the user by the health monitoring device and sending through a second communication channel said measurement associated to the second ID and the second set of metadata to the server; comparing the metadata stored in the server; and finally associating the first ID with the measurements taken by the health monitoring device corresponding to the second set of metadata, being based the association on the results of the previous comparison. | 09-11-2014 |
20140282935 | TECHNIQUES FOR SECURING USE OF ONE-TIME PASSWORDS - Various embodiments are generally directed to the provision and use of a secure enclave defined within a storage of a computing device by a processor element thereof to store executable instructions of an OTP component implementing logic to generate and use one-time passwords (OTPs) to enable access to services provided by another computing device. An apparatus includes a storage; a first processor element; and first logic to receive a one-time password (OTP) routine, store the OTP routine within a first secure enclave defined by the first processor element within the storage, obtain a measure of the contents of the first secure enclave with the OTP routine stored therein, transmit the first measure to a computing device, and receive an OTP seed. Other embodiments are described and claimed. | 09-18-2014 |
20140282936 | PROVIDING DEVICES AS A SERVICE - Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network. | 09-18-2014 |
20140282937 | Automated Credentialing of Device Newly Added to a Network - A device newly introduced to a network is automatically credentialed to be able to communicate over a network before the device first communicates with the network. For example, at a point of purchase, a user can provide network identification information to a merchant computing device that effects transfer of that information to the new device such that the new device can communicate directly with the network without initial credentialing directly between the unique device and the local network. In another example, the merchant computing device communicates with the local network to register a newly purchased device with the local network before the newly purchased device is introduced to the network. Accordingly, the network is configured to begin communications with the unique device without initial credentialing directly between the unique device and the local network. | 09-18-2014 |
20140282938 | METHOD AND SYSTEM FOR INTEGRATED CLOUD STORAGE MANAGEMENT - A system and method for integrating a plurality of cloud storage accounts, including the steps of receiving login data of a user account, receiving a notification of at least one of the cloud storage accounts to associate with the user account, receiving authentication data of the at least one cloud storage accounts, transmitting the authentication data to the respective cloud storage account, receiving at least one authentication token from each of the respective cloud storage accounts when the authentication data is verified, storing the at least one authentication token in a database and associating the at least one authentication token with the user account, and receiving at least one file from the at least one cloud storage account associated with the user account. | 09-18-2014 |
20140282939 | Increasing Chosen Password Strength - An approach is provided to increase password strength in a group of users. The approach detects a password event corresponding to one of the users. In response to the detected password event, the approach identifies a strength of the user's password and compares it to one or more password strength metrics that correspond to the group of users. The password strength comparison data is then transmitted as feedback back to the user. | 09-18-2014 |
20140282940 | Method and Apparatus for Multi-Domain Authentication - A method and apparatus for multi-domain authentication is described. In one example, credentials are received for a user accessing a first domain. User access to the first domain and a second domain is confirmed. A token is created for access to the second domain and the is provided with access to the second domain. | 09-18-2014 |
20140282941 | REGISTRATION OF A SECURITY TOKEN - Methods, systems, and computer-readable media are provided. In some embodiments, a first computing system receives a credential from a browser on a second computing system, determines whether the credential is valid, generates a string of numeric characters, associates the string of numeric characters with the credential, and sends the string of numeric characters to the second computing system. Furthermore, in some embodiments, the first computing system receives an identifier that identifies a security token, determines whether the identifier matches an entry in a data store, prompts a user to input information via a user interface, receives a string of characters via the user interface, determines whether the string of characters received via the user interface matches the string of numeric characters, and performs a registration process such that the identifier is associated with a user account in the data store, the user account associated with the credential. | 09-18-2014 |
20140282942 | PRIVACY PRESERVING KNOWLEDGE AND FACTOR POSSESSION TESTS FOR PERSISTENT AUTHENTICATION - Example implementations described herein are directed to authentication based on the user's private factors, while not revealing at the server side information allowing the server (or anyone with the server's information) to deduce the private answers. In example implementations, the user answers a questionnaire with authentication factors, wherein the answers are transformed in a one-way fashion and the transformed answers are provided to the server side. Example implementations facilitate authentication based on polynomial interpolation or other methods to permit a user to authenticate, even if the user does not answer all of the questions correctly. | 09-18-2014 |
20140282943 | UNIVERSAL MANAGEMENT OF USER PROFILES - An authentication component to authenticate users can generate a unique identification for a user based on device characteristics, operating characteristics, and the like. The authentication component can provide authentication of a user to applications. Applications can provide a user with personalized content based on the authentication. | 09-18-2014 |
20140282944 | METHODS AND SYSTEMS OF DEPLOYING CLOUD COMPUTING PLATFORMS - Systems and methods to deploy a cloud platform are provided. In exemplary embodiments, virtual servers are set up in a physical server to form a resource pool that includes resources. User account information and an online request of a user are received from a remote computing device of the user via a network. Based on the user account information and the online request of the user, custom resources are selected from the resource pool, and allocated for the user. Cloud platform deployment related information includes custom resource information, cloud platform deployment environment information, and cloud platform deployment instructions for example. The cloud platform deployment related information is visually presented, using one or more processors, on a GUI of the computing device of the user to facilitate the user to remotely deploy the cloud platform via the network. | 09-18-2014 |
20140282945 | TECHNOLOGIES FOR SECURE STORAGE AND USE OF BIOMETRIC AUTHENTICATION INFORMATION - Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment. | 09-18-2014 |
20140282946 | Controlled Password Modification Method - A method which controls modification of passwords. An end user designates, in advance, a universe of social media contacts such as friends on social media web sites such as Facebook and LinkedIn. Contacts so identified are used as a set of potential identity verifiers. In order to enable a reset or modification of an account password, a subset of the universe is required to assert that they have verified the identity of the user requesting to reset a password. Such verification can be accomplished by varying means by those to whom an inquiry has been directed. | 09-18-2014 |
20140282947 | SYSTEMS, METHODS AND APPARATUSES FOR ENSURING PROXIMITY OF COMMUNICATION DEVICE - The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a request from the communication partner via the communication port, send a response to the request to the communication partner, generate a secondary value that includes a selected portion of the request and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device. | 09-18-2014 |
20140282948 | SIGNAL PROCESSING METHOD FOR USE IN ASSOCIATION WITH ELECTRONICALLY CREATED PASSWORDS - A method for automatically transforming elements of a user generated signal that defines a password, using software encoded on a computer readable medium, in such a way that a transformed signal is produced that is difficult to guess using trial and error methods. | 09-18-2014 |
20140282949 | System and Method for Account Access - The longstanding problems of user password management and security, and user authentication are addressed. Disclosed is a system and method for providing a means for a user to identify themselves with configurable levels of authentication in order to receive limited access or services while protecting user privacy. As a user inputs information related to their identity into an interface, the system searches an indexed database which may include both registered users and/or unregistered customers indexed from disparate data sources. The system presents the user matching results from the search in an obscured form from which the user selects and authenticates his or her identity. Unregistered users identified during the process may be automatically registered in certain embodiments, or no account may be needed in other embodiments | 09-18-2014 |
20140282950 | AUTOMATED SECRET RENEGOTIATION - Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information. | 09-18-2014 |
20140282951 | DYNAMIC PSK FOR HOTSPOTS - Systems and methods for providing secured network access are provided. A user device located within range of a hotspot initiates a request sent via an open communication network associated with the hotspot. The request concerns secured network access at the hotspot by the user device. A unique pre-shared key is generated for the user device based on information in the received request and transmitted over the open communication network for display on a webpage accessible to the user device. The unique pre-shared key is stored in association with information regarding the user device. The user device may then use the unique pre-shared key in subsequent requests for secured network access. | 09-18-2014 |
20140282952 | Systems and methods for facilitating relationship management - Messages exchanged among users of a relationship management and work collaboration system are organized within user-defined, secure communication channels organized according to user-defined hierarchies that represent the users' personal relationships with one another. Security of the communications channels is maintained using individual, dynamic keys, each of the keys being uniquely associated with a respective one of the channels, and being generated according to combinations of individual passwords established by each respective channel's participants. In-bound messages in the form of e-mails are received and associated with respective ones of the channels according to e-mail aliases associated with the inbound messages. Out-bound e-mails may be sent to channel participants according to e-mail addresses associated with the participants and channel preferences established by the system users. In some instances, messages are posted or not posted to those of the channels under the control of respective moderators and channel participants. | 09-18-2014 |
20140282953 | ACCESS METHOD AND COMMUNICATION SYSTEM FOR ACCESSING A PROTECTED COMMUNICATION SERVICE - The present invention relates to an access method for accessing a protected communication service via a public communication network by means of a secure communication network, whereby the secure communication network is based on user groups, comprising the steps of defining an access group having access to the communication service based on the user groups of the secure communication network, generating a group key for all members of the access group, providing the group key to a member of the access group via the secure communication network, and accessing the communication service via the public communication network using the group key. The present invention further relates to a communication system comprising a secure communication network based on user groups, a public communication network, a protected communication service, and an access server for managing access rights to the communication service, whereby the communication system is adapted to execute the above method. | 09-18-2014 |
20140282954 | IDENTIFICATION INFORMATION MANAGEMENT SYSTEM, METHOD FOR CONTROLLING IDENTIFICATION INFORMATION MANAGEMENT SYSTEM, INFORMATION PROCESSING DEVICE, PROGRAM, AND INFORMATION STORAGE MEDIUM - To provide an identification information managing system capable of preventing an identification code image indicating identification information on a user from being obtained and used by other people while preventing increase of frequency of update of the identification information. An identification information storage unit ( | 09-18-2014 |
20140289827 | DYNAMIC ADJUSTMENT OF AUTHENTICATION MECHANISM - According to one aspect of the present disclosure, a method and technique for dynamic adjustment of authentication mechanism is disclosed. The method includes: collecting location data of one or more agents relative to an agent attempting to authenticate to a data processing system; determining if the location data meets a threshold value; and responsive to the location data meeting the threshold value, relaxing an authentication scheme for the attempting agent to authenticate to the data processing system. | 09-25-2014 |
20140289828 | Progressive Pictorial & Motion Based CAPTCHAs - A CAPTCHA system uses images/pictures and/or motion for granting access to a computing system. The images can be culled from examples used in pictorial games, and can progressively presented to increase the strength of the CAPTCHA challenges. Speech recognition, motion and touch sensing can also be employed as parts of the challenge. | 09-25-2014 |
20140289829 | Computer account management system and realizing method thereof - The present invention relates to a field of computer application technology, and more particularly to a computer account management system and a realizing method thereof. The computer account management system includes: an account management subsystem; an information asset management subsystem; an authentication (integrated) subsystem; a service (integrated) subsystem; and an account portal subsystem; wherein the account management subsystem manages information of physical accounts and logical account numbers; wherein the information asset management subsystem manages data information resources generated by network activities of physical account information; wherein the authentication subsystem provides an authentication integrated interface to the physical account numbers; wherein the service subsystem is a customizable interface which is open to internet or local network; wherein the account portal provides interfaces and tools of login, service list management of services subscribed or bought by the account, account information management and information asset management. The present invention provides a universal computer account system which is not bundled with the service, seamlessly integrated with the user information asset and is lifetime-valid. The system can be used in account management of the internet. | 09-25-2014 |
20140298432 | METHOD AND APPARATUS FOR AUTOMATED PASSWORD ENTRY - A method and apparatus are provided for protecting security credentials (e.g., username/password combinations) and/or other sensitive data in a “password vault.” A password vault device may be or may be incorporated into a portable (or even wearable) electronic device, such as a smart phone, smart watch, smart glasses, etc. When a security credential is requested during a user's operation of the password vault device or some other computing/communication device, such as when the user is accessing an online site or service via a browser program, the request is passed to the password vault, and the appropriate security credential is retrieved, delivered, and entered into the requesting interface. | 10-02-2014 |
20140298433 | APPLICATION SECURITY SYSTEM AND METHOD - According to an aspect, a computing device includes a processor; a computer readable memory; a display screen; a touch sensitive panel overlying the display screen; and computing device application instructions coded in the computer readable memory and executed by the processor to: display a user-selectable photograph on the display screen, the user-selectable photograph including a group of fiducials, generate captured pattern data, the captured pattern data representing coordinate values on the touch sensitive panel where touched by a user, and provide for authentication of the user based on a comparison of the captured pattern data and respective locations of the group of fiducials included in the user-selectable photograph. | 10-02-2014 |
20140304786 | RESILIENT AND RESTORABLE DYNAMIC DEVICE IDENTIFICATION - A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user. | 10-09-2014 |
20140304787 | BADGE NOTIFICATION SUBSCRIPTIONS - Sending alerts regarding events related to badges. A method includes receiving a subscription for an entity to receive alerts regarding one or more badges or one or more individuals as it relates to the one or more individuals receiving or maintaining badges. The one or more badges signify one or more of skills, training, attributes, or qualifications of individuals who receive them. The method further includes determining that an event has occurred with respect to the one or more badges or one or more individuals. As a result, the method further includes notifying the entity of the event. | 10-09-2014 |
20140304788 | ENABLING ACCESS TO A SECURED WIRELESS LOCAL NETWORK WITHOUT USER INPUT OF A NETWORK PASSWORD - A method includes identifying, at a security device of a secured wireless network, a wireless-enabled device that is not authorized to access the secured wireless network. The method also includes sending an access request message directed to a messaging address in response to identifying the wireless-enabled device. The access request message includes information that identifies the wireless-enabled device includes a first selectable option to allow access to the secured wireless network without requiring user input of a network password associated with the secured wireless network via the wireless-enabled device. The access request message also and includes a second selectable option to deny access to the secured wireless network. | 10-09-2014 |
20140310787 | Method and Apparatus for Remote Connection - A system and method for establishing a virtual network connection between an initiating computing device operated by an initiator and a target computing device operated by a target so that one of said computing devices is able to control the other of said computing devices. The system comprises a third party proxy to which the computing devices are connected. The third party proxy receives a request for a virtual network connection to said target computing device from said initiating computing device and requests initiator credentials for said initiating computing device and target credentials for said target computing device. Said credentials are delivered to the respective computing device. The system also comprises a core node configured to receive the credentials from the respective computing device, authenticate the received credentials, and if said credentials are authentic, establish the virtual network connection between said initiating computing device and said target computing device. | 10-16-2014 |
20140310788 | ACCESS AND PORTABILITY OF USER PROFILES STORED AS TEMPLATES - A system to access one or more user profiles that govern one or more vehicle functions. The system cooperates with a processor and verification module which are adapted to verify, using one or more of biometric information, gesture recognition, facial recognition and device identification information, that a user has authority to access the one or more user profiles, where the one or more profiles are stored in one or more of a vehicle, a cloud and a communications device. An edit module is further provided and adapted to allow the user to make one or more edits to the one or more user profiles. | 10-16-2014 |
20140317702 | Sharing user credentials to access services - A method and system to share credentials of the user automatically with the selected external wireless device in the wireless network is disclosed. The method selects the external wireless device based on the parameters and avail the services of the external wireless device in the user home wireless device. The external wireless devices are connected with a different service provider and when the user request to access the service in an external wireless device, then the method selects the optimum external wireless device among plurality of external wireless devices. | 10-23-2014 |
20140317703 | DESKTOP SHARING METHOD AND SYSTEM - A method of sharing data in a computer-implemented system is provided. The system includes at least a publisher device and a viewer device. The system establishes a data communication connection between the publisher device and the viewer device via a Wi-Fi direct (WFD) network. The publisher device sends a desktop sharing request to the viewer device and receiving a character string from the viewer device. When the character string matches the security code, the publisher device transmits a shared desktop of the publisher device to the viewer device using the data communication connection. | 10-23-2014 |
20140317704 | METHOD AND SYSTEM FOR ENABLING THE FEDERATION OF UNRELATED APPLICATIONS - A method of enabling the federation of unrelated applications is described herein. The method can include the step of installing a candidate application for inclusion in a secure workspace. A first previously-installed application may have a certificate signed by a first entity, and a second previously-installed application may have a certificate signed by a second entity such that the first and second previously-installed applications have different certificates. The method can also include the steps of generating a federation value for the candidate application for inclusion in the secure workspace and determining the result of a federation check of the candidate application based on the generated federation value. If the federation check for the candidate application is satisfied, the candidate application may be permitted to be part of the secure workspace. | 10-23-2014 |
20140317705 | APPARATUS AND METHOD FOR MANAGING PASSWORDS - A method for managing passwords for a user. A processor of an apparatus storing at least one received, incorrect password proposal receives via a user interface a further password proposal from a user; generates a hash value for the further password proposal; sends the hash value to the authentication server; receives from the authentication server a message indicative of whether the hash value corresponds to a correct password or to an incorrect password. In case the message indicates that the hash value corresponds to a correct password, the processor uses a distance function on each incorrect password proposal to obtain a distance value representative of a distance between the incorrect password proposal and the correct password; and sending to the authentication server hash values for password proposals for which the distance value is lower than or equal to a threshold value. Also provided are the apparatus and a computer program support. The disclosure can provide resistance to typing errors in the password proposals. | 10-23-2014 |
20140317706 | DIGITAL SOCIAL NETWORK TRUST PROPAGATION - A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications. | 10-23-2014 |
20140317707 | METHOD FOR SHARING DATA OF DEVICE IN M2M COMMUNICATION AND SYSTEM THEREFOR - The present invention relates to a method for sharing data of a device in M2M communication and a system therefor. The invention comprises: a step of allowing a resource user terminal to request access authority of protected resource data to a resource owner terminal, in order to prevent a security threat; a verification step of allowing the resource owner terminal to verify the resource user terminal to request the setting of the access authority to an M2M server, and to transmit a verification key issued from the M2M server to the resource user terminal; an access authority setting step of allowing the M2M server to generate an access authentication key based on the verification key, and to transmit the access authentication key to the resource user terminal; and a using step of allowing the resource user terminal to inquire about the protected resource data from the M2M server based on the access authentication key, and to use the protected resource data. | 10-23-2014 |
20140325622 | SYNCHRONIZING CREDENTIAL HASHES BETWEEN DIRECTORY SERVICES - The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change. | 10-30-2014 |
20140325623 | AUTHENTICATION MANAGER - Disclosed are various embodiments for an authentication manager. The authentication manager performs a certificate validation for a network site. If the certificate validation is successful, the authentication manager automatically provides a security credential to the network site. | 10-30-2014 |
20140325624 | PROJECTOR PROJECTING PASSWORD - A projector system of the present invention includes a projector 10 and a personal computer PC as an information terminal, which communicate with each other via a network connection. The projector 10 generates a password required for establishment of the network connection and projects the password on a screen SC. A user of the personal computer PC inputs the password projected on the screen SC. The password is used for authentication of the network connection between the projector 10 and the personal computer PC and cipher communication therebetween. This arrangement of the present invention enhances the convenience of the projector that is capable of establishing a network connection with the information terminal, while ensuring secrecy of communicating data. | 10-30-2014 |
20140325625 | CYBER GENE IDENTIFICATION TECHNOLOGY BASED ON ENTITY FEATURES IN CYBER SPACE - A new identification (ID) technology comprising unified and standardized object identification within Cyber Space is disclosed based upon intrinsic properties of the entity to be identified. This Cyber Gene ID (or Cyber ID) technology extracts intrinsic information from either the physical users or their cyberspace counterparts, and such information is categorized into client parameters, dynamic parameters, static parameters, cloud parameters, connection parameters and user parameters. | 10-30-2014 |
20140325626 | Method And System Using A Cyber ID To Provide Secure Transactions - A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU. | 10-30-2014 |
20140331295 | CREDENTIAL MANAGEMENT GATEWAY AND METHOD - Methods and devices for providing credentials to third parties are described. In one aspect, a method provided by a credential management gateway is described. The credential management gateway is coupled with a wireless network servicing a plurality of mobile communication devices. The method includes: receiving, from a credential requesting device, a personal credential information query, the query indicating unique identification information and type information indicating particulars of the query; and in response to receiving the personal credential information query: i) sending, to a credential management application of the mobile communication device that is associated with the unique identification information, a personal credential information request, the credential management application being configured to respond to the personal credential information request based on personal credential information stored in a secure area of a memory module associated with the mobile communication device and based on release authorization instructions; ii) receiving, from the mobile communication device, a response to the request; and iii) sending a response to the personal credential information query to the credential requesting device based on the response received from the mobile communication device, the response sent to the credential requesting device indicating whether a user associated with the mobile communication device is associated with a credential specified by the type information. | 11-06-2014 |
20140331296 | MECHANISM FOR GATEWAY DISCOVERY LAYER-2 MOBILITY - A systems and method for gateway discovery and Layer-2 mobility is operable by an access terminal that connects to an access point. The access terminal determines security credentials and addressing and routing configurations used previously. The access terminal determines whether the security credentials may be reused by the access terminal to perform authentication with an access network and also determines whether the addressing and routing configurations may be reused by the access terminal. In a related system and method, a network entity receives an inquiry from an access terminal regarding whether a prior Trusted Wireless Access Gateway (TWAG) is reusable by the access terminal as a current TWAG. The network entity determines whether the prior TWAG is reusable and may send response to the access terminal indicating whether the prior TWAG is reusable. | 11-06-2014 |
20140337941 | METHODS AND DEVICES FOR PROVIDING WARNINGS ASSOCIATED WITH CREDENTIALS TO BE STORED IN A CREDENTIAL STORE - Methods and devices for providing a warning associated with credentials to be stored in a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises receiving a request to store, in the credential store, at least one credential for a specified service, determining whether a secure connection between the computing device and the specified service is available, associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, and providing a warning in response to determining that at least one credential stored in the credential store corresponds to the at least one credential for the specified service and is for a service that is associated with a level of security different from the level of security with which the specified service is associated. | 11-13-2014 |
20140337942 | Personalized Security Management - Systems and methods for personalized security management of online applications are provided. A determination may be made that a condition for constructing an increased authentication proposal for access to an online financial service is satisfied. The increased authentication proposal may be associated with (i) a user of the online financial service and (ii) a user request option associated with the online financial service. Based upon the determination that the condition is satisfied, the increased authentication proposal may be generated and transmitted for presentation to the user. An increased authentication proposal response may then be received, and the increased authentication proposal response may be processed in order to store, in association with the user and the user request option, (i) an indication of an increased authentication condition and (ii) an indication of an increased authentication mechanism. | 11-13-2014 |
20140337943 | METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT - To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret. | 11-13-2014 |
20140337944 | SYSTEMS AND METHODS FOR PROCESSING AND TRANSMITTING SENSOR DATA - Systems and methods for continuous measurement of an analyte in a host are provided. The system generally includes a continuous analyte sensor configured to continuously measure a concentration of analyte in a host and a sensor electronics module physically connected to the continuous analyte sensor during sensor use, wherein the sensor electronics module is further configured to directly wirelessly communicate sensor information to one or more display devices. Establishment of communication between devices can involve using a unique identifier associated with the sensor electronics module to authenticate communication. Times tracked at the sensor electronics module and the display module can be at different resolutions, and the different resolutions can be translated to facilitate communication. In addition, the frequency of establishing communication channels between the sensor electronics module and the display devices can vary depending upon whether reference calibration information is being updated. | 11-13-2014 |
20140337945 | CONTEXT-AWARE ADAPTIVE AUTHENTICATION METHOD AND APPARATUS - A context-aware adaptive authentication method may comprise: determining a context for a user; adjusting automatically an authentication configuration for the user based at least in part on the context, wherein different matching accuracies of an authentication algorithm for the same authentication input data are associated with respective authentication configurations; and performing an authentication of the user with the authentication configuration, wherein for the user under a safe context, the authentication is performed by decreasing a matching accuracy of the authentication algorithm. | 11-13-2014 |
20140337946 | PASSWORD RESET SYSTEM - A customer initiated password reset system resets user passwords on a variety of network entities, such as internal systems, allowing simultaneous reset with a minimum number of user specified passwords that nonetheless satisfy the password specifications of these internal systems. Thereby, the user avoids the tedium of logging into each of these systems, changing their password, logging out, etc., for each system with the likelihood of creating unique passwords for each system that have to be remembered. By further incorporating a score metric based upon how many character sets are touched, a required degree of complexity can be measured and enforced against the password specifications. Advantageously, a table-based approach to enforcing password reset against the multiple password specifications facilitates making and fielding updates. | 11-13-2014 |
20140337947 | METHOD OF IMPROVING ONLINE CREDENTIALS - The invention comprises a method of providing additional assurance regarding a websites authenticity. The assurance is provided by using a credential that contains an image of the website operator or the website operator's business operations. The assurance is also provided by scanning the website associated with the credential for changes and alerting the website operator or a website visitor of the changes. The invention includes a method of ensuring the proper operation of the credential and a method of protecting the credential from mis-issuance. | 11-13-2014 |
20140344906 | AUTHENTICATION OF MANUAL METER READINGS - A method for authenticating a meter reading. The method includes obtaining a measurement representing a measured attribute of a user, analyzing the measurement to generate an authentication code, generating the meter reading based on the measurement and the authentication code, presenting, by the metering device, the meter reading to the user who alters and reports the meter reading as a reported meter reading, analyzing, by a meter reading analysis device, the reported meter reading to detect that the meter reading was altered by the user, and generating, by the meter reading analysis device and in response to the detecting, a dispatch request to dispatch a human inspector for validating the measurement. | 11-20-2014 |
20140344907 | AUTO LOGIN METHOD AND DEVICE - Disclosed are an auto login method and device. The method includes: when a request for auto logging into a designated account is received, acquiring the URL of the login page, a login password and an account address of the designated account from a pre-stored configuration file, and loading the login page according to the URL; acquiring a login menu in an HTML document corresponding to the login page, searching for a login password input box and an account address input box contained in the login menu, and determining content to be filled into the account address input box; writing the content to be filled into the account address input box into the account address input box, and writing the login password into the login password input box; and submitting the login menu which is written with the account address content and the login password, and completing auto login. | 11-20-2014 |
20140344908 | DATA RETRIEVAL REDIRECTION - An asset location request redirection system ( | 11-20-2014 |
20140351907 | CREDENTIAL AUTHENTICATION SYSTEM AND METHODS OF PERFORMING THE SAME - A personal credentialing system including an information gathering unit that gathers information from a subscriber. A credential analysis unit configured to gather additional information pertaining to the subscriber based on the information gathered by the information gathering unit, store the additional information in a storage unit, categorize the additional information based on predefined criteria, assign an indicator to the additional information based on categorization of the additional information, and stores the additional information and indicators. A credential access unit that receives requests for access to view the indicators and stored additional information from a third party. A credential display unit that displays the indicators and stored additional information after the credential access unit authorizes a request to view the stored additional information. Methods of verifying a person's credentials, conveying personal credential information, and preventing fraudulent on-line postings. | 11-27-2014 |
20140351908 | METHOD OF PAIRING AN ELECTRONIC APPARATUS AND A USER ACCOUNT WITHIN AN ON-LINE SERVICE - The present invention relates to the field of methods for pairing an electronic apparatus and a user account within an online service. The invention describes a method of pairing in which the fleet management service generates a short identifier which it provides to the electronic apparatus during the initialisation phase. The apparatus displays said identifier. The user copies this identifier into the interface for accessing the portal of the online service. The online service can then provide an association between this identifier and a user account to the fleet management service. The code generated being displayed in a readable manner and being shorter than a serial number, its copying by the user is facilitated and the risk of transcription error is minimized. | 11-27-2014 |
20140351909 | AUTHENTICATION RISK EVALUATION - A computer is configured to receive an authentication request that identifies one or more authentication form factors, and for each form factor identified, further identifies at least one parameter. The computer is further configured to generate a risk score for the authentication request using the parameter, the risk score being based at least in part on a complexity associated with each of the one or more authentication form factors. The computer is further configured to provide the risk score to a requester. | 11-27-2014 |
20140359730 | INPUT VALIDATION, USER AND DATA AUTHENTICATION ON POTENTIALLY COMPROMISED MOBILE DEVICES - Methods, systems, and computer-readable storage media for authenticating a user and user input to a back-end system and for validating the user input. In some implementations, actions include receiving a unique user identifier and user input, generating a personalized image recognition challenge based on the unique user identifier and the user input, the personalized image recognition challenge including a plurality of images and a written message, the written message instructing a user to select a particular image of the plurality of images to validate the user input, transmitting the personalized image recognition challenge for display on a device, receiving a response to the personalized image recognition challenge, the response comprising a selection of an image from the plurality of images, and authenticating the user and the user input based on the response. | 12-04-2014 |
20140359731 | ESTABLISHING COMMUNICATIONS SESSIONS OVER MULTIPLE NETWORK PROTOCOLS USING A STORED KEY - Systems and methods are provided for establishing communications sessions over multiple network protocols using a stored key. The key may be generated by a user credential entered at a first network station and may be stored in a profile in a memory of the first network station and used for authenticating with a second network station to establish a communications session with the second network station over a first network protocol. The key may then be retrieved from the profile for use in authenticating with the second network station and establishing a communications session with the second network station over a second network protocol. | 12-04-2014 |
20140359732 | WIRELESS COMMUNICATION DEVICE, WIRELESS COMMUNICATION METHOD, REMOTE OPERATION DEVICE AND REMOTE OPERATION METHOD - From a remote control device, a pairing command including an authentication key is transmitted to a slave device by an infrared ray remote control signal by first depression of a push button. The slave device transmits an authentication key, which is generated based on the received authentication key, through a wireless LAN. By second depression of the push button, the remote control device transmits a pairing command, which includes an authentication key, to a master device by an infrared ray remote control signal. The master device compares the authentication key, which is received through the wireless LAN, and the authentication key, which is received by the infrared ray remote control signal, with each other, and transmits a pairing authorization to the slave device through the wireless LAN if both of the authentication keys coincide with each other. The slave device receives the pairing authorization, and establishes pairing. | 12-04-2014 |
20140359733 | Authentication System and Method for Authenticating IP Communications Clients at a Central Device - A method and system for dynamically authenticating an Internet Protocol (IP) client at a central device comprising a dynamic passcode generation means which is synced to an authentication system within or connected to the central device, the dynamic passcode generation means connected to or built into the IP client; wherein the dynamic passcode generation means periodically generates a passcode according to a preset schedule; the IP client automatically sends the periodically-generated passcode according to the preset schedule to the authentication system to authenticate the IP client; and upon authentication until the IP client is no longer authenticated, the authentication system allows a IP communications services to be provided by the central device. | 12-04-2014 |
20140359734 | METHOD FOR PRODUCING DYNAMIC DATA STRUCTURES FOR AUTHENTICATION AND/OR PASSWORD IDENTIFICATION - A method for generating a changing authentication input or password generation and input for a user is provided for allowing access to a computing device such as a smartphone or computer or using the computing device to communicate over a network to a server. Using recognizable objects displayed in positions on a graphic display, and input strings of text or alphanumeric characters the user has identified as relating to each recognizable object, a password or authentication can be generated by combining the input strings relating recognizable objects to paired related objects. Authentication can be varied easily for each access attempt by changing the recognizable objects displayed and/or the sequence of responses. | 12-04-2014 |
20140366108 | Digital Identity Management - One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer. | 12-11-2014 |
20140366109 | SECURE MESSAGING FACILITY SYSTEM - A secure message facility transfers authentication data between various applications, operating systems, and authentication devices and software in the form of messages. These messages comprise a data structure with a standard header with fields that describe the class, length, and type of message, and routing information. This header information is used to route the message to the appropriate handler. The messages are transferred between applications via the messaging facility DLL and the messaging facility Service. The messaging facility DLL is intended to be loaded by an application. The messaging facility DLL forms the messages, directs them to the appropriate messaging facility service (local or remote) and interprets the responses. The messages sent between the messaging facility DLL and messaging facility Service are extremely flexible and can be used to send any type of data or content of messages. | 12-11-2014 |
20140373114 | APPARATUS AND METHOD FOR VALIDATION AND AUTHORIZATION OF DEVICE AND USER BY GLOBAL POSITIONING AND NON-PROMPTED EXCHANGE OF INFORMATION - An authorization and validation system and method for mobile financial transactions uses (1) historic Global Positioning System (GPS) and time at specific locations and (2) both visible and invisible prompts to allow access to assets and performance of financial transactions. Said system and method also determines when the mobile device, tablet or smart phone, is lost or is operated by an impersonator. Special attention is devoted when said system is engaged in determining whether the user is under threat or not. | 12-18-2014 |
20140373115 | METHOD AND SYSTEM FOR ALLOWING ANY LANGUAGE TO BE USED AS PASSWORD - Systems and methods are provided for operating an electronic device, the method comprising storing data related to at least one selected language used during password creation. At password entry prompt, the stored data related to the at least one selected language may be used to select a character mapping based on the stored data related to the at least one selected language, and the character mapping may be applied to the keyboard so that a password may be entered using that character mapping. | 12-18-2014 |
20140373116 | ESTABLISHING A SECURE FILE TRANSFER SESSION FOR SECURE FILE TRANSFER TO A DEMARCATION DEVICE - Systems, devices and techniques for establishing a secure file transfer session for secure downloading of configuration files to a Demarcation device are disclosed. Communication is established with a first network device. A password challenge message is received from the first network device. A username is generated. A password is generated using the password challenge message and a locally stored salt key. The username and the password are communicated to a second network device via the first network device, to facilitate establishing a secure file transfer connection with the second network device. | 12-18-2014 |
20140373117 | MOBILE CREDENTIAL REVOCATION - Managing validity status of at least one associated credential includes providing a credential manager that selectively validates associated credentials for at least one device, the device invalidating a corresponding associated credential, and the device requesting that the credential manager validate the corresponding associated credential after invalidating the associated credential. The associated credential may be invalidated based on an external event, such as a user invalidating the associated credential from a UI of the device, a user improperly entering a pin value, a user indicating that a corresponding device is lost, the device entering sleep mode, the device locking a user interface thereof, the device shutting down, and a particular time of day. The at least one associated credential may be provided on an integrated circuit card (ICC) that may be part of a mobile phone and/or a smart card. | 12-18-2014 |
20140373118 | SERVER APPARATUS, COMMUNICATION SYSTEM, AND DATA ISSUING METHOD - There is a server apparatus in which: an issuing unit issues data to devices; a distribution manager distributes the data to devices; a data manager manages data set as issued; a revocation manager detects, from the data set, data that satisfies a condition, and invalidates the detected data; and a filter manager updates and distribute to devices a filter having a predetermined bit length each time data is invalidated, by setting one of a first value and a second value to each of bits in the filter when a revoked data set is projected onto the filter; the data manager identifies data other than the invalidated data, having projection onto at least one of bits whose value has changed between before and after the update, and having the first value for all of bits projected onto the updated filter and reissues data to the device having the identified data. | 12-18-2014 |
20140373119 | PROVIDING TIME RATIO-BASED PASSWORD/CHALLENGE AUTHENTICATION - Providing registration for password/challenge authentication includes receiving an access code or pattern inputted by a user, recording a time message associated with each component of the access code or pattern via a processor, generating a data record in combining each component of the access code or pattern with the associated time message, and storing the data record. | 12-18-2014 |
20140373120 | MANAGING CLOUD ZONES - Methods and systems for managing cloud zones are described herein. A management server for a cloud of computing resources may add private zones to the cloud. The private zones may contain computers owned and operated by a user of the cloud, such as a cloud customer, rather than the cloud operator. The management server may manage the computing resources in the private zone by sending commands to an agent, which in turn relays the management server's commands to the individual computing resources. The agent may be authenticated using a token. | 12-18-2014 |
20140380439 | Methods of Resetting Passwords in Network Service Systems Including User Redirection and Related Systems and Computer Program Products - Resetting a password for a network service account may include redirecting the user to a password reset tool, wherein the user is blocked from network access other than the password reset tool while being redirected. After redirecting the user to the password reset tool, user entry of verification information may be accepted, and the verification information from the user may be compared with known verification information for the user. User entry of a new password may be accepted if the verification information accepted from the user matches the known verification information for the user; and the new password may be stored as the known password for the user. Related systems and computer-program products are also discussed. | 12-25-2014 |
20140380440 | AUTHENTICATION INFORMATION MANAGEMENT OF ASSOCIATED FIRST AND SECOND AUTHENTICATION INFORMATION FOR USER AUTHENTICATION - An authentication information management program of an authentication information management apparatus allowing the authentication information management apparatus to execute: changing the first authentication information in correspondence information which is information including the first authentication information and second authentication information in association with each other and stored in a storage section of the authentication information management apparatus; transmitting the authentication apparatus of the changed first authentication information; determining, in response to a request from the apparatus to be authenticated, whether the second authentication information in the authentication request coincides with the second authentication information in the correspondence information; and returning, in the case where it is determined that the second authentication information in the authentication request coincides with the second authentication information in the correspondence information, the first authentication information associated with the second authentication information read from the storage section. | 12-25-2014 |
20140380441 | SECURE AND AUTOMATED CREDENTIAL INFORMATION TRANSFER MECHANISM - A mechanism for securely transmitting credentials to instantiated virtual machines is provided. A central server is used to turn on a virtual machine. When the virtual machine is turned on, the central server sends it a secret text string. The virtual machine requests the credentials from the central server by transmitting the secret string and its instance ID. The central server validates the secret string and source IP to determine whether they are authentic. Once verified, the central server transmits the credentials to the virtual machine in a secure channel and invalidates the secret string. The credentials can now be used to authenticate API calls. | 12-25-2014 |
20140380442 | SYSTEM AND METHOD FOR ENABLING SECURE TRANSACTIONS USING FLEXIBLE IDENTITY MANAGEMENT IN A VEHICULAR ENVIRONMENT - A method in one embodiment includes authenticating a first agent to an on board unit (OBU) of a vehicle if the first agent validates a first set of one or more authentication requirements and identifying a first identity profile corresponding to the first agent. The method also includes determining a role of the first agent in the vehicle and configuring the vehicle with the first identity profile, where the vehicle is configured based, at least in part, on the role of the first agent. In this embodiment, the first identity profile is one of a plurality of identity profiles provisioned on the OBU. In specific embodiments, each one of a plurality of agents corresponds to a respective one of the plurality of identity profiles, and includes one or more of a human agent, a machine device, a software agent, an authorized entity, and a mobile device. | 12-25-2014 |
20150020176 | Using Personalized URL for Advanced Login Security - Techniques for advanced login security using personalized, user-specific urls are provided. In one aspect, a method for authenticating a user is provided. The method includes the following steps. A personalized login url and credentials (e.g., username and password) are stored for the user. Upon receipt of a login url from the user, it is verified whether the login url matches the personalized url stored for the user. If the login url matches the personalized url for the user, then the user is provided with a user-specific login page where the user can enter credentials, otherwise access is denied. The user is authenticated only if the credentials the user enters match the credentials stored for the user, otherwise denying access. | 01-15-2015 |
20150020177 | DOCUMENT RENDERING SERVICE - Disclosed are some examples of systems, methods and storage media for generating a platform-independent document. In some implementations, a system is capable of receiving a request to generate a platform-independent document, the request including markup language content. The system is further capable of providing the markup language content to a rendering engine. The system is further capable of intercepting resource requests communicated from the rendering engine. The system is further capable of communicating the intercepted requests, or one or more requests based on the intercepted requests, to retrieve resources identified in the intercepted requests. The system is further capable of receiving resources retrieved based on the communicated intercepted requests. The system is further capable of providing the retrieved resources to the rendering engine, which subsequently renders the platform-independent document based on the markup language content and the retrieved resources. | 01-15-2015 |
20150026782 | INFORMATION PROCESSING SYSTEM, APPARATUS, AND METHOD - An information processing system, which includes one or more computers, includes a reception part configured to receive a request addressed to one of multiple destinations, a generation part configured to generate authority identification information for identifying operation authority to operate an apparatus in a case where provision of the operation authority is authorized based on a condition that differs depending on a combination of the destination of the request and a transmission source of the request, and a transmission part configured to transmit the authority identification information to the transmission source of the request. | 01-22-2015 |
20150026783 | WIRELESS AUTHENTICATION SYSTEM AND WIRELESS AUTHENTICATION METHOD - A wireless authentication system includes an execution end device and a control end device. When the execution end device and the control end device receive an activation signal, the execution end device generates a time related random code, and transmits the time related random code to the control end device; and the control end device generates a comparison authentication code according to the time related random code, a fixed password and a variable password. When the execution end device determines that the comparison authentication code corresponds to a set of data stored in the execution end device, the execution end device performs a predetermined operation, and the variable password is changed. | 01-22-2015 |
20150033303 | APPARATUS, SYSTEM, AND METHOD FOR CONTEXT-SENSITIVE ROLLING PASSWORD GENERATION - An apparatus, system, and method are disclosed for context-sensitive password generation. The inspection module may accept entry of at least a new portion of a password by a user into a security mechanism and determine a dynamic parameter candidate within the password. The analysis module may recommend to the user a context-sensitive interpretation of the dynamic parameter candidate. The confirmation module may receive a selection by the user of the context-sensitive interpretation. | 01-29-2015 |
20150033304 | PROGRAMMABLE DISPLAY APPARATUS, CONTROL METHOD, AND PROGRAM - Provided is a programmable display apparatus that can permit access to an application through facial authentication. A programmable display apparatus controls access to the application. The programmable display apparatus stores feature data of a face of a user. The programmable display apparatus performs facial authentication of a user based on image data of a user obtained through image capture and on the feature data. The programmable display apparatus permits a user to access the application if the user has been authenticated. | 01-29-2015 |
20150033305 | METHODS AND SYSTEMS FOR SECURE AND RELIABLE IDENTITY-BASED COMPUTING - The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes. Systems and methods may include, as applicable, software and hardware implementations for Identity Firewalls; Awareness Managers; Contextual Purpose Firewall Frameworks for situationally germane resource usage related security, provisioning, isolation, constraining, and operational management; liveness biometric, and assiduous environmental, evaluation and authentication techniques; Repute systems and methods assertion and fact ecosphere; standardized and interoperable contextual purpose related expression systems and methods; purpose related computing arrangement resource and related information management systems and methods, including situational contextual identity management systems and methods; and/or the like. | 01-29-2015 |
20150046987 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - An information processing apparatus includes a storage unit capable of storing authentication information corresponding to a web service. Information is output in a web page corresponding to a first web service so as to cause a display unit to display, via a web browser, an indicator to receive an instruction to delete the authentication information stored in the storage unit. Upon receiving the instruction by the output indicator, deletion processing of authentication information corresponding to a second web service different from the first web service is executed in the storage unit. | 02-12-2015 |
20150046988 | SYSTEM, CONTROL METHOD THEREFOR, AND NON-TRANSITORY COMPUTER-READABLE MEDIUM - A system comprises: a management unit which manages, in an authentication server, user identification information and a mail address; a send unit which sends authorization information including identification information of the user from an authentication server if a user is authenticated; a reception unit which, upon receiving a request of the service together with the authorization information at an service server, receives a mail send request associated with the service and the identification information included in the authorization information from the service server at a mail send server; a specifying unit which, in response to reception of the mail send request associated with the service, specifies a mail address associated with the identification information included in the authorization information by inquiring of the authentication server; and a mail send unit which sends mail to the specified mail address. | 02-12-2015 |
20150046989 | SYSTEM AND METHOD FOR VERIFYING STATUS OF AN AUTHENTICATION DEVICE - A system and method that includes receiving a first device profile and associating the first device profile with a first application instance that is assigned as an authentication device of a first account; receiving a second device profile for a second application instance, wherein the second application instance is making a request on behalf of the first account; comparing the second device profile to the first device profile; and completing the request of the second application instance according to results of comparing the second device profile and the first device profile. | 02-12-2015 |
20150046990 | SYSTEM AND METHOD FOR VERIFYING STATUS OF AN AUTHENTICATION DEVICE THROUGH A BIOMETRIC PROFILE - A system and method that includes receiving a first biometric profile and associating the first biometric profile with a first application instance that is assigned as an authentication device of a first account; receiving a second biometric profile for a second application instance, wherein the second application instance is making a request on behalf of the first account; comparing the second biometric profile to the first biometric profile; and completing the request of the second application instance according to results of comparing the second biometric profile to the first biometric profile. | 02-12-2015 |
20150046991 | SENSOR DERIVED AUTHENTICATION FOR ESTABLISHING PEER-TO-PEER NETWORKS - Methods, systems and devices for generating an authentication key are provided. Two or more communications devices can generate an authentication key by monitoring a physical stimulus that is experienced by both devices (e.g., a common physical stimulus). Each device can then use an identical, predetermined algorithm to generate a common authentication key based on the stimulus. The devices can use the common authentication key to establish a secure network. | 02-12-2015 |
20150046992 | INDEPENDENT ADMINISTERING OF VERIFIED USER-CONTROLLED ELECTRONIC IDENTIFICATIONS UTILIZING SPECIFICALLY PROGRAMMED COMPUTER-IMPLEMENTED METHODS AND COMPUTER SYSTEMS - In some embodiments, the instant invention provides for a central identification management computer system that includes at least: a computer programmed with software instructions that at least include: code to receive a user registration request from a user who desires to establish a user identification profile; code to independently verify profile information of the user; code to register the user identification profile with the central identification management computer system; code to receive an identification request; code to generate a timed unique alpha-numeric identifier where the at least one first timed unique alpha-numeric identifier is associated with the user identification profile stored in the database of the central identification management system; code to transmit the timed unique alpha-numeric identifier in response to identification request; and code to record, in a permanent identification usage log, the timed unique alpha-numeric identifier, and a timestamp related to the identification request. | 02-12-2015 |
20150052593 | SECURE FILE TRANSFERS WITHIN NETWORK-BASED STORAGE - A capability is provided for securely transferring a file within network-based storage. A capability is provided for securely transferring a user file of a user from a first server to a second server. The first server may be associated with a first service provider and the second server may be associated with a second service provider. The secure transfer of a user file from the first server to the second server may be performed based on a One-Click File Transfer capability in which only a single click by the user is needed in order for the user file to be transferred. The secure transfer of a user file from the first server to the second server may be performed based on a Zero-Click File Transfer capability in which the user file may be transferred without any interaction by the user. | 02-19-2015 |
20150052594 | METHODS AND SYSTEMS FOR IDENTITY VERIFICATION IN A SOCIAL NETWORK USING RATINGS - The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to identity rating-restricted services and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein. | 02-19-2015 |
20150058940 | Automatic Context Aware Preloading of Credential Emulator - Implementations of the present disclosure provide systems and methods for automatically preloading data pertaining to credentials determined to be likely to be used during a particular time interval into a memory utilized by a credential emulator. The systems and methods described herein contemplate identifying a particular time interval by identifying events that may designate the beginning and end of that particular time interval, identifying contextual information relevant to the client device or a user account affiliated with the client device during the time interval, identifying a set of credentials available for loading into the memory utilized by the credential emulator, determining from the set of credentials, a subset composed of individual credentials that are likely to be used during the time interval, and loading data pertaining to individual credentials in the subset into the memory utilized by the emulator. | 02-26-2015 |
20150058941 | SYSTEMS AND METHODS FOR LOCATION-BASED DEVICE SECURITY - A device may collect environmental information surrounding the device. Based on the collected environmental information, the device may automatically identify a potentially secured location that has lower security risk. When a potentially secured location is identified, the device may prompt the user to setup a security profile having reduced security requirement for the secured location. The device may store and associate the security profile with the secured location. The device may activate the security profile with reduced security requirement when the device is in the secured area. Further, the security profile may require that certain features of the device be disabled when the device is in the secured location. | 02-26-2015 |
20150058942 | Accessing a Primary Device Using a Wearable Device and a Wireless Link - A method of operation includes detecting that a wearable device is being worn, receiving a certificate from a primary device over a secure wireless link where the wearable device is paired to the primary device using the secure wireless link, storing the certificate in memory of the wearable device, and sending the certificate, over the secure wireless link, to the primary device to unlock the primary device. The method may further include detecting that the wearable device is no longer being worn, and eradicating the certificate from memory of the wearable device in response to detecting that the wearable device is no longer being worn. In some embodiments, the method may also include detecting that the secure wireless link is disconnected, and eradicating the certificate from memory of the wearable device in response to detecting that the secure wireless link is disconnected. The present disclosure also provides a wearable device. | 02-26-2015 |
20150058943 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - Provided is an information processing device including a program execution unit that loads, interprets, and executes a computer program code created by a first procedural language. The program execution unit opens a communication channel in response to a communication connection request from an external unit, and returns to each communication channel a result for a processing request sent from an external unit on the opened communication channel. | 02-26-2015 |
20150067796 | Method for statistical object identification - The present invention provides a mechanism to activate an original object ( | 03-05-2015 |
20150067797 | AUTOMATICALLY GENERATING CERTIFICATION DOCUMENTS - A certification application automatically generates a certification document associated with a service. A transformation module retrieves a component information associated with a status of a service from a data store maintaining the component information. The component security data and component metadata is included within the component information. The component information is transformed for insertion into a certification information. Risk analysis, phraseology, and localization data is used to transform the component information. The certification document is generated based on the certification template by inserting the component information into the certification template. | 03-05-2015 |
20150067798 | SELECTIVE COMPLEX DATA ENTRY FROM ONE TIME PASSWORDS FOR AUTHENTICATION - A one time password (OTP) associated with a client device, and a padding rule, of a plurality of possible padding rules, associated with the client device may be determined. A padded OTP that include the OTP and additional data may be formed based on the padding rule. The padding rule may be associated with at least one of a position of the OTP within the padded OTP, a characteristic of the additional data, or a characteristic of the padded OTP. The padded OTP may be provided to the client device. A selection of a portion of the padded OTP may be received from the client device, and the client device may be authenticated when the selected portion of the padded OTP corresponds to the OTP. If the selected portion of the padded OTP does not correspond to the OTP, other actions may be performed based on the selected portion. | 03-05-2015 |
20150067799 | ELECTRONIC PASSWORD GENERATING METHOD, ELECTRONIC PASSWORD GENERATING APPARATUS AND ELECTRONIC PASSWORD AUTHENTICATION SYSTEM - An electronic password generating method, an electronic password generating apparatus and an electronic password authentication system are provided. The electronic password generating method includes steps of: prompting a user to input a challenge code by a prompting information, wherein the prompting information is an information containing a meaning represented by the challenge code to be input, the prompting information at least comprises a first prompting information and a second prompting information, and the challenge code at least comprises a first information of the challenge code and a second information of the challenge code; receiving the challenge code input by the user; and generating a dynamic electronic password according to the input challenge code and a current time parameter. | 03-05-2015 |
20150067800 | INFORMATION PROCESSING APPARATUS AND METHOD OF CONTROLLING THE SAME - An information processing apparatus capable of receiving an authentication request in accordance with a protocol of a plurality of protocols and a method of controlling the same are provided. The information processing apparatus stores a user identifier and a password for each user and a calculation method for each protocol, and when the apparatus receives an authentication request including authentication data from a remote computer in accordance with a protocol of the plurality of protocols, the apparatus obtains stored password corresponding to the authentication data which is included in the authentication request, obtains, stored calculation method corresponding to the protocol, converts the obtained password into a hash in accordance with the obtained calculation method, and verifies the authentication data with the hash. | 03-05-2015 |
20150067801 | MULTIPLE USER AUTHENTICATIONS ON A COMMUNICATIONS DEVICE - A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user. | 03-05-2015 |
20150074776 | ONLINE SIGNATURE IDENTITY AND VERIFICATION IN COMMUNITY - Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. Electronic identity cards managed by the ESS may also be shared or included in other contexts, such as via a user's profile page on a social network, a user's email signature, or the like. | 03-12-2015 |
20150082399 | SPACE-TIME SEPARATED AND JOINTLY EVOLVING RELATIONSHIP-BASED NETWORK ACCESS AND DATA PROTECTION SYSTEM - A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship. | 03-19-2015 |
20150082400 | METHOD AND SYSTEM FOR IMPROVED SECURITY - An improved authentication method and system is provided where a user securely accesses a variety of target servers for online email, online banking, credit card purchases, ecommerce, brokerage services, corporate databases, and online content (movies, music and software). The method involves a bridge server performing authentication tasks that allow a user to access a server or a group of servers with multiple security levels. The method eliminates the need for the user to remember multiple usernames/passwords for each target server. The method also allows one bridge server and one set of security devices to be used to authenticate the user for multiple servers, thereby reducing security costs and increasing user convenience. A location-based password-ID generating device is also described for secure location-based access. | 03-19-2015 |
20150089607 | METHOD AND APPARATUS FOR PROVIDING USER AUTHENTICATION AND IDENTIFICATION BASED ON A ONE-TIME PASSWORD - An approach is provided for authenticating and/or identifying a user through machine-transferrable one-time password codes. A user device sends to an authentication platform a request for a one-time password for authenticating a user at a relying party device. A machine readable form of the one-time password deliverable to the relying party device over an air gap between the user device and the relying party device is determined and transmitted. The relying party device reverts the machine readable form back to the one-time password, and transmits the one-time password to the authentication platform to authenticate the user device. | 03-26-2015 |
20150089608 | AUTOMATIC CREATION AND MANAGEMENT OF CREDENTIALS IN A DISTRIBUTED ENVIRONMENT - A multi-node cluster is configured for credential management. A method commences by retrieving a super-user credential from a credential record stored in a location accessible to the cluster, then propagating the super-user credential to a set of nodes in the multi-node cluster. A credential creating processes is invoked on at least some of the set of nodes. Application-level credential access can be implemented in a multi-cluster environment by carrying-out an exchange that passes credentials between a first cluster and a second cluster over a secure channel. A protocol is observed whereby one or more applications running on the first cluster receive new credentials for accessing the second cluster from the credential serving process after the credential creating process creates the new credential. | 03-26-2015 |
20150089609 | PROACTIVATION METHODS AND APPARATUS FOR PASSWORD-HARDENING SYSTEMS - A password-hardening system comprises at least first and second servers. The first server is configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user. The second server is configured to store at least a portion of valid password indication information indicating for each of the sets which of the passwords in that set is a valid password. The first and second servers are further configured to proactively update the sets of passwords and the valid password indication information in each of a plurality of epochs. The valid password indication information may comprise, for example, valid password index values for respective ones of the users, with the index values being stored as a shared secret across the first and second servers. | 03-26-2015 |
20150089610 | LOGIN USING QR CODE - Systems and methods are disclosed herein for a user to use a trusted device to provide sensitive information to an identity provider via QR (Quick Response) code for the identity provider to broker a website login or to collect information for the website. A user may securely transact with the website from unsecured devices by entering sensitive information into the trusted device. The identity provider may generate the QR code for display by the website on an unsecured device. A user running an application from the identity provider on the trusted device may scan the QR code to transmit the QR code to the identity provider. The identity provider may validate the QR code and may receive credential information to authenticate the user or may collect information for the website. Advantageously, the user may perform a safe login to the website from untrusted devices using the trusted device. | 03-26-2015 |
20150095995 | DYNAMIC CERTIFICATE GENERATION ON A CERTIFICATE AUTHORITY CLOUD - Techniques are disclosed for dynamically generating a digital certificate for a customer server. A customer server creates a certificate profile and receives an associated profile identifier from a certificate authority (CA). The customer server installs an agent application received from the CA. The agent application generates a public/private key pair and an identifier associated with the customer server. The agent application sends a signed request to the CA that includes the profile identifier, server identifier, and the public key corresponding to the key pair. Upon receiving the credentials, the CA generates a dynamically updatable certificate. Thereafter, if the customer changes information associated with the certificate (or if external conditions require a change to the certificate, such as a key compromise or change in security standards), the CA may generate an updated certificate based on the certificate profile changes and the public key. | 04-02-2015 |
20150095996 | SERVER CAPABLE OF AUTHENTICATING IDENTITY AND IDENTITY AUTHENTICATION METHOD THEREOF - An identity authentication method is applied in a server which stores a relationship among a number of facial images, questions, and facial expressions. Each facial image corresponds to one or more questions. Each question corresponds to one facial expression. The method includes the following steps. Obtaining images captured with an electronic device when the electronic device attempts to login to the server. Determining whether the image comprises a human face matching one stored facial image. If yes, determining one or more questions corresponding to one facial image according to the relationship. Outputting the determined questions and then obtaining user images captured by the electronic device. Identifying the human face and a facial expression of the identified human face. Determining whether the identified facial expression matches the facial expression corresponding to the output question. If yes, determining that the identity authentication is successful. | 04-02-2015 |
20150095997 | AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - On-vehicle control units include an attaching section for attaching a message code used to check the validity of the transmission source of communication data, to the communication data. The on-vehicle control units also include an update section for updating a key code and the message code every time communication of communication data has been completed. An authentication section checks communication data and the transmission source thereof on the basis of the result of comparison between the random code obtained by restoring a message code and the random code owned by the on-vehicle control units, which are authorized. | 04-02-2015 |
20150095998 | PAPERLESS APPLICATION - Systems, methods, and programs of processing and transmitting information between devices are disclosed. A receiving device may generate a key. A transmitting device may scan the key. The transmitting device may transmit information to a file management system in response to scanning the key. The key may indicate a location to store the information. A user associated with the receiving device may access the information from the file management system. | 04-02-2015 |
20150095999 | Electronic Identity and Credentialing System - Described is an electronic credentialing system that allows personal identity devices to interact; each interacting device has an installed identity engine that acquires, holds, issues and uses electronic credentials (e-credentials), these electronic credentials can be installed on personal identity devices, such as: smart phones, tablets, laptops, embedded systems, and/or personal computers. | 04-02-2015 |
20150096000 | FORM FILLING WITH DIGITAL IDENTITIES, AND AUTOMATIC PASSWORD GENERATION - In one implementation, form field(s) of a form of a website or application are populated with data obtained using a digital identity, and the populated form field(s) are submitted to the website or application. A form field specification specifying information about the form fields of the form is obtained. A user selects or creates a digital identity. Data is obtained using the digital identity, and the data is used to provide values to the form. The data is submitted to the website or application. In another implementation, a username and password are automatically generated. The username and password that are generated meet parameters that may be specified by the website or application. The username and password are submitted to the website or application for a purpose such as registration or authentication, and stored away for future authentication. | 04-02-2015 |
20150106891 | INFORMED IMPLICIT ENROLLMENT AND IDENTIFICATION - In one embodiment, a user login device may create a user identifier template | 04-16-2015 |
20150106892 | Method and Device for Credential and Data Protection - A security method and system that comprises capturing user specific binary information used to identify the user; using the user specific binary information to generate a secured primary code, generating strong user credentials for accessing web based or applications logins, intercepting credential requests from local applications or remote web sites, regenerating strong user credentials dynamically, using the secure primary code to generate encryption keys for protection of data inside or outside the machine of creation, and using secure primary code protection in conjunction with subsidiary key exchanges to allow data sharing while retaining data security. | 04-16-2015 |
20150106893 | SECURE REMOTE MODIFICATION OF DEVICE CREDENTIALS USING DEVICE-GENERATED CREDENTIALS - Methods, systems, and computer program products are provided that enable secure remote modification of device credentials using device-generated credentials. A plurality of credentials policies is stored by the user device. The credentials policies are merged to generate a merged credentials policy. An instruction is received by the user device from a trusted service to initiate a device credentials change. A new device credentials is generated on the user device based at least on the merged credentials policy. | 04-16-2015 |
20150106894 | RETURN MATERIAL AUTHORIZATION FULFULLMENT SYSTEM FOR SMART GRID DEVICES WITH CUSTOMER SPECIFIC CRYPTOGRAPHIC CREDENTIALS - A method for removing credentials from a smart grid device includes: receiving, by a receiving device, a removal request, wherein the removal request includes a device identifier associated with a smart grid device and is signed by an entity associated with a set of security credentials stored in a memory of the smart grid device, the set of security credentials restricting access to one or more components or operations of the smart grid device; extracting, by a processing device, the device identifier included in the received removal request; generating, by the processing device, a permit configured to remove the set of credentials from the smart grid device, wherein the generated permit includes the extracted device identifier; and transmitting, by a transmitting device, the generated permit to the smart grid device for removal of the set of credentials from the memory of the smart grid device. | 04-16-2015 |
20150113616 | MOBILE DEVICE-BASED AUTHENTICATION WITH ENHANCED SECURITY MEASURES - The tracking of user authentication is disclosed. A first user biometric data set is received from a mobile device on an authentication server, and a second user biometric data set is received from a site resource on the authentication server. The second user biometric is transmitted from the site resource in response to receipt of an authentication command from the mobile device on the site resource. The user is rejected for access to the site resource if either one of the first set of biometric data and the second set of biometric data is not validated against respective first and second sets of pre-enrolled biometric data for the user. A security procedure is initiated on at least one of the mobile device and a remote physical device separate from the mobile device in response to the rejecting of the user for access to the site resource. | 04-23-2015 |
20150113617 | APPARATUS AND METHOD FOR SECURE AUTHENTICATION OF A COMMUNICATION DEVICE - A system that incorporates the subject disclosure may perform, for example, receiving a baseline credential and an external credential, mapping the external credential to the baseline credential in a secure element memory, receiving a request for an authentication from a secure device processor of the communication device where the request for the authentication includes a user credential inputted into the communication device, comparing the user credential with the baseline credential to verify the authentication, and providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device. Other embodiments are disclosed. | 04-23-2015 |
20150113618 | VERIFYING THE SECURITY OF A REMOTE SERVER - In one embodiment, a client device | 04-23-2015 |
20150113619 | METHODS FOR MONITORING AND CONTROLLING A STORAGE ENVIRONMENT AND DEVICES THEREOF - A method, non-transitory computer readable medium, and device that monitors and controls a storage environment includes receiving object data corresponding to a storage environment, the object data comprising data corresponding to physical and logical storage entities. A storage object model which associates physical and logical storage entities in a database is generated. An administrator-level user authentication configured to provide an administrator with access to information in the generated object model which corresponds to both physical and logical storage entities is generated. A user authentication configured to provide a user with access to information in the generated object model that corresponds to logical storage entities assigned to the user is generated. A dashboard configured to receive authentication information from either of an administrator-level or the user and to display information in accordance with a received authentication is provided. | 04-23-2015 |
20150121487 | APPARATUS AND METHOD FOR SECURELY MANAGING THE ACCESSIBILITY TO CONTENT AND APPLICATIONS - A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed. | 04-30-2015 |
20150121488 | MULTI-FACTOR AUTHENTICATION BASED ON IMAGE FEEDBACK LOOP - Methods and apparatus relating to multi-factor authentication based on image feedback are described. In an embodiment, authentication logic, at a first computing device, authenticates a second computing device based at least partially on a comparison of a unique identifier, to be generated for the second computing device and to be displayed on a display device of the first computing device, and a detected unique identifier to be received from the second computing device. Other embodiments are also claimed and described. | 04-30-2015 |
20150121489 | Icon Password Setting Apparatus and Icon Password Setting Method Using Keyword of Icon - Disclosed is an icon password setting apparatus and an icon password setting method, which provide a keyword of an icon for an icon password to be set. The icon password setting apparatus according to the present invention enables password setting using an icon image and an associated keyword, the apparatus comprising: a password management unit for generating or inquiring an icon password; a keyword phrase management unit for generating or inquiring a keyword phrase of the icon password; a password list generating unit for generating a list having each icon password and corresponding keyword phrases; and a user password setting unit for receiving a request for setting the password for the icon password in the list and setting a user password. According to the present invention, a user may easily remember an icon password using the keyword phrase provided when setting the icon password. | 04-30-2015 |
20150121490 | KEY DERIVATION METHOD AND APPARATUS FOR LOCAL ACCESS UNDER CONTROL OF A CELLULAR NETWORK - A method for key derivation may comprise: generating a second key based at least in part on a first key for a first connection between a user equipment and a first network node, in response to a decision to enter an idle mode; releasing the first connection to enter the idle mode; providing an identity of the user equipment to the first network node via a second network node, in response to initiating a setup procedure for a second connection between the user equipment and a second network node; and using the second key for the second connection, in response to receiving from the second network node an indication that the identity of the user equipment is successfully verified at the first network node. | 04-30-2015 |
20150121491 | SYSTEM AND METHOD OF AUTHENTICATING USER ACCOUNT LOGIN REQUEST MESSAGES - A computer server receives a login request message sent by a remote terminal to access a user account. If the message includes a first login key, the server then generates a second login key and executes a user account login process after confirming that the second login key corresponds to the first login key. If the message includes no login key, the server generates a verification code and returns the verification code to the remote terminal. The remote terminal then prompts a user to return the verification code to the computer server in a predefined format. If the returned verification code corresponds to the server-generated verification code, the server then executes the user account login process. The server also generates a third login key and returns the third login key to the remote terminal. The remote terminal then stores a correspondence relationship between the username and the third login key. | 04-30-2015 |
20150121492 | METHOD AND SYSTEM FOR AUTHENTICATING SERVICE - Embodiments of the present application relate to a method, a system, and a computer program product for authenticating a service. A method for authenticating a service is provided. The method includes receiving a first service request from a first terminal, generating a first link address that is used to link to an access location based on the received first service request, determining a preset terminal identifier corresponding to a second terminal, the preset terminal identifier being a terminal identifier preset by the user, sending the first link address to the second terminal, receiving a first link request, determining an issued terminal identifier based on the first link request, comparing the determined issued terminal identifier with the preset terminal identifier of the second terminal, and performing a next processing operation on the first service request based on the comparison result. | 04-30-2015 |
20150121493 | Method and Computer System for Dynamically Providing Multi-Dimensional Based Password/Challenge Authentication - Providing multi-dimensional password/challenge authentication for a computer device includes, in response to a login request, sending a login webpage, the webpage at least comprising a set of randomly generated icons with graphical attributes for sequentially selecting; and, determining whether each icon choice entered by a user complies with at least a dimensional option preset for each digit of a preset password according to at least a dimensional option of the digit. | 04-30-2015 |
20150121494 | CONFIGURATOR FORCED CLIENT NETWORK REJOINING - A collocated device functioning as a configurator can use short and long button activations to enter a configuration state, open a timing window, and force client devices currently joined to a network to rejoin the network. If the collocated device functioning as a configurator is unconfigured, a short (or long) button activation can initiate a configuration sequence. A short button activation on that same collocated device, once configured, can cause the device to open a configurator timing window, during which one or more devices can be provided the information necessary to securely communicate on a network. A long (or short) button activation can be used to force all currently connected client devices, or rejoin the network using a new Service Set Identifier (SSID) or passphrase. | 04-30-2015 |
20150121495 | Method and Device for Switching Subscription Manager-Secure Routing Device - The present invention provides a method and a device for switching a subscription manager-secure routing device. The method includes: acquiring, by a second SM-SR from a first SM-SR, a PIC corresponding to an eUICC; acquiring, by the second SM-SR from a second SM-DP, a second PP that is encrypted by using the PIC; generating, by the second SM-SR, a key pair including a public key and a private key; sending, by the second SM-SR, the second PP and the public key to the eUICC through the first SM-SR, so that the eUICC accesses the second SM-SR after deactivating a first PP and activating the second PP; and encrypting, by the second SM-SR, a second PMC by using the private key, and sending an encrypted second PMC to the eUICC, so that the eUICC accesses the mobile network through the second SM-SR. | 04-30-2015 |
20150128233 | BLACKLISTING OF FREQUENTLY USED GESTURE PASSWORDS - A method of maintaining a blacklist for gesture-based passwords is provided. A data store of vectors corresponding to gestures is maintained on a blacklist server. Upon receiving a new gesture based password, an electronic device converts the password to a vector and forwards that vector to the blacklist server. The blacklist server assigns the vector to one of a cluster of vectors each having low distance from one another. If the increase in the occurrences of the number of vectors in the cluster results in a blacklist threshold being exceeded, the cluster of vectors is inputted to the blacklist. A notification can be sent back to the electronic device if the forwarded vector is on the blacklist or is inputted to the blacklist. | 05-07-2015 |
20150128234 | SYSTEM AND METHOD FOR GENERATING PASSWORDS USING KEY INPUTS AND CONTEXTUAL INPUTS - A method and system for automatically generating a new password from user selected characters via key press which are different from the user selected characters. Each key of a keypad can be entered within one or more contexts, manually selected by the user or automatically selected by the described system, such that the same key press within one context provides a unique code different than the same key press within another context. The code corresponding to the proper combination of a key press, the contexts of the selected key press, and the sequence of entry must match the previously stored code set by the user. Context selection is not based on any of the possible key presses selectable on the keypad. Therefore if the password characters are discovered without the context for each character, then it becomes difficult to access the content. The newly generated password can be the same length as the originally entered password, or can be longer or shorter in length than the originally entered password. | 05-07-2015 |
20150128235 | Establishing Historical Usage-Based Hardware Trust - Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords. | 05-07-2015 |
20150135289 | SYSTEMS AND METHODS FOR AUTHENTICATION BASED ON USER PREFERENCES - This disclosure relates generally to authentication for an electronic device, and more particularly to systems and method for authentication based on user preferences. In one embodiment, an authentication method is disclosed, comprising: receiving, at the electronic device, a first input; determining a password theme based on the first input and user preferences associated with the password theme; displaying the password theme, the displayed password theme comprising a plurality of visual cues; receiving, at the electronic device, a second input comprising a sequence of visual cues selected from the visual cues; verifying the sequence of visual cues; and providing access to the electronic device based on the verification. | 05-14-2015 |
20150135290 | Computer System and Method - A method for use in a simplified login system, involving operating a computer to identify user name, password and submit fields on a remote website. The method comprises identifying a password field on a webpage, defining a first area around the password field for a user name field and a second area around the password field for a submit field, locating a field for user text entry in the first area and locating a field for a user click entry in the second field. There is also described a computer programmed to carry out the method, a data carrier containing program data by which a computer may be programmed to carry out the method, and a secure password storage and login system comprising a central server and a number of user computers, and which operates using the method. | 05-14-2015 |
20150135291 | Method for Authenticating User Using Icon Combined With Input Pattern, And Password Input Device - A password input device comprises a storage unit for storing character strings according to each icon; an input window generation unit for generating and displaying an input window on which a plurality of icons are arranged; a secret icon recognition unit which confirms a shift coordinate value and recognizes icons, which are arranged on coordinates inversely moved up to the shift coordinate value from a coordinate value at which a selected icon is arranged, as secret icons selected by the user if the user selects the icon; and an authentication processing unit which confirms a character string corresponding to each secret icon recognized in the secret icon recognition unit, generates a combined character string in which the one or more confirmed character strings are arranged, and authenticates the user by confirming whether the generated combined character string is consistent with the user's password stored in the storage unit. | 05-14-2015 |
20150143483 | Device and Method for Identity Authentication Management - The invention discloses a device for identity authentication management comprising a client and a background. The client includes terminal unit and fingerprint sensor, which includes a collection and recognition device for collecting fingerprint information and a memory for storing fingerprint information and user information corresponding to the fingerprint information, and terminal unit is used for registering or recognizing the fingerprint information collected by the fingerprint sensors. The background includes an identity authentication server interconnecting with the terminal units and multiple application management areas interconnecting with identity authentication server and including application units and application information. When the fingerprint information is registered or recognized by the terminal units, the identity authentication server generates or compares the user information corresponding to the fingerprint information, and then in the application management areas operations on the application units or application information can be performed for users. | 05-21-2015 |
20150143484 | SYSTEM AND METHOD FOR MANAGING TOKENS AUTHORIZING ON-DEVICE OPERATIONS - A system and method can support on-device operation management. A token issuer on a backend server, and/or a tool, can generate an authorization token, which is bound to a user of one or more devices using a unique identifier (ID) that is assigned to the user. The unique ID can be known and/or shared between the an on-device authorizing entity and the token issuer. Then, the on-device authorizing entity can verify the authorization token before granting an execution of one or more protected on-device operations. Furthermore, the on-device authorizing entity may not grant the execution of the one or more protected on-device operations, when the unique ID is erased from the device. | 05-21-2015 |
20150143485 | CLOUD SECURITY MANAGEMENT SYSTEM - A purpose of the invention is to accomplish ensuring security and the like when a user program is executed in a cloud environment. The present system comprises a user terminal | 05-21-2015 |
20150143486 | Simplified Wi-Fi Setup - A method enables a simple and convenient secured connection to a secured wireless network by individual passwords generated by requesting clients, and a confirmation of the owner or operator (Wi-Fi hot spot) of the secured wireless network. Each requesting client automatically generates its own individual password. A routing device of the secured wireless network generates a request which is submitted to a confirmation authority such that the owner or operator of the secured wireless network can decide whether to agree to the request. An answer of the owner or operator submitted via the confirmation authority to the routing device enables the secured connection between the requesting client and the secured wireless network. The owner or operator of the secured wireless network does not need to remember a special password in order to enable the secure connection. The subject innovation includes such requesting clients, routing devices and systems. | 05-21-2015 |
20150143487 | SYSTEMS AND METHODS FOR AUTHENTICATING AN AVATAR - Systems and methods for authenticating an avatar are provided. This system is useful with an avatar having an identifier, virtual environments, and a user who uses the avatar in the virtual environments. Transoms are generated, each with a unique identifier configured to exist in a specific location, and registered with an identity provider. The transom initiates a request. An offer is conveyed that includes the transom identifier, the location and the avatar identifier. The avatar is then authenticated by a shared secret. The identity provider then responds to the offer with avatar identification information, including reputation information. Reputation information is for the avatar and the user, and is compiled from external avatar data sources by using a trust matrix. An avatar gallery is generated by linking each avatar owned by each user to the account and compiling avatar profiles from the account, and the reputation information. The avatar profiles are searchable, and include micro formats. | 05-21-2015 |
20150143488 | INFORMATION SHARING SYSTEM AND INFORMATION SHARING METHOD - An information sharing system according to an embodiment includes an information processing system and a terminal and display device connected to the information processing system via a network. The information processing system is composed of one or more information processing apparatuses. The display device is equipped with a display unit on which an image is displayed. The display device includes a first identification-information acquiring unit that acquires identification information for identifying the display device on the network. The terminal acquires the identification information from the display device, and accesses a storage service and acquires access information, and transmits the acquired identification information and access information to the information processing system. The information processing system performs communication with the display device via the network on the basis of the identification information transmitted from the terminal, and accesses the storage service by using the access information transmitted from the terminal. | 05-21-2015 |
20150143489 | TOKEN FOR SECURING COMMUNICATION - In general, the invention relates to a method for performing a command on a token. The method includes receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender, and making a first determination that the sender is allowed to send commands to the token. The method further includes, based on the first determination, generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), making a second determination that the first CAMD and the second CAMD match, and based on the second determination, performing the command by the token. | 05-21-2015 |
20150143490 | Method And System Using A Cyber ID To Provide Secure Transactions - A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU. | 05-21-2015 |
20150143491 | WEB BASED SYSTEM THAT ALLOWS USERS TO LOG INTO WEBSITES WITHOUT ENTERING USERNAME AND PASSWORD INFORMATION - Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website. | 05-21-2015 |
20150295906 | IDENTITY VALIDATION SYSTEM AND ASSOCIATED METHODS - A computer system and associated methods for verifying user identities online. Identity claims made by a requestor of an online access and/or a trusted transaction may be verified by associating digital credentials to verified personal identification information (PII) retrieved from real world events. PII item(s) may be retrieved from third-party verified identity information sources. Verified personal attributes related to PII items may be identified and correlated with the requestor's digital credentials, and stored to a verified identity record. Additional digital credentials for the same requestor may be similarly identified, correlated, and stored to the verified identity record. A subsequent transaction request by a person claiming the requestor's identity may be compared with the verified identity record. An identity match indicator and/or a match confidence score may be created and used to determine the risk that the identity claim by the person requesting the transaction is false. | 10-15-2015 |
20150295913 | ENHANCED SERVER/CLIENT LOGIN MODEL - A method for enhanced login is described including determining if a user is attempting to login to a particular account, performing analysis on the user's passwords if the user is not attempting to login to the particular account, determining if it is time to change a password on the particular account, if the user is attempting to login to the particular account, suggesting alternative passwords to the user based on the password analysis and performing a login procedure. | 10-15-2015 |
20150295926 | SYSTEMS AND METHODS FOR USING COGNITIVE FINGERPRINTS - A system and method for creating a core cognitive fingerprint. A core cognitive fingerprint can be used to capture the evolution of a system state and potentially respond with a predetermined action if the fingerprint falls within a threshold. The method includes: identifying a set of time frames within which data is extracted; providing a plurality of pattern recognizers; processing the extracted data through the plurality of pattern recognizers to generate an initial set of elements; extracting identified relationships amongst the initial set of elements; modifying the initial set of elements to include the identified relationships to create an intermediate set of elements; comparing the intermediate set of elements against assigned values to weigh each element in the intermediate set of elements to create a final set of elements; and using the final set of elements as a cognitive fingerprint. | 10-15-2015 |
20150304293 | MESSAGE AUTHENTICATION SYSTEM AND MESSAGE AUTHENTICATION METHOD - The message authentication system is a message authentication system used in a multihop network and including a server | 10-22-2015 |
20150304314 | METHODS AND SYSTEMS FOR PROVIDING BIDIRECTIONAL AUTHENTICATION - Methods and systems for providing access to a secure computing device are disclosed. A security device is used to generate a one-time password, a sequence of symbologies, and location information. The security device transmits the password, sequence and location information to the secure computing device for storage and displays the password and sequence to a user. A user device provides a password to the secure computing device in order to obtain access. The secure computing device compares the password with the stored one-time password to verify the user of the user device and sends the sequence to the user device in response. The user or user device verifies the sequence of symbologies to confirm the secure access. The location information may be used to detect fraudulent accesses to the user account. | 10-22-2015 |
20150310195 | CHARACTERIZING USER BEHAVIOR VIA INTELLIGENT IDENTITY ANALYTICS - Methods, devices, and systems are provided to rapidly detect and prevent cyber-attacks that are enabled by either misuse of identity credentials or weaknesses within the identity credential lifecycle. An Identity Analytics and Intelligence Engine provides an automated process for the collection, exchange, analysis, correlation, and reporting of identity credential lifecycle data. The Identity Analytics and Intelligence Engine may be implemented as a Software as a Service (SaaS) capability. The Identity Analytics and Intelligence Engine applies Semantic Web concepts/technologies and graph databases to automatically capture the identity credential lifecycle data along with the associated data exchanges within one or more Trust Frameworks. | 10-29-2015 |
20150312237 | System and Method to Associate a Private User Identity with a Public User Identity - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record. | 10-29-2015 |
20150312242 | USER AUTHENTICATION METHOD, SYSTEM FOR IMPLEMENTING THE SAME, AND INFORMATION COMMUNICATION TERMINAL USED IN THE SAME - [Problem] To provide a user authentication technology whereby hacking of a system by a third party is effectively prevented. [Solution] The present invention is a user authentication method and system, wherein: an information communication terminal allocates numerals, etc., which configure a token code which is generated by time synchronizing with an authentication system side to each cell which configures a user's password derivation pattern, and displays upon a user interface a personal identification table whereupon numerals, etc., are allocated which have been randomly generated with other cells; the user, with reference to the personal identification table, selects the numerals, etc., which are allocated to each cell which configures the user's password derivation pattern, and inputs same as a password; and the authentication system carries out an authentication determination upon the inputted password on the basis of the generated time synchronized token code. | 10-29-2015 |
20150312249 | PASSWORD RETRIEVAL SYSTEM AND METHOD INVOLVING TOKEN USAGE WITHOUT PRIOR KNOWLEDGE OF THE PASSWORD - A method for managing a master password on a network device, the method stored as a set of instructions executable by a computer processor to: store the master password in a first file in a memory of the network device; store the master password in a second file in the memory of the network device; encrypt access to the first file using a first password; encrypt access to the second file using a second password; send the second password and an identifier associated with the network device over a communications network to a registration server, the registration server configured for storing the second password for subsequent retrieval by the network device; when the first password is unavailable, send a password retrieval request including the identifier; receive the second password configured as a one-time use password; decrypt access to the second file to retrieve the master password; and, initiate a reset process for subsequent storage of the master password in the memory of the network device. | 10-29-2015 |
20150312250 | SOFT TOKEN SYSTEM - Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a unique device ID of a mobile device is obtained by a soft token application via an API of an operating system of the mobile device. A seed for generating an OTP for accessing a secure network resource is requested from a provisioning server by the application via an IP-based network. The seed is received by the mobile device via a first out-of-band channel in encrypted form based on a secret key, the unique device ID and a hardcoded-pre-shared key. The received encrypted seed is decrypted and installed within the application. The OTP is generated by the application based on the seed. The OTP is bound to the mobile device by the application by encrypting the seed with the unique device ID and the hardcoded pre-shared key. | 10-29-2015 |
20150312352 | SERVICE-BASED NETWORKING - A service-based networking capability is presented. The service-based networking capability replaces traditional networking connections between endpoints with service connections between endpoints. The service-based networking capability supports establishment and use of a service connection between endpoints, where the service connection between endpoints may be provided below the application layer and above the transport layer. The establishment and use of a service connection between endpoints may be provided using a connected services stack, which may include a connected services layer that is configured to operate below the application layer and above the transport layer. | 10-29-2015 |
20150317463 | ACTIVE DIRECTORY FOR USER AUTHENTICATION IN A HISTORIZATION SYSTEM - A user authentication system enables control of access to historian data through a historian application. The user authentication system creates a user authentication directory for storing user authentication information. The system populates the directory with user authentication information. The system links the directory to a historian application and receives credential data from a user. The system grants access to the historian application when it determines that the credential data from the user matches a portion of the user authentication information on the directory. | 11-05-2015 |
20150319165 | ASSISTED AUTHENTICATION USING ONE-TIME-PASSCODE - An authentication method implemented on a server for authenticating a user device in a network comprising user devices and a server associated with a resource to be accessed. The server is configured to receive a request for access to a resource from a first user device and identify an entity to be authenticated from the request. A rule information set specifying how to form a one-time-passcode from a random code is defined and the random code is provided to a first device associated with the identified entity. A rule information set is provided to a second device associated with the identified entity and a one-time-passcode from the second device generated from the random code using at least one rule information set and received at the server. | 11-05-2015 |
20150319177 | METHOD AND SYSTEM FOR PROVIDING REFERENCE ARCHITECTURE PATTERN-BASED PERMISSIONS MANAGEMENT - Reference architecture pattern role data representing reference architecture pattern roles to be associated with entities taking part in the development, and/or deployment, and/or operation of an application is generated. Reference architecture pattern tier data representing reference architecture pattern tiers used to create, and/or deploy, and/or operate an application using the reference architecture pattern is generated. For each reference architecture pattern role at least one access and/or operational permission is associated with each reference architecture pattern tier. At least one entity is assigned one of the reference architecture pattern roles and for each reference architecture pattern tier, the at least one entity is automatically provided the at least one access and/or operational permission associated with the reference architecture pattern role assigned to the entity. | 11-05-2015 |
20150324577 | DYNAMIC CHANGING OF ACCESS TOKEN TYPES - A system, method and computer program product for dynamically changing access tokens in a communication system. A client computer system is communicatively coupled by a communication channel to at least one target server. The client computer system includes a processor connected to a storage device that has a non-transitory machine-readable storage medium. The storage device stores a connection failure recovery program. The client computer system is programmed to implement the connection failure recovery program. The client computer system initiates a session by transmitting a first request for a connection to the target server using a first token type such as a client security token and if the first request fails, transmits a second request for a connection to the target server using a different token type. | 11-12-2015 |
20150324579 | METHOD, APPARATUS, AND SYSTEM FOR MANAGING USER ACCOUNTS - Embodiments of the present application relate to a method and system for managing user accounts. The method includes receiving a registration request from a current user, wherein the registration request comprises a login name main part, determining, in a database, whether a conflicting old user exists, wherein a conflicting old user corresponds to another user that has a conflicting login name main part that is the same as the login name main part received in connection with the registration request, in the event that a conflicting old user exists, executing a login password differentiation process that requires a user to register a different login password that is different from a login password associated with the conflicting old user, and storing the different login password to the database in connection with a registration of the current user. | 11-12-2015 |
20150326561 | Authentication and Secure Channel Setup for Communication Handoff Scenarios - Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers. | 11-12-2015 |
20150326564 | Method And Browser For Online Banking Login - The present disclosure discloses method and browser for online banking login, solving the problems of complex and trivial steps and insecurity of online banking login via web navigation websites. The method comprises: pre-storing and managing online banking website addresses on a browser side and managing the certificates and/or online banking plugins corresponding to the online banking in the form of NPAPI; judging whether the current website address accessed by a user in the browser is an online banking website address, based on the stored online banking website addresses; when it is one of the stored online banking website addresses, using the NPAPI to call the corresponding online banking certificate and/or online banking plugin to perform online banking login. The embodiments of the present disclosure decrease steps and enhance security to log in to online banking. | 11-12-2015 |
20150326571 | SYSTEM AND METHOD FOR SPEAKER RECOGNITION ON MOBILE DEVICES - A speaker recognition system for authenticating a mobile device user includes an enrollment and learning software module, a voice biometric authentication software module, and a secure software application. Upon request by a user of the mobile device, the enrollment and learning software module displays text prompts to the user, receives speech utterances from the user, and produces a voice biometric print. The enrollment and training software module determines when a voice biometric print has met at least a quality threshold before storing it on the mobile device. The secure software application prompts a user requiring authentication to repeat an utterance based at least on an attribute of a selected voice biometric print, receives a corresponding utterance, requests the voice biometric authentication software module to verify the identity of the second user using the utterance, and, if the user is authenticated, imports the voice biometric print. | 11-12-2015 |
20150327062 | PROACTIVE ASSISTANCE IN OBTAINING A WIRELESS NETWORK CONNECTION - A user may be proactively identified as needing assistance to access a home wireless network. Assistance may be automatically provided through, for example, a text message, email, or telephone call. In one implementation, a method may include monitoring a wireless access point that provides a wireless network; obtaining, based on the monitoring, an indication of a failed attempt to attach to the wireless network due to entry of an incorrect network password; and causing, based on the obtained indication of the failed attempt to attach to the wireless network, transmission of a correct password for the wireless network to a mobile device corresponding to an account associated with the wireless network. | 11-12-2015 |
20150327071 | ENHANCED DATA INTERFACE FOR CONTACTLESS COMMUNICATIONS - Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device. | 11-12-2015 |
20150332042 | Methods and Systems for Enabling, Tracking, and Correlating Anonymous User Activity - Methods are disclosed for identity key management in networked application execution. In one embodiment, an identifier request is transmitted from a client system to a server system, in which an identity key value in the identifier request is blank. Upon detecting the blank identity key value at the server system, the server system operates to generate a new identity key value and an identifier for the new identity key value. The new identity key value and the identifier for the new identity key value are transmitted from the server system to the client system. The new identity key value is stored in a local store of the client system. The local store of the client system is secured by a passcode and persists data through power cycling of the client system. The identifier is used to track execution of a networked application in an anonymous execution mode. | 11-19-2015 |
20150334099 | Service Channel Authentication Token - A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected. | 11-19-2015 |
20150334100 | BIT STRING COLLATION SYSTEM, BIT STRING COLLATION METHOD, AND PROGRAM - A system includes a first bit string position permutation unit to perform position permutation of an input first bit string; a template generation unit to perform an exclusive OR operation of a bit string resulting from the position permutation of the first bit string and a code word of a binary linear code and generate auxiliary data; a second bit string position permutation unit to perform same position permutation of an input second bit string; and a bit string collation unit to verify that a hamming distance between position permutation result of the second and second bit strings is not more than a predetermined value. | 11-19-2015 |
20150334176 | ROUTING MESSAGES BETWEEN APPLICATIONS - A system and method for enabling the interchange of enterprise data through an open platform is disclosed. This open platform can be based on a standardized interface that enables parties to easily connect to and use the network. Services operating as senders, recipients, and in-transit parties can therefore leverage a framework that overlays a public network. | 11-19-2015 |
20150341337 | AUTHENTICATION SYSTEM AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An authentication server | 11-26-2015 |
20150341340 | A SYSTEM AND METHOD OF DYNAMIC ISSUANCE OF PRIVACY PRESERVING CREDENTIALS - Method and System for enhanced privacy in privacy-preserving identity solutions. The technology provides for a redirect of a request to generate a proof of an attribute from a service provider to a separator. The separator removes source identification from the attribute-proof request and redirects the attribute-proof request, free of original source identification, to a credential issuer which issues the credential. A security device of the user generates a presentation token from the privacy-preserving credential and presents the presentation token to the service provider as proof of the attribute. Other systems and methods are disclosed. | 11-26-2015 |
20150341350 | PRIVACY PRESERVING BIOMETRIC AUTHENTICATION BASED ON ERROR CORRECTING CODES - A method includes transmitting initialization data including an error correction code and a matrix. The method also includes receiving registration data including a transformed registration biometric template, a registration user identifier, and a hashed registration code. The transformed registration biometric template may be determined based on a registration code word selected from the error correction code. The hashed registration code word may be determined by hashing the registration code word using the matrix. The registration user identifier may be associated with a first user described by the transformed registration biometric template. | 11-26-2015 |
20150341451 | ONLINE BUSINESS METHOD, SYSTEM AND APPARATUS BASED ON OPEN APPLICATION PROGRAMMING INTERFACE - The present disclosure introduces a method, a system and an apparatus of implementing online transaction according to Open API. In one aspect, a method includes: receiving a first invocation request to invoke an Open API from a third party development server according to a user's transaction request; determining an ISP server corresponding to the Open API as requested to be invoked in the invocation request; sending the first invocation request to the determined ISP server; receiving a service page returned by the ISP server according to the first invocation request; and sending the service page to the third party development server for processing the service page and sending the processed service page to the user, the processing comprising embedding the service page into a page corresponding to the transaction request. | 11-26-2015 |
20150350176 | VEHICLE NETWORK AUTHENTICATION SYSTEM, AND VEHICLE NETWORK AUTHENTICATION METHOD - Provided is a vehicle network authentication system such that processing by a vehicle control device can be smoothed while security of communication using dummy data is maintained. A vehicle control device as an authenticating entity is provided with an authentication unit that allocates authority in accordance with the amount of authentication of data for authentication transmitted from a vehicle control device as an authenticated entity. The vehicle control device includes an authentication data generation unit that generates the data for authentication, a data division unit that divides the generated data for authentication, and a dummy data addition unit that adds dummy data as data that is transmitted to a vehicle network together with the data for authentication. | 12-03-2015 |
20150350177 | MANAGEMENT OF CREDENTIALS ON AN ELECTRONIC DEVICE USING AN ONLINE RESOURCE - Systems, methods, and computer-readable media for using an online resource to manage credentials on an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter alia, receiving account data via an online resource, accessing commerce credential status data from a secure element of the electronic device, providing initial credential management option data via the online resource based on the received account data and based on the accessed commerce credential status data, in response to the providing, receiving a selection of an initial credential management option via the online resource, and changing the status of a credential on the secure element based on the received selection. Additional embodiments are also provided. | 12-03-2015 |
20150350181 | CLIENT/SERVER AUTHENTICATION USING DYNAMIC CREDENTIALS - In an embodiment, a method comprises intercepting, from a first computer, a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent if executed by a client computer; modifying the first set of instructions to produce a modified set of instructions, which are configured to cause a credential to be included in the one or more requests sent if executed by the client computer; rendering a second set of instructions comprising the modified set of instructions and one or more credential-morphing-instructions, wherein the one or more credential-morphing-instructions define one or more credential-morphing operations, which are configured to cause the client computer to update the credential over time if executed; sending the second set of instructions to a second computer. | 12-03-2015 |
20150350187 | SERVICE ACCOUNT ACCESS - A computer system detects an external media device and determines the external media device contains authentication data for the computer system. In response, a first password is generated based on an identifier unique to the computer system. A prompt is displayed for a second password obtained from a service provider. The second password is received through an input device. The computer system provides access to the service account if the second password matches the first password. | 12-03-2015 |
20150350191 | Method and Apparatus for Managing Passcode - An apparatus for managing a passcode comprises: one or more processors; a memory; and one or more programs stored in the memory and configured to be executed by said one or more processors. The program comprises: a storage module for storing passcode management data; an input window module for displaying the input window on which multiple key buttons are arranged; a combination code generating module for checking the code corresponding to each inputted key button in the code table included in the passcode management data, when the key button is inputted via the input window, and generating a combination code by combining each checked code; and a passcode acquiring module for receiving the passcode with a set storage address from a passcode storage server based on the generated combination code. | 12-03-2015 |
20150350224 | DATA COMMUNICATION - A client terminal sends a communication request to a server. The server generates at least one digit code according to a first preset rule. The server sends information including the at least one digit code to the client terminal. The client terminal generates at least one input box, a number of which corresponds to a number of the at least one digit code, detects an input event of the at least one input box, and obtains data of the at least input box when the input event occurs. The client terminal sends the data of the at least one input box as at least one verification data to the server. The server compares the digit data corresponding to the at least one digit code with the verification data and sends a successful information code to the client terminal when the two are the same. The techniques improve password security. | 12-03-2015 |
20150350226 | MULTI-USER SECRET DECAY - Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information. | 12-03-2015 |
20150350907 | SYSTEMS, METHODS, AND APPARATUS FOR AUTHENTICATION DURING FAST INITIAL LINK SETUP - Systems, methods, and devices for authentication during fast initial network link setup within wireless communication systems are disclosed. In one aspect, a method for wireless communication is provided. The method includes generating an aggregated message, the aggregated message comprising a pairwise master key identifier (PMKID) and an extensible authentication protocol re-authentication protocol (EAP-RP) frame. The method further includes transmitting the aggregated message. | 12-03-2015 |
20150350910 | SHARED NETWORK CONNECTION CREDENTIALS ON CHECK-IN AT A USER'S HOME LOCATION - There are provided systems and methods for shared network connection credentials on check-in at a user's home location. A user may have a wireless network for accessing the Internet, such as a WiFi router, at a location for the user. The wireless network may be password protected to prevent unauthorized used. However, the user may further provide a beacon at the location for the location for the wireless network that provides short range wireless communications including a check-in option for other users visiting the location. Once the other users have used a device to check-in to the beacon, the beacon may be push the access credentials for the wireless network securely to the other users' devices. The secure access credentials may be configured to be wiped from the other users' devices after user, for example, when the other users' devices disconnect from the wireless network of the beacon. | 12-03-2015 |
20150356290 | ALTERNATE AUTHENTICATION - A user may utilize an existing digital identity to authorize the user's access to security-enabled device operations, where the security-enabled device comprises a cryptographic chip. The device can receive a user authentication token from the digital user identification service, which authenticates a user's identity. Further, the security-enabled device can validate the user authentication token, and provide the user access to device security operations on the security-enabled device if the user authentication token is successfully validated, allowing the user to reset their security access information for the device. | 12-10-2015 |
20150358305 | Service Invitation Token - The invention discloses a computer executable method for a first computer system to amend a transaction with an invitation token to invite a user to use a service provided by a second computer system wherein the service is subscribed by the first system. The method is characterized in that it comprises steps for requesting by the first computer computer system the creation of the invitation token using information indicating a trust relationship between the first computer system and the second computer system, and amending by the first computer system the transaction with a URL comprising the created invitation token. The amended transaction is sent to the recipient system. A method for using the invitation token to invoke an application service is also disclosed. | 12-10-2015 |
20150358309 | DATA PROTECTION BACKUP AGENT MANAGEMENT - A system correlates application information from within a virtual guest to an entity managing off-host data protection. During a data protection operation, the system exploits the virtual hierarchy to centralize the configuration and management of operating system credentials of numerous virtual guests. For each virtual guest, the system uses the credential to collect a single Globally Unique Identifier (GUID) previously generated and stored in-guest by any data protection agent. The system stores the collected GUID as a custom property in the context of the virtual hierarchy. The system also exploits the virtual hierarchy custom properties to determine if GUIDs are copies due to virtual guest replication. The system ensures GUID's uniqueness by requesting regeneration of the GUID by in-guest data protection agents. Using GUIDs that are unique across the virtual hierarchy, from the entity managing off-host data protection, the system can correlate application data of multiple in-guest data protection agents. | 12-10-2015 |
20150358315 | SMARTPHONE FINGERPRINT PASS-THROUGH SYSTEM - Systems and methods are provided for unlocking remote devices using a biometric input that is associated with a code stored on a mobile electronic device. After validating a biometric input that corresponds with a code that locks or unlocks a remote lock, the code may be sent to a remote electronic device in a transmission. When the code is validated by the remote electronic device as being associated with unlocking the remote lock, the remote device may then unlock the lock. | 12-10-2015 |
20150358316 | COMMUNITY BIOMETRIC AUTHENTICATION ON A SMARTPHONE - Methods and systems are presented for performing biometric authentication of a plurality of users on a user device (e.g., smartphone). In some embodiments, a user may specify in biometric settings certain biometric authentication applications to be used with a group biometric authentication system. A user may additionally specify in biometric settings other users to add to a biometric authentication group. A user may perform functions or access data in biometric authentication-enabled applications (e.g., a financial application) that require the biometric authentication of one or more other users by transmitting a request to the user device of the one or more other users for the required biometric data (e.g., a fingerprint scan). | 12-10-2015 |
20150358328 | SECURE LOCAL SERVER FOR SYNCHRONIZED ONLINE CONTENT MANAGEMENT SYSTEM - Systems, methods, and non-transitory computer-readable storage media for securely accessing locally stored synchronized content using a local web server. A client application on a client device may receive from a web browser on the client device a request to access a local content stored on a client device. The client application may be configured to synchronize the local content with a remote content stored in an online content management system. The client application may issue a challenge for the web browser. The client application or the online content management system may then receive a response to the challenge. If the response is a valid response to the challenge, the web browser may be allowed to access the local content via the client application. | 12-10-2015 |
20150363592 | Multiple Input Based Passwords - A computer-implemented method, carried out by one or more processors, for utilizing one or more input methods for passwords. In an embodiment, the method comprises the steps of determining, by one or more processors, one or more input methods supported for a password entry, wherein the password entry verifies a user's credentials; receiving, by one or more processors, a candidate password through the one or more input methods, wherein each character of the candidate password has an associated input method; and storing, by one or more processors, the candidate password as the password entry, along with the associated input method for each character of the candidate password. | 12-17-2015 |
20150365390 | METHOD OF CREATING PREFERENCE IMAGE IDENTIFICATION CODE, METHOD OF DIAGNOSING PREFERENCE IMAGE IDENTIFICATION CODE, AND METHOD OF PROVIDING INFORMATION USING PREFERENCE IMAGE IDENTIFICATION CODE - Disclosed are a method of creating a preference image identification code, a method of diagnosing the preference image identification code, and a method of providing information using the preference image identification code. | 12-17-2015 |
20150365392 | METHOD AND SYSTEM FOR TRANSMITTING AUTHENTICATION CONTEXT INFORMATION - A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider. | 12-17-2015 |
20150365402 | SYSTEM AND METHOD FOR ONE TIME PASSWORD AUTHENTICATION - An authentication system for providing an authentication service for a user accessing the same through a communication network includes a seed server for managing a user seed value related to each user identification information, a one time password (OTP) generation device provided in a user's mobile terminal, the OTP generation device generating a user OTP by using at least one portion previously defined in an IP address dynamically assigned to the mobile terminal by a mobile communication operator and a user's user seed value, and an authentication server for, if a user authentication request is received, generating an OTP corresponding to the user OTP by using the at least one portion previously defined in the IP address dynamically assigned to the mobile terminal and the user seed value related to the user identification information, and comparing the user OTP with the corresponding OTP, thereby authenticating the user. | 12-17-2015 |
20150365420 | A SECURE USER INTERACTION METHOD PERFORMING DEFINED ACTIONS ON WEB RESOURCES OVER A SEPARATE CHANNEL AND A SYSTEM THEREOF - A method and system to facilitate a secure user interaction with a web resource on a primary device by establishing a connection on a communication channel between the primary device and the web resource. The user interacts with a secondary device utilizing a separate communication channel to perform the action. | 12-17-2015 |
20150371033 | String and Password Generation from Regular Expressions - Technologies are described herein for generating uniformly random passwords by the use of regular expressions. One or more regular expressions are used to define a constraint on a string or password. The regular expressions are processed into one or more symbolic finite automata (SFA). The one or more SFAs are exposed to a combination of operations to produce a determinized, minimized SFA. Provided techniques generate probability data associated with individual state transitions of the SFA, and optionally, probability data is generated for one or more binary decision diagrams (BDD). Passwords or strings can be generated by traversing the SFA using the probability data. In some embodiments, the process for selecting characters at each state transition of the determinized, minimized SFA may utilize a binary decision diagram (BDD). Techniques disclosed herein also minimize SFAs by use of an over-approximation method. | 12-24-2015 |
20150373001 | METHODS AND SYSTEMS FOR ONBOARDING NETWORK EQUIPMENT - Methods are systems are provided for onboarding network equipment to managed networks. An onboarding controller may be used in authenticating the to-be-onboarded network equipment. The onboarding controller may issue a challenge, which may comprise instructions for making configuration changes to the network equipment. The configuration changes may comprise adding, removing, and/or changing connections within and/or to the network equipment within a local network comprising the network equipment. The onboarding controller may determine whether or not the configuration changes have been made to the network equipment. The determination of configuration changes may be used in verifying the identity and/or location of the network equipment, and/or in determining determine to which managed network the network equipment should be onboarded. | 12-24-2015 |
20150373004 | SYSTEM AND METHOD FOR SUPPORTING SECURITY IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, described herein is a system and method for providing security in a multitenant application server environment. In accordance with an embodiment, per-partition security configuration includes: per-partition security realm (including configuration for authentication, authorization, credential mapping, auditing, password validation, certificate validation, and user lockout); SSL configuration, including keys, certificates, and other configuration attributes; and access control for partition and global resources. An administrator can designate one or more partition users as partition administrators, via grant of roles. | 12-24-2015 |
20150373006 | Secure Non-Geospatially Derived Device Presence Information - This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device. | 12-24-2015 |
20150373007 | Continuous Authentication Confidence Module - Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session. | 12-24-2015 |
20150373539 | SYSTEM AND METHOD FOR UNIFIED AUTHENTICATION IN COMMUNICATION NETWORKS - Aspects of the subject disclosure may include, for example, a method comprising authenticating, by a server comprising a processor, a communication device to a first communication network, in accordance with authentication information stored in a first repository of the first communication network. The method also comprises determining, by the server, that a second communication network is accessible to the communication device. The method further comprises providing, by the server, the authentication information to a second repository of the second communication network in accordance with the determining, wherein the providing is performed independently of a request from the second communication network. Other embodiments are disclosed. | 12-24-2015 |
20150379259 | DYNAMIC DATABASE AND API-ACCESSIBLE CREDENTIALS DATA STORE - A system for managing credentials for authenticating and securely communicating with trusted hosts, for example, in a cloud computing environment. The system dynamically updates credentials stored in a database and injects the updated credentials back into a runtime environment without restarting the runtime environment or applications running on the runtime environment. Embodiments of the present invention further enable credentials to be tracked and managed on a per-tenant basis, allowing each tenant that is running an application on a runtime environment to customize which hosts should be trusted. | 12-31-2015 |
20150379260 | ONE TIME PASSWORD GENERATION DEVICE AND AUTHENTICATION METHOD USING THE SAME - Disclosed are a one time password generation device and an authentication method. The one time password generation device includes: a reference information generator that generates reference information; a virtual input means generator that generates a virtual input means in which a blank is provided; and a password generator that generates a one time password using an initial value, reference information, and a blank. | 12-31-2015 |
20150379261 | DATA PACKET GENERATOR FOR GENERATING PASSCODES - A data packet generator periodically generates a data packet including a passcode comprising a plurality of characters. The data packet is sent to a server or a computing device for validation. If validated, the data packet is used, for example, to identify the location of a user or device. Additional systems and methods involving such a data packet generator are also disclosed. | 12-31-2015 |
20150379291 | PROVISION OF RSS FEEDS BASED ON CLASSIFICATION OF CONTENT - A device that resides behind a firewall and receives content to be further directed towards one or more users, such as high-volume emails. The device captures the incoming content that is delivered over a secure communication channel from an external content source and creates personalized RDF or XML files for the intended recipients. The URLs associated with the files include a unique code that is generated using at least a portion of the addressing information or other parameters of the message. An RSS reader can then be employed to read the content from the RDF or XML file. | 12-31-2015 |
20150381594 | Providing Secure Seamless Access To Enterprise Devices - In an embodiment, a system includes at least one processor having at least one core including a reservation control logic to receive a request from a user device for access at a future time to an enterprise device. The reservation control logic may grant a reservation to the user device to enable the access and schedule delivery of an authentication message to the user device including a credential to enable the user device to set up an ad hoc wireless connection with the enterprise device at the future time, without involvement of a user of the user device. Other embodiments are described and claimed. | 12-31-2015 |
20150381596 | REMOTE CREDENTIAL MANAGEMENT FOR HYBRID CLOUDS WITH ENTERPRISE NETWORKS - A system and method of initializing a virtual machine within a secure hybrid cloud is disclosed. One method includes transmitting service mode credentials to a cloud broker from a cloud-based virtual machine, receiving a service mode community of interest key from a credentialing service based on the service mode credentials, and establishing a secure service mode connection based on the service mode community of interest key. The method also includes receiving role VPN credentials at the cloud-based virtual machine and establishing a secure role connection to the cloud broker using the role VPN credentials, thereby providing, in response to the role VPN credentials, a role VPN community of interest key to a virtual data relay dedicated to the cloud-based virtual machine. The method further includes receiving role cloud credentials at the cloud-based virtual machine and establishing secure communications at the cloud-based virtual machine based on the role cloud credentials, including receiving a role cloud community of interest key at the cloud-based virtual machine used for secure communication among the cloud-based virtual machine and other cloud-based virtual machines within a common community of interest with the cloud-based virtual machine. | 12-31-2015 |
20150381604 | METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE - A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software. | 12-31-2015 |
20150381611 | METHOD AND NETWORK NODE FOR OBTAINING A PERMANENT IDENTITY OF AN AUTHENTICATING WIRELESS DEVICE - A network node, such as a Wi-Fi Access Point/Authenticator, is able to obtain a permanent device identity of a wireless device requesting authentication, in case the wireless device has only provided an alias. This is achieved by the network node intercepting an authentication message from the wireless device, wherein the authentication message includes a signaled identity of the wireless device, and extracts the signaled identity. In case the extracted identity is an alias and not a permanent identity of the wireless device, the network node responsively manipulates at least one further authentication message to cause the wireless device to signal its permanent identity in a subsequent authentication message. | 12-31-2015 |
20160004854 | PASSWORD AUTHENTICATION APPARATUS, PASSWORD AUTHENTICATION METHOD, AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM STORING PASSWORD AUTHENTICATION PROGRAM - A control unit makes a screen of a display unit display a plurality of pattern display areas to which a predetermined respective plurality of patterns are uniquely assigned at random as a pattern random array in the same layout as that of a plurality of input keys capable of inputting numerical values. The control unit determines a shortest path to go through a sequence of patterns serving as a password of a user in the pattern random array, and replaces a sequence of all patterns existing on the shortest path with a sequence of codes assigned to the respective plurality of input buttons according to a correspondence relationship between the plurality of input buttons and the plurality of pattern display areas to generate a one-time password. The control unit then compares the one-time password with a sequence of codes input by the user by using an input unit to perform authentication. | 01-07-2016 |
20160006709 | SYSTEM AND CONTROL METHOD THEREOF - A system for monitoring a device includes issuing an authentication key, establishing a connection between a management apparatus and a monitoring apparatus using the authentication key, cancelling a task for monitoring the device and acquiring operational information from the device according to a transfer related input, transmitting task information relating to the cancelled task and the acquired operational information to the management apparatus, transmitting a transfer instruction to the management apparatus, invalidating the authentication key according to the transfer instruction, requesting, based on the transfer related input, to newly register a monitoring apparatus with reference to identification information associated with a different monitoring apparatus, and issuing, in response to the request and based on the identification information associated with the monitoring apparatus, a new authentication key. | 01-07-2016 |
20160006718 | SYSTEMS, METHODS AND DEVICES FOR PERFORMING PASSCODE AUTHENTICATION - The invention provides systems, methods and devices for performing passcode authentication. In one embodiment of the invention, a method of performing passcode authentication conducted at a mobile device is provided which comprises the steps of: receiving an authentication request from a security gateway; receiving a passcode entered by a user of the mobile device; comparing the entered passcode to a passcode offset securely stored in a hardware security module (HSM) coupled to the mobile device; and, if the entered passcode corresponds with the passcode offset, generating a secure authentication confirmation message and transmitting the confirmation message to the security gateway; or, if the entered passcode does not correspond with the passcode offset, generating a secure authentication denial message and transmitting the authentication denial message to the security gateway. | 01-07-2016 |
20160006732 | TECHNOLOGIES FOR SECURE STORAGE AND USE OF BIOMETRIC AUTHENTICATION INFORMATION - Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment. | 01-07-2016 |
20160006733 | Personal Portable Secured Network Access System - A connection request is received from a network application for content provided by the content server. A determination is made that the network application is of a type associated with a secure terminal that biometrically authenticates a user prior to submitting the connection request. The secure terminal is authenticated. A secure personal storage device identifier is received from the secure terminal and identifies the secure personal storage device. Account credentials assigned for the secure personal storage device identifier are determined Account credentials are requested and received from the secure terminal. A determination is made that the received account credentials match the account credentials assigned for the secure personal storage device identifier. The network application is directed to connect to the requested content. | 01-07-2016 |
20160012230 | METHOD FOR DETECTING UNFAIR USE AND DEVICE FOR DETECTNG UNFAIR USE | 01-14-2016 |
20160014116 | SECURE ACCESS TO SECURE ACCESS MODULE-ENABLED MACHINE USING PERSONAL SECURITY DEVICE | 01-14-2016 |
20160014135 | HEALTH RECORD ACCESS SYSTEM AND METHOD | 01-14-2016 |
20160014139 | AUTOMATION TOOL FOR PROVIDING USERS WITH SECURITY ACCESS TO AN ELECTRONIC SYSTEM | 01-14-2016 |
20160014605 | INSTANT MOBILE DEVICE BASED CAPTURE AND CREDENTIALS ISSUANCE SYSTEM | 01-14-2016 |
20160021090 | METHOD AND SYSTEM FOR PASSWORD SETTING AND AUTHENTICATION - A method for password setting and authentication is provided. The method includes receiving a password setting request and acquiring a reference character string and reference input duration information. The reference input duration information may be associated with a character at a position of the reference character string. The method may further include storing the reference character string and the reference input duration information, receiving a password authentication request, and acquiring an authentication character string input by a user and authentication input duration information. The authentication input duration information may be associated with a character at the position of the authentication character string. The method may further include determining whether password authentication is successful based on the authentication character string, the authentication input duration information, the reference character string, and the reference input duration information. | 01-21-2016 |
20160021103 | PROVIDING A SERVICE BASED ON TIME AND LOCATION BASED PASSWORDS - A first device may receive a first password from a second device. The first password may be generated based on first time information and first location information identifying a geographic location of the second device. The first device may, determine a second password based on second time information and second location information identifying the geographic location of the second device. The first device may determine that the second device is located at the geographic location at a particular time when characters in the first password match characters in the second password, and may provide a service based on determining that the second device is located at the geographic location at the particular time. | 01-21-2016 |
20160021104 | Streaming Music Using Authentication Information - Techniques provided herein may facilitate registering audio content services with an audio system. An example technique involves a computing device receiving via a control interface for controlling an audio system, an input to register an audio content service with the audio system, where an audio content service application corresponding to the audio content service is installed on the computing device. The computing device identifies authentication information used by the audio content service application to access the audio content service and registers the audio system with the audio content service based at least in part on authentication information used by the audio content service application to access the audio content service. After registering the audio system with the audio content service, the computing device causes at least one playback device of the audio system to stream music from the audio content service. | 01-21-2016 |
20160021115 | UNREGISTERED USER ACCOUNT GENERATION FOR CONTENT ITEM SHARING - Various embodiments of the present technology involve the sharing of a content item though a synchronized content management system (CMS) without requiring a user to register or provide login credentials. For example, the CMS can receive a request from a first user of a computing device to share a content item with a second user. Instead of requiring the user to register or provide their login credentials, the CMS can generate an unregistered user account using a unique identifier associated with the computing device. Accordingly, in order to share the content item, the CMS can generate a link to retrieve the content item and send the link to the second user. Thus, creation of an unregistered user account can require no login credentials, thereby providing a simple, user friendly interface for initiating interactions with the CMS. | 01-21-2016 |
20160021144 | USER-BASED NETWORK ONBOARDING - A network security system including a first-level security profile engine and a second-level security profile engine is disclosed. The first-level security profile engine may assign a first-level security profile for a first user device, the first user device requesting access to a network; the second-level security profile engine assigns a first second-level security profile to the first user device, the first second-level security profile providing first network configuration information for the first user device; a device selection engine receives a selection of a second user device associated with the first-level security profile; and the second-level security profile engine assigns a second second-level security profile to the second user device, the second second-level security profile providing second network configuration information for the second user device. A device network configuration engine can then configure the first user device to access the network based on the first network configuration information. | 01-21-2016 |
20160021540 | APPARATUS AND METHOD FOR ACCESSING WIFI NETWORKS - A method and apparatus are for automatically accessing a social network account that provides member information about each of a plurality of social network members. The member information about at least one of the social network members, denoted as a particular member, includes a network detection portion and a security portion. The network detection portion is retrieved from the social network for at least the particular member. A detection is made that the wireless device is within range of a secure wireless network associated with the particular member. The detection uses the network detection portion of the particular member as an input. The security portion of the member information of the particular member is retrieved from the social network. The security portion is used to derive access credentials for the secure wireless network. The derived access credentials are used to securely access the secure wireless network. | 01-21-2016 |
20160028712 | METHOD AND APPARATUS FOR REMOTE CONNECTION - A system and method for establishing a virtual network connection between an initiating computing device operated by an initiator and a target computing device operated by a target so that one of said computing devices is able to control the other of said computing devices. The system comprises a third party proxy to which the computing devices are connected. The third party proxy receives a request for a virtual network connection to said target computing device from said initiating computing device and requests initiator credentials for said initiating computing device and target credentials for said target computing device. Said credentials are delivered to the respective computing device. The system also comprises a core node configured to receive the credentials from the respective computing device, authenticate the received credentials, and if said credentials are authentic, establish the virtual network connection between said initiating computing device and said target computing device. | 01-28-2016 |
20160028730 | SYSTEMS AND METHODS FOR PROVIDING SECURITY VIA INTERACTIVE MEDIA - Methods and systems for providing security and verifying a human user and/or an authorized user are described. A system may include a processor and a non-transitory, processor-readable storage medium. The non-transitory, processor-readable storage medium may include one or more programming instructions that, when executed, cause the processor to receive a request to access a secured resource, provide a verification challenge to a user via a user interface, receive at least one input from the user in response to the verification challenge, and determine that the at least one input corresponds to at least one parameter indicative of a human user. The verification challenge may include a game. | 01-28-2016 |
20160028745 | SYSTEM AND METHOD FOR KEY CHALLENGE VALIDATION - This document discusses, among other things, a system and method for detecting an initiation of a transaction and generating a string of characters based on the detection. A subset of characters of the string of characters is presented in such a way as to be distinguished from remaining characters of the string of characters. In various example embodiments, the transaction is validated based on an identification of the subset of characters of the string of characters. | 01-28-2016 |
20160034684 | Automated Password Generation and Change - An identity management system detects the occurrence of a trigger event, such as a time period expiration, or an action on the identity management system. The identity management system accordingly generates a new password for an account of a user on a third-party service and causes the account of the user on the third-party service to use the new password. The identity management system can also detect a manual user change of a password for a third-party service and cause configuration of client devices of the user to reflect the new password. | 02-04-2016 |
20160034685 | Sending a Password to a Terminal - A mechanism is provided for sending a password to a terminal. A password send request is received. The status of each of a plurality of terminals coupled to the information processing device via a network is acquired. On the basis of the acquired statuses, at least one item is selected from a group comprising the terminal serving as a destination for the password, the communication method with the terminal, or the method for inputting the password in the terminal. The password is then sent to the selected terminal via a network. | 02-04-2016 |
20160034686 | PASSWORD CONFIGURATION AND LOGIN - Password characters input by a user as an account password are obtained. A password table including the password characters and a preset number of supplemental characters is randomly generated. An indication table indicating the password characters as the account password in the password table is generated. The password table and the indication table are stored. The techniques of the present disclosure improve password security. | 02-04-2016 |
20160036797 | Information Processing Device and Information Processing System - An information processing device includes a communication unit that makes communication with a maintenance service provision unit providing maintenance service and the communication unit transmits specification information specifying the information processing device to the maintenance service provision unit. | 02-04-2016 |
20160036800 | METHOD AND SYSTEM FOR CREATING A UNIQUE IDENTIFIER - Method and apparatus for creating a second unique identifier for a user in a second system based on a first unique identifier for a user in a first system. A first authentication process is initiated based on a first unique identifier associated with the user in the first system. Responsive to the user successfully authenticating during the first authentication process, the second unique identifier for a user in the second system is generated. The second unique identifier is based on user data associated with the first unique identifier in the first system, and the second unique identifier is different from the first unique identifier. | 02-04-2016 |
20160036801 | USER AUTHENTICATION IN SEPARATE AUTHENTICATION CHANNELS - Apparatuses, systems, methods, and computer program products are disclosed for user authentication in separate authentication channels. A token module is configured to create a unique token in response to receiving user credentials from an unknown user for a secure interface of a third party system. An identity module is configured to log into the secure interface using the received user credentials, and submit the unique token to a private input element located behind the secure interface. A match module is configured to receive the unique token from the private input element and a user identifier associated with the unknown user from the third party system. The match module is configured to associate the received user credentials with the user identifier based on the unique token. An access module is configured to display information associated with the user identifier to the unknown user. | 02-04-2016 |
20160036808 | OTP TOKEN, DATA TRANSMISSION SYSTEM AND DATA TRANSMISSION METHOD FOR OTP TOKEN - An OTP token, a data transmission system and a data transmission method are provided in which when the OTP token needs to communicate with the background system server, the OTP token signs the request message to obtain a first digital signature, and sends a request data package including the first digital signature and the request message to the background system server. The background system server then verifies the first digital signature and sends an encrypted feedback data package to the OTP token after successful verifications. After encrypting the feedback data package to obtain a second digital signature to the background system server, the background system server verifies the second digital signature and performs a response operation after successful verification. | 02-04-2016 |
20160042173 | SYSTEM AND METHOD FOR IMPLEMENTING A ROBOT PROOF WEB SITE - The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. | 02-11-2016 |
20160044011 | REVOKING SESSIONS USING SIGNALING - Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user. | 02-11-2016 |
20160044012 | SECURE CLOUD BASED MULTI-TIER PROVISIONING - Systems, methods, and other embodiments associated with secure cloud based multi-tier provisioning are described. In one embodiment, a method includes storing, in server-side computer storage medium, an activation key for a networked device and a set of configuration parameter values associated with an application to be run by the networked device. The method includes managing access to the computer storage medium such that access to the activation key and the configuration parameter values by unauthorized entities is prevented. Upon receiving the activation key from an authorized installation entity, the method includes identifying a configuration for the networked device comprising the set of configuration parameter values. A network connection is made with the networked device and the configuration is transmitted to the networked device, such that the configuration is not provided to the authorized installation entity. | 02-11-2016 |
20160044020 | FACILITATING USERS TO OBFUSCATE USER CREDENTIALS IN CREDENTIAL RESPONSES FOR USER AUTHENTICATION - A system and method for facilitating users to obfuscate user credentials in credential responses for user authentication are disclosed. A string sequence may be presented to a user for prompting the user to input credential characters sequentially but not continuously. The string sequence may comprise a set of prompt strings containing a prompt character sequence associated with the user and a set of noise strings that do not contain the prompt character sequence. The individual prompt strings in the set of prompt strings may be composed by obfuscating the prompt sequence among noise characters. A user credential response may be received and a user provided credential may be extracted from the received user credential for user authentication. | 02-11-2016 |
20160044022 | COMPREHENSIVE AUTHENTICATION AND IDENTITY SYSTEM AND METHOD - A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user's username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process. | 02-11-2016 |
20160044025 | SYSTEM AND METHOD FOR SECURITY ENHANCEMENT - A system and method thereof for secure authentication using multimedia contents set particular to user (MCSPU) and user specified parameters is disclosed. A host system for performing an authentication with a user system is disclosed. The host system comprises of a processor; and a memory coupled to said processor for executing a plurality of modules present in said memory. For the authentication (while logging in or performing a transaction), the host system would provide to the user one or more elements belonging to MCSPU, after embedding, within the elements the authentication related critical information using the user specific parameters. The proposed method ensures the user that the response is coming from authentic system. In case of suspicious user behavior, the parameters or multimedia contents not specific to the user could be used. | 02-11-2016 |
20160044026 | SERVER AND/OR CLIENT DEVICE AUTHENTICATION - Embodiments of systems and methods for client and/or server authentication are provided. In one embodiment, a method includes sending information from a mobile network device to a server, wherein the information comprises a seed that is used by both the mobile network device and the server to compute a series of one time passwords. The method also includes receiving, by the mobile network device, a succession of one time passwords generated by the server throughout a session. And the method further includes comparing the received one time passwords generated by the server throughout the session to corresponding one time passwords generated at the mobile network device. In this manner, the server can be authenticated. In various embodiments, the process may be reversed to facilitate client, e.g., mobile network device, authentication. | 02-11-2016 |
20160048663 | SYSTEMS AND METHODS FOR AUTOMATIC GENERATION AND RETRIEVAL OF AN INFORMATION HANDLING SYSTEM PASSWORD - In accordance with embodiments of the present disclosure, an information handling system may include a processor and a basic input/output system (BIOS). The BIOS may comprise a program of instructions executable by the processor and configured to cause the processor to initialize one or more information handling resources of the information handling system. The BIOS may further be configured to, during a boot of an information handling system, and in response to a request to set a password associated with the information handling system, generate a random password, securely store the random password in a memory such that the password may be retrieved during a subsequent boot of the information handling system by a user physically present at the information handling system, and set the random password as the password associated with the information handling system. | 02-18-2016 |
20160048674 | METHOD OF IMPROVING ONLINE CREDENTIALS - The invention comprises a method of providing additional assurance regarding a websites authenticity. The assurance is provided by using a credential that contains an image of the website operator or the website operator's business operations. The assurance is also provided by scanning the website associated with the credential for changes and alerting the website operator or a website visitor of the changes. The invention includes a method of ensuring the proper operation of the credential and a method of protecting the credential from mis-issuance. | 02-18-2016 |
20160050192 | MULTI-DIMENSIONAL FRAMEWORK FOR DEFINING CRITERIA THAT INDICATE WHEN AUTHENTICATION SHOULD BE REVOKED - Methods and systems are presented for defining criteria that indicate when authentication for an identified client device should be revoked based on rules associated with interested parties. Authentication information is stored that indicates that an identified client device is authenticated. Rules that are associated with a plurality of interested parties and include rules of different rule types may also be stored. Criteria may be defined based on the rules and the authentication information, the criteria indicating when authentication of the identified client device should be revoked. Authentication of the identified client device may be revoked based on the criteria. | 02-18-2016 |
20160050195 | System and Method for Limited Records Access for Event Scheduling - The longstanding problems of user password management and security, and user authentication are addressed. Disclosed is a system and method for providing a means for a user to identify themselves with configurable levels of authentication in order to receive limited access or services while protecting user privacy. As a user inputs information related to their identity into an interface, the system searches an indexed database which may include both registered users and/or unregistered customers indexed from disparate data sources. The system presents the user matching results from the search in an obscured form from which the user selects and authenticates his or her identity. Unregistered users identified during the process may be automatically registered in certain embodiments, or no account may be needed in other embodiments. | 02-18-2016 |
20160050197 | AUDIO AUTHENTICATION SYSTEM - According to one embodiment, an apparatus is provided that comprises a memory, an interface, and a processor communicatively coupled to the memory and to the interface. The memory can store a conversion rule. The interface can receive an audio signal and receive a file. The file indicates a start time, an end time, a key, and a password. The processor can clip the audio signal from the start time to the end time to produce a portion of the audio signal. The processor can convert, based at least in part upon the conversion rule, the portion of the audio signal using the key to form a converted portion of the audio signal. The processor can determine that the converted portion of the audio signal matches the password. The interface can communicate a response indicating that the converted portion of the audio signal matches the password. | 02-18-2016 |
20160050198 | METHOD AND SYSTEM OF PROVIDING A PICTURE PASSWORD PROOF OF KNOWLEDGE AS A WEB SERVICE - A server provides a picture password proof of knowledge. The server includes a processor creating a user identifier when communicating with a relying party (RP) server, sending the identifier to the RP server, creating a login token in response to a user authentication request originating from a client browser (CB), sending a web address containing the login token to the RP server, receiving and authenticating actions from the CB regarding the proof of knowledge, generating and sending an authentication token to the CB responsive to the received and authenticated actions, receiving from the RP server a request for an identification token, the request including the authentication token, and generating and sending the identification token to the RP server to enable the user at the CB to be verified and logged-in to the RP server. | 02-18-2016 |
20160050213 | SYSTEM, METHOD, COMPUTER PROGRAM AND DATA SIGNAL FOR THE PROVISION OF A PROFILE OF IDENTIFICATION - In one aspect, the invention provides a method for the provision of a profile, comprising the steps of receiving information relevant to an individual, formatting the information into a format suitable for use in an identification situation, and storing the information in the format. | 02-18-2016 |
20160050566 | Wireless Terminal Configuration Method, Device, and System - A wireless terminal configuration method, device, and system. The method provided in the embodiments of the present disclosure includes acquiring, by a configuration device, device identification information and configuration password information of a wireless terminal; sending, by the configuration device, configuration triggering information to the wireless terminal according to the device identification information of the wireless terminal; performing, by the configuration device, verification with the wireless terminal according to the configuration password information; sending, by the configuration device, credential information required for the wireless terminal to access an access point (AP) and device identification information of the AP to the wireless terminal; and sending, by the configuration device, the credential information and the device identification information of the wireless terminal to the AP. | 02-18-2016 |
20160057134 | Updating of a Digital Device Certificate of an Automation Device - The invention relates to an automation device ( | 02-25-2016 |
20160057139 | COMMUNICATION SESSION TRANSFER BETWEEN DEVICES - Methods and apparatuses, including computer program products, are described for communication session transfer between a plurality of computing devices. A first computing device detects a presence of a second computing device in proximity to the first device, where the first device has established a first session with a remote computing device, and obtains first user authentication data. The first device establishes a wireless connection to the second device. A first token is transmitted to the second device. A second token and second user authentication data are received from the second device. The tokens and the user authentication data is authenticated. The first device transmits, to the second device, information indicating a state of the first communication session to enable the second device to establish a second communication session with the remote device, where the second communication session is established using the state of the first communication session. | 02-25-2016 |
20160057144 | DETERMINING USER AUTHENTICATION REQUIREMENTS ALONG A CONTINUUM BASED ON A CURRENT STATE OF THE USER AND/OR THE ATTRIBUTES RELATED TO THE FUNCTION REQUIRING AUTHENTICATION - Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for function requiring authentication based on determining a location along an authentication continuum. The location along the authentication continuum defines the degree of authentication/credentials required to access the function and is determined based on a current state of the user and/or function attributes. The more or less that is known about the current state of the user the more or less likely the user is the user that is attempting to access the function and, thus, the authentication requirements required to access the function can be adjusted according (increased or decreased). | 02-25-2016 |
20160057146 | SYSTEMS AND METHODS FOR MULTI-STAGE IDENTITY AUTHENTICATION - Certain implementations of the disclosed technology may include systems and methods for multi-stage identity authentication. A method is provided that includes receiving a set of identity information associated with a subject and querying one or more public or private databases with at least a portion of the set of identity information. The method includes receiving independent information responsive to the querying. The method includes determining zero or more first indicators of fraud risk and producing one or more identity proofing queries derived from the independent information. Based at least in part on a comparison of the one or more proofing queries and a query response, the method includes determining zero or more second indicators of fraud risk and evaluating a fraud score. Responsive to evaluating the fraud score, the method includes initiating one or more of authentication enrollment and multi-factor authentication of the subject. | 02-25-2016 |
20160057157 | VERIFICATION METHOD, APPARATUS, SERVER AND SYSTEM - Disclosed are a verification method, apparatus, server and system. The method includes: acquiring user data according to user information sent by a terminal, the user data being a set of user network behaviors corresponding to the user information; generating a verification question and a standard answer according to the user data; and interacting with the terminal according to the verification question and the standard answer to complete a verification process. In this way, the user data is acquired, the verification question and the standard answer are generated according to the user data, and an interactive verification is conducted with the terminal according to the verification question and the standard answer. | 02-25-2016 |
20160057248 | State Management For Mobile Device Authentication - Embodiments create and manage a device profile on a mobile device for continued authentication of the mobile device. The device profile includes a state assigned to a mobile device. The state of the device can be managed through the device profile. The mobile device is allowed to conduct payments based on the current state assigned to the mobile device. In response to a request to conduct a payment transaction using the mobile device, the state information in the mobile device profile is checked. The payment transaction using the mobile device is allowed when the state information indicates a trusted state. The payment transaction using the mobile device is limited when the state information indicates a suspended state. The payment transaction using the mobile device is prevented when the state information indicates an untrusted state. | 02-25-2016 |
20160063235 | Facial Recognition Authentication System Including Path Parameters - Systems and methods for enrolling and authenticating a user in an authentication system via a user's camera of camera equipped mobile device include capturing and storing enrollment biometric information from at least one first image of the user taken via the camera of the mobile device, capturing authentication biometric information from at least one second image of the user, capturing, during imaging of the at least one second image, path parameters via at least one movement detecting sensor indicating an authentication movement of the mobile device, comparing the authentication biometric information to the stored enrollment biometric information, and comparing the authentication movement of the mobile device to an expected movement of the mobile device to determine whether the authentication movement sufficiently corresponds to the expected movement. | 03-03-2016 |
20160063239 | METHOD AND SYSTEM FOR INTEROPERABLE IDENTITY AND INTEROPERABLE CREDENTIALS - The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person. | 03-03-2016 |
20160063240 | MANAGING REGISTRATION OF USER IDENTITY USING HANDWRITING - Embodiments of the present application relate to a method, apparatus, and system for registering a user identity. The method includes receiving handwriting information associated with handwriting entered by a user, computing a degree of complexity of the first handwriting information, and in the event that the degree of complexity of the first handwriting information satisfies one or more preset conditions, associating the first handwriting information with identity registration information corresponding to the user. | 03-03-2016 |
20160063241 | METHOD FOR INPUTTING A SECURE PASSWORD, SHEET, SET OF SHEETS, INPUT UNIT, AND USES THEREOF - Method for generating and using passwords, includes:
| 03-03-2016 |
20160065541 | ANONYMOUS SINGLE SIGN-ON TO THIRD-PARTY SYSTEMS - An online system receives from a third-party application on a client device, an anonymous login request to anonymously log a user of the online system into a third-party system associated with the third-party application. Responsive to receiving the anonymous login request, the online system generates a permissions user interface (UI) that provides an interface component including an option for the user to anonymously log into the third-party system using the user's login information for the online system. The online system provides the permissions UI to the client device, and receives permissions information from the client device. The online system generates an anonymous identifier that allows the user to login to the third-party system. The online system provides the anonymous identifier to the third-party application to allow anonymous login of the user into the third-party system in accordance with the permissions information. | 03-03-2016 |
20160065552 | METHOD AND SYSTEM FOR INTEROPERABLE IDENTITY AND INTEROPERABLE CREDENTIALS - Method, system, and programs for interoperable identity and interoperable credentials. In one example, an authentication request is received. The authentication request originated from an online user in connection with an application having a first LOA. The authentication request includes the online user's input. A digital identity is searched based on the online user's input. A GUID associated with the digital identity is obtained when the digital identity is found. One or more credentials that are bound to the GUID at the first LOA or a higher LOA are provided. A selection of at least one credential is received. Information of the selected credential that includes a credential verification service capable of verifying the selected credential is received. Verification of the selected credential of the online user based on the GUID is requested. A verification response is received. The online user is authenticated at the first LOA when the verification response indicates that the selected credential is successfully verified. | 03-03-2016 |
20160065553 | METHOD, SYSTEM AND RECORDING MEDIUM FOR SERVICE ACCOUNT AUTHENTICATION - Disclosed are a method, system, and storage medium for service account authentication. A user authentication method includes managing authentication information associated with a service account of a user and social information about the user; and performing user authentication with respect to the service account through a stepwise procedure in which an authentication method using the authentication information and an authentication method using the social information are combined. | 03-03-2016 |
20160065564 | Registration and Credential Roll-out for Accessing a Subscripton-based Service - A user may access a subscription-based service via a system comprising one or more devices with one or more separate domains where each domain may be owned or controlled by one or more different local or remote owners. Each domain may have a different owner, and a remote owner offering a subscription-based service may have taken ownership of a domain, which may be referred to as a remote owner domain. Further, the user may have taken ownership of a domain, which may be referred to as a user domain. In order for the user to access the subscription-based service, registration and credential roll-out may be needed. An exemplary registration and credential roll-out process may comprise registration of the user, obtaining credentials from the remote owner and storing the credentials. | 03-03-2016 |
20160065566 | ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY - A backend server system includes at least one hardware processor configured to initiate and/or perform the following. A login page is sent to a browser executing on a client associated with a user; and an authentication process is performed with the client. The logic page is intercepted by a proxy, and a modified logic page is generated by the proxy by adding a routine to the logic page. The modified logic page is forwarded to the browser, and the routine causes the browser to loads an asynchronous engine configured to execute a login process with an authentication profiling service to retrieve login information for the back-end server, and complete the authentication process. | 03-03-2016 |
20160066183 | SECURING CREDENTIAL DISTRIBUTION - Methods, systems and apparatus for securing credential distribution are disclosed. One method includes receiving notification from a credential management system that a wireless device is associated with an authenticated user of the credential management system. The method further includes receiving the private network credentials of the authenticated user, storing the private network credentials and the identifier of the wireless device, receiving an authentication request from a router, returning a response to the authentication request to the router, wherein the response includes internet domains and connection bandwidths the wireless device is allowed to use, authenticating the wireless device, ensuring that the wireless device is authorized to receive private network credentials; and distributing, by the cloud system, the private network credentials to the wireless device, thereby allowing the wireless device to obtain local network access with the private network credentials. | 03-03-2016 |
20160070903 | TIMING OF PASSWORD CHANGE REQUIREMENTS BASED ON AMBIENT INTELLIGENCE - A user's required password change is postponed according to context information determined to indicate that the current password change timing is at an inconvenient time for the user. A user is permitted to extend the use of an expired password when a pre-determined password validity period ends. | 03-10-2016 |
20160070923 | SYSTEMS AND METHODS FOR MOTION TWO-DIMENSIONAL CODES - Systems and method of the present solution are directed to a motion QR code. In general a motion QR code is a 2D code that evolves over time. More particularly, the motion QR code is displayed, or “played”, to sequentially reveal a plurality of 2D codes. The 2D codes can include 2D barcodes, QR codes, Aztec codes, data matrix codes, or similar codes and are generically referred to as 2D codes. In comparison the a traditional 2D code, the motion QR code dramatically increases the amount of information displayed. The systems and methods described herein a related to a system and method for generating, transmitting, displaying, and authenticating motion QR codes. The QR motion codes can be displayed on, and scanned by, applications executing on client devices such as smartphones and tablet computers. The QR motion codes can be incorporated into traditional IDs, tickets, passes, or other document management systems | 03-10-2016 |
20160072631 | AUTOMATED TEST TO TELL COMPUTERS AND HUMANS APART - Techniques for verifying a user is human as opposed to a machine are provided. A series of images may be presented to the user sequentially along with a challenge question that instructs the user to select the image that is responsive to the challenge question. If the user selects the correct image, there likelihood that the user is a human as opposed to a machine is greatly increased. Techniques for varying certain parameters associated with display of images and challenge question are also provided. The variations in these parameters may further help distinguish human users from machines. | 03-10-2016 |
20160072787 | METHOD FOR CREATING SECURE SUBNETWORKS ON A GENERAL PURPOSE NETWORK - Techniques used in a network that includes non-trusted devices, in which packets of information communicated across the network include network address information for a source device and a destination device of the packets of information are described herein. According to one embodiment, a process of establishing a more secure subnetwork includes inserting at least one credential into at least one packet of information issued by the source device, the credential assessable by a plurality of devices on the network, enabling transmission of the at least one packet of information from the source device to at least one destination device on the subnetwork, assessing the credential by at least one of the devices, and permitting the source device to communicate with the destination device conditioned upon the results of the assessing step. Other methods and apparatuses are also described. | 03-10-2016 |
20160072793 | MITIGATING RISK OF ACCOUNT ENUMERATION - Technology is disclosed for mitigating account enumeration and thus enhances network security. The technology can receive from a client computing device a sequence of characters corresponding to a portion of an email address input by a user. The technology retrieves a set of email addresses that have a common first portion identical to the received sequence of characters and generates hashed data. The hashed data is sent to the client computing device. A result value is then generated by hashing the input email address by using the same hashing function as the hashed data. If the result value is in the hashed data, the technology displays a text region for collecting from the user a password. | 03-10-2016 |
20160078218 | LOGIN METHODOLOGY - Methods and apparatus to a login methodology. A method includes selecting a library of images stored in the computer device, setting nicknames for the selected library, uploading the selected library of images to the server, and generating a login account. A network includes a server including at least a processor and a memory, a computer device linked to the server, the computer device including at least a processor and a memory, the memory including at least an operating system and a login process, the login process including selecting a library of images stored in the computer device, setting nicknames for the selected library, uploading the selected library of images to the server and generating a login account. | 03-17-2016 |
20160080345 | ANALYZING CLIENT APPLICATION BEHAVIOR TO DETECT ANOMALIES AND PREVENT ACCESS - A client device accesses content and performs actions at a remote application server via a user-agent application. The application server directs the user-agent application to a security verification system to retrieve and perform security tests. The security verification system receives information from the user-agent application describing characteristics of the user-agent application, and the security verification system selects a set of security tests to be performed by a security module executing in the user-agent application to verify that the user-agent application is accessing the application server consistent with the described user-agent application. The security verification system compares a set of test results with other user-agent applications and provides a token to the user-agent application to access the application server. The security module may also monitor and actions on the user-agent application to permit the security verification system to revise or revoke the token. | 03-17-2016 |
20160080360 | Detection And Repair Of Broken Single Sign-On Integration - An identity management system provides single sign-on (SSO) services to clients, logging the clients into a variety of third-party services for which the clients have accounts. An SSO integration is stored for each of the third-party services, the SSO integration including information that allows the identity management system to automate the login for the corresponding third-party service, such as locations of the login pages, and/or identities of username and password fields. The identity management system uses different techniques in different embodiments to detect that a given SSO integration is broken (i.e., no longer permits login for its corresponding third-party service) and/or to repair the SSO integration. | 03-17-2016 |
20160080364 | METHOD AND SYSTEM FOR PROVIDING A SECURE COMMUNICATION CHANNEL TO PORTABLE PRIVATIZED DATA - A system and method for communicating secure, privatized data stored on a first user device with a second user device requesting access thereto includes initiating a timed access gate for receiving verification of authenticating credentials from the second user device, after the first user credentials associated with the first user device are verified. If the second user device is verified within the predetermined period of time, an authentication handshake between the first user device and the second user device is completed. On completion of the handshake, a communication channel is opened for transmitting the first user's privatized data between the first user device and the second user device. | 03-17-2016 |
20160080366 | TRANSFORMATION RULES FOR ONE-TIME PASSWORDS - A one-time password may be used and generated using transformation rules. A one-time password transformation rule is received. The one-time password is sent to a user. A response to the one-time password is received. The user is selectively authenticated based on the response corresponding to the one-time password as transformed by the one-time password transformation rule. The one-time password transformation rule may include one or more operations, such as mathematical operations that may be static operations or dynamic operations that change as a function of time. Related systems, devices, methods and computer program products are described. | 03-17-2016 |
20160080371 | Method for Authenticating Identity of Handset User in A Cloud-Computing Environment - A method for authenticating the identity of a handset user in a cloud-computing environment is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image. | 03-17-2016 |
20160080385 | Contact Identification Validation via Social Invitation - Systems and techniques are disclosed for receiving one or more recipient identifiers and a destination location from a user or an application. A uniform resource locator may be generated and may comprise a destination ID corresponding to the destination location. An entry containing the one or more recipient identifiers may be generated in an access control list for the destination location. A recipient may request access to the destination location by selecting the uniform resource locator. A recipient identifier may be determined for the recipient requesting the access and may be compared to entries in the access control list. If the recipient identifier matches an entry in the access control list, then the recipient may be granted access to the destination location. | 03-17-2016 |
20160085962 | SYSTEMS AND METHODS FOR UPDATING POSSESSION FACTOR CREDENTIALS - The disclosed computer-implemented method for updating possession factor credentials may include (1) detecting a request from a user of a service to designate a new object to be used by the service as a possession factor credential in place of a previously designated object, (2) prior to allowing the user to designate the new object, authenticating the user by proofing the identity of the user to verify that an alleged identity of the user is the actual identity of the user and verifying that the proofed identity of the user had possession of the previously designated object, and (3) in response to verifying that the proofed identity of the user had possession of the previously designated object, designating the new object as the possession factor credential. Various other methods, systems, and computer-readable media are also disclosed. | 03-24-2016 |
20160087954 | CACHE-BASED WIRELESS CLIENT AUTHENTICATION - Methods and systems for caching of remote server MAC authentication to enable fast roaming are provided. According to one embodiment, MAC addresses of wireless client devices contained within authentication requests associated with the wireless client devices and corresponding authentication status information provided by an authentication server associated with a wireless local area network (WLAN) responsive to the authentication requests are cached by a wireless network controller of the WLAN. A MAC-based authentication request is received by the wireless network controller from a wireless access point (AP) managed by the wireless network controller on behalf of a roaming wireless client device. It is determined whether cached authentication status information exists for the MAC address of the roaming wireless client device and if so, then the roaming wireless client device is permitted or denied access to the WLAN via the AP based on the cached authentication status information. | 03-24-2016 |
20160087956 | UNIFIED PROVISIONING OF APPLICATIONS ON DEVICES IN AN ENTERPRISE SYSTEM - The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource. | 03-24-2016 |
20160087965 | INTELLIGENT TERMINAL EQUIPMENT AND INFORMATION TRANSMISSION METHOD AND SYSTEM USING THE SAME - Intelligent terminal equipment and information transmission method and system using the same are disclosed. The method includes that intelligent terminal equipment reads the local contact information, generates a signature to be an original signature which has a corresponding terminal identifier based on the local contact information, and transmits the original signature and the terminal identifier to the server for saving the original signature and the terminal identifier in the server. The method further includes that intelligent terminal equipment captures the information transmission request, accesses the original signature generated by the local contact information, and transmits a processing information to the server to compare with the saved signature in the server for an identification process, in which the processing information includes the terminal identifier, the transmission information and the original signature. The present invention can improve the security of the information transmission for the intelligent terminal equipment. | 03-24-2016 |
20160087967 | Method and Device for Establishing Connection - A method and a device for establishing a connection. The method includes the steps of: obtaining, by a group member device of a wireless device group, information about a to-be-connected device and then sending the information to a group owner device of the wireless device group, and/or transmitting, by the group member device, information about the group owner device to the to-be-connected device, where the information about the to-be-connected device and/or the information about the group owner device is used by the to-be-connected device and the group owner device to discover each other; and enabling, by the group member device, the to-be-connected device and the group owner device to share a first password, wherein the first password is used by the to-be-connected device and the group owner device to establish a connection after the to-be-connected device and the group owner device discover each other. | 03-24-2016 |
20160087968 | Table-Connected Tokenization - A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data. | 03-24-2016 |
20160087969 | CYBER GENE IDENTIFICATION TECHNOLOGY BASED ON ENTITY FEATURES IN CYBER SPACE - A new identification (ID) technology comprising unified and standardized object identification within Cyber Space is disclosed based upon intrinsic properties of the entity to be identified. This Cyber Gene ID (or Cyber ID) technology extracts intrinsic information from either the physical users or their cyberspace counterparts, and such information is categorized into client parameters, dynamic parameters, static parameters, cloud parameters, connection parameters and user parameters. | 03-24-2016 |
20160087977 | METHODS AND SYSTEMS FOR DISPLAYING BIOMETRIC DATA DURING CAPTURE - A method for displaying biometric data during capture is provided that includes executing, using a terminal device, an Internet browser application and a biometric capture service application installed on the terminal device. The method also includes creating a two-way data-exchange channel between the Internet browser application and the biometric capture service application, and capturing, using a capture device, biometric data from a user and transmitting the captured data to the capture service application during capture. Moreover, the method includes transmitting the captured data over the two-way data-exchange channel to the Internet browser application and displaying the captured data on the terminal device during capture. The Internet browser application causes the terminal device to display the captured data. | 03-24-2016 |
20160087997 | APPARATUS AND METHOD FOR SECURELY MANAGING THE ACCESSIBILITY TO CONTENT AND APPLICATIONS - A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed. | 03-24-2016 |
20160088478 | SETUP OF MULTIPLE IOT NETWORK DEVICES - The present disclosure relates to setup of IoT network devices, and specifically to setup of multiple similar IoT devices at substantially the same time using joint authentication. Embodiments include, for example, receiving, at an existing network device on a network, one or more communications, wherein the one or more communications include an indication that multiple new network devices are associated with the network; receiving an indication that the multiple new network devices have generated a setup access point; establishing a connection with the access point of each of the multiple new network devices; receiving identification information, wherein the identification information includes information identifying each of the multiple new network devices; and transmitting the identification information identifying each of the multiple new network devices, wherein when the identification information is received, the identification information facilitates generating an authentication query to authenticate one or more of the multiple new network devices. | 03-24-2016 |
20160092671 | SYSTEM AND METHOD OF AUTOMATIC PASSWORD RECOVERY FOR A SERVICE - There are disclosed a system and method for automatic password recovery for a service. The method comprises: obtaining, via a communication network, user registration data and a request password restoration; determining of a first security question for the user, the first security question being associated with a first complexity factor; causing the first security question to be asked to the user; responsive to the first security question, obtaining the first user's answer; assigning a first weighting factor to the first user's answer, the first assigned weighting factor of the user's answer depending on the first complexity factor of the first security question; determining of a second security question to be asked of the user, the second security question being associated with a second complexity factor; causing the second security question to be asked to the user; responsive to the second security question, obtaining the second user's answer; assigning a second weighting factor to the second user's answer, the second assigned weighting factor of the user's answer depending on the second complexity factor of the second security question; adding up the first weighting factor and the second weighting factor; if the sum of the first weighting factor and the second weighting factor exceeds a given threshold, automatically restoring the password; if the sum of the first weighting factor and the second weighting factor is below the given threshold, denying automatic password restoration. | 03-31-2016 |
20160094543 | FEDERATED FULL DOMAIN LOGON - Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level. The virtual smart card may be created locally at the authentication server or on a separate server that may be highly protected. | 03-31-2016 |
20160094544 | AUTOMATED PRODUCTION OF CERTIFICATION CONTROLS BY TRANSLATING FRAMEWORK CONTROLS - A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification. | 03-31-2016 |
20160094549 | Electronic Tag and Authentication Method, Device and System thereof - The invention discloses an electronic tag and authentication method, device and system thereof. The authentication method of the electronic tag comprises: a first terminal generating a two-dimensional code of a product, sending the two-dimensional code to a second terminal and providing the two-dimensional code in an electronic tag of the product; the second terminal reading the two-dimensional code in the electronic tag, and authenticating the electronic tag according to the two-dimensional code sent from the first terminal; the second terminal sending an activation instruction to the electronic tag if authentication is successful; and the electronic tag changing colors according to the activation instruction. As compared with the prior art, the identify authentication of the users corresponding to the first terminal and the second terminal is achieved in the invention, and the results of authentication are more intuitive due to the color change of the electronic tag. | 03-31-2016 |
20160099945 | DNS SECURITY EXTENSIONS FOR EMULATED APPLICATIONS - The non-emulated interface may determine whether the domain-name-to-be-resolved resides in a zone on a list of secured zones. If so, the DNS query may be processed by a non-emulated interface in the host environment. The non-emulated interface may determine whether the domain-name-to-be-resolved resides in a zone on a list of secured zones. If so, the DNS query may be performed by the non-emulated interface using DNSSEC. DNS resolutions that do not pass the security checks may fail while DNS resolutions that pass the security checks will be returned to the customer. | 04-07-2016 |
20160105409 | USER-CUSTOMIZABLE PERMISSIONS IN A COMPUTING ENVIRONMENT - Disclosed are examples of systems, apparatus, methods and computer program products for providing user-customizable permissions governing user access to computing resources in a computing system. For example, a database storing data objects identifying permissions of users, sets of the permissions, and users can be maintained. One or more fields can be displayed on a display of a user device. The one or more fields can be configured to receive input to perform one or more operations. Input can be received from a user via the user interface on the display of the user device. One or more operations can be performed. The database can be updated such that the data objects identify a custom permission or a permission set to which a custom permission has been assigned. | 04-14-2016 |
20160105413 | AUTHENTICATION INFORMATION MANAGING METHOD, STORAGE MEDIUM, AND INFORMATION PROCESSING DEVICE - An authentication information managing method including: storing each of at least one application identifier, each of at least one user identifier, each of at least one password, and each of at least one positional relation in association with each other to a memory, when a specified application has a plurality of input fields and is identified by a specified application identifier, detecting a first input field for a specified password based on a specified attribution that is associated with the first input field, the specified attribution indicating that the first input field is used for a password and being detected from outside the specified application, inputting the specified password to the first input field, detecting a second input field for a specified user identifier based on a specified positional relation associated with the specified application identifier, and inputting the specified user identifier to the second input field. | 04-14-2016 |
20160105422 | LATE BINDING AUTHENTICATION - A late-binding token (LBT) is securely generated and provided to a device application. When the LBT is presented and validated, a resource associated with the presentation is bound to the LBT and authenticated for access to a service and provided valid credentials for accessing that service. | 04-14-2016 |
20160105425 | BIDIRECTIONAL AUTHENTICATION - Systems, methods, and other embodiments associated with bidirectional authentication are described herein. According to one embodiment, a method includes a user receiving a communication from an entity. In response to receiving the communication from the entity, the method further includes generating a token. The token may be a one-time passcode, personal identification number (PIN), alphanumeric value, code word, pass phrase, or security question. The token is received by a device of the user. Additionally, the token is transmitted to the entity. The user may then receive evidence of the token from the entity. | 04-14-2016 |
20160105426 | SYSTEM AND METHOD FOR ONE TIME PASSWORD-BASED AUTHENTICATION - Disclosed are a system and a method for one-time password (OTP)-based authentication. The system for OTP-based authentication includes a transceiver module configured to receive an authentication request from a client and transmit a result of the authentication according to the authentication request to the client, an authentication accumulation management module configured to provide statistical information about authentication success of the client for each time interval within a predetermined effective range of time, an OTP generation module configured to generate a server-side OTP using previously stored authentication information and time information that is acquired from the statistical information about authentication success, and an authentication module configured to authenticate the client by comparing a client-side OTP included in the authentication request with the server-side OTP. | 04-14-2016 |
20160105431 | METHOD OF PROVIDING SNS-GROUP INVITING SERVICE AND SNS SERVER THEREFOR - A method for registering a device to a server is provided. The method includes connecting a first device to a second device, the first device having been registered to the server; receiving, by the first device, device information of the second device from the second device; transmitting, by the first device, the device information of the second device to the server; receiving, by the first device, information for authentication of the second device based on the device information of the second device from the server; and transmitting, if the information for authentication of the second device is received, the information for authentication of the second device to the second device. | 04-14-2016 |
20160112389 | SECURE TRANSFER OF USER AUTHENTICATION CREDENTIALS BETWEEN DEVICES - An embodiment for the secure transfer of authentication credentials between devices is disclosed. An embodiment for the restoration of authentication credentials is also disclosed. | 04-21-2016 |
20160112395 | INFORMATION PROCESSING DEVICE, INFORMATION MANAGEMENT METHOD, AND INFORMATION PROCESSING SYSTEM - An information processing device that is connected to another information processing device includes a memory storing a program, a first authentication information for each user to access the information processing device and a second authentication information in association with the first authentication information for the each user to access the another information processing device; and a processor that performs the program so as to execute a method including the steps of receiving an acquisition request that is sent from a client device according to the first authentication information, transmitting a list including files that are accessible according to the second authentication information in association with the first authentication information of the received acquisition request, receiving an execution request to execute at least one of the files and the folders that are included in the list, and executing a process according to the execution request by using the second authentication information. | 04-21-2016 |
20160112397 | ANOMALY DETECTION FOR ACCESS CONTROL EVENTS - Methods for managing access to protected resources within a computing environment and detecting anomalies related to access control events are described. An access control system may acquire a request for access to a protected resource, identify a username associated with the request, acquire contextual information associated with the request for access (e.g., a time of day associated with a location of a device making the request), acquire a baseline set of rules for the username, detect a deviation from the baseline set of rules based on the contextual information, acquire additional authentication information in response to detecting the deviation, authorize access to the protected resource based on the additional authentication information, generate a record of the request for access including the contextual information, and update the baseline set of rules if an intrusion to the access control system has not been detected within a threshold period of time. | 04-21-2016 |
20160112401 | SYSTEMS AND METHODS FOR DETERMINING A STRENGTH OF A CREATED CREDENTIAL - Devices, systems, and methods for determining a strength of a created credential are provided. The device includes one or more processors configured to decompose a created credential into credential components, parse the credential components using a limited dictionary, determine a probability of the credential components using a limited ruleset, and calculate a score of the created credential based on the determined probability. The device also includes a memory, the memory storing the limited dictionary and the limited ruleset, and a network interface component coupled to a network, the network interface component configured to transmit the created credential to a remote server over the network for a secondary credential strength determination if the calculated score is above a threshold. | 04-21-2016 |
20160112411 | ONE TIME CREDENTIALS FOR SECURE AUTOMATED BLUETOOTH PAIRING - Various communication devices may benefit from one time credentials applied in secure automated pairing to improve the security of pairing. For example, certain unattended communication devices capable of implementing mechanisms used for Bluetooth pairing to authenticate with each other may benefit from one time credentials applied in secure automated Bluetooth pairing. A method may include initiating Bluetooth pairing from a first device to a second device. The method may also include querying the second device for a sequence value before pairing is initiated. The method may further include computing a personal identification number/passkey of the first device for the pairing with an arbitrary algorithm. The method may also include pairing, with the personal identification number/passkey, the first device with the second device. The personal identification number/passkey can be determined based on at least one arbitrary shared secret between the first device and the second device, and the sequence value. | 04-21-2016 |
20160112412 | TOKEN BASED ONE-TIME PASSWORD SECURITY - A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens. | 04-21-2016 |
20160112419 | Account Login Method, Device, and System - An account login method detects whether an account login request carries an indicator for keeping a logged-in state to determine whether a user decides to keep a logged-in state, and authentication information allocated by an integrated data services platform is stored when it is determined that a logged-in state on a third-party application or website needs to be kept; therefore, in a subsequent login process, the third-party application or website may use the authentication information to automatically perform authentication login to the integrated data services platform. | 04-21-2016 |
20160117499 | System and Method for Password Recovery - A method and system for password recovery in computer applications is disclosed. Passwords in the same computer application may be recovered according to different criteria. Criteria for password recovery vary according to the sensitivity of the password-protected material. Criteria for recovery of a password protecting sensitive information have more stringent criteria than criteria for recovery of passwords protecting less sensitive information. In certain embodiments, passwords may be recovered through the use of third party agents. Recovered passwords are associated with unique identifiers, such as email addresses and phone numbers that facilitate communication with a user. Recovered passwords may be transmitted to users via email, phone, and text message or by any other means associated with the unique identifier. Biometric data may also be used to recover a password. | 04-28-2016 |
20160117514 | DATA ACCESS CONTROL SYSTEMS AND METHODS - Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer. A tamper detection mechanism is provided in the computer for protecting against attempts to copy the unprotected form of the protected data onto memory devices other than the one or more memory devices used by the motherboard or computer card. | 04-28-2016 |
20160119306 | SYSTEMS AND METHODS FOR CREDENTIALING OF NON-LOCAL REQUESTORS IN DECOUPLED SYSTEMS UTILIZING A DOMAIN LOCAL AUTHENTICATOR - Embodiments as disclosed provide systems and methods that use a local authenticator within a domain to provide a credential to access a resource of the domain to a non-local requestor. When a request is received from a non-local requestor at the domain the non-local requestor can be authenticated based on the request. The local authenticator can then be accessed to obtain a credential. This credential may be the same type of credential provided to members of the domain when they authenticate using the local authenticator. The credential is provided to the non-local requestor so the non-local requestor can access the resource of the domain using the credential and authentication of the non-local requestor with respect to these accesses can be accomplished using the local domain authenticator and the credential. | 04-28-2016 |
20160119313 | User Login Methods, Devices, and Systems - A user login method for use in a terminal is provided. The method includes: receiving an automatic login request; acquiring a terminal identifier of the terminal; sending, to a server, a query request about a user account associated with the terminal identifier and a password corresponding to the user account, the query request including the terminal identifier; receiving, from the server, a query result based on the query request; selecting a user account from the query result and a password corresponding to the selected user account, if the query result is not empty; and sending, to the server, the selected user account and the corresponding password, for the selected user account to login after authentication by the server. | 04-28-2016 |
20160119314 | IDENTIFICATION TOKEN IN A COLLABORATION CONFERENCING SYSTEM - Aspects of the present disclosure involve systems, methods, computer program products, and the like, for collaboration conferencing with multiple participants over a communications network, and more specifically for a conferencing controller in the network configured to control certain aspects of establishing a collaboration conference. In one particular embodiment, the user of the network may access the control system application to provide one or more conferencing parameters or settings the user wishes to be present during a collaboration conference session. The parameters may then be established by the control system and associated with the conferencing session involving the user. In one embodiment, such information may be associated with the identification token. In yet a further embodiment, a user to the collaboration control system may subscribe to receive a notification when another user of the system accesses a portion of a collaboration of the system. | 04-28-2016 |
20160119331 | Counter Sets For Copies Of One Time Password Tokens - One time password (OTP) technology enables a plurality of OTP software token instances (or copies) to be used simultaneously on a plurality of computing devices of a user. OTP software instances may be counter based. An authentication server comprising authentication software assigns a set of counters for each OTP software instance. An OTP software instance may be provided along with the assigned set of counters to each computing device. A range of counters may be partitioned by the authentication server into mutually exclusive sets of counters. An OTP software instance executed by a computing device uses one of the counters in the assigned set of counters to provide an OTP. The authentication server attempts authentication by using each counter in the assigned set of counters to provide a calculated OTP that is compared to the received OTP. The authentication server verifies authenticity when a calculated OTP matches a received OTP. | 04-28-2016 |
20160119332 | DIRECT USER TO TICKETING SERVICE PROVIDER SECURE TRANSACTION CHANNEL - Ensuring security of electronic transactions between a user and a ticketing service provider involves establishing trust between a user and a transaction service provider, authenticating an electronic transaction facility of the user, establishing a secure communication channel between the user and the ticketing service provider, and registering the user with the ticketing service provider over the secure communications channel. | 04-28-2016 |
20160119352 | METHOD AND SYSTEM FOR ACCOUNT MANAGEMENT - A method and system for managing accounts that control access to resources of different providers. The account management system allows providers to use a common logon procedure through an account management server. The account management system dynamically creates accounts when users request to access resources. To access to a resource, a user provides their credentials (e.g., user identifier and password) through a certain location (e.g., client computer) and identifies the resource (e.g., application). The account management system determines whether an account has already been created for those credentials. If not, the account management system authenticates the user, creates a new account for those credentials (i.e., registration), and associates the identified resource with the account. | 04-28-2016 |
20160127349 | DATA PROCESSING SYSTEM, DATA PROCESSING APPARATUS AND LOG IN METHOD - A data processing system including a data processing apparatus, includes a user data storing unit that stores user data of a user who uses a first service, the user data including first authentication data used for logging in the first service and user specifying data; a determining unit that determines, when the user who uses the first service sets second authentication data used for logging in a second service different from the first service, user specifying data usable as the second authentication data from the user specifying data included in the user data; and a management unit that sets the user specifying data determined to be usable as the second authentication data in the user data of the user who uses the first service as the second authentication data, and manages the user data as user data of the user who uses the first service and the second service. | 05-05-2016 |
20160127350 | MULTIPLE INPUT BASED PASSWORDS - A computer-implemented method, carried out by one or more processors, for utilizing one or more input methods for passwords. In an embodiment, the method comprises the steps of determining, by one or more processors, one or more input methods supported for a password entry, wherein the password entry verifies a user's credentials; receiving, by one or more processors, a candidate password through the one or more input methods, wherein each character of the candidate password has an associated input method; and storing, by one or more processors, the candidate password as the password entry, along with the associated input method for each character of the candidate password. | 05-05-2016 |
20160127356 | INFORMATION PROCESSING SYSTEM AND AUTHENTICATION METHOD - An information processing system includes a service utilizing device and at least one information processing device to provide a service for the service utilizing device. A temporary code issuing unit to issue a temporary code is provided in the information processing device. A device authentication token generation unit is provided in the service utilizing device and generates a device authentication token by using the temporary code obtained from the information processing device. A device authentication ticket issuing unit is provided in the information processing device and verifies whether the device authentication token obtained from the service utilizing device is valid by using the temporary code and issues a device authentication ticket depending on a verification result. An access unit is provided in the service utilizing device and accesses a resource in the information processing device by using the device authentication ticket obtained from the information processing device. | 05-05-2016 |
20160127359 | COMPLIANT AUTHENTICATION BASED ON DYNAMICALLY-UPDATED CRTEDENTIALS - A system, method and a computer-readable medium for authenticating a user in a live manner in non-face-to-face transactions, including a user downloading an authentication application from a server to a pervasive computing device, and after downloading the application, having an icon residing on the display of the device. When the authentication application is activated by the user, biographical and multi-biometric information of the user is requested by the application, and subsequently submitted to an authentication engine residing in a secure network cloud. The authentication process further includes, verifying by the authentication engine all of the requested information, compliance with government regulations such as CFT/AML, and the 4 | 05-05-2016 |
20160127369 | METHOD, DEVICE AND SYSTEM FOR USER AUTHENTICATION - A method of user authentication is disclosed. The method is performed at a server device having one or more processors and memory for storing programs to be executed by the one or more processors. The method includes receiving, from a first terminal device, a service request including identification information of the user. The method includes generating a verification code in response to the service request. The method also includes establishing, based on the identification information of the user, a voice communication with a second terminal device in response to a failure of sending a non-voice message including the verification code to the user in a non-voice communication method. The method further includes sending, during the voice communication and to the second terminal device, a voice message including the verification code such that the user uses the verification code to authenticate the service request at the first terminal device. | 05-05-2016 |
20160132677 | Unauthorized Account Access Lockout Reduction - A method and system for determining unauthorized account access is provided. The method includes receiving a username of a user and a passcode for access to a secure account or device belonging to a user. The passcode is determined to be incorrect. Unauthorized access attempts with respect to the secure account or the device are determined based on based on the incorrect passcode and in response, a quality factor associated with the incorrect passcode with respect to the secure account or device is determined. The quality factor is compared to a threshold value. Security functions associated with the secure account or device with respect to the incorrect passcode and the results of the comparison are performed based on the quality factor and the unauthorized access attempts. | 05-12-2016 |
20160134607 | METHOD OF RSVP AUTHENTICATION WITH NON-DIRECTLY CONNECTED NEIGHBOR - A method is executed by a network device for authenticating resource reservation protocol (RSVP) messages between a sending node and a receiving node where the sending node and receiving node are directly or indirectly connected. The method authenticates RSVP messages using a security association between the sending node and the receiving node and an authentication key based on an address of the sending node and an address of the receiving node. The method includes generating an RSVP message to be sent to the receiving node, determining the security association for the sending node and receiving node pair, generating an integrity object for the RSVP message, determining an authentication key for the integrity object using the sending node address and the receiving node address, inserting the authentication key into the integrity object, and sending the RSVP message toward the receiving node. | 05-12-2016 |
20160134620 | LOADING USER DEVICES WITH LISTS OF PROXIMATELY LOCATED BROADCAST BEACONS AND ASSOCIATED SERVICE IDENTIFIERS - A user device transmits a location update message, indicating a location of the user device, to a network server. Responsive to the location update message, the user device receives from the network server a list of radio frequency beacons transmitted by resource devices and associated service identifiers for services available from the resource devices. A radio frequency beacon received from a resource device is identified as being in the list. A message is sent to the resource device requesting access to a service identified by a service identifier in the list associated with the radio frequency beacon and providing credentials for a user of the user device in the message. | 05-12-2016 |
20160134622 | Restricted Certificate Enrollment For Unknown Devices In Hotspot Networks - A network access system, e.g. a network hotspot, requires a mobile network access device, e.g. a smart phone or WiFi only device, to provide a network access standard designation and/or a device identification datum to gain access to network services. The network access standard designation may be provided by the mobile network access device to an online signup server via a EKU_key_purpose field of a PKCS10 certificate signing request. The device identification datum may be provided to the OSU via a subject field of the signing request. The OSU may require that the device identification datum be the same as a device identification datum provided by the mobile network access device prior to the mobile network access device requesting a signed network access certificate. | 05-12-2016 |
20160140330 | System And Method For Installing Authentication Credentials On A Network Device - A method for installing authentication credentials on a network device. An intermediary computing device (e.g., client computer) downloads an application for installing the authentication credentials from a secure website. The application on the intermediary computing device requests authentication credentials from a Network Access Control (NAC) credential service. The application passes the authentication credentials received from the NAC credential service through the intermediary computing device to an endpoint (e.g., video conferencing device). The application installs the authentication credentials on the endpoint. | 05-19-2016 |
20160140335 | ACCOUNT RECOVERY PROTOCOL - The present disclosure relates to receiving a request for recovery of an account associated with a user, sending a CAPTCHA challenge to a user device associated with the user, receiving an answer to the CAPTCHA challenge and a confirmation code wrapped by an encryption key derived from a provisional master password, sending a notification of the request for recovery to one or more trusted entities associated with the user, and receiving a confirmation of the request from one or more of the trusted entities. The confirmation includes a recovery token associated with the particular trusted entity and an encrypted confirmation code. | 05-19-2016 |
20160140336 | Password Generator - Methods and apparatus are disclosed for generating a short term password that may be used to access a data warehouse. According to aspects of the disclosure, a user may request a password after inputting a data warehouse environment, an ID name, and a reason for the password reset. A server may receive the request and determine whether the difference in time of the present request and a previous request for the same ID name and data warehouse environment is greater than a time limit. Additionally, the server may determine whether a previous user has logged in using a password for the same ID name and data warehouse environment. Thereafter, the server may generate and output a short term password that expires after the time limit. | 05-19-2016 |
20160142400 | SYSTEMS AND METHODS FOR SYSTEM LOGIN AND SINGLE SIGN-ON - Systems and methods for system login and single sign-on are described. A first application of a first system receives a request to access a protected application of a second system. An assertion is generated in response to the request. The assertion asserts an identity in the first system of a user generating the request. The assertion is validated and first account information corresponding to the assertion is extracted. The first account information is information of a first account of the user in the first system. Second account information is determined that is information of a second account of the user in the second system. A mapping is generated between the first account and the second account using the first account information and the second account information. The mapping is used to provide access to the protected application by the requestor. | 05-19-2016 |
20160142417 | Automated Credentialing of Device Newly Added to a Network - A device newly introduced to a network is automatically credentialed to be able to communicate over a network before the device first communicates with the network. For example, at a point of purchase, a user can provide network identification information to a merchant computing device that effects transfer of that information to the new device such that the new device can communicate directly with the network without initial credentialing directly between the unique device and the local network. In another example, the merchant computing device communicates with the local network to register a newly purchased device with the local network before the newly purchased device is introduced to the network. Accordingly, the network is configured to begin communications with the unique device without initial credentialing directly between the unique device and the local network. | 05-19-2016 |
20160149885 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD - An information processing device includes: an authentication unit configured to compare, when receiving first user information used for authentication processing of determining whether a user has authority to use the information processing device, the first user information with second user information identifying users having the authority to use the information processing device, and execute the authentication processing; a first storage unit storing first association information in which installation screen information identifying an installation screen for installation of an application is associated with each piece of the second user information; and a second display unit configured to generate, based on a command associated with an application selected by a user among an application displayed by a first display unit, an installation screen identified by installation screen information which is associated with second user information identifying the user, and display the installation screen. | 05-26-2016 |
20160149886 | METHOD, DEVICE AND SYSTEM FOR ACCOUNT RECOVERY WITH A DURABLE CODE - A method for resetting credentials of an account of a user by a server and a database associated with the server is provided, the database including records of electronic accounts. The method includes logging into an account recovery website hosted by the server for requesting an account recovery, generating an account recovery item at the server and generating an optical code that represents the account recovery item, the account recovery item including identity information to identify the account of the user, and printing the optical code that represents the account recovery item onto an object with a printer. The method further includes capturing and processing an image of the optical code from the object to extract the identity information of the account recovery item, matching the identity information with the records of the electronic accounts of the database at the server, and prompting the user to update account credentials. | 05-26-2016 |
20160149898 | REDIRECT TO INSPECTION PROXY USING SINGLE-SIGN-ON BOOTSTRAPPING - An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider. | 05-26-2016 |
20160149913 | Access Control in an Information Centric Network | 05-26-2016 |
20160150406 | USER-AUTHENTICATION-BASED APPROVAL OF A FIRST DEVICE VIA COMMUNICATION WITH A SECOND DEVICE - User-authentication-based approval of a first device via communication with a second device over a channel (e.g., an insecure channel) is described. The first device receives a session ID and first user-observable information, or an identifier thereof, from an identity provider, presents the first user-observable information to a user, and sends the session ID to the second device. The second device sends the session ID to the identity provider to obtain therefrom second user-observable information, or an identifier thereof, and a security challenge. The second user-observable information bears a user-discernable relationship to the first user-observable information and is presented to the user by the second device. The second device is capable of generating a response to the security challenge for transmission to the identity provider based at least on input received from the user, the response to the security challenge being indicative of the suitability of the first device for approval. | 05-26-2016 |
20160150407 | Method And System For Connecting A Mobile Communication Device To An Automobile - The present invention provides systems and methods for authenticating a mobile communication device to a computer system of an automobile that does not require manual code entry, and thereby reduces the burden on the user, minimizes human errors, and provides the ability to utilize more complex digital keys an increase the security level of the connection. In particular, the systems and methods of the present invention generate a unique identifier corresponding to the automobile and locally transfer a message including or generated from this unique identifier to the mobile communication device without manual code entry. | 05-26-2016 |
20160156605 | A METHOD FOR RETRIEVING INTERNET AUTHENTICATION INFORMATION AND MEANS THEREOF | 06-02-2016 |
20160156614 | PROVISIONING A DEVICE OVER AN INTERNET OF THINGS | 06-02-2016 |
20160156627 | MUTUAL AUTHENTICATION OF A USER AND SERVICE PROVIDER | 06-02-2016 |
20160156633 | Access Revocation | 06-02-2016 |
20160157098 | MOBILE DEVICE AND METHOD FOR SECURE ON-LINE SIGN-UP AND PROVISIONING FOR WI-FI HOTSPOTS USING SOAP-XML TECHNIQUES | 06-02-2016 |
20160164877 | INTEGRATING A ROUTER BASED WEB METER AND A SOFTWARE BASED WEB METER - A method for associating a web event with a member of a group of users is implemented at a first computing device. The method includes: receiving a data access request from a second computing device; determining whether the user has previously provided personal information and authorization to the first computing device through the second computing device; if the user's personal information and authorization are found: generating a record for the data access request; if the user's personal information is found but the user's authorization is not found: generating a record for the data access request; and if neither of the user's personal information and authorization is found: identifying one or more user identifiers that are associated with the second computing device; and returning personal information associated with the one or more user identifiers to the second computing device. | 06-09-2016 |
20160164882 | Verification Code Generating System And Method - A verification code generating system and method are provided, where a difference of a displayed verification code and an inputted verification code are recorded as the error-prone message for an account, when a password is correct while the verification code is wrong, and an exclusive verification code is generated according to the error-prone message according to the account when the same account logins again, whereby the technical efficacy of an enhanced verification code recognition is achieved. | 06-09-2016 |
20160171208 | Selective Password Synchronization | 06-16-2016 |
20160171209 | SYSTEM AND METHOD FOR REPLACING COMMON IDENTIFYING DATA | 06-16-2016 |
20160173468 | INTEGRATION OF CENTRALIZED AND LOCAL AUTHORIZATIONS FOR MULTI-DIMENSIONAL DATA | 06-16-2016 |
20160173475 | MULTI-TENANCY IDENTITY MANAGEMENT SYSTEM | 06-16-2016 |
20160173481 | Convenient Login Method, Apparatus and System for Automatically Detecting and Filling in Login Field within Web Environment or Application | 06-16-2016 |
20160173494 | Gesture-Based Signature Authentication | 06-16-2016 |
20160180076 | COMPUTER READABLE STORAGE MEDIA FOR LEGACY INTEGRATION AND METHODS AND SYSTEMS FOR UTILIZING SAME | 06-23-2016 |
20160182476 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM | 06-23-2016 |
20160182479 | NO PASSWORD USER ACCOUNT ACCESS | 06-23-2016 |
20160182481 | METHOD FOR AUTHENTICATING A DEVICE | 06-23-2016 |
20160182484 | AUTHENTICATION-FREE CONFIGURATION FOR SERVICE CONTROLLERS | 06-23-2016 |
20160182527 | METHOD AND SYSTEM FOR PROVIDING PERMISSIONS MANAGEMENT | 06-23-2016 |
20160182562 | TIME BASED AUTHENTICATION CODES | 06-23-2016 |
20160191477 | AUTOMATIC SECURITY PARAMETER MANAGEMENT AND RENEWAL - A method of automatic security parameter renewal includes determining if a security parameter satisfies a renewal condition, and automatically updating the security parameter when the renewal condition is satisfied. The automatically updating the security parameter includes modifying a certificate in dependent components of an application of the security parameter, by a central certification server, upon receipt of a new certificate. | 06-30-2016 |
20160191497 | METHOD AND SYSTEM FOR MANAGING DATA - The system has a user terminal. A client provides access for the user terminal to data entries stored in a database. A database holds information consisting of one or more data entries and data identifications connected to the data entries. The client forms data identification for a certain data entry to be stored in the database from a unique user name and a master password. A pair of the data identification and the data entry is stored. Access for the user terminal is provided to a data entry stored in a database by using the master password, and the unique user name. | 06-30-2016 |
20160191501 | METHOD, DEVICE AND SYSTEM FOR CONFIGURING MULTIPLE DEVICES - Embodiments of the present invention provide a method, device and system for configuring multiple devices, where multiple devices are configured simply and securely in a centralized manner. The method includes: acquiring, by a configuration device, device identity information, configuration password information, and network role attributes of at least two devices needing to be configured on a same wireless local area network WLAN; determining a central node device of the WLAN according to the network role attributes of the at least two devices; and sending device identity information and configuration password information of a non-central node device to the central node device, or sending, by the configuration device, device identity information and configuration password information of the central node device to the non-central node device. | 06-30-2016 |
20160191503 | PEER TO PEER ENTERPRISE FILE SHARING - Disclosed are various embodiments for facilitating the distribution of files from a file repository. Files from a file repository can be distributed via peer to peer transmissions where the peer devices can perform authentication functions. The authentication can be performed based upon metadata associated with the files as well as based upon authentication requests submitted to an authentication server. | 06-30-2016 |
20160191504 | MOBILE TERMINAL FOR PROVIDING ONE TIME PASSWORD AND OPERATING METHOD THEREOF - Provided are a mobile terminal for providing a one-time password (OTP) and an operation method thereof. The mobile terminal includes a first one-time password (OTP) generating module configured to provide identification information regarding each of a plurality of pieces of OTP data to a user, and output an OTP provided according to any one identification information selected by the user, and a second OTP generating module based on mobile trusted module (MTM) configured to transfer the identification information regarding each of the plurality of pieces of OTP data to the first OTP generating module according to a corresponding request from the first OTP generating module, generate an OTP by using OTP data corresponding to the selected identification information, and transfer the generated OTP to the first OTP generating module. | 06-30-2016 |
20160191515 | USER AUTHENTICATION METHOD AND ELECTRONIC DEVICE PERFORMING USER AUTHENTICATION - Provided are a user authentication method and an electronic device performing the method. The method is performed under the control of a processor and includes inputting a user authentication request for identifying a user, generating random number data that corresponds to knowledge-based authentication information in the user authentication request, generating an authentication code by combining biometrics-based authentication information in the user authentication request and the random number data, and processing the user authentication request based on the authentication code. | 06-30-2016 |
20160191516 | Method and System For Distinguishing Humans From Machines - A method and an apparatus for distinguishing humans from computers. During user registration, a computer prompts a human user to provide a spoken response to certain authentication information for registration. The computer obtains registration voice data from the spoken response and establishes a registration voiceprint of the human user. During user logon, the computer identifies the user requesting to logon by the user's logon credentials, provides authentication information for logon to the user, and prompts the user to provide a spoken response to the authentication information for logon. The computer obtains logon voice data from the spoken response, and establishes a logon voiceprint of the user. The computer then determines whether the user requesting to logon is human by comparing the logon voiceprint with the registration voiceprint. | 06-30-2016 |
20160191565 | TECHNOLOGIES FOR MANAGING NETWORK PRIVILEGES BASED ON PHYSICAL PRESENCE - Technologies for managing network privileges of members of graft-network include detecting a computing device in physical presence with a network infrastructure, determining whether the computing device is a member of the graft-network, and establishing initial network privileges for the computing device if the computing device is not a member, without direct programming of the member. The network privileges of members of the graft-network are updated over time as a function of the length of time for which the computing device is in physical presence of the network infrastructure. A computing device may be in physical presence of the network by physical contacting a communication bus of the network infrastructure or being within a limited communication range of the communication bus. New members to the graft-network may be quarantined to reduce risk to the network. | 06-30-2016 |
20160197909 | Securing Network Activity Managed by Operating Systems | 07-07-2016 |
20160197925 | INFORMATION PROCESSING APPARATUS AND METHOD, AND PROGRAM | 07-07-2016 |
20160197928 | Seamless Wi-Fi Subscription Remediation | 07-07-2016 |
20160203310 | SYSTEMS AND METHODS FOR CYBER SECURITY OF INTRA-VEHICULAR PERIPHERALS POWERED BY WIRE | 07-14-2016 |
20160203312 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR RECOVERING A PASSWORD USING USER-SELECTED THIRD PARTY AUTHORIZATION | 07-14-2016 |
20160205086 | Secure Network Access Processing Method and Apparatus | 07-14-2016 |
20160205095 | IDENTIFICATION METHOD OF AN ENTITY | 07-14-2016 |
20160205097 | SYSTEMS AND METHODS FOR ESTABLISHING OWNERSHIP AND DELEGATION OWNERSHIP OF IOT DEVICES USING DOMAIN NAME SYSTEM SERVICES | 07-14-2016 |
20160253512 | METHOD FOR CONTROLLING ACCESS TO ELECTRONIC DOCUMENTS USING LOCKS | 09-01-2016 |
20160255075 | System and Method for a Generic Single Sign-On Function | 09-01-2016 |
20160255092 | UNREGISTERED USER ACCOUNT GENERATION FOR CONTENT ITEM SHARING | 09-01-2016 |
20160255093 | METHODS, APPARATUSES AND COMPUTER PROGRAM PRODUCTS FOR AUTOMATED LEARNING OF DATA MODELS | 09-01-2016 |
20160378422 | Collaboration Systems With Managed Screen Sharing - Systems and methods for allowing an orchestrator to manage screen sharing in a meeting between multiple user devices are described. The orchestrator can use a master device to start a sharing session and select user devices to join as participant devices. The orchestrator can also select at least one receiver for receiving shared media. Participant devices are displayed on the master device. The orchestrator can then select a participant device to act as a source, and a receiver to receive the shared media from the source. The master device can contact a management server to cause the selected participant device to being sharing its screen on the receiver. | 12-29-2016 |
20160378972 | Resumption of Logon Across Reboots - In one embodiment, a user device may reestablish access to a user resource while forgoing use of a user credential during a system reboot. The user device may receive the user credential from a user during an initial login to access the user resource. The user device may create an ephemeral entropy to access the user resource. The user device may access the user resource using the ephemeral entropy. | 12-29-2016 |
20160378973 | DYNAMIC SECURITY QUESTION GENERATION - A method of dynamically generating a security question for accessing a resource. The method comprises monitoring a behavior of said user during a monitoring period to identify automatically a deviation from a behavioral pattern indicative of repetitive behavior of a user, automatically generating a security question responded to by an indication of said deviation, receiving a user input inputted by a user in response to a presentation of said security question and said deviation, and authenticating, after said monitoring period, an access to a resource according to a match between said user input and said deviation. | 12-29-2016 |
20160378974 | WEAK PASSWORD SUPPORT IN A MULTI-USER ENVIRONMENT - Embodiments of the present invention provide a method, system and computer program product for supporting weak password authentication in a multi-user application environment. In an embodiment of the invention, a method for supporting weak password authentication in a multi-user application environment can be provided. The method can include acquiring log in data for a log in attempt by an end user amongst end users in a multi-user application. The method also can include messaging the log in data to others of the end users for subjective analysis by the others of the end users in detecting an unauthorized log in attempt. | 12-29-2016 |
20160380974 | BROADBAND ACCESS FOR VIRTUAL PRIVATE NETWORKS - An apparatus receives an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type. The apparatus authenticates the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification. The apparatus determines whether the apparatus recognizes the destination option type of the upper layer packet. The apparatus discards the upper layer packet on a condition that the apparatus does not recognize the destination option type. The apparatus decapsulates the upper layer packet into a lower layer packet and transmits the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type. | 12-29-2016 |
20160381031 | FAST USER KIOSK ACCESS IN A NON-PERSISTENT DESKTOP ENVIRONMENT - Techniques for improving logon time for remote desktops a user has not logged onto before. In general, these techniques involve utilizing a pre-logon script to create a profile-specifying registry entry that links to an already created persistent or “mandatory” profile. Linking to a mandatory profile, rather than creating a new profile from whole cloth (which is automatically done by operating systems such as Microsoft Windows upon detecting a log on from a user that has not logged on before), reduces the amount of time associated with logging on. | 12-29-2016 |
20170235938 | AUTHENTICATION OF IMAGES EXTRACTED FROM UNCLONABLE OBJECTS | 08-17-2017 |
20170237716 | SYSTEM AND METHOD FOR INTERLOCKING INTRUSION INFORMATION | 08-17-2017 |
20170237730 | Identity Federation and Token Translation Module for Use With a Web Application | 08-17-2017 |
20170237732 | COMMUNICATION APPARATUS | 08-17-2017 |
20170238175 | TRANSMISSION DEVICE, COMMUNICATION SYSTEM, AND AUTHENTICATION INFORMATION TRANSMISSION METHOD | 08-17-2017 |
20180026965 | Live Tiles Without Application-Code Execution | 01-25-2018 |
20180026967 | INFORMATION PROCESSING APPARATUS, SECURITY SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM | 01-25-2018 |
20180026968 | MANAGING SECURITY CREDENTIALS | 01-25-2018 |
20180026974 | PORTABLE ELECTRIC DEVICE AND OPERATING METHOD THEREFOR | 01-25-2018 |
20180026978 | SYSTEMS AND METHODS FOR ADDING A NON-INHERENT COMPONENT TO A DEVICE KEY OF A NETWORKED DEVICE | 01-25-2018 |
20190149529 | GENERATING A PASSWORD | 05-16-2019 |
20190149538 | ENABLING ZERO-TOUCH BOOTSTRAP FOR DEVICES ACROSS NETWORK PERIMETER FIREWALLS | 05-16-2019 |
20190149569 | SECURITY MONITORING DEVICE, COMMUNICATION SYSTEM, SECURITY MONITORING METHOD, AND COMPUTER READABLE MEDIUM | 05-16-2019 |
20190149985 | MOBILE COMMUNICATION DEVICE WITH SUBSCRIBER IDENTITY MODULE | 05-16-2019 |
20190149989 | WIRELESS RELAY DEVICE AND SETTING METHOD | 05-16-2019 |
20220138310 | Keystroke Cipher Password Management System and Method - A system and a method of protecting master passwords from technicians/employees that need access to at least one of the security systems such as an access control, a CCTV/surveillance system, burglar alarm and fire alarm system on a network with no internet access is provided in the present disclosure. The method includes creating a ciphered version of a master password for a user i.e., encrypting the ciphered password and creating an encryption key on a password management server, transmitting the ciphered password to a Smartphone application on a user device by securely authenticating the user on the Smartphone application. Further, transferring the ciphered password and the encryption key to an Intelligent USB Drive via using Bluetooth® by securely authenticating the USB Drive with the user device and then connecting the USB drive to the security system via USB port or GUI interface, where the user inputs or inserts the USB carrying the ciphered password and the encryption key, to access the security system. | 05-05-2022 |
20220141217 | AUTHENTICATION SERVER, AND NON-TRANSITORY STORAGE MEDIUM - A terminal apparatus ( | 05-05-2022 |
20220141219 | AUTHENTICATION SERVER, AND NON-TRANSITORY STORAGE MEDIUM - A terminal apparatus ( | 05-05-2022 |
20220141222 | APPARATUS AND SERVER FOR SHARING POSITION INFORMATION OF VEHICLE - An apparatus for sharing location information of a vehicle may include: a communication circuit configured to communicate with a server, and a processor electrically connected with the communication circuit. The processor may be configured to receive, via the communication circuit, authentication information for sharing the location information of the vehicle from the server; transmit, via the communication circuit, the authentication information to an external device, which is a target for sharing the authentication information, such that the external device receives the location information from the server; and acquire the location information from the server using the authentication information. | 05-05-2022 |
20220141614 | TOW AND EMERGENCY ROADSIDE ASSISTANCE LOCATING AND TRACKING MOBILE APPLICATION - A system for providing dynamic roadside assistance coordination may include a customer mobile device or vehicle in direct, or indirect, wireless communication with an insurance provider and/or service provider remote server. The customer's device may transmit a request for roadside assistance (e.g., towing services), and a current GPS location. In response, a closest, trusted service provider vehicle may be determined, and then directed to the customer's location. For instance, a software application may receive the customer location and compare it with availability information to match the customer with a close and trusted service provider. The customer's device may receive an acknowledgement that help is on the way, and be able to track the current location of the service provider vehicle while en route. Payment for the roadside assistance may be automatically and electronically paid by the insurance provider. As a result, prompt and safe roadside assistance may be provided. | 05-05-2022 |
20220141655 | Moving Vehicle Control Method and Device Utilizing Identification Device - An embodiment method for operating a moving object to which an identification device is applied includes recognizing the identification device in response to the moving object being turned on, performing an authentication process with a network through the recognized identification device, and controlling the moving object based on the identification device in response to authentication being completed based on the authentication process. | 05-05-2022 |
20220141668 | SHARED SPECTRUM-CONTROLLER ENFORCEMENT OF A SANCTION CRITERION - During operation, a computer may receive information specifying a trusted identity of an electronic device in a network that uses a shared-license-access band of frequencies. Then, the computer may access a sanction criterion, which is stored in memory, where the sanction criterion comprises: a qualifying criterion in the shared-license-access band of frequencies associated with the electronic device, a disqualifying criterion in the shared-license-access band of frequencies associated with the electronic device, or both. Moreover, the computer may calculate compliance of the electronic device with the sanction criterion based at least in part on the trusted identity. Next, the computer may selectively perform a remedial action based at least in part on the calculated compliance. Notably, the computer may exclude the electronic device from operating or may allow the electronic device to operate in the shared-license-access band of frequencies in the geographic region or the network. | 05-05-2022 |