Entries |
Document | Title | Date |
20080209532 | Method For Implementing Access Domain Security of IP Multimedia Subsystem - The present invention discloses a method for implementing access domain security of IP multimedia subsystem (IMS). The method includes: configuring in advance at least one access domain security mechanism on a network device of the IMS network; after receiving a request message from a User Equipment (UE), the network device selecting an access domain security mechanism for the UE according to the configuration of itself or the received request message, and the IMS network performing security control on the access of UE according to the selected access domain security mechanism. The access domain security mechanism includes a user authentication mechanism or a type of a security channel. In this method, one or multiple access domain security mechanisms are configured beforehand on an HSS and/or a P-CSCF, and the HSS, the P-CSCF, or a UE will make a selection from the configured access domain security mechanisms based on practical situations, thereby making the implementation of IMS access domain security more flexible. | 08-28-2008 |
20080209533 | Method and system for online image security - An online application enables an end user to navigate to a web site, upload digital images, and to combine those images with words in a stylized template to create a user-generated story. A story is a web page, typically a collection of photos and words that are brought together by a stylized template that can be customized by the end user. Preferably, a given story is available from the site at a given location (at a URL) that may be private or public. A given story may be shared with other end users, published to other web sites or web logs, or maintained solely for one's own use. The invention also provides for multiple end users to collaborate to create a “shared” story. | 08-28-2008 |
20080209534 | Token based applicaions platform method, system and apparatus - A method that enables the mapping of token identity and token presentation context to invoke one or more applications that are associated with the given token and context is disclosed. The method enables the construction of a flexible and efficient token-in-context services platform. | 08-28-2008 |
20080216165 | Method and System for Providing On-Demand Media Streaming from a User's Own Library to a Receiving Device of the User - A system and method are provided for on-demand media streaming from a user's own media library to a user's receiving device that may be located in a different location from that where the media library is stored. The present invention provides an out-of-the box on-demand media server device that may be used by itself, in conjunction with a personal computer, or in conjunction with a personal home stereo system or video system. The on-demand media server includes security mechanisms that allow a user to establish a private server that only the user may communicate with and gain access to the user's media library. In one particular embodiment, a smart card or other removable media are used as a security device to ensure that access to the media files on the user's personal on-demand media streaming server is limited to the user. In addition, the system and method provides an on-demand conversion of the media in the user's personal media library to an appropriate format. | 09-04-2008 |
20080222714 | System and method for authentication upon network attachment - An information processing system for remote access computing comprising a network access server and a local authentication server is augmented with the capability for forwarding authentication requests by tunneling interactions between the requesting client and an identity provider. | 09-11-2008 |
20080229401 | METHODS AND SYSTEMS FOR CONFIGURABLE SMARTCARD - An embodiment relates generally to a method of using a token. The method includes embedding the token with at least one action and detecting a presence of the token. The method also includes authenticating the token; and executing an applet in response to a valid authentication of the token. | 09-18-2008 |
20080229402 | WORMHOLE DEVICES FOR USABLE SECURE ACCESS TO REMOTE RESOURCE - A token has a memory, an interface allow connection to a host, and a processor. The processor, in response to user input for configuring a remote access connection, executes a first set of processing instructions to establish a trusted connection with the server host, exchanges credentials over the trusted connection to establish a secure connection with the server host over an untrusted connection, and defines configuration information for accessing user selected data or services. The processor, in response to user input received in a legacy environment, executes a second set of processing instructions that includes establishing, over an untrusted connection, a secure connection with the server host using the security credentials, configuring the secure connection for access to the data or services, making the data or services available in the legacy environment, and defends against attempted access to data or services available at the token other than the data or services made available in the legacy environment. | 09-18-2008 |
20080235780 | Secure Document Management System - A method for presenting a user with alternative document upload mechanisms includes receiving a user request for upload of a document. The user is presented with a graphical user interface containing a plurality of upload mechanisms. The user selects an upload mechanism which is received by a document management system. The document management system receives an electronic version of the document via the selected upload mechanism. The received document is routed in digitized format to an area of a secure electronic document storage system associated with the user. | 09-25-2008 |
20080235781 | SYSTEM AND METHOD FOR TRUSTED COMMUNICATION - A trusted communication system and methods of ensuring trusted communications are provided. A portable memory device is configured to resemble a character, and a client is configurable to operate specifically with that portable memory device. The client may allow a user to access network resources related to other clients belonging to other users having portable memory devices. Each portable memory device may have stored therein a unique token. A token from one portable memory device may be associated with a token of another portable memory device, e.g., by operating the first portable memory device with a client configured to operate with the second portable memory device. When two tokens are associated, the client configured to operate with a portable memory device having one of those tokens may access network resources related to another of those tokens. | 09-25-2008 |
20080244720 | Portable Device For Clearing Access - The invention relates to a portable device ( | 10-02-2008 |
20080244721 | Techniques for Sharing Data - Techniques for sharing data between users in a manner that maintains anonymity of the users. Tokens are generated and provided to users for sharing data. A token comprises information encoding an identifier and an encryption key. A user may use a token to upload data that is to be shared. The data to be shared is encrypted using the encryption key associated with the token and the encrypted data is stored such that it can be accessed using the identifier associated with the token. A user may then use a token to access the shared data. The identifier associated with the token being used to access the shared data is used to access the data and the encryption key associated with the token is used to decrypt the data. Data is shared anonymously without revealing the identity of the users using the tokens. | 10-02-2008 |
20080244722 | Method and apparatus for accepting a digital identity of a user based on transitive trust among parties - Method and apparatus for accepting a digital identity of a user based on transitive trust among parties are described. One aspect of the invention relates to managing a digital identity of a user. The digital identity is provided to a first party, where the digital identity includes a self-asserted claim. An acceptance token is obtained from the first party. The acceptance token purports authenticity of the self-asserted claim according to the first party. The digital identity and the acceptance token are provided to a second party to request validation of the self-asserted claim by the second party based on the acceptance token. | 10-02-2008 |
20080250485 | Guest Dongle and Method of Connecting Guest Apparatuses to Wireless Home Networks - The invention relates to a dongle ( | 10-09-2008 |
20080250486 | DESIGN STRUCTURE FOR LOCAL BLADE SERVER SECURITY - A design structure embodied in a machine readable storage medium for designing, manufacturing, and/or testing a design for a local blade server security is provided. The design structure includes a system capable of extracting authentication information for a local user from a USB keydrive inserted in the chassis of the blade server; comparing the extracted authentication information with predetermined authentication credentials; and granting access to one or more resources on the blade server if the extracted authentication information matches the predetermined authentication credentials; and denying access to one or more resources on the blade server if the extracted authentication information does not match the predetermined authentication credentials. | 10-09-2008 |
20080256615 | Method and apparatus for file sharing between a group of user devices with separately sent crucial portions and non-crucial portions - A communication system | 10-16-2008 |
20080256616 | UNIFIED AUTHENTICATION FOR WEB METHOD PLATFORMS - An authentication mechanism is provided for a web method platform that allows homogeneous access for different types of clients according to a bootstrapping procedure utilized to establish the session. Different clients can be assigned different levels of trust based in part on the bootstrapping procedure and/or information provided during the procedure. The bootstrapping procedure can produce a token that is used by the clients in subsequent requests to provide previous authentication or state information to the platform. The token can comprise a shared secret used to ensure integrity of communications in some cases, and the token can be opaque to the client. Tokens can expire and require a client to re-bootstrap to provide higher levels of authentication protection, and tokens can be shared among a plurality of application servers to facilitate effective handling of requests in a farmed environment. | 10-16-2008 |
20080256617 | Centralized Identity Verification and/or Password Validation - Described is a system and method for validating a user's login information. A provider (e.g. a provider of goods and/or services) receives a login request from a customer that includes a token value. The provider passes the token value to a centralized identity verifier with which the customer is registered. The centralized identity verifier tests the token value and returns a notice of the results of the test to the provider. | 10-16-2008 |
20080263649 | Personal Token and a Method for Controlled Authentication - The invention relates to a personal token ( | 10-23-2008 |
20080263650 | ENHANCED CROSS-SITE ATTACK PREVENTION - Efficient cross-site attack prevention, in which web pages are stored on a site, the web pages being organized into entry pages that do not accept input, and protected pages that are not entry pages. A request is received from a user application to receive a requested web page, the request including a referrer string indicative of a referring web page, and identification data. It is determined whether the requested web page is an entry page or a protected page, and it is further determined, if the requested web page is determined to be a protected page, if the user application is authorized based upon the identification data, and if the referring web page is stored on the site based upon the referrer string. The requested web page is transmitted to the user application if the user application is determined to be authorized and if the referring web page is determined to be stored on the site, and the request is redirected to an entry page if the user application is determined to be not authorized or if the referring web page is determined to be not stored on the site. | 10-23-2008 |
20080263651 | Integrating operating systems with content offered by web based entities - Example embodiments are provided for integrating operating systems with content offered by internet based entities. | 10-23-2008 |
20080263652 | REQUEST-SPECIFIC AUTHENTICATION FOR ACCESSING WEB SERVICE RESOURCES - Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource. | 10-23-2008 |
20080271130 | MINIMIZING CLIENT-SIDE INCONSISTENCIES IN A DISTRIBUTED VIRTUAL FILE SYSTEM - A method of minimizing inconsistencies seen by a client in a distributed virtual file system having multiple clients and a plurality of servers, by creating a token that identifies one of the plurality of servers for creating or modifying a file in the distributed virtual file system. The token has an expiry greater than a propagation time between the identified server and the plurality of servers. | 10-30-2008 |
20080271131 | Configuring devices in a secured network - An exemplary method for configuring a device to enable it to become a member of an established network comprises reading, using a portable device, a first token of a networked device, obtaining configuration data based on the first token, reading a second token of a non-networked device, establishing a communication session with the non-networked device based on the second token, and providing the configuration data to the non-networked device to enable it to become a member of the same network as the networked device. | 10-30-2008 |
20080276309 | System and Method for Securing Software Applications - A system and method for securing software applications installed on a computer network is disclosed. An authorized user is provided a digital credential and loads a secure access client onto a computerized device that can be connected to the network. The secure access client communicates with a secure access server within the network to authenticate the user and determine which applications the user is allowed to access. When the user sends a communication intended for a secured application, the secure access client intercepts the communication and uses cryptographic keys from the digital credential to encrypt and digitally sign the communication. The secure access server has access to cryptographic keys corresponding to those on the digital credential and is able to decrypt the communication and verify the digital credential. The decrypted message is then sent to an application server hosting the secured application. | 11-06-2008 |
20080276310 | Network Security System - A method of authenticating a transaction between a local device under control of a user and a remote server, comprising: determining a series of data specific to the local device; —determining a series of data specific to the user of the device; —transmitting the device specific data series and the user specific data series to a remote encryption engine; —generating at the remote encryption engine a series of unique, single-use data templates, each template comprising randomly selected items from the device specific data series and the user specific data series; the method further comprising, during authentication: —sending a data template from the engine to the local device; —using the data template to interrogate the local device for the device specific data items in the template; —using the data template to interrogate the user to provide the user specific data items in the template; and —comparing the data items provided by the local device and the user in response to interrogation to the data items used to create the template to authenticate the transaction. | 11-06-2008 |
20080289018 | Security Device, Terminal Device, Gate Device, and Device - There are provided a secure device, a gate device, and a device providing a secure device such as an IC card capable of limiting an area where the card application function and the device function are realized. The secure device ( | 11-20-2008 |
20080289019 | FRAMEWORK FOR AUTOMATED DISSEMINATION OF SECURITY METADATA FOR DISTRIBUTED TRUST ESTABLISHMENT - Methods, systems, and machine-readable media for disseminating security metadata from one distributed entity to another in an automated fashion are disclosed. According to one embodiment of the present invention, a computer-implemented method for distributing security metadata comprises receiving at a first service a request for security metadata, the request being received from a process associated with a second service. The method further comprises generating an identifier and security metadata for the second service, the identifier and the security metadata being unique to the second service, and storing the identifier and the security metadata in a first memory accessible to the first service. The identifier and the security metadata are then transmitted to the process associated with the second service and stored in a second memory. The second service is configured to access the security metadata stored in the second memory to encrypt a first communication and decrypt a second communication. | 11-20-2008 |
20080289020 | Identity Tokens Using Biometric Representations - An identity system and method uses biometric representation(s) in identity tokens. When a principal requests access to a relying party, the relying party may request an identity token containing a first claim about the principal and a biometric representation of the principal. An identity provider may then create the identity token, including a digital signature. The relying party may receive the identity token through a first channel and decode it. The relying party may also receive and use biometric information about the principal received through a second channel to verify the validity of the first claim at least in part through comparison of the biometric representation to the biometric information. | 11-20-2008 |
20080289021 | SOFTWARE APPLICATION ACCESS METHOD AND SYSTEM - An access method and system. The method includes receiving from a first user, by a software application within a computing system, a request for access to the software application. The software application determines a first domain associated with a first current location of the user. The software application determines a home domain associated with the user. The software application retrieves a set of login process rules associated with a combination of the first domain and the home domain. The software application enforces the set of login process rules. The software application transmits results of enforcing the set of login process rules. | 11-20-2008 |
20080289022 | Internet business security system - An Internet business security system is disclosed. The business security system couples with a certificate issuer. The certificate issuer issues a smart card to a user. The system includes a reading apparatus for reading the smart card and generating a one-time password based on a PIN number of the user, a front process apparatus to receive the one-time password and providing service to the user when the one-time password is correct, and a rear process apparatus coupling with the front process apparatus. The rear process apparatus includes a pre-proof module to process the matter of proving the identification of the user and an authorization module to determine whether or not the one-time password is correct and then to authorize the user private data stored in the certificate issuer to a web site when the one-time password is correct. | 11-20-2008 |
20080289023 | Method and System for Peer-to-Peer Authorization - An authorization mechanism within a peer-to-peer network is presented. A central server that operates a centralized data repository search engine within a peer-to-peer network performs authentication and authorization operations with respect to users that access its services. A user at a peer node reviews peer-to-peer search results that have been gathered and returned by the centralized search engine. When the user desires to retrieve a file from another peer node, the user's peer node must obtain an authorization token from the central server, which authenticates the user or has previously authenticated the user. The user's peer node then presents the authorization token along with a request to retrieve the file from the other peer node. After verifying the authorization token, the other peer node responds with the requested file. If the other peer node cannot verify the authorization token, then the other peer node denies access to the file. | 11-20-2008 |
20080301792 | Common access card security and document security enhancement - Techniques and systems for maintaining a secure document replication environment based on information contained in CACs are disclosed. In one embodiment of the invention, a device such as an MFP, a printer, a scanner, a copier, or a fax machine comprises or is connected to a card reader. The device prevents users from using the device until the users have been authenticated. In order to authenticate himself to the device, a user inserts his CAC into the card reader. The device reads the user's digital certificate off of the user's CAC. The device determines whether the digital certificate is valid. If the digital certificate is not valid, then, in one embodiment of the invention, the device prevents the user from using any of the device's functions (e.g., printing, scanning, copying, faxing, etc.). | 12-04-2008 |
20080307516 | Secure neighbor discovery router for defending host nodes from rogue routers - In one embodiment, a method comprises receiving, by a router in a network, a router advertisement message on a network link of the network; detecting within the router advertisement message, by the router, an advertised address prefix and an identified router having transmitted the router advertisement message within the network; determining, by the router, whether the identified router is authorized to at least one of advertise itself as a router, or advertise the advertised address prefix on the network link; and selectively initiating, by the router, a defensive operation against the identified router based on the router determining the identified router is not authorized to advertise itself as a router, or advertise the advertised address prefix on the network link. | 12-11-2008 |
20080307517 | Method for Securely Associating Data with Http and Https Sessions - A computing system, method and product comprising a server, a mobile device comprising a client interconnected with the server via a data network, the client identified by a credential which is unavailable to the client and an intermediate node interconnected to the client and the server via the data network wherein the credential is available to the intermediate node. Upon reception of a service request from the client at a first server address the server redirects the client to transmit the service request to a second server address via the intermediate node together with a token, wherein the intermediate node appends a credential identifying the client to the redirected service request and the token and relays the redirected service request, the token and the credential to the second server address. | 12-11-2008 |
20080313724 | N-PORT ID VIRTUALIZATION (NPIV) PROXY MODULE, NPIV PROXY SWITCHING SYSTEM AND METHODS - Embodiments of an N-Port ID virtualization (NPIV) proxy module, NPIV proxy switching system, and methods are generally described herein. Other embodiments may be described and claimed. In some embodiments, login requests are distributed over a plurality of available N-ports to allow servers to be functionally coupled to F-ports of a plurality of fiber-channel (FC) switches. Fiber-channel identifiers (FCIDs) are assigned to the servers in response to the logon requests to provide single end-host operations for each of the servers. | 12-18-2008 |
20080313725 | Computer system protection - Methods, systems, and computer program products for computer system protection are provided. Embodiments protect against unauthorized access to information on stolen and/or illegally transported computer systems. Embodiments include locking of functionalities within a computer system when the computer system moves outside a designated area. Embodiments include limiting access to functionalities within the computer system based on the location of the computer system. Embodiments of the present invention include allowing variable levels of access protection depending on the location of the computer system. | 12-18-2008 |
20080313726 | Integrated systems for simultaneous mutual authentication of database and user - In the field of user authentication, the present invention provides an integrated system for the mutual authentication of a system database and a registered user with a view to increasing the security of remote authentication and the prevention of “phishing/man-in-the-middle” attacks, by one of several alternative means including Code matching, PIN verification, Image reproduction and recognition, Signature and personal data verification, DNA verification and Biometric verification, in each case by means of the differential between variable Codes computed at the database from data recorded for that user and at a remote terminal from replicate data retrieved from a data carrying device. The Codes are derived from the recorded data and a simple algorithm such that the Codes are not predicable. | 12-18-2008 |
20080313727 | Dynamic Discovery and Database Password Expiration Management - An approach that proactively manages login security data is provided. The system selects requesters of a software application resource. A privileged requester is used to request login security data pertaining to the selected requesters. The login security data that is received is compared to one or more parameters that indicate which action(s) should take place. Based on this comparison, one or more actions are taken on behalf of the selected requesters. One of the actions that can be taken is a grace period. One of the actions that can be taken is an automatic security setting update. Another action that can be taken is an automatic notification that automatically informs a user or application that a requestor's access to the resource is about to expire. | 12-18-2008 |
20080320577 | Personal Token With Parental Control - The invention relates to a personal token (in particular a SIM card), a system comprising a personal token and a communication device (in particular a cellular phone), and a method for parental control of the services of the communication device. The personal token of the invention comprises connection means for connecting to a communication device and parental control means, the parental control means controlling access of a controlled entity to the services offered by the communication device according to a set of rules stored in the personal token. The personal token also comprises rules modification means enabling the modification of the set of rules (access to the rules modification means being restricted to a controlling entity), and a web server, the rules modification means being accessible through at least one web page on the web server. | 12-25-2008 |
20090007249 | SYSTEM AND METHOD FOR SELECTIVE AUTHENTICATION WHEN ACQUIRING A ROLE - A system, method, and program product is provided that provides authentication on a per-role basis in a Role-Based Access Control (RBAC) environment. When a user attempts to acquire a role, the improved RBAC system determines whether (a) no authentication is required (e.g., for a non-sensitive role such as accessing a company's product catalog), (b) a user-based authentication (e.g., password) is required, or (c) a role-based authentication (e.g., role-specific password is required). | 01-01-2009 |
20090013396 | Secure music, video, audio, and other digital file downloading system and method using encoded plastic magnetic-type information card or smart card chip, or printed terminal receipt, or scratch off panel - A system and method for securely downloading music or other audio or video media in digital format (“Digital Download Media”) from one or more merchants, comprising an encoded plastic magnetic-type information card having an account or access number and other identification and access data encoded, embossed, or printed on the card and a centralized computer system that receives the encoded, embossed, or printed data and allows the cardholder to access and download via internet transmission the Digital Download Media from the centralized computer system. In another embodiment of the invention, a digital electronic chip is encased within the plastic card (a smart card chip) that securely contains the encrypted account or access number and other identification and access data used by the system for the securely downloading the Digital Downloading Media from one or more merchants. Also part of the method, consumers are given access to their respective remaining Digital Download Media values by internet access to the centralized computer system. In a further embodiment of the invention, consumers can, using point-of-sale terminal card-reading devices at multiple merchants, purchase additional units allowing the downloading of additional Digital Downloading Media corresponding to the amount loaded on the plastic card at the merchants' point-of-sale terminals. | 01-08-2009 |
20090013397 | Processor communication tokens - The invention provides a method of transmitting messages over an interconnect between processors, each message comprising a header token specifying a destination processor and at least one of a data token and a control token. The method comprises: executing a first instruction on a first one of the processors to generate a data token comprising a byte of data and at least one additional bit to identify that token as a data token, and outputting the data token from the first processor onto the interconnect as part of one of the messages. The method also comprises executing a second instruction on said first processor to generate a control token comprising a byte of control information and at least one additional bit to identify that token as a control token, and outputting the control token from the first processor onto the interconnect as part of one of the messages. | 01-08-2009 |
20090025074 | UNIFORM MODULAR FRAMEWORK FOR A HOST COMPUTER SYSTEM - A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session. | 01-22-2009 |
20090031408 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 01-29-2009 |
20090037994 | SYSTEM AND METHOD FOR ORDERED CREDENTIAL SELECTION - A system and method for assisting in ordered credential selection is disclosed. In one embodiment, the system enables ordered credential selection for credentials associated with one or more digital identities. The system comprises a plurality of security tokens, with each security token comprising a claim associated with a digital identity and where at least two of the security tokens are different from each other. The system also comprises an ordering module and manager module. The ordering module imposes a preferential ordering on the security tokens in accordance with an ordering policy to select a preferred security token. The manager module transmits at least one security token in response to a request, where at least one of the security tokens transmitted by the manager module is the preferred security token. | 02-05-2009 |
20090037995 | System and Method For Authentication Of Users In A Secure Computer System - A system and method of authenticating a user in a secure computer system in which a client computer transmits to the secure computer system a request for a sign-on page, the computer system transmits to the client computer a prompt for a first user identifier, and in response to the prompt, the client computer transmits to the computer system a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. The computer system includes a server software module that authenticates the first user identifier and the second user identifier, and compares the transmitted plurality of request header attributes with a plurality of request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if the transmitted request header attributes match stored request header attributes, the server software module transmits a success message to the client computer to be viewed by the user, and the user is allowed to access the secure computer system. In one embodiment, each transmitted request header attribute is given a numerical weighted value and the comparison of request header attributes includes adding the assigned numerical values of matching attributes to arrive at a total value, then transmitting the success message to the client computer only if the total value of matching request header attributes is at least a certain predetermined numerical total. | 02-05-2009 |
20090037996 | Multi-Domain Secure Computer System - Disclosed is a hardware based secure multi-domain computer system. The system comprises a housing enclosing multiple separate, secure computer devices. The housing is preferably the size of a standard computer tower. It is preferred that at least three computer devices are disposed within the housing. Each of the computer devices operate on significantly less power than a standard computer. Preferably, each computer operates on no more than 50 Watts of power, more preferably on less than 35 Watts of power. | 02-05-2009 |
20090044260 | APPARATUS AND METHOD FOR SECURING DIGITAL DATA WITH A SECURITY TOKEN - A security token includes a wireless interface to communicate with a secured device. A cryptographic module generates cryptographic information, encrypts messages to the secured device, decrypts messages from the secured device and coordinates the encryption and decryption of data on the secured device. | 02-12-2009 |
20090049536 | SYSTEM AND METHOD FOR AUTHENTICATION - A system and method for authentication including verifying a password is disclosed. In one embodiment, the authentication system includes a first storage unit to store an authentication sequence and a read-only memory unit to store an authentication algorithm. A microcontroller is coupled to the first storage unit, the read-only memory unit, and is configured to be coupled to and uncoupled from a host. The microcontroller is configured to execute the authentication algorithm to verify a password with the authentication sequence, and to send an access request to a web server via the host if the authentication algorithm has verified the password with the authentication sequence. | 02-19-2009 |
20090064301 | System and Method for Browser Based Access to Smart Cards - A client-side application extension executable on a host computer from within a web-browser having the capability of executing at least one web-browser add-on to provide a user access to a smart card, connected to the host computer having a smart card resource manager, via the web-browser. The web-browser extension has instructions to direct the central processing unit to access data on the smart card via a web-browser and platform independent interface module and a web-browser and platform dependent wrapper module connected to the web-browser and platform independent interface module and to the smart card resource manager having a function processing module operable to receive a call to the at least one function for accessing data on the smart card and for transforming the function call into a corresponding call to the smart card resource manager. | 03-05-2009 |
20090064302 | System for secure internet access for children - A system and method for secure internet access by children that assigns each child a Safe Card Scanner with integral fingerprint scanner and a Caddy-Pilot for Kids (intelligent card reader and docking station) into which the Safe Card Scanner docks for biometric-secure internet access for children. Both the Safe Card Scanner and Caddy-Pilot for Kids have internal memory and device ID numbers stored therein. At registration each child is assigned a user ID corresponding with card ID number and a registration record is compiled including the assigned user ID and photo data plus the Safe Card Scanner and Caddy-Pilot for Kids ID numbers. Parents author a parental ruleset for their child and the ruleset is stored by a host ASP. The child then activates their Safe Card scanner by an initial fingerprint scan, a portion of which is stored locally on the Safe Card scanner (along with the assigned device ID number). Given a registered/activated Safe Card scanner, the child can access the internet from any web-enabled computer simply by plugging the Caddy-Pilot for Kids into the computer's USB port. The Caddy-Pilot for Kids automatically opens a browser program and loads the URL of the sponsoring ASP. The child than inserts their Safe Card scanner into the Caddy-Pilot for Kids, which automatically initiates a scan of their fingerprint, which instantaneously captures a portion of their fingerprint minutia and compares it to the minutia stored previously at enrollment activation, thereby authenticating that child as the authorized user of that Safe Card Scanner. Once a local authentication has taken place the Safe Card scanner checks the assigned user ID plus the Safe Card Scanner and Caddy-Pilot for Kids ID numbers to the registration record, authenticates the child user, and pre-loads the parental control ruleset. The child-users then have a restricted safe and secure but full internet experience including online shopping malls, Chat Rooms, Libraries, games, sports, etc. | 03-05-2009 |
20090077645 | FRAMEWORK FOR NOTIFYING A DIRECTORY SERVICE OF AUTHENTICATION EVENTS PROCESSED OUTSIDE THE DIRECTORY SERVICE - Methods, systems and machine-readable media for authenticating an end user for a client application are disclosed. According to one embodiment of the invention, a method of authenticating an end user for a client application using a directory service having an authentication control policy that tracks failed authentication attempts and allows lock out of an account after a predetermined number of failures comprises receiving end user identity information and security information at the client application; sending a search request to the directory service for an entry associated with the end user identity information and, if a match is found, receiving a authentication token from the directory service associated with the end user identity information; comparing the received authentication token with the security information; if the authentication token matches the security information, sending a request to update the directory service to indicate that successful authentication of the end user has occurred; and if the authentication token does not match the security information, sending a request to update the directory service to indicate that a failed attempt at authentication of the end user has occurred. | 03-19-2009 |
20090077646 | SYSTEM AND METHOD FOR IDENTITY VERIFICATION - A system and method verify a user's identity in an Internet-related transaction. One system and method use a personal computer having identification information, a card reader, and a personal identification card having access information, to verify a user's identity using the access information and the identification information. Another system and method use a personal computer, a card reader, and a personal identification card having access information, wherein the card reader is included as part of a mouse coupled to the personal computer and wherein a user's identity is verified using the access information. Another system and method use a personal computer, a device coupled to the personal computer having identification information, a card reader, and a personal identification card having access information to verify a user's identity using the access information and the identification information. Another system and method use a personal computer, a fingerprint reader, a card reader, and a personal identification card having access information to verify a user's identity using the access information and the data of the fingerprint reader. | 03-19-2009 |
20090083843 | UNIQUE IDENTIFICATION OF ENTITIES OF AN INDUSTRIAL CONTROL SYSTEM - Systems and methods are provided for issuing unique identification credentials to a plurality of devices, and their constituent components, in an industrial control system. Identification credentials are granted by an identification authority and conveyed to each of the credentialed devices and/or component through an identity token. The identification credentials include (1) a unique device identifier, (2) an identification authority component identifier, and (3) an indication of the location of the identification authority component. To secure the issued credentials, such credentials are encrypted and the identification token can be embedded with biometrics features. Identification credentials provide for the following prominent features: (i) Secure access to a device form a client and (ii) determination a topology of a set of credentialed devices in an industrial control system. The topology is network agnostic and facilitates organizational modeling of processes in the industrial control system. | 03-26-2009 |
20090089870 | System and method for validating interactions in an identity metasystem - An information processing system for a computing network in which information describing planned interactions between an identity selector and a relying party web site are provided to a validation service, compared with information a database, and a response returned to the identity selector. | 04-02-2009 |
20090100511 | METHOD AND APPARATUS FOR USE IN PERSONALIZING IDENTIFICATION TOKEN - According to some embodiments, a method comprises: storing, in a personalization token, information to personalize an identification token; issuing the personalization token to an account holder; and transmitting the information from the personalization token to the identification token using a wireless interface. According to some embodiments, apparatus comprises: a personalization token issued to an account holder, the personalization token comprising: information to personalize an identification token; and a wireless communication interface to transmit the information to the identification token. | 04-16-2009 |
20090106829 | Method and system for electronic reauthentication of a communication party - The present invention relates to a method for electronic reauthentication of a communication party ( | 04-23-2009 |
20090113534 | GENERIC INTERACTIVE CHALLENGES IN A DISTRIBUTED SYSTEM - A challenge mechanism in which a challenge is issued from one message processor to another. In generating the challenge, the message processor may select any one or more of a number of available interactive challenge types, where each type of challenge type might use different user-originated information. Upon receiving the challenge, the challengee message processor may identify the challenge type based on information provided in the challenge, and perform different actions depending on the challenge type. The challengee message processor then generates an appropriate challenge response, and issues that challenge response to the challenger message processor. The challenger message processor may then validate the challenge response. | 04-30-2009 |
20090119764 | Method and system for managing virtual objects in a network - A method and apparatus for managing virtual objects in a network is provided. The method includes creating a unique link between at least one virtual object and a physical token. The at least one virtual object is represented by a first set of distinct predefined properties and is associated with a data set. Further, the method includes maintaining information about the unique link between the at least one virtual object and the physical token and information about the first set of distinct predefined properties. Furthermore, the method includes regulating access to the at least one virtual object based on a second set of predefined properties and verification of the physical token. | 05-07-2009 |
20090133111 | SYSTEM FOR CENTRALIZING PERSONAL IDENTIFICATION VERIFICATION AND ACCESS CONTROL - A computerized centralized access management system having an access card with personal identification information, a server in communication an access control computer having an access card reader, an add-on computer program stored in the access control computer to perform a method of reading the access card, retrieving personal identification information, transmitting personal information to the server, receiving an access record and notifying the access control computer whether or not to allow access for the individual according to said access record received from said server. | 05-21-2009 |
20090138952 | METHOD FOR TRANSMITTING AND RECEIVING DATA OF A TERMINAL IN A COMMUNICATION SYSTEM AND COMMUNICATION TERMINAL THEREOF - A method for transmitting and receiving data of a terminal in a communication system and a communication terminal thereof are provided, which can minimize an exposure of authentication information. A communication terminal includes a rolling token generation unit for generating the rolling tokens; a memory for storing the generated rolling tokens; and a control unit for, if an authentication of the other terminal for performing a communication is completed, generating and transmitting a rolling token whenever a transmission to the other terminal is performed, and in case of receiving a specified rolling token from the other terminal, determining whether the rolling token currently received from the other terminal is identical to the rolling token most recently transmitted. | 05-28-2009 |
20090138953 | USER CONTROLLED IDENTITY AUTHENTICATION - A system, method for user controlled identity authentication comprising: a) At least one central computer having at least one user within a user database having user data and at least one service provider within a service provider database with service provider data; b) At least one service provider having electronic communication with the central computer; c) At least one user having electronic devices capable of communications with the central computer and service provider; e) Providing a user with a set of controls within the central computer to customize privacy, security and authentication of the user data; f) Providing a set of access rights within the service provider data of the central computer having a set of transaction rules for the service provider. | 05-28-2009 |
20090150986 | User Authorization Using An Automated Turing Test - Methods, apparatus, and products are disclosed for user authorization using an automated Turing Test that include: selecting, by an automated Turing Test module, a challenge token, the challenge token including a challenge key; repeatedly at an Automated Turing Test pace: selecting, by the Automated Turing Test module, a portion of the challenge token in dependence upon predetermined selection criteria, and revealing, by Automated Turing Test module, only the selected portion of the challenge token to a user; receiving, by the Automated Turing Test module from the user, a user response; determining, by the Automated Turing Test module, whether the user response matches the challenge key; and authorizing, by the Automated Turing Test module, the user to access a resource if the user response matches the challenge key. | 06-11-2009 |
20090150987 | SYSTEM AND METHOD FOR CONFIGURING ENVRIONMENTS OF PRIVATE SYSTEM USING SMART CARD IN PUBLIC SYSTEM - Provided is a system and method for configuring environments of a private system using a smart card in a public system. The system includes a smart card that stores owner identification information, system-environment and work-environment information, private data, and payment information; a public system that authenticates a user of the smart card by using the owner identification information of the smart card and reconfigures a system and work environment similar to the private system to perform work continuously ; a service providing sever that provides an installation program or substitute program required for configuring the latest work environment of the user; and a payment server that pay a usage charge for the public system connected to the smart card. | 06-11-2009 |
20090158413 | METHOD AND APPARATUS FOR SECURE AND SMALL CREDITS FOR VERIFIABLE SERVICE PROVIDER METERING - A method and apparatus for obtaining access to services of service providers. In one embodiment, the method comprises requesting a desired service through a foreign service provider, generating a hash tree and generating a digital signature on a root value of the hash tree, sending the digital signature and the root value to the foreign service provider, providing one or more tokens to the foreign service provider with the next packet if the foreign service provider accepts the signature and continuing to use the service while the foreign service provider accepts tokens. | 06-18-2009 |
20090165110 | DELEGATION IN LOGIC-BASED ACCESS CONTROL - Access to a resource may be controlled by a policy, such that a request to access the resource is either granted or denied based on what assertions have been made by various principals. To find the assertions that support a grant of access to the resource, a template may be created that defines the nature of assertions that would cause access to succeed. Assertions may be stored in the form of tokens. The template may be used to search an existing token store to find assertions that have been made, and/or to generate assertions that have not been found in the token store and that would satisfy the template. The assertions in the template may be created by performing an abductive reasoning process on an access query. | 06-25-2009 |
20090165111 | METHOD AND APPARATUS FOR SECURE MANAGEMENT OF DEBUGGING PROCESSES WITHIN COMMUNICATION DEVICES - A method, device and system for securely managing debugging processes within a communication device, such as a set top box or other multimedia processing device. For example, a security processor (SP) within the communication device manages the lifetime (LT) of any access token issued for use in activating debugging privileges within the communication device. The security processor authenticates an issued access token and securely delivers appropriate debug authorization information to the device controller. The security processor uses its secure, internal timer to count down the lifetime and update the remaining lifetime of the issued access token during the processing of each command by the security processor. In addition to securely managing the issuance of the access token and it's remaining lifetime, the updating process reduces any impact on the normal communications within the device. The method overcomes the issue of the communication device not having a secure internal clock. | 06-25-2009 |
20090165112 | METHODS AND APPARATUSES FOR USING CONTENT, CONTROLLING USE OF CONTENT IN CLUSTER, AND AUTHENTICATING AUTHORIZATION TO ACCESS CONTENT - Provided is a method of controlling use of content in a cluster by a source device, the method including receiving a request from a sync device to transmit content, authenticating an authorization of the sync device to access the content, and transmitting a stream of the content to the sync device. Thus, copyrights of content used by the source device or the sync device of the home network can be efficiently protected. | 06-25-2009 |
20090172797 | METHOD AND SYSTEM FOR SECURING APPLICATION PROGRAM INTERFACES IN UNIFIED EXTENSIBLE FIRMWARE INTERFACE - A method and system for securing an unified extensible firmware interface application program interface includes establishing a software hook for the application program interface during a pre-boot phase of a computing device and granting or denying access to the application program interface based on a comparison of a user token, which identifies the user, and an access control entry of an access control list associated with the application program interface. | 07-02-2009 |
20090183248 | TWO-WAY ERROR CORRECTION FOR PHYSICAL TOKENS - The invention relates to a method of establishing a shared secret between two or more parties, based on a physical token, wherein helper data from both the enrolment and the authentication measurement is used in such a way that only response data reliable at both measurements is used to generate the shared secret. The generated shared secret is therefore identical to both parties to a high degree of certainty. The invention further relates to a system for generating such a shared secret, comprising a central database server and a terminal, or any one of them. | 07-16-2009 |
20090183249 | TRUSTED STORAGE AND DISPLAY - A storage token has a display and a keyboard, or other input device, that allows a user to view a request to access a memory location and enter a response to the request. The display allows presentation of details of the request, such as a pathname to a requested memory location, metadata describing a cryptographic key for use in a transaction confirmation, and/or transaction details which are awaiting verification by a credential stored on the token. The storage token may also include a cryptographic engine and a secure memory allowing signing data returned in response to the request. | 07-16-2009 |
20090183250 | APPARATUS, SYSTEM, AND METHOD FOR TRANSFERRING AUTHORITY - In a system for transferring authority, a transfer token providing unit provides a transfer token to transfer a token of a first user to a third party based on a request from a first terminal. A releasing unit releases the transfer token provided by the transfer token providing unit. A utilizing transfer token providing unit provides, when a request to obtain the transfer token released by the releasing unit is received from a second terminal, a utilizing transfer token to make the requested transfer token available to a second user, and provides the utilizing transfer token to the second user. | 07-16-2009 |
20090187982 | Systems and methods for authenticating communications in a network medium - A system and method for sharing files securely includes server software on a first device configured to communicate with server software operating on one or more other preauthorized devices, such as a second device. The servers communicate with each other securely using cryptographic information exchanged during a preauthorization phase using a range-limited communication channel. The server on the first device obtains file information from the other preauthorized device(s) and combines the information with local file information from the first device. This combined file information is sent to client software operating on the machine, which presents the combined file information to users. | 07-23-2009 |
20090193507 | AUTHENTICATION MESSAGING SERVICE - In one embodiment an authentication server comprises one or more processors, and a memory module communicatively connected to the one or more processors. The memory module and comprises logic instructions which, when executed on the one or more processors configure the one or more processors to regulate access to a service in a communication network by performing operations, comprising receiving, in the authentication server, a first authentication token request for an authentication token, wherein the first authentication token request uniquely identifies a client computing device and a unique service, processing, in the authentication server, the first authentication token request, and transmitting an authentication token from the authentication token server to the client computing device when the first authentication token request is approved by the authentication server. | 07-30-2009 |
20090193508 | METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR DISCOVERING AUTHENTICATION SERVERS AND ESTABLISHING TRUST RELATIONSHIPS THEREWITH - Using an authentication server to discover one or more additional authentication servers and to dynamically establish a trust relationship with the one or more additional authentication servers. The authentication server searches for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspects an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm. Once the authentication server determines a newly discovered realm to be trustworthy, the authentication server receives a directory schema from the newly discovered realm and compares the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema. The authentication server uses the intersection to identify a primary key, and to identify any unique information that is specific to either the authentication server or the newly discovered realm. | 07-30-2009 |
20090193509 | SYSTEMS, METHODS AND COMPUTER PROGRAM PRODUCTS FOR GENERATING ANONYMOUS ASSERTIONS - Systems, methods and computer program products for generating anonymous assertions. Exemplary embodiments include a method for generating anonymous assertions, the method comprising engaging anonymous role authentication via one or more authenticator services, generating an assertion token on a trusted assertion device that is booted into a trusted configuration, and processing the assertion and validating a right of the user to make the assertion for the event. | 07-30-2009 |
20090193510 | APPARATUS, AND AN ASSOCIATED METHODOLOGY, FOR FACILITATING AUTHENTICATION USING A DIGITAL MUSIC AUTHENTICATION TOKEN - An apparatus, and an associated methodology, for facilitating authentication of a user device to access content at another device. A music file is selected as digital music authentication token. Once selected, authentication data is encoded into the music file. Subsequently, when log-in and authentication procedures are performed, the music file is retrieved, and used pursuant to the authentication procedure. | 07-30-2009 |
20090193511 | TWO-FACTOR USB AUTHENTICATION TOKEN - The present patent application discloses a USB token that advantageously mimics a human interface device such as a keyboard in interacting with a host computer, thus removing the need for pre-installation of a dedicated device driver. This is accomplished by requiring the host computer to direct the input of the attached human interface devices of the keyboard type, including the USB token, exclusively to the program interacting with the USB token, by using cryptographic algorithms based on a shared secret, which require less data to be transferred than PKI-based algorithms, and by employing an efficient encoding scheme that minimizes the time needed to exchange information with the USB token, and minimizes the probability of generating ambiguity with input that might legitimately be generated by other attached human interface devices. By using only symmetric encryption and the low-speed USB protocol, a single low-performance processor may be used, which results in a more cost-effective solution than PKI USB tokens emulating the combination of smart cards and smart card readers or USB tokens presenting themselves to the host computer as mass storage devices. The overall security is increased by adding a second authentication factor consisting of a static password entered by the user, and by limiting the number of valid token response that can be generated or retrieved in a usage session. | 07-30-2009 |
20090193512 | SYSTEM AND METHOD FOR ADDRESSING A UNIQUE DEVICE FROM A COMMON ADDRESS BOOK - A method and system for addressing a unique device from an address book, the method having the steps of: receiving a message having a root token and a secondary token; checking whether the root token exists within the address book, if no, creating a record in the address book with the root and secondary token; and if yes, checking whether the secondary token exists within the address book, if yes, providing a representation of the unique device; and if no, storing the secondary token against the root token in the address book. | 07-30-2009 |
20090199284 | METHODS FOR SETTING AND CHANGING THE USER CREDENTIAL IN INFORMATION CARDS - An identity provider issues information cards in which the credential type and/or the credential data is not specified at the time of issuance. A card selector installs the information cards and either prompts a user for the credential at the time of installation or afterwards. The card selector updates the credential type, the credential data, and/or authentication materials associated with an information card after the information card has been installed, and informs the identity provider about the credential type, credential data, and authentication materials before the information card is used. | 08-06-2009 |
20090199285 | Systems and Methods for For Proxying Cookies for SSL VPN Clientless Sessions - The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies. | 08-06-2009 |
20090199286 | Method and appartus for network security using a router based authentication system - A router based authentication system provides packet level authentication of incoming data packets and eliminates the risk of having data packets come in to the network whose source cannot be authenticated. In Router Based Authentication System (RBAS), a prior art router is adapted with an authentication function that works in conjunction with a security function in the client. Alternatively, a new router can be built that embeds an authentication function. The router based authentication function includes: (i) an ability to receive a telephone call and verify the caller by comparing with pre-stored caller id, (ii) generate a random alphanumeric code, deliver to the caller, and save in the system, (iii) reject all packets from the client that do not have a passkey embedded in the header of the packet. The security function in the client includes (i) display of an authentication screen that may display a telephone number to a border or internal router of a computer network of a business and enables entry of the passkey made up of the telephone number of the user and the alphanumeric code, and (ii) a function that encrypts the passkey and inserts the passkey in the header of each outgoing data packet to the business. | 08-06-2009 |
20090199287 | SYSTEMS AND METHODS FOR CONDITIONAL ACCESS AND DIGITAL RIGHTS MANAGEMENT - Method and systems for migrating content from a first DRM system to a second DRM system. The content is licensed under a first license (L1) under the first DRM system and is licensed under a second license (L2) under the second DRM system, and the rights to the content under L2 are at least equal to the rights to the content under L1. | 08-06-2009 |
20090205034 | System for Running Potentially Malicious Code - Systems and methods for creating a secure process on a web server can include creating an application manager process, and creating an application host process, the application host process being created under control of the application manager process. Example methods can also include restricting attributes of the application host process, and assigning a unique logon identifier to the application host process so that the application host process can only communicate with the application manager process. | 08-13-2009 |
20090205035 | INFO CARD SELECTOR RECEPTION OF IDENTITY PROVIDER BASED DATA PERTAINING TO INFO CARDS - A computer system accesses metadata about an information card. The metadata can be stored locally or remotely (for example, at an identity provider). A metadata engine can be used to generate data to be provided to the user from the metadata: this data can take any desired form, such as an advertisement, a state of the user's account, or a policy update, among other possibilities. | 08-13-2009 |
20090205036 | Secure information storage and delivery system and method - A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is associated with a service level including at least one of a data type or a data size limit associated with the secure vault, the secure vault being adapted to receive and at least one data entry and securely store the at least one data entry if the at least one of a size or a type of the at least one data entry is consistent with the service level. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device. A synchronization utility determines whether the at least one data entry on the secure vault is transferable to or storable on the mobile vault based on at least one of the size or the type of the at least one data entry and transfers the at least one data entry from the secure vault to a corresponding data entry on the mobile vault if the at least one data entry on the secure vault is determined to be transferable to or storable on the mobile vault. | 08-13-2009 |
20090217368 | SYSTEM AND METHOD FOR SECURE ACCOUNT RESET UTILIZING INFORMATION CARDS - New claim identifiers allow account reset and supplemental authorizations to be performed utilizing information cards. The new claim identifiers include claims for simple challenge questions, simple challenge answers, generated-challenge answers, and challenge methods. Each of the new claims can include a tuple. Methods of utilizing the new claim identifiers for account reset and supplemental authorization are also provided. | 08-27-2009 |
20090222900 | AUTHENTICATION TICKET VALIDATION - Computer-readable media, systems, and methods for validating an authentication ticket to ensure authenticated communications between a client and an online service provider. In embodiments an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated. | 09-03-2009 |
20090241178 | CARDSPACE HISTORY VALIDATOR - Before a relying party grants a client access to a resource, the last use of the security token by the client to access the resource of the relying party can be verified. Verification can be accomplished by comparing the last time the client sent the security token to the relying party with the last time the relying party received the security token from the client. If the last use of the security token is not verified, the possibility exists that the security token has been fraudulently used by a third party. | 09-24-2009 |
20090241179 | Enabling peripheral communication in a local area network - In one embodiment, the present invention includes a component to be coupled to a peripheral device to enable the peripheral device to appear to be locally connected to a computer of a local area network, although the peripheral device is not physically connected to the computer. The component may include a first set of registers to store a mirrored copy of control register information present in a second set of registers of a host controller interface of the computer. Other embodiments are described and claimed. | 09-24-2009 |
20090254983 | METHOD AND APPARATUS FOR MANAGING TOKENS FOR DIGITAL RIGHTS MANAGEMENT - A method and apparatus for managing tokens for Digital Rights Management (DRM) in a terminal are provided. In the method, at least one token is acquired from a Rights Issuer (RI), and the token is moved to a Secure Removable Media (SRM) through a token move request message. The token can be shared by several terminals. | 10-08-2009 |
20090260071 | SMART MODULE PROVISIONING OF LOCAL NETWORK DEVICES - A card-based mechanism can enable users to secure their network by limiting network access to devices to which a card is communicationally connected, the card having been previously provisioned by the user. A trusted computing device can be used to provision a card. Subsequently, the card can be communicationally connected to a card-provisionable device and can use the networking abilities of that device to authenticate itself to the trusted computing device. The card-provisionable device can then be granted access to the network. The card can also be used to provision the device with other information, such as device-specific settings. If necessary, either the card or the trusted computing device can revoke the network access rights of the card-provisionable device without affecting other devices on the network. | 10-15-2009 |
20090260072 | IDENTITY OWNERSHIP MIGRATION - Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider. | 10-15-2009 |
20090260073 | COMMUNICATION TERMINAL AND METHOD OF PROVIDING UNIFIED INTERFACE TO THE SAME - A communication terminal and a method of providing a unified natural language interface to the same are disclosed. The method includes: determining, when text information containing many characters is created, whether the text information conforms to one of preset grammatical constraints; extracting, when the text information conforms to one of the grammatical constraints, tokens of one or more of characters from the text information, and extracting, when the text information does not conform to one of the grammatical constraints, one or more characters having an attribute probability higher than a reference probability as a token; and analyzing the extracted tokens to, determine a function to handle the extracted tokens, and executing the determined function based on the extracted tokens. | 10-15-2009 |
20090265775 | Proximity Based Authentication Using Tokens - The present invention relates to authenticating a mobile device using location information associated with the device. The present invention provides a mechanism for authenticating a mobile device based on location related information or a “logical location”, but without requiring an actual location. The mobile user device gathers tokens such as SIM data from other wireless devices using wireless communication between the user device and the other devices. A server determines whether these tokens match predetermined reference information, and if so authenticates the user device. | 10-22-2009 |
20090265776 | AUTHENTICATION OF DATA COMMUNICATIONS - Methods and apparatus are provided for authenticating communications between a user computer and a server via a data communications network. A security device has memory containing security data, and security logic to use the security data to generate an authentication response to an authentication message received from the server in use. An interface device communicates with the security device. The interface device has a receiver for receiving from the user computer an authentication output containing the authentication message sent by the server to the user computer in use, and interface logic adapted to extract the authentication message from the authentication output and to send the authentication message to the security device. Includes a communications interface for connecting to the server via a communications channel bypassing the user computer. Either the security device or interface device sends the authentication response to the server via the communications channel bypassing the user computer. | 10-22-2009 |
20090271855 | COMPUTER BASED METHOD AND SYSTEM FOR REGISTERING A USER AT A SERVER COMPUTER SYSTEM - The invention provides a method for registering a user at a server computer system. A first interface is transmitted from the server computer system to a user computer system, the first interface having a field for entering a mobile telephone number. A mobile phone number entered into the field for the mobile phone number is received from the user computer system at the server computer system. A password is generated and transmitting from the server computer system to a mobile device having a mobile phone number corresponding to the mobile phone number received from the user computer system and a second interface is transmitted from the server computer system to the user computer system, the second interface including a field for entering the password. A follow-up message is transmitted from the server computer system to the mobile device if the password is not received from the user computer system at the server computer system within a predetermined period of time. | 10-29-2009 |
20090271856 | RESTRICTED USE INFORMATION CARDS - A system and method for utilizing restricted user information cards is provided. An identity provider issues a restricted use information card responsive to a relying party's restricted use policy. The identity provider can issue security tokens associated with the restricted use information card that include a unique-id claim. A broker can act as an intermediary between a user and the relying party to protect the user's personal information but still uniquely identity the user to the relying party. The relying party, the identity provider, or the broker can be responsible for enforcing the restricted use policy. | 10-29-2009 |
20090276840 | UNIFIED ACCESS CONTROL SYSTEM AND METHOD FOR COMPOSED SERVICES IN A DISTRIBUTED ENVIRONMENT - A system, a computer device implemented method, and a computer readable article of manufacture for executing a computer implemented method for a unified access control for a plurality of composed services in a distributed computing environment without requiring repeated input of security certification. The method includes the steps of: acquiring a first role of a user in a first composed service; sending an invoking request by a processing unit of the first composed service to a second composed service; receiving the first role of the user in the first composed service and predefined role-role mapping relationships, and determining a second role of the user in the second composed service by a role determining component; and then sending the determined role in the second composed service by a role sending component to the second composed service, thereby providing unified access without requiring repeated input of security certification. | 11-05-2009 |
20090288155 | DETERMINING AN IDENTITY OF A THIRD-PARTY USER IN AN SAML IMPLEMENTATION OF A WEB-SERVICE - One embodiment of the present invention provides a system that facilitates determining an identity of a third-party user in a Security Assertion Markup Language (SAML) implementation of a web-service. During operation, the system receives an SAML token profile web service request from the third-party user at the web-service. The system also receives a digital certificate designated by the SAML token profile web service request from the third-party user at the web-service. Next, the system analyzes the digital certificate to identify a third-party associated with the third-party user. The system then determines if the third-party is a trusted party. Next, the system receives one or more attributes associated with the third-party user at the web-service. The system then uses the attributes to identify the third-party user. Finally, the system performs a lookup in a user map to determine a user account that is associated with the third-party user. | 11-19-2009 |
20090293112 | ON-LINE GENERATION AND AUTHENTICATION OF ITEMS - Value based tokens are generated for inclusion on a data carrier which may be applied to a media such as a coupon, bank note etc. The tokens are generated by a core system which communicates with application specific wrappers. The wrappers supply token parameters to the core that are specific to the application and the core generates the tokens, and stores them for later authentication. The core then encodes the tokens onto a data carrier under the control of the wrapper and distributes the tokens under the control of the wrapper. When a token is presented for validation, for example by a customer in a shop, the encoded data carrier is scanned and the token retrieved. It is passed back to the core by the wrapper for validation of its identification number and other parameters. | 11-26-2009 |
20090300746 | SYSTEM INTEGRATING AN IDENTITY SELECTOR AND USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy. | 12-03-2009 |
20090300747 | USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM - A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process. | 12-03-2009 |
20090313687 | One time password - A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s. | 12-17-2009 |
20090313688 | Method for Electronic Transaction by Mobile Messaging - A transactional process for a transaction with a user using an identification platform including (i) a registration stage including for the user, registering at the level of the platform, which registration includes at least supplying a telephone number of the user, and storing, at the level of the identification platform, at least one electronic token associated with the telephone number, as well as a transaction identifier associated with the transaction and with the electronic token; and (ii) a collection stage of the transaction including for the user, supplying a collection identifier to a collection terminal, and generating the transaction in the case of concordance between the collection identifier and the electronic token. | 12-17-2009 |
20090313689 | Method, Device, And System For Network-Based Remote Control Over Contactless Secure Storages - A typical system environment comprises a terminal device, a secure storage subsystem, and an interconnectivity component. The terminal device has a network connectivity subsystem enabled for data connectivity with a wireless communications network. The secure storage subsystem has a secure storage memory for securely storing contents and is enabled for local RF connectivity through a local RF communication subsystem. The secure storage subsystem is operable as a contactless smartcard in accordance with any contactless technology. The interconnectivity component is adapted to enable communication of the secure storage subsystem through the network connectivity subsystem with the network. The interconnectivity component is further configured to detect that messages received from the network are destined for the secure storage subsystem and is configured to supply that identified messages to the secure storage subsystem. The messages enable exercising control over the secure storage subsystem in that the messages comprise one or more instructions to be processed by a secure memory controller of the secure storage subsystem. | 12-17-2009 |
20090320116 | FEDERATED REALM DISCOVERY - A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm. | 12-24-2009 |
20090320117 | REMOTE SIGN-OUT OF WEB BASED SERVICE SESSIONS - Remote sign-out of web based service sessions. As a part of remote sign-out of web based service sessions, a user authentication token is accessed that is used to establish a web based service session and this user authentication token is stored in memory of an authentication server and returned in a cookie to the device. User access and deletion of the user authentication token from memory is accommodated using a device different from that which initially established the web based service session. Upon receipt of a browser request involving the user authentication token, it is determined whether the user authentication token is stored in memory. An access denial indication is provided to a web based service that indicates that the user authentication token is not stored in memory. | 12-24-2009 |
20090320118 | Security Token and Method for Authentication of a User with the Security Token - A security token includes (a) a personal data memory configured to store digital identity credentials related to personal data of a user; (b) an input appliance configured to check said personal data; (c) a key record data memory configured to store at least one identity credential of an authentication server or of an application operator; (d) a transmitter and receiver unit configured to create a secure channel directly or indirectly to said authentication server or application operator to handle said key record relating to said authentication server or application operator, respectively; (e) a control unit configured to control the transmitter and receiver unit and the key record data memory in view of said handling, wherein the control unit is configured to perform one of: interpreting, deciphering, creating, checking, renewing, withdrawing and further key record handling actions. A method for authentication of a user using the security token is also disclosed. | 12-24-2009 |
20090320119 | EXTENSIBLE CONTENT SERVICE FOR ATTRIBUTING USER-GENERATED CONTENT TO AUTHORED CONTENT PROVIDERS - A method and system allows a user to add content to a displayable content container (e.g., web page) that specifies at least one modifiable portion, where the modifiable portion is served by a server operated by one entity, but provided to the server by a service operated by another entity. The modifiable portion is attributable to the one entity and remaining content in the displayable content container is not editable by the users. Other features, such as user authentication mechanisms, are also described herein. | 12-24-2009 |
20090328177 | ENABLING PRIVATE DATA FEED - A method of generating a pre-authenticated link to access a private feed and providing access to the private feed using the pre-authenticated link. A request to access the private feed is received and a first user sending the request is authenticated. A token for the first user is generated when the first user is authorized to access the private feed. The token may identify the first user, the private feed and an owner of the private feed. The token may be embedded within a link and transmitted to the first user. A user is automatically authorized to access the private feed when the token is sent by the user using the link. The link automatically authenticates the first user and allows access to the private feed. The private feed may become inaccessible to the first user when the owner of the private feed revokes access of the first user. | 12-31-2009 |
20090328178 | TECHNIQUES TO PERFORM FEDERATED AUTHENTICATION - Techniques to perform federated authentication are described. An apparatus may comprise a resource server may have an authentication proxy component to perform authentication operations on behalf of a client. The authentication proxy component comprises an authentication handling module operative to receive an authentication request to authenticate the client using a basic authentication protocol. The authentication proxy component also comprises an authentication discovery module communicatively coupled to the authentication handling module, the authentication discovery module operative to discover an identity server for the client. The authentication proxy component further comprises an authentication manager module communicatively coupled to the authentication discovery module, the authentication manager module operative to retrieve authentication information from the identity server using an enhanced authentication protocol, and authenticate the client to access resource services using the authentication information. Other embodiments are described and claimed. | 12-31-2009 |
20090328179 | IDENTIFICATION OF A SMART CARD ON A PLUG AND PLAY SYSTEM - Techniques for identifying a smart card in a plug and play system. The technique requires identifying a unique code identifier and loading a smart card minidriver according to the unique code identifier. | 12-31-2009 |
20090328180 | Granting Least Privilege Access For Computing Processes - Embodiments provide a security infrastructure that may be configured to run on top of an existing operating system to control what resources can be accessed by an applications and what APIs an application can call. Security decisions are made by taking into account both the current thread's identity and the current thread's call chain context to enable minimal privilege by default. The current thread context is captured and a copy of it is created to be used to perform security checks asynchronously. Every thread in the system has an associated identity. To obtain access to a particular resource, all the callers on the current thread are analyzed to make sure that each caller and thread has access to that resource. Only when each caller and thread has access to that resource is the caller given access to that resource. | 12-31-2009 |
20090328181 | Service integration platform system and method for internet services - A service integration platform system includes an interface configured to receive a service request initiated by an Independent Software Vendor (ISV) and one or more processors configured to authenticate the service request and in the event that the service request is authenticated, route the service request to an Internet Service Provider (ISP) providing the service to be further processed. The service request is routed to a deployment environment provided by the ISP in the event that the service request is received on a deployment Universal Resource Identifier (URI) corresponding to the deployment environment; the service request is routed to a test environment provided by the ISP in the event that the service request is received on a test URI corresponding to the test environment. | 12-31-2009 |
20100011431 | METHODS AND APPARATUS FOR AUTHORIZING ACCESS TO DATA - In one embodiment, a method comprises receiving a request from a first party for access to controlled data, and providing access to the controlled data to a second party. The first party requests access to the controlled data and a token is provided to the first party. The token includes data associated with authorized access to the controlled data. A request for access to the controlled data including the token is later received from the second party, and access to the controlled data is provided to the second party. | 01-14-2010 |
20100017866 | SECURE USER INTERACTION USING VIRTUALIZATION - A first virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least first and second hardware devices of the computer system. Data is communicated between the first hardware device and the second hardware device, via the first virtualization layer, without exposing the data to the operating system. | 01-21-2010 |
20100017867 | SELF-MANAGEMENT NETWORK ACCESS USING LOCALIZED ACCESS MANAGEMENT - The invention provides a method and system for locally tracking network usage and enforcing usage plans at a client device. In an embodiment of the invention, a unique physical key, or token, is installed at a client device of one or more networks. The key comprises a usage application and one or more access parameters designated the conditions and/or limits of a particular network usage plan. Upon initial connection to the network, the usage application grants or denies access to the network based on an analysis of the current values of the access parameters. Therefore, network usage tracking and enforcement is made simple and automatic without requiring any back-end servers on the network while still providing ultimate flexibility in changing billing plans for any number of users at any time. | 01-21-2010 |
20100024024 | Authentication System and Process - An authentication system including: (i) a user device, such as a mobile phone or media player, for storing random identification data for a user of the user device, and for processing entered token data to generate response data on the basis of the identification data; (ii) a client device, such as a personal computer, for use by the user to request a session, such as an online banking session, with a server system, for receiving the token data in response to the request, and for sending the response data to the server system; and (iii) a server of the server system, for storing the random identification data for the user, generating the token data for the client device on the basis of the identification data in response to the request, and for processing the response data to determine authentication for the client device for the session. | 01-28-2010 |
20100024025 | AUTHENTICATION SYSTEM AND AUTHENTICATION SERVER DEVICE - An account management server, when a device executing a service receives a card ID read from an ID card, sends back log-on data as a response, which is recorded in an account management DB in a way that associates the log-on data with the card ID. A user terminal, when reading the card ID from the ID card, transmits the card ID together with an account name of a user to an account management server. The account management server overwrites, with the received card ID, the card ID registered in the account management DB in a way that associates the card ID with the received account name or password. | 01-28-2010 |
20100031336 | Peripheral Security Device - A peripheral security device is capable of being physically connected to a host terminal, on which is installed at least one software drive that is capable of permitting communication between said host terminal and a peripheral device with a human interface. This peripheral security device comprises a microprocessor capable of sending security data to the terminal during communication with the terminal. It is characterized in that the communication between the peripheral security device and the host terminal is managed at the level of the terminal via the software driver and simulates a communication between the peripheral device with a human interface and the host terminal. | 02-04-2010 |
20100043066 | MULTIPLE SECURITY LAYERS FOR TIME-BASED NETWORK ADMISSION CONTROL - Embodiments of the present invention include a computer method of controlling access to a computer-based network comprising: (i) receiving an indication of an attempt to gain access to a computer-based network; (ii) applying a respective network access control policy to determine whether to allow the attempt to gain access to the computer-based network at each of multiple security layers; and (iii) allowing or blocking the attempt to gain access through the security layer to the computer-based network based on the application of the respective network access control policy at each security layer. Other embodiments include a computer method of controlling access to a computer-based network comprising: (a) scanning a host computer for viruses; (b) temporarily disabling a firewall of the host computer during an audit; and (c) shutting down high risk services running on the host computer. | 02-18-2010 |
20100058453 | IDENTIFICATION PROCESS OF APPLICATION OF DATA STORAGE AND IDENTIFICATION HARDWARE WITH IC CARD - The present invention relates to an identification process of application of data storage and identification hardware with IC (Integrated Circuit) card, and particularly to an IC card and within identification ICCID and GLN, which can be installed in a USB compatible flash memory, as identification hardware device. This can be as a useful authorization process of records companies or intellectual property owners. The hardware can also be used as storage media. Use non-duplication code in IC card and encryption system to ensure user authentication and data confidentiality on Internet or any other information system of computer. As using normal private key the invention is easy and convenient to use. | 03-04-2010 |
20100064360 | Token device that generates and displays one-time passwords and that couples to a computer for inputting or receiving data for generating and outputting one-time passwords and other functions - A token device that generates and displays one-time passwords and couples to a computer for inputting or receiving data for generating and outputting one-time passwords and performing other functions is provided. The token includes an interface for coupling to a computer. The token may also be coupled to any network that the computer may be connected to, when coupled to the computer. Data and information may be transmitted between the computer and token, and between the network and token, via the computer and interface. The data and information may include one-time password seeding, file transfer, authentication, configuration and programming of the token. The token must be seeded to generate and display one-time passwords. An original, or seed, value is loaded into the token. One-time passwords are subsequently generated or calculated, or both, from the seed value. Seeding of the token involving a counter, time, or time-related functions, may allow synchronization of the token with such functions. The token may support different authentication methods. | 03-11-2010 |
20100071046 | Method and System for Enabling Access to a Web Service Provider Through Login Based Badges Embedded in a Third Party Site - A system and method which may allow a user to login a web service provider from a third party site without leaking the user's login information to the third party site. A service request interceptor may authenticate the third party site to make sure that a service request is from a third party site registered with the web service provider or its associated sites, and then instruct a badging server to send an HTML markup to the third party site to enable a login page of the web service provider to be displayed as a pop up window, outside of the third party site. Before sending the instructions to the badging server, the service request interceptor may check whether the user has already logged in the web service provider, and authenticate a user to make sure that the user is registered with the web service provider. Since the user may interact with the web service provider directly, the third party site may be bypassed and users' credentials may be better protected. | 03-18-2010 |
20100071047 | Authentication system, terminal and information processing device, having function of performing stable authentication - To provide an authentication system allowing stable determination as to whether a user is a registered user while saving user's trouble, an information processing device capable of data communication with a plurality of image forming apparatuses extracts an image forming apparatus connected to an IC card reader from the plurality of image forming apparatuses, based on reply signals transmitted from the plurality of image forming apparatuses, and transmits user account information of registered users to the extracted image forming apparatus. The image forming apparatus connectable to the IC card reader performs, if it is determined that the IC card reader is connected to the image forming apparatus, the authentication process based on the user account information of registered users received from the information processing device and on the information read by the IC card reader. | 03-18-2010 |
20100083362 | METHOD AND SYSTEM OF MANAGING AND ALLOCATING COMMUNICATION RELATED RESOURCES - A system and method for managing communication. The system and method applying to but not limited to settop boxes (STBs) and other devices used to interface services. The management including any number of features and processes associated with achieving Quality of Service (QoS) across different domains and according to network limitations associated with the same. | 04-01-2010 |
20100083363 | BINDING ACTIVATION OF NETWORK-ENABLED DEVICES TO WEB-BASED SERVICES - A method for associating a networked device with an online service is provided. The networked device may be an appliance or other device that has limited input capabilities, making it difficult to to download information such as digital media files from an online service without having to input a significant amount of information using the device or appliance. The method begins by establishing communication with a service over a network. A claim token is received from the service over the network. The claim token is returned to the service over the network after the claim token has been bound to an authorized user of the service. In response to return of the claim token, a device identifier binds the networked device to an account with the service that is associated with the authorized user. | 04-01-2010 |
20100088753 | IDENTITY AND AUTHENTICATION SYSTEM USING ALIASES - An identity and authentication platform utilizes a data model that enables multiple identities such as e-mail addresses, mobile phone numbers, nicknames, gaming IDs, and other user IDs to be utilized as aliases which are unique sub-identities of a main account name. A user may utilize the aliases supported by the platform to project multiple different on-line identities while using the authentication credentials of the main account. The platform is configured to expose the aliases to various client applications and Internet-accessible sites and services such as e-mail, instant messaging, media sharing, gaming and social networks, and the like, to enable the implementation of a variety of usage scenarios that employ aliases. | 04-08-2010 |
20100088754 | Authentication Method and Token Using Screen Light for Both Communication and Powering - An authentication token one side of which features an array of solar cells, of a very thin and flexible type, whereas the opposite side features a display device. The method consists in encoding into a sequence of bright images, interlaced with less bright ones, the code sent by the server. By placing the token in front of the portion of the screen displaying said encoding sequence, the light collected by the array of solar cells it is sufficient to generate the energy required for supplying the token's microprocessor, while the variation in brightness are decoded as to reconstruct the digital word representing the code sent by the server. Said code is then processed by the microprocessor to generate a One Time Password, OTP, then displayed on the display device. The user would then enter said OTP on the login page. | 04-08-2010 |
20100095364 | METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING SMART CARD SECURITY - An apparatus for providing smart card security may include a processor. The processor may be configured to determine, for a mobile terminal locked to a smart card, whether a temporary subscriber identifier is being read from the smart card or whether the mobile terminal is receiving a new temporary subscriber identifier from a network in communication with the mobile terminal, compare a network identifier associated with the temporary subscriber identifier to a network identifier included in a permanent subscriber identifier associated with the smart card in response to a determination that the temporary subscriber identifier is being read from the smart card, compare a network identifier associated with the new temporary subscriber identifier to a network identifier associated with a previous temporary subscriber identifier in response to a determination that the new temporary subscriber identifier is received from the network, and determine whether to invalidate the temporary subscriber identifier or the new temporary subscriber identifier based on a result of a respective one of the comparing operations. | 04-15-2010 |
20100100951 | Communication system and method - A method of authenticating a user terminal with an access node providing restricted access to a communication network is provided. The method comprises the user terminal transmitting a request for an authentication token to a trusted network node via an unrestricted channel on the access node, the request comprising a network identity for a user of the user terminal. The network node verifies the identity of the user using the network identity, generates an authentication token and transmits the authentication token to the user terminal via the unrestricted channel. The user terminal derives login information from the authentication token and provides the login information to the access node. The access node authenticates the login information and removes the restricted access such that the communication network can be accessed by the user terminal. | 04-22-2010 |
20100100952 | NETWORK AGGREGATOR - A device, system and method for aggregating resources, services or data across a network in which data and services from various source networks can be converted into an internal, aggregatable form (or vice versa) that can be sent to relevant properties or systems on request or through scheduling. The framework of the device, system and method permits scalability and potentially support any number of users, applications and services. | 04-22-2010 |
20100107234 | METHODS FOR PROTECTING AGAINST COOKIE-POISONING ATTACKS IN NETWORKED-COMMUNICATION APPLICATIONS - The present invention discloses methods, media, and gateways for protecting against cookie-poisoning attacks in networked-communication applications. Methods include the steps of: creating a protected gateway cookie, generated by a gateway, for a server cookie, generated by a server, wherein the server cookie is received by the gateway in an HTTP response message; and validating, by the gateway, that a client cookie from a client request has a corresponding gateway cookie with expected field values. Preferably, the field values include at least one field value selected from the group consisting of: a name, a hash value computed over the server cookie, a hash-function index, a timestamp, a nonce, a hash value computed over newly-generated values, a path, a domain, an expiration, and an HTTP-only value. Preferably, the gateway cookie is signed with a secret key. Most preferably, the secret key is generated by a secret seed. | 04-29-2010 |
20100132024 | Identifying attribute propagation for multi-tier processing - A multi-tier attribute tracking mechanism provides the ability to identify the end user credentials and other client information and attributes and assign them to database requests in an application server architecture. Disclosed configurations identify the processing unit, or thread, assigned by the operating system to service the incoming request from the user at the application tier. A matching of users to threads allows successive thread activity to be mapped back to the initiating user. Conventional interception of database access attempts at the application level (so called “server taps,” or staps) identified only the database user (the account in the database) and associated connection as the responsible user. By intercepting, or “tapping” the access request at the operating system level (using so-called kernel taps, or “ktaps”), the mechanism matches which application requests map to which database requests. With this matching, the database requests can be tagged with the user credentials which are known through the application request. | 05-27-2010 |
20100146612 | METHOD AND APPARATUS FOR TRUST-BASED, FINE-GRAINED RATE LIMITING OF NETWORK REQUESTS - A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic. This scheme enables the server to throttle untrusted password-guessing requests from crackers without penalizing most friendly logins and only slightly penalizing the relatively few untrusted friendly logins. | 06-10-2010 |
20100146613 | SYSTEM AND METHOD FOR PROVIDING SILENT SIGN ON ACROSS DISTRIBUTED APPLICATIONS - A system and method is provided for a distributed computing system where a user can login to a client computer and access a number of different applications installed on web servers. These applications are then provided access to data in mainframe systems without a user having to enter mainframe user id or password information for gaining access to the mainframe system. The system and method can utilize a sign on object which is installed onto the client computer. The sign on object operates to obtain and transmit a security token which authorizes access to the mainframe system, and the security token does not require the use of the cookie data. This system and method can pass the security token through the web server and the web application in an encrypted form which limits security risks. | 06-10-2010 |
20100154047 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR MEDIA SESSION POLICY COMPLIANCE AUDITING AND ENFORCEMENT USING A MEDIA RELAY AND SESSION INITIATION PROTOCOL (SIP) SIGNALING - Methods, systems, and computer readable media for media session policy compliance auditing and enforcement using a media relay and session initiation protocol (SIP) signaling are provided. One method includes at a SIP policy server, receiving SIP signaling from a user agent client to obtain a policy for media session and, in response, generating at least one media session correlation token. At least a portion of the SIP policy server is implemented in hardware. The media session correlation token and the media policy are communicated to the user agent client and to a media relay. Identification information for the media relay is also communicated to the user agent client. At least a portion of the media relay is implemented in hardware. At the media relay, the media session correlation token is received and used to correlate and store usage information for the media session and to monitor compliance with the media policy. | 06-17-2010 |
20100162376 | AUTHENTICATION SYSTEM AND METHOD USING DEVICE IDENTIFICATION INFORMATION IN UBIQUITOUS ENVIRONMENT - An authentication system using device identification information in ubiquitous environment includes: an information reader for receiving authentication information of a user through at least one device of the user; a home gateway and an office gateway for registering the user authentication information received from the information reader, and performing service control through verification of authentication of the user; and an integrated authentication center for receiving the user authentication information from the home gateway and the office gateway by querying, in response to a request for the authentication of the user received from a specific system, and, when the respective pieces of the user authentication information are identical to each other, transmitting an authentication success message to the specific system. | 06-24-2010 |
20100162377 | MASS STORAGE DEVICE WITH AUTOMATED CREDENTIALS LOADING - A portable mass storage device for use in two factor authentication systems and methods. A secure portable mass storage device protects content from being freely copied with security mechanisms and firmware. The security functionality also protects confidential user credentials and passwords, as well as algorithms and seeds needed for two factor authentication or asymmetric authentication methods. A client application residing in the mass storage device acts as both a password manager and an authentication manager that seamlessly performs the authentication procedures in the background while signing a user into various institutions of his choosing. A very high level of security is integrated into a mass storage device the user has for purposes other than two factor authentication, and the convenience of highly secure password management also comes in a convenient pocket sized package easy for the user to transport. This facilitates the acceptance of two factor authentication, and increases security for a wide variety of online transactions. | 06-24-2010 |
20100169961 | WIRELESS NETWORK MANAGEMENT PROCEDURE, STATION SUPPORTING THE PROCEDURE, AND FRAME FORMAT FOR THE PROCEDURE - Provided are a WLAN management procedure, a station supporting the procedure, and a frame format for the procedure. In the management procedure, a reporting station receives a event request frame including one or more event request elements each of which comprises an event type field for specifying the event type of an event request and an event response limit field for specifying the number of requested event report elements. And, in response to the event request frame, the reporting station transmits an event response frame including event report elements for the event type specified in the event type field as many as the number specified in the event response limit field. | 07-01-2010 |
20100169962 | Method of Securely Logging Into Remote Servers - The invention relates to a system comprising a network device (NSC), a host computer (HOST) and a remote server remote (SRV). The host computer (HOST) and the network device (NSC) server are connectable through a network. The host computer (HOST) and the remote server (SRV) are connectable through the Internet. The smart network device (NSC) comprises a web server accessible from the host computer (HOST). The network device (NSC) is set to store a user's authentication credential. The host computer (HOST) is set to display a web page produced by the remote server (SRV) to the user. The remote server (SRV) is set to include a login link in said web page, the login link pointing to said web server. The web server is set to display a login page to the user on the host computer (HOST) when the user clicks on said login link, in order to authenticate the user. Upon authentication of the user, the network device (NSC) is set to send the user's authentication credential to the remote server (SRV) in order to authenticate the user to the remote server (SRV). | 07-01-2010 |
20100175119 | Management of Access Authorization to Web Forums Open to Anonymous Users Within an Organization - A mechanism is provided for managing access authorization to forums open to anonymous users within an organization. A token distributor application provides a unique token to each member of a community or organization. The application is trusted by all members to not store an association between the authenticated user and the token when a token is assigned. The only control exerted by the token distributor is to block users who have already obtained a token from receiving another token. The communication tool or collaboration space may accept creation of a new anonymous identity, such as a nickname, to any individual supplying a token assigned by the token distributor application. An administrator may ban users by token. A banned user cannot access the communication tool or collaboration space using a nickname associated with a banned token. | 07-08-2010 |
20100175120 | MULTI-LAYER DATA MAPPING AUTHENTICATION SYSTEM - A multi-layer data mapping authentication system has a real ID authentication server, a middle data mapping server and a terminal data mapping server. The real ID authentication server links to a private network and stores real IDs and the hidden codes, each of which corresponds to a unique real ID. The terminal data mapping server links to a public network and allows an end user to link so that the end user sends the terminal data mapping server a user's code and an one-time-password (OTP). Since the middle data mapping server links between the real ID authentication server and the terminal data mapping server, the end user only uses hidden code to generate the OTP and sends the user's code and the OTP to the public network. The terminal and middle data mapping servers are converts the user's code to the corresponding real ID of the end user in the private network to complete the authentication procedure. The real ID and hidden code is not sent at the public network and is not stolen. | 07-08-2010 |
20100186076 | METHOD AND SYSTEM OF PROVIDING SECURITY SERVICES USING A SECURE DEVICE - A secure portable electronic device for providing secure services when used in conjunction with a host computer. The secure portable device includes a read-only memory partition, a read/write memory partition, and a secure memory partition. The secure portable device includes instructions stored in the read-only partition including a host agent containing instructions executable by the host computer. The secure portable device also includes instructions stored in the secure memory partition. These instructions include a card agent containing instructions executable by central processing units secure portable electronic device, and includes a card agent communications module for communicating with the host agent; and a security module for accessing private information stored in the secure memory partition. The host agent includes a host agent communications module for communicating with the card agent and at least one function requiring use of private information stored in the secure memory partition of the portable device and operable to transmit a request to the card agent to perform a corresponding function requiring the use of private information stored on the portable device. | 07-22-2010 |
20100186077 | SYSTEM, CONTROLLER, AND METHOD THEREOF FOR TRANSMITTING DATA STREAM - A system, a controller, and a method thereof for transmitting data stream from a host to a peripheral device with a chip are provided. At least a part of a data stream is transmitted from the host to the peripheral device. Then, the host inerrably receives a response message generated by the chip by executing a plurality of read commands. The data stream and the response message have corresponding write tokens, and the write token of the data stream is compared with the write token of the response message to verify the accuracy of the response message. | 07-22-2010 |
20100186078 | Personal Portable Secured Network Access System - Authenticating a customer for access to a content server. The customer is biometrically authenticated to a secure terminal based on information stored in a secure personal storage device belonging to the customer. The customer is allowed access to the secure terminal after a successful authentication. The customer is authenticated to the content server based on account credentials stored on the secure personal storage device issued by the content server. | 07-22-2010 |
20100199341 | Methods, Subscriber Server, and User Equipment for Facilitating Service Provision - A User Equipment (UE), a Home Subscriber Server (HSS), and methods are provided for facilitating access to a second service (e.g. IPTV, IP Television) when the user registers with a network for a first service (e.g. IMS, IP Multimedia Subsystem service, or 2G mobile service). For example, the user employs his mobile terminal to register for IMS service, then requests a security token for the provision of the second service. The network validates the user subscription and provides the security token associated with the 2 | 08-05-2010 |
20100212004 | METHOD AND APPARATUS FOR PROVIDING ENHANCED SERVICE AUTHORIZATION - An approach is provided for authorizing one or more services from service providers in a communications network. The approach includes receiving a request from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider. Based, at least in part, on the secondary token identifier, a secondary token is identified; and then the secondary token is sent to the first service provider, wherein the first service provider and the second service provider belong to different trust domains and the first service provider can use the secondary token to access resources of the second service provider. | 08-19-2010 |
20100218245 | METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR MANAGING INTERCHANGE OF ENTERPRISE DATA MESSAGES - A system and method for enabling the interchange of enterprise data through an open platform is disclosed. This open platform can be based on a standardized interface that enables parties to easily connect to and use the network. Services operating as senders, recipients, and in-transit parties can therefore leverage a framework that overlays a public network. | 08-26-2010 |
20100229232 | SUBSCRIPTION AND DEVICE OF CHARGE CONTROL - A method of providing service authorization by sending a message from a redirect server to a user terminal including an authorization token. The method includes detecting and removing the authorization token by a network gateway node from the message before forwarding the message to the user terminal. | 09-09-2010 |
20100235899 | DATA PROCESSING SYSTEM, CONTROLLER, AND METHOD THEREOF FOR SEARCHING FOR SPECIFIC MEMORY AREA - A data processing system, a controller, and a method for searching for a specific logical block are provided. Logical blocks are searched out from a peripheral unit, where data of the searched logical blocks are not yet stored in a cache memory of a master control unit. During searching for the logical blocks, a plurality of read commands are executed. The read commands are set to read data of a plurality of separated logical blocks of the peripheral unit respectively, such that the search time is shortened. | 09-16-2010 |
20100235900 | EFFICIENT TWO-FACTOR AUTHENTICATION - Methods, devices, and systems are provided for an efficient two-factor authentication process. In particular, a card challenge is combined with a user-provided password or similar user-based credential before a transformation of the data is performed. Once the combined challenge and user-provided credential have been transformed, the transformed data is used as a basis for authentication verification. | 09-16-2010 |
20100242104 | METHODS AND SYSTEMS FOR SECURE AUTHENTICATION - A system, device, method, program instructions, and means for securely authenticating a user, the method including mapping, by a one time code generating device in the possession of a user, a one time code onto a graphical representation of a positional array; displaying the one time code mapped onto the graphical representation of the positional array; determining an encoded personal identification number (PIN), the encoded PIN is based on the one time code mapped onto the graphical representation of the positional array and a static PIN known by the user; and authenticating the user based on the encoded PIN. | 09-23-2010 |
20100251352 | System and method for rendering a set of program instructions as executable or non-executable - A method and system for rendering a set of computer-readable program instructions on a user device as executable or non-executable. The user device or an intermediary device may transmit an access-token request including a device identifier to a server device. The server device determines whether the device identifier matches a registered device identifier, and if so, transmits an access-token to the user device, or to the intermediary device, which in turn transmits the access-token to the user device. The access-token includes an expiration indicator. Preferably, the expiration indicator is not expired when received by the user device, but expires some time after being received by the user device. The user device executes a first set of program instruction to determine whether the expiration indicator is expired, and if so, renders a second set of program instructions as non-executable, otherwise the second set of program instructions are rendered as executable. | 09-30-2010 |
20100251353 | USER-AUTHORIZED INFORMATION CARD DELEGATION - A system can include an authorization token provided by a user, the authorization token specifying user identification information to be made accessible by an information card host to a relying party, an information card stored at the information card host, and an identity token generated or requested by the information card host in response to a request for identity token from the relying party. | 09-30-2010 |
20100263038 | Portable electronic device and personal authentication system with non-rewritable attribute memory - A portable electronic device has an attribute memory such as a one-time programmable read-only memory that non-rewritably stores an original attribute characterizing an authenticatee. When the authenticatee uses the portable electronic device at an authentication terminal, the authenticatee inputs the same attribute to the authentication terminal. The input attribute is sent from the authentication terminal to the portable electronic device and compared with the original attribute in the portable electronic device. Alternatively, the original attribute is sent from the portable electronic device to the authentication terminal and compared with the input attribute in the authentication terminal. The use of a non-rewritable attribute memory improves the security of the authentication system. | 10-14-2010 |
20100275253 | COMMUNICATION METHOD, COMMUNICATION SYSTEM, MOBILE NODE, AND COMMUNICATION NODE - There is provided a technique for reducing the number of messages handled in a Return Routability (RR) procedure for performing authentication between a mobile node (MN) and a peer communication node (CN). According to the technique, an MN | 10-28-2010 |
20100281530 | AUTHENTICATION ARRANGEMENT - A method, a proxy, a device, a system, and a computer program product for enabling authentication is provided. Authentication is enabled by receiving by a proxy a security token from an authentication provider, the security token including authentication information, receiving by the proxy an authentication request directed to the authentication provider or to the proxy, determining by the proxy whether the authentication information corresponds to the authentication request, and in case the authentication information corresponds to the authentication request, providing by the proxy the security token as a response to the authentication request. | 11-04-2010 |
20100299738 | CLAIMS-BASED AUTHORIZATION AT AN IDENTITY PROVIDER - Techniques are described herein for managing access to services (e.g., Web sites, applications, results of executable operations, etc.) that are provided by relying parties. A relying party is a processing system that relies on an identity provider to authenticate an entity (e.g., user or software application) that attempts to access a service provided by the relying party. The identity provider is a processing system that is configured to perform authentication and authorization operations with respect to the entity. The identity provider generates a claim that indicates access rights of the entity with respect to the relying party. The identity provider provides the claim to the relying party via a user system or via a direct or indirect link that bypasses the user system. The relying party determines whether to allow the entity to access the service based on the access rights indicated by the claim. | 11-25-2010 |
20100299739 | METHOD, TERMINAL, APPARATUS, AND SYSTEM FOR DEVICE MANAGEMENT - A method, a terminal, an apparatus, and a system for device management (DM) are provided. Specifically, a DM terminal, a DM apparatus, a bootstrap method and system, a method for acquiring a device description framework (DDF), a terminal management method and system, a method and system for acquiring a management node property, a method and system for retrieving a management object (MO) address, a method for managing an execution mode of a command, a method for maintaining a management session, and a method for obtaining a terminal activated MO are provided. The bootstrap method includes the following steps. A terminal receives bootstrap information of a server. The bootstrap information includes a server identifier (ServerID) of the server. The terminal performs bootstrap or re-bootstrap according to the bootstrap information. Therefore, management effectiveness, efficiency, and communication traffic may be improved, so as to enhance efficiency and effectiveness management of the terminal by the server. | 11-25-2010 |
20100306838 | METHOD AND APPARATUS FOR COPY PROTECTING A DIGITAL ELECTRONIC DEVICE - A device and a method of authenticating an electronic device are described. The method may comprise transmitting a token value and a parameter value to the electronic device and selecting a private key within the electronic device using the parameter value. The token value may be processed with a method selected by the parameter value to generate a processed token. The processed token may be compared with an expected processed token and the electronic device may be authenticated if the processed token compares favorably with said expected processed token. | 12-02-2010 |
20100306839 | ENTITY BI-DIRECTIONAL IDENTIFICATOR METHOD AND SYSTEM BASED ON TRUSTABLE THIRD PARTY - An entity bi-directional identification method and system based on a trustable third party thereof are provided. The system comprises a first entity, which is for sending a first message to a second entity, sending a third message to a third entity after receiving a second message sent by the second entity, verifying the fourth message after receiving a fourth message sent by the third entity, sending a fifth message to the second entity after the verification is finished; the second entity, which is for receiving the first message sent by the first entity, sending the second message to the first entity, verifying the fifth message after receiving the fifth message sent by the first entity; the third entity, which is for receiving the third message sent by the first entity, checking if the first entity and the second entity are legal, implementing the pretreatment according to the checking result, sending the first entity the fourth message after the treatment is finished. | 12-02-2010 |
20100306840 | DOCUMENT PROCESSING AUTOMATED SYSTEM AND IMAGE FORMING APPARATUS - It is facilitated to execute a workflow requiring user authentication. When an IC card reading/writing apparatus reads information recorded in an IC card owned by a user, an image forming apparatus transmits user credential information included in the read information to an authentication server. The authentication server performs authentication of the user based on the user credential information transmitted from the image forming apparatus. The image forming apparatus transmits workflow program information included in the information recorded in an authentication token and parameter information for the workflow program to an application server. The application server controls the image forming apparatus based on the workflow program information. | 12-02-2010 |
20100313258 | IDENTIFYING SYNONYMS OF ENTITIES USING A DOCUMENT COLLECTION - Identifying synonyms of entities using a collection of documents is disclosed herein. In some aspects, a document from a collection of documents may be analyzed to identify hit sequences that include one or more tokens (e.g., words, number, etc.). The hit sequences may then be used to generate discriminating token sets (DTS's) that are subsets of both the hit sequences and the entity names. The DTS's are matched with corresponding entity names, and then used to create DTS phrases by selecting adjacent text in the document that is proximate to the DTS. The DTS phrases may be analyzed to determine whether the corresponding DTS is synonyms of the entity name. In various aspects, the tokens of an associated entity name that are present in the DTS phrases are used to generate a score for the DTS. When the score at least reaches a threshold, the DTS may be designated as a synonym. A list of synonyms may be generated for each entity name. | 12-09-2010 |
20100319064 | DIGITAL CONTENT ACQUISITION SYSTEM AND TECHNIQUES - A network- and/or client-side digital content acquisition system facilitates automatic and simplified transactions, between a user of a consumer electronic device (“CED”) and a digital content source, for authorizing access to digital content items (“DCIs”). Computer-readable visual symbols are associated with DCIs. A particular computer-readable visual symbol has a visual symbology, presented on a surface, which encodes information regarding DCIs, sources responsible for authorizing access to the DCIs, and consideration (if any) due from a user. A user of a particular CED identifies, and uses the CED to reproduce and decode, a particular computer-readable visual symbol. Upon reproduction and/or decoding, the CED automatically requests access to the DCI, and provides a security token that links the user and the CED, and automatically authorizes transfer of consideration (if any) due from the user. Upon authentication of the security token, the user automatically receives access to the DCI. | 12-16-2010 |
20100325715 | BROWSER PLUG-IN FOR SECURE CREDENTIAL SUBMISSION - Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements. | 12-23-2010 |
20100325716 | Managing Access To A Document-Processing Device Using An Identification Token - A method and apparatus for accessing a document-processing device is provided. A request to access the document-processing device is received by the document-processing device. For example, the request may be a request to configure the document-processing device or a request to produce an electronic copy of a document. The document-processing device reads authentication data from an authentication token, which is a portable physical object associated with the user that issued the request. For example, the authentication token may be a proximity card, a common access card (CAC), a smart card, a credit card, a driver's license, or a cell phone. The document-processing device determines, based on the authentication data, whether the user has sufficient user access privileges to perform the request. If user has sufficient user access privileges to perform of the request, then the document-processing device performs the request. | 12-23-2010 |
20110004929 | Flexible Token For Use In Content Delivery - An embodiment of a system for managing delivery of content to end users includes a semantics generator configured to generate name/value pair semantics for name/value pairs that can be included in flexible tokens, a semantics publisher configured to publish the name/value pair semantics in a menu, wherein the name/value pair semantics are selectable, a flexible token interpreter configured to interpret name/value pairs included in flexible tokens according to the name/value pair semantics, the flexible token interpreter further configured to determine responses to content requests based on the name/value pairs included in flexible tokens, and an edge server configured to generate token-dependent responses to content requests based on determined responses from the flexible token interpreter. | 01-06-2011 |
20110010765 | FORENSIC TOOLKIT AND METHOD FOR ACCESSING DATA STORED ON ELECTRONIC SMART CARDS - A tool kit for accessing data stored on an electronic SMART card is provided, the kit comprising a SMART card reader and recorder, at least one storage card, and a control card. The card reader and recorder is operative to read and copy the electronic SMART card onto the storage card, and to read the control card, the storage card comprising a storage card security key. The control card comprises code generation means operative to generate a control card security key, copying of the electronic SMART card onto the storage card being prevented unless the control card security key is verified against the storage card security key. | 01-13-2011 |
20110023103 | METHOD FOR READING ATTRIBUTES FROM AN ID TOKEN - The invention relates to a method for reading at least one attribute stored in an ID token ( | 01-27-2011 |
20110030045 | Methods and Systems for Controlling Access to Resources and Privileges Per Process - To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process. | 02-03-2011 |
20110030046 | GUARDIAN MANAGEMENT SYSTEM - A computer-implemented method for allowing a guardian for a dependent to manage electronic services provided by a third party service provider to the dependent comprises the steps of: establishing an account for the dependent with the service provider by providing at least one item of dependent information; communicating the dependent information to a guardian management system; generating a token that is associated with the dependent information; storing the at dependent information and the token at the guardian management system; communicating the token to the service provider; storing the dependent information and the token at the service provider; communicating the token to the guardian; receiving at least one constraint on access to the service provider from the guardian; associating the at least one constraint with the token; and using the token to retrieve the at least one constraint when the dependent accesses the electronic services provided by the service provider. | 02-03-2011 |
20110030047 | METHOD, APPARATUS AND SYSTEM FOR PROTECTING USER INFORMATION - A method and apparatus for protecting user information. The method includes receiving a request for accessing the user information from an application. When the request does not include an authorized token, the user is requested to temporally confirm the request for access. In response to the confirmation, a token is generated and the user on a mobile service platform is associated with the request for access by the token. The application is then allowed to access the user information based on the token associating the user with the request for accessing the user information from the application. | 02-03-2011 |
20110035793 | TRANSPARENT RECONNECTION - In the event of an unintentional interruption, a token issued by a host system to a client system is used to reestablish communications without disrupting applications on the client system. If the host system provided an Internet Protocol address to the client system to be used during the interrupted communications session, the host system reserves the communications address during an interruption in communications for a period sufficient to permit reestablishment of communications using the reserved address. | 02-10-2011 |
20110035794 | METHOD AND ENTITY FOR AUTHENTICATING TOKENS FOR WEB SERVICES - A method, a system, and an entity for authenticating tokens for web services are provided in the embodiments of the present invention. The present invention relates to a technology used for authenticating a user login token for web services. This helps address a problem in the conventional art, that is, tokens cannot be managed in a centralized manner. An entity for authenticating tokens is provided in the embodiments of the present to maintain tokes, where all WSPs are required to authenticate tokens through the entity for authenticating tokens, and return the authentication result to the WSR. The embodiments of the present invention are applicable in WSPs, such as the IdP, ID-WSF discovery service, and AP. | 02-10-2011 |
20110055913 | Multi-Level Authentication - Approaches for performing a multiple level authentication on an entity are provided. A primary authentication credential and a secondary authentication credential may be established for a user account. The primary authentication credential uniquely identifies a particular account of the software application. The secondary authentication credential uniquely identifies an entity, such as a user, application, or device, authorized to use the particular user account. Upon receiving a request to access the software application using the particular user account, a determination is made as to whether the request is accompanied by the primary authentication credentials and a secondary authentication credential associated with the particular user account. Upon determining that the request is accompanied by valid primary and secondary authentication credentials for the user account, limited access, based upon the secondary authentication credential, to the software application using the particular user account is granted. | 03-03-2011 |
20110072502 | Method and Apparatus for Identity Verification - A method for identity verification includes receiving a request for proof of identity from a service provider and receiving biometric information associated with a user of a communication device. The method also includes determining that the received biometric information matches a biometric profile that contains biometric information associated with a registered user of the communication device. The method also includes unlocking a private key associated with the registered user in response to determining that the received biometric information matches a biometric profile and sending a request for a digital certificate that is signed with the private key associated with the registered user. The method further includes receiving the digital certificate that includes a public key associated with the registered user and satisfies the request for proof of identity. The method also includes with forwarding the digital certificate to the service provider. | 03-24-2011 |
20110072503 | METHOD OF AUTHENTICATION FOR A WIRELESS ENABLED MEMORY CARD - A method of authentication for a memory card is disclosed. The method comprises using a wireless-enabled mobile telecommunication-enabled apparatus to wirelessly and directly detect and connect to the memory card, the memory card being wireless-enabled. A keypad of the wireless-enabled mobile telecommunication-enabled apparatus is used to enter and wirelessly send directly to the memory card at least one of a user name and an authentication code. A processor in the memory card compares the user name and/or authentication code with a stored user name and/or authentication code in the memory card. Upon the processor validating the user name and/or authentication code, the memory card is activated for use. | 03-24-2011 |
20110078779 | Anonymous Preservation of a Relationship and Its Application in Account System Management - Disclosed is a system or method of using hash functions to preserve a relationship. A relationship is anonymously preserved by storing the hash result of a relationship token that comprises a finite set of values of a plurality of objects. Specifically, an account anonymous identifier of an account can be produced by hashing a relationship token that comprises identity information of an owner of said account. A party that has enough knowledge of an account owner can independently produces said account anonymous identifier and therefore, securely communicates with a specific account without prior communication or a password. An account owner can further prove his/her ownership of an account by submitting related documents and a relationship token that comprises his/her identity information to an account system. | 03-31-2011 |
20110078780 | USER AUTHENTICATION SYSTEM AND METHOD FOR ENCRYPTION AND DECRYPTION - A system configured to authenticate a user for encryption or decryption includes a user authentication apparatus, a computer-readable medium operable to communicate with the user authentication apparatus, and an encryption and decryption computer communicating with the user authentication apparatus. The computer-readable medium may store user identifying information and encryption and decryption data. The encryption and decryption computer may be configured to receive an application programming interface (API) for interfacing with the user authentication apparatus and receive the user identifying information from the computer-readable medium via the API. A user may be authenticated based on the user identifying information and, once the user is authenticated, the encryption and decryption data may be read. | 03-31-2011 |
20110093943 | AUTOMATIC ACCESS SYSTEM, HOST COMPUTER, DEVICE, RESPONSE DEVICE, REMOTE CODE READER SYSTEM, BARCODE READER, AUTOMATIC ACCESS METHOD, AUTHENTICATION METHOD, COMPUTER PROGRAM, AND RECORDING MEDIUM - A terminal | 04-21-2011 |
20110107410 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR CONTROLLING SERVER ACCESS USING AN AUTHENTICATION SERVER - An access request message is received at an authentication server computer, the access request message identifying an address of an access requesting client device. The authentication server authenticates the access request message and transmits an access authorization message from the authentication server computer to a blocking device that controls access to the protected server computer, the access authorization message identifying the address of the access requesting client device. Access to the protected server computer via the blocking device is controlled responsive to the access authorization message. | 05-05-2011 |
20110107411 | SYSTEM AND METHOD FOR IMPLEMENTING A SECURE WEB APPLICATION ENTITLEMENT SERVICE - System and method for implementing a secure web application entitlement service are described. One embodiment of the system comprises a plurality of entitlement point records each comprising a unique identifier associated therewith such that each of the enforcement point records can be associated with an enforcement point within an application; an identity service (“IS”) configured to provide a first token for enabling a user to access the application; an access gateway configured to provide a second token, the second token including a list of at least a portion of the unique identifiers; an entitlement server (“ES”) configured to receive an entitlement request from the application, the entitlement request including the second token, the ES further configured to associate the entitlement request with a user-authenticated session in the IS; and a policy decision point (“PDP”) configured to receive the list of at least a portion of the unique identifiers and to render a decision on the entitlement request based at least in part on policy information associated with ones of the enforcement point records identified by the unique identifiers of the list and attribute information from the IS; wherein subsequent to the rendering of a decision by the PDP, the decision is communicated to the application. | 05-05-2011 |
20110113479 | PERSONAL TOKEN HAVING ENHANCED SIGNALING ABILITIES - The invention relates to a personal token including a microprocessor and a memory, said personal token storing and running a software entity which constitutes an end-point for communication over the internet. The software entity constitutes an end-point according to a signaling protocol over the internet and the signaling protocol is of the type intended when the session for real-time conferencing is initiated between end-points. | 05-12-2011 |
20110113480 | CARRIER-GRADE PEER-TO-PEER (P2P) NETWORK, SYSTEM AND METHOD - A computing network, including: a plurality of peer computing devices including code, which when executed by a peer computing device causes the executing peer computing device to cooperate with at least one other of the peer computing devices; at least one server including code, which when executed by the at least one server locates at least one of the peer computing devices; and at least one mediator including code, which when executed by the at least on mediator collects information from at least some of the peer computing devices; wherein, the peer computing devices, at least one sever and at least one mediator are communicatively coupled via an at least carrier-grade telecommunications network being suitable for enhancing co-operation among the cooperating ones of the peer computing devices relative to best-efforts communications among the cooperating ones of the peer computing devices. | 05-12-2011 |
20110131642 | CLIENT-SERVER INPUT METHOD EDITOR ARCHITECTURE - In general, one innovative aspect of the subject matter described in this specification can be embodied in methods that include the actions of receiving an input method editor (IME) server request, the IME server request including one or more tokens and requesting that an IME server be instantiated, the IME server executing one or more IME functions based on a key event sent from an IME client, wherein the IME server is a stateful server that stores both requests and responses of a communication session between the IME server and the IME client, determining that the IME server can be instantiated in a restrictive environment based on the one or more tokens, and instantiating the IME server in the restrictive environment. Other embodiments of this aspect include corresponding systems, apparatus, and computer programs, configured to perform the actions of the methods, encoded on computer storage devices. | 06-02-2011 |
20110138454 | SYSTEMS AND METHODS FOR FACILITATING USER AUTHENTICATION OVER A NETWORK - In accordance with embodiments of the present disclosure, systems and methods for facilitating network transactions include user authentication over a network by providing strong mutual authentication of client web application to server side application server, providing session encryption key negotiation after authentication to continue encryption during communication, and providing a high-level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm. In various implementations, the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password or personal identification number) with something the user Has (e.g., a secure identification card) to create a stronger identity authentication proof for access to a mobile device and applications running on the mobile device. | 06-09-2011 |
20110154465 | TECHNIQUES FOR ACCESSING DESKTOP APPLICATIONS USING FEDERATED IDENTITY - Techniques for extending federation services to access desktop applications are herein described. In addition to the foregoing, other aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 06-23-2011 |
20110154466 | TOKENIZED DATA SECURITY - Provided are devices, methods, systems, computer readable storage media and other means for tokenizing data. In some examples, credit card numbers are tokenized using a pre-generated token map and absent the use of a networked database that stores a relatively large quantity of credit card numbers in a central location. The token map may be generated by a token map generator such that the token map can be used by a tokenizer to replace a portion of an account number with a token, and by a detokenizer to replace the token with the original portion of the account number. A pre-parser and parser may also be used to locate an account number and/or token in a message received over a network. | 06-23-2011 |
20110154467 | TOKENIZED DATA SECURITY - Provided are devices, methods, systems, computer readable storage media and other means for tokenizing data. In some examples, credit card numbers are tokenized using a pre-generated token map and absent the use of a networked database that stores a relatively large quantity of credit card numbers in a central location. The token map may be generated by a token map generator such that the token map can be used by a tokenizer to replace a portion of an account number with a token, and by a detokenizer to replace the token with the original portion of the account number. A pre-parser and parser may also be used to locate an account number and/or token in a message received over a network. | 06-23-2011 |
20110162058 | System and Method for Providing Convergent Physical/Logical Location Aware Access Control - According to one embodiment, a system for enforcing physical access control and logical access control may include a physical access control system, a logical access control system, a location detection system, and a convergence system. The convergence system may be communicatively coupled to the physical access control system, the logical access control system, and the location detection system and configured to: (i) receive information from the physical access control system regarding a physical access credential; (ii) receive information from the logical access control system regarding a logical access credential; (iii) receive information from the location detection system regarding a location of a location detection tag; and (iv) based on analysis of information regarding the physical access credential, information regarding the logical access credential, and the information regarding the location of the location detection tag, determine the approximate location of a person. | 06-30-2011 |
20110167488 | SYSTEMS AND METHODS FOR LOCATION AWARE ACCESS CONTROL MANAGEMENT - Described herein are systems and methods for access control management, these generally being directed towards location aware access control management. Embodiments of the invention have been particularly developed for providing additional functionalities in access control systems having disconnected devices, and the present disclosure is primarily focused accordingly. For example, embodiments include access control devices configured to operate in conjunction with a GPS receiver or other source of geographical positional information, and methods associated with the use of such devices. | 07-07-2011 |
20110173690 | Broadcast Area Authentication - Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. For example, in one embodiment, a broadcast station can broadcast a first over-the-air broadcast that includes a token. A local device can scan for and identify the token in the first over-the-air broadcast it receives. The local device can then transmit the received token and user registration to an authentication server. The authentication server can use the token and user registration information to create a unique broadcast identifier. The authentication server can then transmit the unique broadcast identifier to the broadcast station and the local device. The broadcast station then broadcasts a second over-the-air broadcast that includes a unique broadcast identifier. Once the local device receives the unique broadcast identifier from the second over-the-air broadcast and the authentication server, it can be authenticated as being in the broadcast area. | 07-14-2011 |
20110179477 | SYSTEM INCLUDING PROPERTY-BASED WEIGHTED TRUST SCORE APPLICATION TOKENS FOR ACCESS CONTROL AND RELATED METHODS - A target device may have a target application and a web application thereon, and a trust broker may generate an application token having associated therewith a state attribute having at least one of a hash digest and a property value assertion, and weighted trust score. The application token may correspond to a level of trustworthiness, in near real time, of a running application instance of the target application. A trust monitor may monitor an execution state of the target application, and an authentication broker may authenticate a user to the web application and based upon a web services query for remote verification of the target application. A network access enforcer may control access of an authenticated user to the target application, and a trust evaluation server may interrogate the target application and generate a trust score. | 07-21-2011 |
20110179478 | Method for secure transmission of sensitive data utilizing network communications and for one time passcode and multi-factor authentication - The invention is directed to a secure data transmission system and method for use in connection with potentially untrusted computer systems and data communication networks. The method involves transmission of sensitive data, such as authentication credentials, between at least two entities (for example, client and server systems and zero or more trusted token systems). This method utilizes symmetric encryption, shared secrets, and data strings composed of pseudo-random characters (also known as “tokens”) to authenticate entities to other entities and to securely transmit data between entities. | 07-21-2011 |
20110185415 | System and method for information exchange by means of web-enabled personal trusted device - A system and method for token-based information dispatch is proposed. The system establishes a link between a user via his/her personal trusted device (PTD) and a Publisher that publishes a request for information exchange in the form of a unique number (token), encoded in optical or radio frequency signal. The user PTD reads said signal, establishes a link with the Publisher, and authorizes exchange of information between the user, the Publisher, and the parties designated by the Publisher. | 07-28-2011 |
20110191841 | METHOD AND TRUSTED SERVICE MANAGER FOR PROVIDING FAST AND SECURE ACCESS TO APPLICATIONS ON AN IC CARD - A method for providing fast and secure access to MIFARE applications installed in a MIFARE memory (MM) being configured as a MIFARE Classic card or an emulated MIFARE Classic memory, comprises: keeping a repository ( | 08-04-2011 |
20110191842 | Authentication in a Communication Network - A method and apparatus for authentication in a communication network. A network node receives an initial request message from a user device, and sends an authentication message to an authentication node. In reply, the network node receives an expected response value and an authentication token from the authentication node. The expected response value is determined using a first shared secret known to the authentication node and the user and a second shared secret known to the authentication node and the user device, and the authentication token is determined using the second shared secret. The network node sends the authentication token from the network node to the user device, and in response receives a response value calculated using authentication token, the first shared secret and the second shared secret. The network node then determines if the response value matches the expected response value and, if so, authenticates the user. | 08-04-2011 |
20110191843 | UNIVERSAL DEVICE ID REGISTRY, BACK-END, AND SELF-VERIFICATION ARCHITECTURE - Modular devices consist of a user-interface shell and a detachable communication cartridge. The shell and cartridge both contain unique serial numbers, user-defined passwords, and secret authentication keys, which can be communicated to cartridges and shells, and to a network. A universal wireless device registry system stores serial numbers of integrated devices, device shells, and device cartridges, and other characteristics associated with devices such as secret keys, passwords, screen size, operating system, service usage, and supply chain information. This registry system is able to track communication devices all around the world and is connected to and shares information with computer servers controlled by service providers, manufacturers, and supply chain companies. When shells and cartridges communicate their numbers to the registry system, the registry system can authenticate shells and cartridges. Service providers can also track and control shells and cartridges (as well as devices) based on information from the registry system. Market research can be done using the information associated with each device on the registry system. | 08-04-2011 |
20110197271 | CARD BASED AUTHENTICATION SYSTEM AND METHOD FOR RELEASING STORED RENDERING JOBS - An authentication system and method for securely releasing a stored rendering job utilizing an electronically readable card. The electronically readable card can be registered by entering network credential at a user interface associated with a MFD and the card can be validated before storing the card details into a MFD database. The card can be swiped with respect to a card reader associated with the MFD in order to authenticate a user based on the stored credential via an authentication server. The MFD can be unlocked if the card is recognized in order to provide access to an appropriate service. The rendering jobs associated with the user can be displayed and released immediately based on user selection. | 08-11-2011 |
20110202990 | COMPUTER INFORMATION SECURITY SYSTEM AND OPERATION METHOD THEREOF - The present invention relates to a computer information security system and method, the system includes a connection device and a sensor. When the connection device plug in to the predetermined computer, the sensor and the connection device are conjoint, a first identification code can be stored to the computer through the connection device, and generated an initialization setting of the second identification code to the sensor through the connection device. Therefore, when the sensor is out of the predetermined range of the connection device, the connection device will control the computer for encoding to prevent unauthorized user to use the computer; when the sensor is located within the range of the predetermined range of the connection device, the connection device will automatically input the first identification code to the computer to enable the user to directly use the computer without inputting the first identification code to avoid the complicated procedure of inputting the first identification code when the user return to work on the computer, thus to reinforce the security to the information in the computer and to make the operation more convenient. | 08-18-2011 |
20110202991 | PRESERVING PRIVACY WITH DIGITAL IDENTITIES - A privacy-preserving identity system is described herein that combines low disclosure tokens with an identity metasystem to allow proof of a user's identity and other claims about the user in a manner that preserves the user's privacy by avoiding disclosing unnecessary information about the user. A low or minimal disclosure token is a security token that encodes claims in such a way that (1) the token can be long-lived, (2) the token can be presented in an unlinkable manner, or (3) the user can minimally disclose the encoded information to respond to an unanticipated Relying Party policy. Using the privacy preserving system within an identity metasystem, users can obtain long-lived, low disclosure tokens from the Identity Provider and later present them to Relying Parties; thus improving both user' privacy and the system's scalability. | 08-18-2011 |
20110214173 | PROTECTING ACCOUNT SECURITY SETTINGS USING STRONG PROOFS - One or more strong proofs are maintained as associated with an account of a user. In response to a request to change a security setting of the account, an attempt is made to confirm the request by using one of the one or more strong proofs to notify the user. The change is permitted if the request is confirmed via one or more of the strong proofs, and otherwise the change to the security setting of the account is kept unchanged. | 09-01-2011 |
20110219439 | PROVIDING SUPPORT FOR MULTIPLE AUTHENTICATION CHAINS - A method and system to support multiple chains of authentication modules. The method may include receiving a user login request, and identifying multiple chains of authentication modules to be performed prior to allowing a user to login, where each chain of authentication modules is associated with a chain manager. The method further includes determining dependencies between chain managers, invoking the chain managers in the order defined by the dependencies, and | 09-08-2011 |
20110219440 | APPLICATION-LEVEL DENIAL-OF-SERVICE ATTACK PROTECTION - The gate guard filtering of incoming application-level requests on behalf of an application. Upon receiving an application request, a token found in the application request may be evaluated by the gate guard. This token may have been previously provided by the application, with instructions that future application requests by the client are to include the token. The gate guard classifies the incoming request as being a member of a subset of one or more application request classes. These identified request classes may be used to determine an admission policy to apply based on the particular subset of one or more request classes corresponding to the application request. The admission policy is then applied to the incoming application request to determine if the application request should be rejected or accepted. As another option, the application request may perhaps even be deferred for future determination of rejection or acceptance. | 09-08-2011 |
20110219441 | Contextual Query Revision - Apparatus, systems and methods for contextual query revision are disclosed. A current search query is received during a search session. The current search query includes one or more current search tokens. Potentially inaccurate search tokens are identified from the one or more current search tokens. A possible replacement token is identified based upon the potentially inaccurate search token. A group of related tokens is identified from query logs, and a modified search query is generated if the replacement token is not included in the related tokens. | 09-08-2011 |
20110225641 | Token Request Troubleshooting - A system and method for troubleshooting errors that occur during token requests. An identity provider generates a session ID and uses the session ID when logging events that occur during handling of the request. Multiple servers, processes, or threads may use the same session ID. The session ID may be sent with an error message to the requester. An ID of one or more servers that processed the request may also be sent to the requester. Upon receiving the error message, the requester may provide the error information to an administrator, who uses the information to retrieve associated logged events. | 09-15-2011 |
20110225642 | CONFIGURATION OF COMPUTER AND COMMUNICATION SYSTEMS RESPONSIVE TO PHYSICAL PRESENCE OF A USER AT A SITE - At a site that has spaces for users, a computer system receives a reservation for one of the users for one of the spaces. A user detection apparatus detects physical presence of the user at the site and transfers a presence indication. The computer system processes the presence indication to authorize the user and identify the reservation. In response, the computer system configures a communication system to route communications directed to the user to a communication device in the reserved space, configures a user computer in the reserved space to access a data network system based on a user profile for the user, and configures a graphic display in the reserved space to display an image associated with the one user. | 09-15-2011 |
20110231921 | PLUGGABLE TOKEN PROVIDER MODEL TO IMPLEMENT AUTHENTICATION ACROSS MULTIPLE WEB SERVICES - A pluggable token provider model for message level authentication across multiple web services is provided. Web service and token provider implementations within a client application are separated from an actual component that operates the business logic to formulate and understand a web request. The web service components may request web services to be executed and supply the body for the web service message while a common framework maintains the web services metadata, which includes definitions associated with respective tokens. The framework may further maintain token provider implementations that actually fetch authentication tokens and perform the web requests. | 09-22-2011 |
20110231922 | COMMUNICATION APPARATUS, WIRELESS COMMUNICATION SYSTEM, AND METHOD OF SETTING ASSOCIATION INFORMATION - A communication apparatus includes a first communication unit that performs a wireless communication with two storage media that store therein association information for establishing a wireless connection and user identification information for identifying a user, respectively, and receives the association information and the user identification from the two storage media; a determination unit that performs user authentication based on the user identification information, determines whether or not to validate the association information based on the user authentication, and if the association information is determined to be valid, sets the association information; and a second communication unit that establishes a wireless connection based on the association information set by the determination unit. | 09-22-2011 |
20110231923 | LOCAL AUTHENTICATION IN PROXY SSL TUNNELS USING A CLIENT-SIDE PROXY AGENT - A traffic management device (TMD), system, and processor-readable storage medium are directed towards reducing a number of login web pages served by a server device over an end-to-end encrypted connection. In one embodiment, a TMD intercepts and processes requests for content addressed to the server device. The TMD may serve a stored copy of a login page corresponding to the requested content to the client device. In response, the client device may submit login information associated with the login page to the TMD. The TMD may extract the login information from the submitted response and send a request to the server device to authenticate the client device based on the extracted login information. If the client device is authenticated, the TMD may transmit a ‘login successful’ page to the client device. | 09-22-2011 |
20110252466 | Intelligent remote device - An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction. | 10-13-2011 |
20110252467 | SYSTEM AND METHOD FOR TRUSTED COMMUNICATION - A trusted communication system and methods of ensuring trusted communications are provided. A trusted communication system may comprise: a first token identifying a first portable memory device, a second token identifying a second portable memory device, a database configured to store tokens and associations therebetween and a trusted communication server configured to (i) receive a request from a second client, said second client configured to operate with the second portable memory device, to allow said second client to access a first network resource related to a first client configured to operate with the first portable memory device, the request including the second token, and (ii) query the database to determine whether there is an association between the second token and the first token, wherein upon a determination that the database server contains an association between second token and the first token, the trusted communication server permits the second client access to the first network resource. | 10-13-2011 |
20110258690 | SECURE HANDLING OF IDENTIFICATION TOKENS - A method for authentication includes, in a first computer ( | 10-20-2011 |
20110271338 | Authentication Tokens For Use In Voice Over Internet Protocol Methods - Setup of a Voice over Internet Protocol (VoIP) call is initiated and an authentication token is received for the VoIP call that is set up, that indicates that the VoIP call is authorized. The authentication token is inserted into packets for the VoIP call. The packets, including the authentication token therein, are transmitted into an IP network. The authentication token may be placed in an IP version 6 (IPv6) flowID field. | 11-03-2011 |
20110283347 | USING A TRUSTED TOKEN AND PUSH FOR VALIDATING THE REQUEST FOR SINGLE SIGN ON - Providing access to an enterprise application from a telecommunications device via a client, through a device server, and an intermediate application gateway (IAG), is disclosed. The server is communication with the client and the IAG. The IAG and client are in indirect communication via the server. The client is operative to request an enterprise application token from the IAG using a dataset comprising a device identifier and a user identifier, without concurrently prompting a user for the dataset. The IAG is operative to prepare a token in response to the request, and push the token to an e-mail address associated with the telecommunications device via the server's push proxy gateway. The client is operative to employ the token in communications addressed to an enterprise application via the server and the IAG. The IAG is operative to replace the token in each communication with identification information called for by the enterprise application. | 11-17-2011 |
20110289576 | RUBBING ENCRYPTION ALGORITHM AND SECURITY ATTACK SAFE OTP TOKEN - The present disclosure proposes a secure way to generate the OTP code by way of a web browser. A user does not need any electronic device on hand to obtain OTP for 2FA login. A new Rubbing Encryption Algorithm (REAL) is proposed as the base technology. Implementation method of such web-based OTP token is presented and analyzed. It operates through a web-browser with a multiple REAL keys. It can be integrated into many secure Internet commerce applications as well. A system is provided for secure access to a software program or website. The system has a first entity with a computing device with a processor and a memory. The first entity provides a plurality of data items. The system also has a second entity with at least one display for displaying the plurality of data items. The data items are arranged in a predetermined format. The display also displays a prompt for a user identification and a prompt for a code. The second entity has a member with a transparent portion. The transparent portion comprises a periphery with a plurality of markings placed around the periphery. The markings point to a first direction or to an opposite second direction. The second entity overlays the member over the data items. The markings point to the plurality of data items to reveal a code. The code is input and permits access of the second entity to the computing device of the first entity. | 11-24-2011 |
20110296512 | METHOD FOR READING ATTRIBUTES FROM AN ID TOKEN - The invention relates to a method for reading at least one attribute stored in an ID token where the ID token is associated with a user, having the following steps: the user is authenticated to the ID token, a first computer system is authenticated to the ID token, following successful authentication of the user and the first computer system to the ID token, the first computer system effects read access to the at least one attribute stored in the ID token in order to transmit the at least one attribute, when it has been signed, to a second computer system, where the authentication of the first computer system to the ID token is performed because of an attribute specification, which is received by the first computer system from a third computer system. | 12-01-2011 |
20110296513 | Location based security token - A third, location-based level of security is added to physical possession, and entry of an authorized passcode, of an authentication token (or security token) fob to provide added security based on a location of attempted access to a secure network resource. A current location of the location-based authentication token fob is obtained, and combined with an entered passcode, to form a passcode key. The passcode key is compared against pre-registered authorized passcode keys (including pre-registered authorized locations for use of the location-based authentication token) to determine authorization for access. | 12-01-2011 |
20110296514 | METHOD FOR CREATING A PERSONALIZED INSIGNIA - The invention relates to a method for verifying access of a user of an online presence to a user site or a group site at the online presence through an identifier ( | 12-01-2011 |
20110302646 | SYSTEM AND METHODS FOR ONLINE AUTHENTICATION - A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer. | 12-08-2011 |
20110307947 | FLEXIBLE END-POINT COMPLIANCE AND STRONG AUTHENTICATION FOR DISTRIBUTED HYBRID ENTERPRISES - Systems, methods and apparatus for accessing at least one resource hosted by at least one server of a cloud service provider. In some embodiments, a client computer sends authentication information associated with a user of the client computer and a statement of health regarding the client computer to an access control gateway deployed in an enterprise's managed network. The access control gateway authenticates the user and determines whether the user is authorized to access the at least one resource hosted in the cloud. If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer. The client computer sends the security token to the access component in the cloud to access the at least one resource from the at least one server. | 12-15-2011 |
20110307948 | EXTENDING A CUSTOMER RELATIONSHIP MANAGEMENT EVENTING FRAMEWORK TO A CLOUD COMPUTING ENVIRONMENT IN A SECURE MANNER - A customer relationship management (CRM) eventing framework may be extended to a cloud computing environment. A listening channel may be opened between a service and a service bus in a cloud computing environment. The cloud computing environment may also include an authenticating service. Service information for the service may be registered with a CRM. The CRM may receive a request made by a requester. The request may trigger a request processing pipeline in an eventing framework. The CRM may post event data responsive to the request to the service bus. The service may receive the event data, process it and may send back a confirmation or response. The CRM may finally send a response to the requester. | 12-15-2011 |
20110307949 | SYSTEM AND METHODS FOR ONLINE AUTHENTICATION - A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer. | 12-15-2011 |
20110314533 | IDENTITY BROKER CONFIGURED TO AUTHENTICATE USERS TO HOST SERVICES - Techniques are disclosed for an identity broker to authenticate users to a network device, system, or hosted application that uses certain legacy protocols for user authentication. For example, the identity broker may be configured to respond to a user authentication request from a network device formatted as a RADIUS or LDAP message. The identity broker may operate in conjunction with an identity provider to authenticate a user requesting access to a computing resource (e.g., to the network device, system, or hosted application). | 12-22-2011 |
20110314534 | Secured Execution Environments and Methods - A secured portable execution environment device could be provided by a business as a fee-based service, where a user selects applications that he wishes to license and methods of securing and backing up the execution environment. The device could be provided as a portable flash drive, which could then be plugged into any computer with any operating system to access the execution environment saved on the drive. When the user executes an application launcher on the flash drive and authenticates his identity, the application launcher allows the user to access secure applications saved on the flash drive and secure data saved in the application launcher environment. | 12-22-2011 |
20110321147 | DYNAMIC, TEMPORARY DATA ACCESS TOKEN - Provided are techniques for generating a temporary data access token for a subset of data for a specific period of time for a non-registered user who did not register with a computer providing access to the subset of the data. In response to the non-registered user attempting to access the subset of data with the temporary data access token, it is determined whether the temporary data access token is valid for the subset of data based on the specified period of time. In response to the temporary data access token being valid, the subset of data is provided to the non-registered user. In response to the temporary data access token not being valid, access is denied to the subset of data by the non-registered user. | 12-29-2011 |
20110321148 | Methods And Systems For Providing a Token-Based Application Firewall Correlation - Token-based firewall functionality. A request is received for access to a resource from a remote user device, the request received by an application firewall. A token is associated with the request. The token and associated information are stored in an event correlator coupled with the application firewall. The token is associated with one or more subsequent actions by the resource in response to receiving the request. A response to the request including the token is generated. The response with the token is transmitted to the remote user device via the application firewall. The application firewall analyzes the response and determines an action to be taken on the response based on the token and the associated information. | 12-29-2011 |
20110321149 | SYSTEM AND METHOD FOR AUTHENTICATING A SOURCE OF RECEIVED ELECTRONIC DATA - A method for verifying and identifying users, and for verifying users' identity, by means of an authentication device capable of transmitting, receiving and recording audio or ultrasonic signals, and capable of converting the signals into digital data, and performing digital signal processing. Voice pattern(s) and user(s) information of one or more authorized user(s) are recorded and stored on the authentication device. User(s) identification is verified by inputting to the authentication device a vocal identification signal from a user, and comparing the voice pattern of the vocal identification signal with the recorded voice pattern(s) of the authorized user(s), and if a match is detected issuing an indication that the user is identified as an authorized user. | 12-29-2011 |
20120005740 | SYSTEM AND METHOD FOR VERIFYING A SECURITY TOKEN - A policy description for a web service is received at a web service client. The policy description includes a predefined security policy constraint, requires that an application requesting execution of the web service also provide a security token generated by a security token service, and requires that the security token complies with the predefined security policy constraint. A message is generated that is compliant with the policy description for obtaining the security token. The message is sent to the security token service. The security token generated by the security token service is received in response to receipt of the message. The security token is compared against the predefined security policy constraint to verify compliance of the security token generated by the security token service against the predefined security policy constraint. | 01-05-2012 |
20120011579 | BIOMETRIC AUTHENTICATION DEVICE, BIOMETRIC AUTHENTICATION METHOD AND STORAGE MEDIUM - A biometric authentication device includes: a biometric information obtain portion obtaining biometric information of a user; a biometric condition determine portion determining good and bad of biometric condition of the user according to the biometric information of the user; a biometric matching portion performing a matching of registered biometric information registered in advance based on the biometric information; an alternate authentication portion performing an authentication based on information that is different from the biometric information; and an alternate authentication control portion switching validation and invalidation of the authentication by the alternate authentication portion according to a determination result of the biometric condition determine portion. | 01-12-2012 |
20120017269 | INVOCATION OF THIRD PARTY'S SERVICE - Invoking a computer implemented service includes receiving a request from a first user to access a service associated with a second user. The request is associated with a security token for the first user and an identity token for the second user. The acceptability of the security token is determined to authenticate the first user, and the acceptability of the identity token is determined to securely identify the second user. The first user is able to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable. | 01-19-2012 |
20120023566 | Fraudulent Page Detection - A method of determining whether a page is a fraudulent page comprising the steps of: extracting a plurality of tokens from the page, ( | 01-26-2012 |
20120023567 | TOKEN VALIDATION FOR ADVANCED AUTHORIZATION - A server computer for implementing advanced authorization using token validation is provided. The server computer comprises a processor and a computer readable medium coupled to the processor comprising code executable by the processor for implementing a method. The method comprises receiving verification information that is based on a verification token associated with a client computer. The method further comprises receiving transaction information associated with a first transaction and receiving account information associated with a payment account used in the first transaction. A risk score associated with the first transaction is generated based on at least the verification information, the transaction information, and the account information. | 01-26-2012 |
20120030744 | Method of Managing Sensitive Data in an Electronic Token - A method of managing data in an electronic token includes an initial step of storing a first data into the electronic token and into a secured site. Secret data, intended to be initialized in the electronic token, is identified. Instructions and a subset of the first data are also identified, wherein the subset allows the secret data to be rebuilt by applying the instructions. A reference identifying the subset is sent to the electronic token. In the electronic token, the secret data is rebuilt from the first data and the reference by applying the instructions. | 02-02-2012 |
20120030745 | METHOD FOR CARRYING OUT AN APPLICATION WITH THE AID OF A PORTABLE DATA STORAGE MEDIUM - A method for carrying out an application with the help of a portable data carrier, wherein the data carrier includes two separated communication interfaces. According to the method, a user transmits via a first terminal specified input data for processing by the application to a server via a first data connection between the first terminal and the server. Then, authentication data for authenticating the application based on the input data of the server are transmitted via a second data connection between the server and the data carrier which is connected via the first communication interface with the first terminal, The authentication data are then transmitted from the data carrier via a third data connection to the second terminal. The third data connection is realized by means of the second communication interface. Finally, upon confirmation of the authentication data by the user via the first or second terminal confirmation data to the server are transmitted via at least the first or second data connection, whereupon the server executes the application. | 02-02-2012 |
20120042371 | APPARATUS AND METHOD FOR RETRIEVING A BOARDING PASS - The subject matter discloses a computerized apparatus having a processor configured for providing an access to an authentication token, the authentication token is generated by a remote computing device, wherein a link to the remote computing device is embedded in a message sent to the computerized apparatus. the apparatus comprises a message detecting module configured for detecting the message; a transmitting module configured for sending a request to the remote computing device for receiving the authentication token, wherein the request is according to the link being extracted; a downloading module configured for downloading the authentication token being returned from the remote computing device; a storing module configured for storing the authentication token downloaded by the downloading module in a storage of the computerized device; and an access module configured for accessing the authentication token, stored in the storage, according to predetermined rules. | 02-16-2012 |
20120047568 | Digital Asset Management on the Internet - Techniques pertaining to managing digital assets and data stored in various third-party web services on the Internet are disclosed. A web platform based on web standards is constructed. A web driver containing specifications of a plurality of digital asset management feature plug-ins is provided. A third-party web service on the Internet implements the web driver by adding programming codes according to the specifications and returns the implemented web driver. The web platform registers the third-party web service by storing the web driver in a database. Any registered web services can be added to the web platform as virtual storage devices, or Smart Drives, by a user. Digital assets and data stored in various registered third-party web services can be directly managed or ported from one to the others through accessing corresponding Smart Drives without having to go through multiple logins. | 02-23-2012 |
20120060210 | REAUTHENTICATION TO A WEB SERVICE WITHOUT DISRUPTION - Authenticating internet application sessions. A method includes downloading client side code that when executed implements one or more client side modules including at least one module with message interception functionality. The method includes executing the client side code to implement the one or more client side modules. A request is sent to an internet application server. In response to the request, a message is received from the internet application server indicating that the request is not authorized. The message from the internet application server indicating that the request is not authorized is intercepted at the one or more client side modules. The one or more client side modules, as a result of the message indicating that the request is not authorized, send a request for authentication in a required format for authentication. Authentication is performed without losing user state associated with the request to the internet application server. | 03-08-2012 |
20120066756 | AUTHENTICATION SERVICE - A method that includes authenticating a party based on presentation of a token by the party is described herein. | 03-15-2012 |
20120066757 | ACCESSING DATA BASED ON AUTHENTICATED USER, PROVIDER AND SYSTEM - A method that includes authenticating an authentication system, a user, and a service provider, generating an access code based on a combination of data related to the authenticated user and data related to the authenticated service provider, and using the access code to access at least some of data storage locations is described herein. | 03-15-2012 |
20120066758 | Online User Authentication - A user establishes a verified online identity, for example by providing an identity token and biometric information, and an assurance level is established for that identity for use in an authentication service. Different assurance levels may be provided based on the degree of verification of the user's identity, for example by social network scoring, credit references, or by means of the identity token and biometric information. | 03-15-2012 |
20120079583 | OFFLOAD READS AND WRITES - Aspects of the subject matter described herein relate to offload reads and writes. In aspects, a requestor that seeks to transfer data sends a request for a representation of the data. In response, the requestor receives one or more tokens that represent the data. The requestor may then provide one or more of these tokens to a component with a request to write data represented by the one or more tokens. In some exemplary applications, the component may use the one or more tokens to identify the data and may then read the data or logically write the data without additional interaction with the requestor. Tokens may be invalidated by request or based on other factors. | 03-29-2012 |
20120084851 | TRUSTWORTHY DEVICE CLAIMS AS A SERVICE - Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issues may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet. | 04-05-2012 |
20120096535 | One Time Password - A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s. | 04-19-2012 |
20120102561 | TOKEN-BASED RESERVATIONS FOR SCSI ARCHITECTURES - A method for enabling reservations in SCSI architectures is disclosed herein. In one embodiment, such a method includes receiving a reservation request from a SCSI initiator. The method then generates a token in response to receiving the reservation request, stores the token, and transmits a copy of the token to the SCSI initiator. The SCSI initiator may attach this token to commands transmitted while the reservation is in place. Upon receiving a command from the SCSI initiator, the method compares the token attached to the command with the stored token. If the attached token and stored token match, the method processes the command. Otherwise, the command is not processed. A corresponding system and computer program product are also described herein. | 04-26-2012 |
20120117635 | SIMULACRUM OF PHYSICAL SECURITY DEVICE AND METHODS - A simulacrum security device and methods. In one embodiment, a simulacrum or likeness of a physical security device is provided for use in conjunction with a software emulation of the security device. In one implementation, a “faux SIM card” is provided that does not contain Subscriber Identification Module (SIM) information itself, but instead enables a user to download Electronic SIM (eSIM) information (e.g., from a network or eSIM server) which is loaded into a software emulation of a Universal Integrated Circuit Card (UICC) device. The faux card is printed with an activation code, scan pattern, or other activation or access information. The subscriber purchases the faux card, and enters the activation code into a device; the entered activation code enables the device to log onto a network, and download the appropriate eSIM data. Delivery of eSIM information as enabled by the faux card addresses deficiencies in existing SIM distribution schemes, provides users with an enhanced perception of security, and further addresses various legal requirements. | 05-10-2012 |
20120117636 | MANAGEMENT OF MULTIPLE CONNECTIONS TO A SECURITY TOKEN ACCESS DEVICE - An electronic device, system and method for automatically managing wireless connections with a plurality of other devices are provided. The electronic device may be a security token access device and may be adapted to wirelessly pair and optionally securely pair with other devices. Connection information, which may comprise security information, is maintained at the electronic device for each connected device. When a connected device becomes stale, the electronic device implements one or more steps to manage the stale device's connection. | 05-10-2012 |
20120117637 | MANAGEMENT OF MULTIPLE CONNECTIONS TO A SECURITY TOKEN ACCESS DEVICE - A security token access device, a user device such as a computing device or communications device, and a method for managing multiple connections between multiple user devices and the access device. The access device maintains connection information, including security information, for each user device securely paired with the access device. Each time a new user device is paired with the access device, the access device transmits a notification to the user devices already paired to the user device. A user may provide instructions to the access device to terminate a pairing with one of the user devices by overwriting at least a portion of the connection information associated with the designated user device. A user device may further request a listing of all user devices currently paired with the access device. | 05-10-2012 |
20120117638 | TECHNIQUE FOR CONTROLLING ACCESS BY A CLIENT ENTITY TO A SERVICE - A technique of controlling access by a client entity to a service in a communications network. Processing modules are interconnected in the network in order to supply the service to the client entity. A processing module implements an individual function of a chain of individual functions associated with the service. The access method includes the following steps implemented by an access control device associated with an access node giving access to the service, the device being referred to as a main device: receiving a chain of processing modules from the access node; sending, to a secondary access control device associated with a processing module of the chain, a request to access the processing module under consideration, the request including an access token negotiated between the main device and the client entity; receiving a response to the access request from the secondary device; and notifying the access node of the response. | 05-10-2012 |
20120124656 | Method and system for mobile device based authentication - In this specification, access may be provided to secure systems by authentication using mobile devices. Users may register a mobile device and password with an authentication system. To access a secure system, users may send a request with a registered phone number via SMS, internet or phone. In an embodiment, the authentication server system may send the token and the position of the password via SMS. Users may enter the authentication code comprising of the token and the password at the secure system. The secure system compares the authentication code with the stored authentication code to grant access to the secure system. Secure access may be used in credit card, pre-paid card, debit card or any other card transactions other financial transactions authentication, login authentication for a computer system and security access authentication. | 05-17-2012 |
20120124657 | AUTOMATED SECURITY TOKEN ADMINISTRATIVE SERVICES - This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services. | 05-17-2012 |
20120124658 | System and Method for Providing Secure Data Communication Functionality to a Variety of Applications on a Portable Communication Device - A system for providing an application associated with a portable communication device the ability to communicate via a secure element. The system has a digital identifier and digital token operably associated with the application; a card services module that provides an application programming interface to the secure element; and a secure data table associated with the card services module. The secure data table includes a list of trusted applications each identifiable by paired digital identifier and token. The card services module [includes] compares the identifier and the token with each of the identifier-token pairs in the table until a match indicates the application is trusted. The card services module issues commands to the secure element based on an action requested by a trusted application in conjunction with the presentation of the digital token. A method of providing an application with the ability to communicate via secure element is also disclosed. | 05-17-2012 |
20120124659 | System and Method for Providing Diverse Secure Data Communication Permissions to Trusted Applications on a Portable Communication Device - A system for providing first and second trusted applications diverse permission to communicate via a secure element. The system comprising first digital identifier and digital token operably associated with the first trusted application; a second digital identifier and digital token operably associated with the second trusted application. The system further includes a card services module that provides an application programming interface to the secure element supported by a secure data table including first and second sets of permissions. The card services module issues one or more commands to the secure element based on a first action requested by the first trusted application in conjunction with the presentation of the first digital token only if the one or more commands will not violate the first set of permissions. A method is also disclosed. | 05-17-2012 |
20120131660 | USING CACHED SECURITY TOKENS IN AN ONLINE SERVICE - A security token service generates a security token for a user that is associated with a client and stores the full security token within a memory. The security token includes an identity claim that represents the identity of the generated security token. Instead of passing the entire security token back to the client, the identity claim is returned to the client. For each request the client makes to the service, the client passes the identity claim in the request instead of the full security token having all of the claims. The identity claim is much smaller then the full security token. When a computing device receives the identity claim within the request from the user, the identity claim is used to access the full security token that is stored in memory. | 05-24-2012 |
20120131661 | BACK-END CONSTRAINED DELEGATION MODEL - A client can communicate with a middle tier, which can then, in turn, communicate with a back end tier to access information and resources on behalf of the client within the context of a system that can scale well. Each individual back end can establish a policy that defines which computing device can delegate to that back end. That policy can be enforced by a domain controller within the same administrative domain as the particular back end. When a middle tier requests to delegate to a back end, the domain controller to which that request was directed can either apply the policy, or, if the domain controller is in a different domain than the targeted back end, it can direct the middle tier to a domain controller in a different domain and can sign relevant information that the middle tier can utilize when communicating with that different domain controller. | 05-24-2012 |
20120144474 | METHOD OF PROTECTING ACCESS TO DATA ON A NETWORK - The invention is a method of managing access to a plurality of data from a server by a client through a point-to-point link. Each of the data is reachable through a set of URIs that belongs to an index list. The method comprises the step of inserting a request to a control message in the index list. The control message applies to a data reachable through one URI belonging to the index list. | 06-07-2012 |
20120159601 | Transition from WS-Federation Passive Profile to Active Profile - A server system sends a first credential request to a passive requestor at a client device. After sending the first credential request, the server system receives a credential for a user of the client device. If the credential is valid, the server system can provide the passive requestor with access to a resource provided by the server system. After providing the passive requestor with access to the resource, the server system provides an active requestor at the client device with access to the resource without sending a second credential request to the active requestor. Consequently, it may not be necessary for a user of the client device to provide credentials twice in order for the passive requestor and the active requestor to access the resource. | 06-21-2012 |
20120159602 | MOBILE MIDDLEWARE FOR GENERIC BOOTSTRAPPING ARCHITECTURE - A mobile terminal receives a Global Bootstrapping Architecture (GBA) authentication request from an application client, executing on a processor of the device, in non-standard GBA syntax. The mobile terminal converts the GBA authentication request into standard GBA syntax for a Universal Integrated Circuit Card (UICC) and sends the GBA authentication request having standard GBA syntax to the UICC. The mobile terminal receives, from the UICC, GBA authentication information responsive to the GBA authentication request, the GBA authentication information having standard GBA syntax, and converts, the GBA authentication information having standard GBA syntax into GBA authentication information having non-standard GBA syntax supported by the application client. | 06-21-2012 |
20120159603 | MOBILE OUT-OF-BAND AUTHENTICATION SERVICE - Certain embodiments enable authentication of an application session at a client machine by using authentication values and user-identification values that are received from a mobile communication device. The mobile communication device provides an out-of-band channel for validating the session and enables secure authentication for a variety of applications. | 06-21-2012 |
20120159604 | Method and System for Communication Between Devices - An embodiment of the present invention includes a system for communicating digital data from a preferably small battery powered device (e.g., key-chain or pocket-sized form-factor) to a personal electronic device (e.g., a smartphone such as an iPhone or a Nexus One). The communication mechanism of the present invention can be used as second factor authentication. The present invention can also be used as a key for accessing physical locations such as building. Alternatively, the present invention can be used as a manner for transmitting digital data to a personal electronic device such as a smart phone. | 06-21-2012 |
20120159605 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 06-21-2012 |
20120167194 | CLIENT HARDWARE AUTHENTICATED TRANSACTIONS - In one embodiment a controller comprises logic to receive a request for a credential to authenticate a user for a transaction, in response to a determination that a credential which satisfies the request resides on a memory module, execute an authentication routine to authenticate a user of the controller, in response to a successful authentication, retrieve the credential from the memory module, and provide a token to certify the credential in response to the request. Other embodiments may be described. | 06-28-2012 |
20120167195 | Security for a Personal Communication Device - Security is provided to a communication device configured to accept a physical key device. A public mode of operation is activated for the communication device when the physical key is not accepted by the personal communication device. The public mode of operation allows access to a first set of functions of the communication device, where the public mode of operation prohibits access to a second set of functions of the communication device. A personal mode of operation is activated for the communication device when the key is accepted by the personal communication device, where the personal mode of operation allows access to the first set of functions and the second set of functions of the communication device. A private mode may also be activated upon authentication of a user of the device, where the private mode allows access to a third set of functions. | 06-28-2012 |
20120174206 | SECURE COMPUTING ENVIRONMENT - Techniques and apparatus are provided for a secure computing environment. In particular, in some embodiments a secure computing environment is provide by requesting, by a processor, booting of a virtual machine on a first computing device. A hash value of the virtual machine is verified and it is determined whether an external storage device is present. The result of the verification is written to an environment variable. Additionally, it is determined if the external storage device is paired with the first computing device and the result of the determination is written to an environment variable. The virtual machine is then booted by the first computing device. | 07-05-2012 |
20120174207 | DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sion-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs. | 07-05-2012 |
20120185927 | Service Activation in a Passive Optical Network (PON) - An Optical Line Terminal ( | 07-19-2012 |
20120185928 | DEVICE REGISTRATION SYSTEM, DEVICE REGISTRATION SERVER, DEVICE REGISTRATION METHOD, DEVICE REGISTRATION PROGRAM, STORAGE MEDIUM, AND TERMINAL DEVICE - In a device registration system, user authentication and device authentication of a CE device are executed in a single session, and the user and the CE device are associated with each other if these authentications succeed. The CE device obtains information for user authentication from an IC card and portable memory, and sends the information and device authentication information to a device registration unit. The device registration unit sends the information for the user authentication to a user authentication unit, and the device authentication information to a device authentication unit. The user authentication unit executes a user authentication process and sends information of the user to the device registration unit if authentication succeeds. The device authentication unit executes a device authentication process and sends information of the device to the device registration unit if authentication succeeds. The device registration unit associates user information and device information with each other. | 07-19-2012 |
20120192260 | System and method for user authentication by means of web-enabled personal trusted device - A system of token-based user authentication for the purpose of authorizing user access to protected resources, such as web applications, computer systems or computer controlled devices. The system utilizes a personal trusted device (PTD), which is owned and operated by one specific user, to establish secure communication channels that are subsequently used to pass user credentials to authentication service. Association of a PTD with servers controlling access to resources is performed by publishing and capturing unique tokens via sensors embedded in PTD, such as an optical camera. | 07-26-2012 |
20120198535 | SYSTEM AND METHOD FOR EMBEDDED AUTHENTICATION - Various systems and methods of embedded authentication are described herein. One method of the preferred embodiment can include receiving at an authentication server a transaction token from a host website, the host website including an embeddable interface and prompting a user challenge by the authentication server at the embeddable interface. The method of the preferred embodiment can also include creating a signed authentication token in response to a successful user challenge, and transmitting the signed authentication token from the authentication server to the embeddable interface. | 08-02-2012 |
20120198536 | UTILIZING A DISPERSED STORAGE NETWORK ACCESS TOKEN MODULE TO STORE DATA IN A DISPERSED STORAGE NETWORK MEMORY - A method for storing data begins with determining, by a computing device, where to store the data and continues with managing, by a dispersed storage network (DSN) access token module, a pairing between the DSN access token module and the computing device. The method continues with sending, by the computing device, at least a portion of the data to the DSN access token module and encoding, by the DSN access token module, the at least a portion of the data using a dispersed storage error encoding function to produce one or more sets of encoded data slices. The method continues with sending, by the DSN access token module, the one or more sets of encoded data slices and storage information to the computing device and sending, by the computing device, the one or more sets of encoded data slices to the DSN memory for storage therein. | 08-02-2012 |
20120198537 | UTILIZING A DISPERSED STORAGE NETWORK ACCESS TOKEN MODULE TO RETRIEVE DATA FROM A DISPERSED STORAGE NETWORK MEMORY - A method begins by a computing device determining that data is stored in dispersed storage network (DSN) memory and sending a data retrieval request to a DSN access token module regarding the data. The method continues with the DSN access token module generating a plurality of sets of data slice read requests and sending the plurality of sets of data slices read requests to the computing device. The method continues with, for a set of data slices read requests, the computing device sending the set of data slices read requests to the DSN memory, receiving data slices from the DSN memory, and sending the data slices to the DSN access token module. The method continues with the DSN access token module decoding the data slices to produce a decoded data segment and sending the decoded data segment to the computing device. | 08-02-2012 |
20120198538 | MULTI-ENCLAVE TOKEN - A security token has multiple independent application enclaves, on which different application providers can install encryption keys and/or other data to authenticate a user of the token to their respective applications. | 08-02-2012 |
20120198539 | Service Access Method, System and Device Based on WLAN Access Authentication - The present application discloses a service access method based on the WLAN access authentication, which includes: in the process of performing the WLAN access authentication, a WLAN portal server transmits a first Cookie to a terminal, which has passed the WLAN access authentication; the terminal requests to access the service of the application system, and the service authentication center associated with the application system determines the terminal has passed the WLAN access authentication according to the first Cookie; the associated service authentication center obtains the identity token of the terminal through the first Cookie; the associated service authentication center transmits the obtained identity token of the terminal to the application system; and according to the identity token of the terminal, the application system provides the service access for the terminal. By the method, after the terminal passes the WLAN access authentication, it can access the service provided by several application systems without the service authentication, thus improving the user experience and reducing the system overhead of the application system. | 08-02-2012 |
20120204250 | Securing Unrusted Content For Collaborative Documents - A method and an apparatus that configure a sandbox document for secure presentation of a block of data stored in the sandbox document in response to an editing request from a client are described. A presentable content corresponding to a document may be sent to the client for editing. The document and the sandbox document may be separately addressable by separate paths of separate domains. The editing request may include the block of data to update the presentable content of the document. The updated presentable content may include a hyperlink to the sandbox document. The edited document and the sandbox document may allow secure presentation of the block of data within the updated presentable content of the edited document without a need to filter the block of data. | 08-09-2012 |
20120210415 | METHOD, APPARATUS AND SYSTEM FOR PROVISIONING A PUSH NOTIFICATION SESSION - A system and method for provisioning a push notification session via a communications network between an application on a client terminal and a server corresponding to the application. In one aspect, a push provisioning entity transmits a message to the client terminal, whereby to configure the client terminal into a state in which it is able to request a push notification session with the server. An application on the client terminal can then request establishment of a push notification session by transmitting a push notification session request message to the push provisioning entity. The push provisioning entity generates a token for use in validating the push notification session, associates the generated token with the application and transmits the token to the application, which uses it to establish the push notification session. | 08-16-2012 |
20120216268 | IDENTITY ASSERTION FRAMEWORK - Systems and methods for implementing an identity assertion framework to authenticate a user in a federation of security domains are provided. A first security token service (STS) is configured to receive a request for a first token from a consumer and to issue the first token to the consumer. The first STS is associated with a first security domain, and the first token is issued according to a first issuing policy of the first security domain. A service provider within a second security domain receives the first token and makes a determination whether the first token is invalid in the second security domain. A second STS receives the first token from the service provider, determines that the first token was issued by the first STS, and validates the first token according to a federation policy between the first security domain and the second security domain. | 08-23-2012 |
20120222105 | SYSTEM AND METHOD FOR ESTABLISHING HISTORICAL USAGE-BASED HARDWARE TRUST - Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords. | 08-30-2012 |
20120227099 | THREE-STAGE, DOUBLE BLIND CREDIT RATING OF SECURITIES - Disclosed is a computer-implemented system and method for rating an asset, and, in embodiments, a system and method for performing a double-blind, three stage credit rating of a securitized instrument, such as without limitation, a commercial mortgage backed security or an asset thereof. The disclosed method utilizes a secure database structure which trifurcates information relating to the asset being rated into first, second, and third analytical stages. Asset information is distributed such that analysts at each stage have access to only that information which is relevant to the scope of the particular analytical stage being performed, while irrelevant and prejudicial information is withheld from the analyst. Unique access tokens are employed to control access to stage data and to maintain the integrity of the analytical process. | 09-06-2012 |
20120233684 | KEY DISTRIBUTION FOR UNCONNECTED ONE-TIME PASSWORD TOKENS - A system and method for distributing symmetric keys in a system including an end-user computer operated by an end-user, a service provider server of a service provider having a service provider identifier, and a manufacturer backend server operated by the manufacturer of the OTP token. The manufacturer backend server operates to verify one-time passwords generated by the OTP tokens and upon verifying the authenticity of the OTP token based on the generated passwords, transmitting the symmetric key to a service provider server or an authentication server. Other systems and methods are disclosed. | 09-13-2012 |
20120233685 | METHOD FOR AUTHENTICATION OF A REMOTE STATION USING A SECURE ELEMENT - Disclosed is a method for authentication of a remote station by a management station using a secure element. In the method, the remote station receives an identity request from the secure element. The identity request includes a first challenge provided to the secure element by the management station. The remote station forwards an identity response to the secure element. The identity response includes a response to the first challenge that is signed by a key of the remote station, and the signed response to the first challenge is for use by the management station to authenticate the remote station. | 09-13-2012 |
20120240211 | POLICY-BASED AUTHENTICATION - A device receives a request to authenticate an end user of a user device based on a requested use of an application by the user device, and communicates with an authentication client, provided in the user device, to perform an authentication requested by the request. The device also generates a response to the request based on the communication with the authentication client, where the response indicates that the end user is or is not authenticated to use the application. The device further provides the response to an application server device hosting the application. | 09-20-2012 |
20120246710 | DYNAMIC, TEMPORARY DATA ACCESS TOKEN - Provided are techniques for generating a temporary data access token for a subset of data for a specific period of time for a non-registered user who did not register with a computer providing access to the subset of the data. In response to the non-registered user attempting to access the subset of data with the temporary data access token, it is determined whether the temporary data access token is valid for the subset of data based on the specified period of time. In response to the temporary data access token being valid, the subset of data is provided to the non-registered user. In response to the temporary data access token not being valid, access is denied to the subset of data by the non-registered user. | 09-27-2012 |
20120254970 | METHOD AND APPARATUS FOR PROVIDING RECOMMENDATION CHANNELS - An approach is presented for providing recommendation channels. A recommendation platform receives an input for creating at least one recommendation channel, the input specifying at least one category. Next, the recommendation platform determines one or more tokens based, at least in part, on the at least one category, wherein at least one of the one or more tokens represents context information. Then, the recommendation platform determines to create the at least one recommendation channel based, at least in part, on the one or more tokens. | 10-04-2012 |
20120254971 | CAPTCHA METHOD AND SYSTEM - A CAPTCHA method executed by a CAPTCHA system is provided, comprising: receiving a CAPTCHA request comprising category information of an application service from an application server; responding to the application server with a token identifying the CAPTCHA request and a CAPTCHA image comprising a distorted advertisement word associated to the category information and a series of randomly generated and distorted characters, both the advertisement word and the characters being a CAPTCHA text intended to be typed by a user via a user equipment connected to the application server; receiving from the application server the token and a CAPTCHA answer submitted from the user equipment by the user; and verifying the token and the answer and returning to the application server a result of the verification. This provides an improved CAPTCHA system and method with better advertising effects and security. | 10-04-2012 |
20120254972 | TRUST SYSTEM - An illustrative embodiment of a computer-implemented process for delegating access to private data receives a request at a trusted server, forwards the received request to an untrusted third party application and invokes a transaction on a secure data store. The computer-implemented process further tokenizes data received from the secure data store by the trusted server, returns the tokenized data to the untrusted third party application, modifies the tokenized data by the untrusted third party application, requests the trusted server to send results to a requester and sends the results from the trusted server to the requester for display. | 10-04-2012 |
20120260327 | MULTI-BROWSER AUTHENTICATION - The content rendering capability of web browsers can be tested and compared across different web browsers. Testing with respect to restricted content is enabled utilizing a web browser to facilitate authentication. State information acquired by the web browser from a server can be employed to request restricted content for rendering by a number of target web browsers sought to be tested. Subsequently, representations of the restricted content produced by target web browsers can be rendered to a multi-browser display environment, for example. | 10-11-2012 |
20120260328 | METHOD AND APPARATUS TO SCALE AUTHENTICATED FIREWALL TRAVERSAL USING TRUSTED ROUTING POINT - A Trusted Routing Point (TROP) generates a signaling message that includes an authorization token used to authorize a firewall to open a pinhole. The signaling message contains a first indicator that indicates whether a data field in the signaling message represents a source address of a media flow. The signaling message also includes a second indicator that indicates whether the firewall should derive the source address of the media flow from the data field. The authorization token is generated using a one-way hash function over information that may be included in the signaling message, including the first indicator and the second indicator. | 10-11-2012 |
20120260329 | MITIGATION OF APPLICATION-LEVEL DISTRIBUTED DENIAL-OF-SERVICE ATTACKS - A system and method, implementable using an authenticating device, are provided for authenticating requesting devices such as mobile devices and other communication devices over a network. At least one group shared secret is provisioned on a plurality of requesting devices, which are further provided with other authentication credentials such as a shared secret for full authentication by the authenticating device. When authentication is sought, the requesting device transmits a pre-authentication request comprising one of the group shared secrets to the authenticating device, which verifies that group shared secret. The group shared secrets may be stored in volatile memory at the authenticating device. If the group shared secret is verified, the authenticating device will authenticate that same device in response to a subsequent authentication request. | 10-11-2012 |
20120266229 | INTER-APPLICATION MANAGEMENT OF USER CREDENTIAL DATA - A system and apparatus for enhancing the functionality and utility of an authentication process for web applications is disclosed. | 10-18-2012 |
20120272306 | AUTHENTICATION TICKET VALIDATION - An authentication ticket is validated to ensure authenticated communications between a client and an online service provider. In an embodiment an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated. | 10-25-2012 |
20120272307 | Multi-Factor Authentication Using A Smartcard - Methods and systems are provided for non-cryptographic capabilities of a token such as a smartcard to be used as an additional authentication factor when multi-factor authentication is required. Smartcards are configured to generate a transaction code each time a transaction is attempted by the smartcard. The transaction code is dynamic, changing with each transaction, and therefore is used as a one-time password. When a user attempts to access a service or application requiring at least two authentication factors, a secure processor is used to read transaction code from the smartcard. The secure processor establishes a secure communication with the remote computer hosting the service or application. The transaction code can then be encrypted prior to transmission over the public Internet, providing an additional layer of security. | 10-25-2012 |
20120278876 | SYSTEM, METHOD AND BUSINESS MODEL FOR AN IDENTITY/CREDENTIAL SERVICE PROVIDER - A methodology, system and business model are disclosed for facilitating a fully automated electronic identity service between a group of consumers and a group of service providers. The system includes at least one servicer and associated computers and memories. A security token is issued to the consumer by an authority. The consumer then personalizes the token by having his or her civil credentials loaded onto the card. The card is serialized by the authority. When the consumer desires access to a service, the system with authenticate the identity of the consumer. Various levels of authentication can be achieved. The service providers will subscribe to system. | 11-01-2012 |
20120304273 | Tokenizing Sensitive Data - Included are embodiments for tokenizing sensitive data. Some embodiments of systems and/or methods are configured to receive sensitive data from a vendor, determine a token key for the vendor, and utilize a proprietary algorithm, based on the token key to generate a vendor-specific token that is associated with the sensitive data. Some embodiments include creating a token identifier that comprises data related to the token key sending the vendor-specific token and the token identifier to the vendor. | 11-29-2012 |
20120311689 | REDIRECTION USING TOKEN AND VALUE - A client is redirected by a relying party to the supporting entity (such as an identity or claims provider). The relying party also sends a cookie that includes a nonce, and another copy of the nonce in a redirection context (e.g., in a context string). The client then communicates with the supporting entity to facilitate the supporting service, whereupon the supporting entity sends a validation token back to the client evidencing completion of the supporting service. The supporting party also sends the nonce back as part of the redirection context (e.g., in a context string). The client then sends a followup service request that includes the cookie, the nonce returned by the supporting entity, and the validation token to the relying party. The relying party may compare the nonce in the cookie with the nonce returned by the supporting entity to verify that the request is valid. | 12-06-2012 |
20120317632 | Method and Apparatus for a Token - A method and apparatus of using a token comprises receiving an indication of a presence of a nearby short-range terminal and waking up the token in response to receiving the indication. The method further comprises performing authentication between the token and the terminal, without requiring a user to directly interact with the token. | 12-13-2012 |
20120324559 | ESTABLISHING A SECURE CONNECTION BASED ON A JOINT GESTURE - During a transaction, an electronic device (such as a cellular telephone) captures a gesture performed by a user of the electronic device. This gesture is analyzed to determine salient features, such as accelerations of the electronic device during the gesture and associated time intervals. Then, the electronic device generates a token based on the salient features, and provides the token to a server. When a second token, associated with the token, is received by the server from a second electronic device, the server establishes a secure connection between the electronic device and the second electronic device. | 12-20-2012 |
20120324560 | TOKEN DATA OPERATIONS - In one embodiment, a host application may manage a data set maintained at a storage device using a token. A processor | 12-20-2012 |
20120331539 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND STORAGE MEDIUM FOR REALIZING A MULTITENANT SERVICE - In order to prevent leakage of data possessed by a tenant to other tenants in multitenant service, it is necessary to control access. However, the conventional access control method is designed and developed to meet a specified request. Thus, costs for a dedicated design, development, administration, and maintenance need to be considered. Such costs can be reduced by using role information for each of a plurality of services and determining whether to allow or not allow access in a uniform manner. | 12-27-2012 |
20130007869 | Method and system for automatic recovery from lost security token on embedded device - Automatic recovery from loss of a security token on an embedded device is achieved by having a service provider (SP) server send to a device server a backup copy of the security token in conjunction with sending to an embedded device a primary copy of the security token, and retrieving from the device server and sending to the embedded device the backup copy of the security token upon detecting that the primary copy of the security token has been lost. The method and system obviate the need for a user to have to re-input on the embedded device a credential that is represented by the security token in the event the primary copy of the security token is erased from the embedded device or otherwise becomes inaccessible to the embedded device. | 01-03-2013 |
20130014245 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 01-10-2013 |
20130024927 | SYSTEM AND METHOD FOR AUTOMATICALLY ESTABLISHING NEW SESSION WITH INTERACTIVE SERVICE AFTER PREVIOUS SESSION EXPIRATION - A system includes a video display and a processor controlling the display. The processor accesses computer readable instructions to cause the processor to access a server associated with the service over a network responsive to viewer selection of a service. The processor then, without any viewer interaction, executes authentication with the server. Thereafter, responsive to successful authentication, the processor provides the service to a viewer at least in part by presenting an image associated with the service on the display. Responsive to the server indicating that a session for which the authentication is valid is expired, the processor automatically and without viewer input executes authentication with the server to establish a new session. | 01-24-2013 |
20130031620 | LOCALIZED NETWORK AUTHENTICATION AND SECURITY USING TAMPER-RESISTANT KEYS - The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two. | 01-31-2013 |
20130042314 | System and Method for Authenticating a User - According to one embodiment, a system including a memory and a processor is provided. The memory may be operable to store a plurality of accounts. Each account may be associated with a user and with a mobile device. The processor may be coupled to the memory and operable to receive user credentials, sent by a requesting user and originating from a requesting device, in conjunction with a request for authentication. The user credentials may include an account identifier. The processor may be further operable to retrieve, from the plurality of accounts, the account associated with the account identifier that matches the account identifier included in the user credentials. The processor may compare information included within the user credentials with information associated the account. If the information included within the user credentials matches the information associated with the account, the processor may send an authentication-confirmation message to a second device. | 02-14-2013 |
20130047240 | Method and Apparatus for Token-Based Container Chaining - According to one embodiment, an apparatus may intercept a request to access a resource represented by a resource token. The apparatus may receive a hard token representing identification information of a device. The apparatus may determine, based at least in part upon the hard token and the resource token, at least one token-based rule specifying compliance criteria required to consume the resource. The apparatus may receive at least one token representing compliance information of the device in response to a request for compliance information of the device. The apparatus may then compare the compliance information against the compliance criteria to determine that the device is capable of consuming the resource. The apparatus may then generate a compliance token representing the determination that the device is capable of consuming the resource, and communicate the compliance token to facilitate the provisioning of a container to the device. | 02-21-2013 |
20130047241 | Method and Apparatus for Token-Based Combining of Risk Ratings - According to one embodiment, an apparatus may store a plurality of tokens. The plurality of tokens may include a plurality of risk tokens. Each risk token may represent a risk rating. The risk rating may be a numerical value indicating a risk associated with granting a particular user access to a particular resource. The apparatus may identify a set of related risk tokens in the plurality of risk tokens, and generate a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens. The apparatus may then use the composite risk token to facilitate the making of an access decision. | 02-21-2013 |
20130047242 | Apparatus and Method for Performing Real-Time Authentication Using Subject Token Combinations - According to one embodiment, an apparatus may receive a resource token associated with a resource indicating that access to the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule may be associated with at least one subject token. The apparatus may then determine that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens based at least in part upon the at least one token-based rule, and deny access to the resource. | 02-21-2013 |
20130047243 | Apparatus and Method for Performing Session Validation - According to one embodiment, an apparatus may receive a first token indicating that access to the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the first token, and determine that a plurality of tokens includes a second token associated with the at least one token-based rule. The apparatus may then generate a session token based at least in part upon the first token and the second token in response to the determination that the plurality of tokens includes the second token. The apparatus may terminate the session token based on a received third token. | 02-21-2013 |
20130047244 | Method and Apparatus for Session Validation to Access Third Party Resources - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The apparatus may receive, from an entity, a first token indicating that access to the resource has been requested by a device through the entity and determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The second token may be associated with a subscriber identity module of the device. The apparatus may determine that the plurality of tokens includes the second token associated with the at least one token-based rule and generate a session token based at least in part upon the first token and the second token. | 02-21-2013 |
20130047245 | Apparatus and Method for Performing Session Validation to Access Confidential Resources - According to one embodiment, an apparatus may receive a first token indicating that access to a resource has been requested by a device. The first token may further indicate that the resource is a confidential resource. The apparatus may determine that a plurality of tokens includes a second token and generate a session token based at least in part upon the first token and the second token in response to the determination that the plurality of tokens includes the second token. The apparatus may receive a third token indicating an event affecting the risk associated with granting access to the resource and determine, based at least in part upon the at least one token-based rule, that access to the resource should be terminated in response to receiving the third token. The apparatus may then terminate the session token in response to the determination that access to the resource should be terminated. | 02-21-2013 |
20130047246 | APPARATUS AND METHOD FOR DETERMINING ENVIRONMENT INTEGRITY LEVELS - According to one embodiment, an apparatus may receive a resource token indicating that access to the resource has been requested. The apparatus may determine the value of an access value associated with at least one network token. The apparatus may then determine that the value of the access value is insufficient to grant access to the resource and determine that access to the resource over the network should be denied. | 02-21-2013 |
20130047247 | ACCESS MANAGEMENT SYSTEM, ACCESS MANAGEMENT METHOD, ACCESS MANAGEMENT SERVER, COOPERATION SERVER, AND COMPUTER-READABLE MEDIUM - A system includes an access management server and a cooperation server, wherein the access management server comprises issuance unit that issues a token corresponding to the managed user account in response to a request of the cooperation server, and deletion unit that deletes a user account, of the managed user accounts, which satisfies a predefined deletion condition, and the cooperation server comprises acquisition unit that acquires, when acquisition of a token corresponding to the user account managed by the access management server is requested by another server, if the deletion unit has not deleted the user account, an issued token corresponding to the user account, and to cause, if the deletion unit has already deleted the user account, the access management server to re-register the user account to acquire a token issued for the re-registered user account. | 02-21-2013 |
20130061309 | Per Process Networking Capabilities - Per process networking capability techniques are described. In one or more implementations, a determination is made as to whether access to a network capability is permitted for a process that is executed on the computing device based on a token that is associated with the process. The token has one or more security identifiers that reference one or more network capabilities described in a manifest. The access to the network capability is managed based on the determination. | 03-07-2013 |
20130061310 | SECURITY SERVER FOR CLOUD COMPUTING - A system, method, and server improving the security of accessing Internetworked computer resources, especially over public access connections, without requiring additional servers from either the resource provider or the authenticating user. User authentications are transmitted over data access connections over which users do not have administrative rights and/or physical security control. A resource request which includes user authentications can be encrypted on a user computer and transmitted over the internet or other data network over which the user has no administrative access or physical control. A security server receives the encrypted resource request, decrypts it, and forwards the resource request to a cloud computing resource. | 03-07-2013 |
20130061311 | SECURITY SYSTEM FOR CLOUD COMPUTING - Security system for cloud computing that will improve the security of users' authentications to cloud data and resources. User authentication to cloud resources requires analyzing confidence in the hardware used to transmit the authentication for access to the cloud data and/or resource. User authentication can be transmitted after the user confirms administrative rights and/or physical security control over the hardware used to transmit the authentication for access to the cloud data and/or resource. The hardware used to access the cloud data and/or resource can be analyzed for malicious code before the user authentication is transmitted. The authentication can be provided on a hardware token, and the system can execute on the hardware token to analyze hardware confidence and thereafter transmit the user authentication. | 03-07-2013 |
20130061312 | SECURITY TOKEN FOR SECURELY EXECUTING AN APPLICATION ON A HOST COMPUTER - The invention relates to a security token comprising a communication interface adapted to communicate with a host computer; a security module, comprising encryption based security features; a non volatile memory storing at least an application to be uploaded and executed in a host computer. The application makes use of the security features when executed in a host computer in communication with the communication interface. The security token is adapted to modify the content of the application as uploaded or its execution parameters at successive connexions of the security token to a host computer. | 03-07-2013 |
20130067555 | Method and Apparatus for Trust-Based, Fine-Grained Rate Limiting of Network Requests - A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic. This scheme enables the server to throttle untrusted password-guessing requests from crackers without penalizing most friendly logins and only slightly penalizing the relatively few untrusted friendly logins. | 03-14-2013 |
20130081127 | SMART CARD AND COMMUNICATION METHOD THEREOF - A smart card and a communication method thereof are provided. The smart card comprises a flexible electronic system and a card body. The flexible electronic system comprises a display circuit, a communication interface, a security module, code generator and a flexible display. The communication interface is used for communicating with a reader. The security module is used for transmitting security verification information to the reader. The code generator is electrically connected to the security module and used for generating a code. The flexible display is connected to the display circuit and used for displaying the code. The card body encapsulates the flexible electronic system. After an input device receives the inputted code, the reader transmits the inputted code and the security verification information to the confirmation server to confirm whether the inputted code and the security verification information are correct. | 03-28-2013 |
20130081128 | SYSTEM AND METHOD FOR PROVIDING A REST-BASED MANAGEMENT SERVICE IN A TRAFFIC DIRECTOR ENVIRONMENT - Described herein are systems and methods for providing software administration tools, for use in administering server configurations, such as in a traffic director or other type of server environment. In accordance with an embodiment, the system comprises a traffic director having one or more traffic director instances, which is configured to receive and communicate requests, from clients, to origin servers having one or more pools of servers. An administration server can be used to manage the traffic director, including a REpresentational State Transfer (REST) infrastructure and management service which maps REST calls to mbeans or other management components registered on the administration server, for use in managing the traffic director. | 03-28-2013 |
20130091559 | Computer-Implemented Method for Mobile Authentication and Corresponding Computer System - In one embodiment of the present invention a computerized method includes receiving at a personal-mobile device a first communication, which includes information for requesting user verification for logging into an account of a user, via a computing device. The account is with a service provided by an application server. The method includes starting a personal-authentication application on the personal-mobile device in response to receiving the first communication, and receiving in the personal-authentication application a user verification for confirming logging into the account. The method includes logging into the account via the computing device based on receipt of the user verification. Embodiments of the present invention provide enhanced security for logging into an account that a user may have with a service by providing that a personal-mobile device, such as a mobile telephone, which is personal to a user, is configured as a security token for login to the account. | 04-11-2013 |
20130097686 | INFORMATION PROCESSING SYSTEM, IMAGE PROCESSING APPARATUS, USER DEVICE, CONTROL METHOD, AND STORAGE MEDIUM - A mediation service accepts a coordination instruction for coordinating a web application server with a coordination device from a web browser, generates a script to be authenticated by an authentication method corresponding to the server, and transmits the generated script to the coordination destination service providing system indicated by the coordination instruction. The web browser transmits authentication information or an authentication token, which is obtained in response to an input operation on an authentication information input screen displayed by execution of the script, to the coordination device. Then, the coordination device receives and saves the authentication information or the authentication token. | 04-18-2013 |
20130097687 | SYSTEM AND METHOD FOR SECURE CONTENT SHARING AND SYNCHRONIZATION - A flexible content sharing system may comprise a network based application built on a client device using information from dissociated user experience component (UXC), application logic and execution layer (ALEL), and content distribution system (CDS) payloads. An ALEL engine may communicate a request from the network based application to a CDS module. The CDS module may interface the ALEL engine and a CDS server. The ALEL engine can act as a gate keeper and securely communicates requests from client devices to the CDS server. The CDS server is configured to manage and alert the ALEL of any enterprise policies that may be applicable to the client devices connected to the ALEL engine which, in turn, notifies the client devices to comply with the enterprise policies. The CDS server may synchronize any change made to the content by any of the client devices running network based applications. | 04-18-2013 |
20130097688 | SERVICE ORIENTED SECURE COLLABORATIVE SYSTEM FOR COMPARTMENTED NETWORKS - A system receives a request to store a document in a database, receives a user security token, analyzes the document to determine an adjudicated security level for the document, compares the user security token to the adjudicated security level, stores the document when the user security token is equal to the adjudicated security level, when the user security token is not equal to the adjudicated security level, queries the user as to whether the document should be stored with the adjudicated security level, receives a response to the query from the user, stores the document when the user agrees to store the document with the adjudicated security level, and when the user does not agree to store the document with the adjudicated security level, transmits a message to a security officer and quarantine the document. | 04-18-2013 |
20130097689 | CREATION AND MANAGEMENT OF DIGITAL CONTENT AND WORKFLOW AUTOMATION VIA A PORTABLE IDENTIFICATION KEY - The present invention is directed towards a method and system for automating workflow. The method and system includes receiving data from a portable identification key communicatively coupled to a processing device to initiate automation processes. The profile information comprised in the data is accessed, the profile information including an identification of a user associated with the portable identification key. The method and system further includes retrieving one or more instructions and parameters associated with the identified user by the processing device to initiate an automated workflow session, and initiating the automated workflow session according to the one or more instructions and parameters. | 04-18-2013 |
20130104219 | CENTRALIZED AUTHENTICATION FOR MULTIPLE APPLICATIONS - Network applications can provide network security without containing any security code or otherwise verifying the authenticity of each request that they receive for service. Instead, a single, centralized network authentication system can be placed between the network applications and all devices requesting for services from them. The authenticity of each request for service can then be verified by the centralized network authentication system before the request is passed to the network application to which it is directed. Responses from the network applications may also be channeled back to the systems that made the requests through the centralized network authentication system. | 04-25-2013 |
20130104220 | System and method for implementing a secure USB application device - Systems and methods for implementing a secure USB token are described. In one aspect, the system for implementing a secure USB token, the system comprising: (1) a secure USB token including: a processor; a memory coupled to said processor; a communication port coupled to said processor, a secure element coupled to said processor, said secure element storing data for implementing a secure environment; one or more applications stored on said memory adapted to run on said memory and processor; and (2) a host device including: a processor; a memory coupled to said processor; a communication port coupled to said processor; and an agent displayed on the host device; wherein the agent launches one or more of the applications stored on the USB token, and wherein the agent prevents the host device from accessing the USB token's memory. | 04-25-2013 |
20130104221 | Group Formation Using Anonymous Broadcast Information - A number of devices co-located at a geographic location can broadcast and receive tokens. Tokens can be exchanged using a communication link having limited communication range. Tokens that are received by a device can be stored locally on the device and/or transmitted to a trusted service operating remotely on a network. In some implementations, the tokens can be stored with corresponding timestamps to assist a trusted service in matching or otherwise correlating the tokens with other tokens provided by other devices. The trusted service can perform an analysis on the tokens and timestamps to identify devices that were co-located at the geographic location at or around a contact time which can be defined by the timestamps. A group can be created based on results of the analysis. Users can be identified as members of the group and invited to join the group. | 04-25-2013 |
20130111574 | SYSTEM FOR THE DISPLAY, BY A USER, OF MULTIMEDIA CONTENT ITEMS | 05-02-2013 |
20130125228 | TIMESTAMP-BASED TOKEN REVOCATION - A token used when a first device authenticates itself to a third device may be associated with a token issue timestamp. Upon receipt of an indication that all previously issued tokens are to be revoked, a second device may store a revocation timestamp. Upon receiving, from the second device, a request for establishing conditions for a file transfer, from the first device, and an indication of a token issue timestamp associated with the request, the second device may compare the token issue timestamp to the revocation timestamp. Responsive to determining, based on the comparing, that the token issue timestamp precedes the revocation timestamp, the second device may deny the request. | 05-16-2013 |
20130139241 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR BRIDGING USER AUTHENTICATION, AUTHORIZATION, AND ACCESS BETWEEN WEB-BASED AND TELECOM DOMAINS - Methods, systems, and computer readable media for bridging user authentication, authorization, and access between web-based and telecom domains are disclosed. In one example, a method includes issuing, to an application hosted in a web-based network, an access token associated with a user identifier subscribed to a telecommunications network, wherein the access token is issued in response to receiving telecommunications network credentials from a client device associated with the user identifier and receiving, at an over the top (OTT) proxy element in the telecommunications network from the application, the access token for requesting user data associated with the client device to be used to access the application. The method further includes retrieving the user data if the access token is valid a telecommunications network context condition is met and providing the user data to the application, wherein access to the application by the client device is based on the user data. | 05-30-2013 |
20130145450 | AUDITABLE MULTICLAIM SECURITY TOKEN - The current invention provides a paradigm for securely transmitting messages using an auditable message token and associated protocol for recording information pertaining to events occurring with respect to transmission(s) of a message. | 06-06-2013 |
20130145451 | APPARATUS AND METHOD OF BINDING A REMOVABLE MODULE TO AN ACCESS TERMINAL - The described apparatus and methods may include a processor, a memory in communication with the processor, a removable module in communication with the processor and operable to store data, an initialization component executable by the processor and configured to initialize the removable module, and an authentication component executable by the processor and configured to: receive a command from the removable module to perform an authentication operation, wherein the command is a standard message having a command qualifier value or code that represents an authentication challenge; obtain a random value from the removable module in response to the command; calculate a response based on the random value and a terminal key stored in the memory; and transmit the response to the removable module. | 06-06-2013 |
20130152185 | TRANSACTION PROVISIONING FOR MOBILE WIRELESS COMMUNICATIONS DEVICES AND RELATED METHODS - A mobile communications device may include a memory, a transceiver, and a controller coupled with the memory and the transceiver. The controller may be capable of receiving first authentication data from a security token via communication with the security token, where the first authentication data is associated with an account. The controller may also be capable of transmitting the first authentication data via the transceiver, and receiving second authentication data via the transceiver, where the second authentication data is also associated with the account. The controller may be further capable of storing the second authentication data in the memory, and transmitting a transaction request using the second authentication data. | 06-13-2013 |
20130174244 | APPLICATIONS LOGIN USING A MECHANISM RELATING SUB-TOKENS TO THE QUALITY OF A MASTER TOKEN - Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction. | 07-04-2013 |
20130179959 | Zero Token - Aspects of the subject matter described herein relate to a zero token. In aspects, a zero token may be used to represent one or more zeroes in an offload write command. A component receiving an offload write command with the zero token is free to write the zeroes in a variety of ways including, for example, changing data structures the component uses to represent the zeroes, issuing another command that writes zeroes, writing physical zeroes, and so forth. A component receiving an offload write command with the zero token does not need to verify that the zero token was obtained from a successful offload read or that the zero token is still valid. In response to an offload read request, a component may provide the zero token to represent all or a portion of the data associated with the offload read request. | 07-11-2013 |
20130179960 | METHOD OF COLLABORATIVE COMPUTING - A system and method for allowing for distributed interaction in a computing scenario is presented. The system is powered by SandTable software. First and Second items are respectively displayed on interactive screens of first and second surface computers. A first token is configured to be placed on the interactive screen of one of the computers and that computers reads its credentials. The SandTable software determines a first access level of the first token based on the credentials of the first token when it is placed on the surface computer. The first surface computer displays an image of an add item symbol when the first token is authenticated as a valid token. The SandTable software is configured to detect when the add item symbol is selected and to generate a menu of new items. SandTable creates a new item based on the new item selected from the menu. | 07-11-2013 |
20130179961 | INFORMATION PROCESSING SYSTEM CONTROL METHOD, INTERMEDIATE SERVICE DEVICE, AUTHENTICATION METHOD, AND STORAGE MEDIUM - Provided is a method for controlling an information processing system including a relay service device, an intermediate service device, and an authentication service device. The control method includes transmitting an authentication request from the intermediate service device to the intermediate service device; acquiring a first access token from the authentication service device that has made a success of authentication; storing the first access token; comparing the stored first access token with a second access token included in an execution request of an relation processing upon reception of the processing execution request from the relay service; and executing processing received from the intermediate service device when it is determined in the comparing that the first access token matches the second access token or not executing the processing when it is determined in the comparing that the first access token does not match the second access token. | 07-11-2013 |
20130179962 | Intelligent Network Streaming and Execution System for Conventionally Coded Applications - In a system that partitions an application program into page segments, a minimal portion of the application program is installed on a client system. The client prefetches page segments from the application server or the application server pushes additional page segments to the client. The application server begins streaming the requested page segments to the client when it receives a valid access token from the client. The client performs server load balancing across a plurality of application servers. If the client observes a non-response or slow response condition from an application server or license server, it switches to another application or license server. | 07-11-2013 |
20130185784 | AUTHORITY DELEGATE SYSTEM, SERVER SYSTEM IN AUTHORITY DELEGATE SYSTEM, AND CONTROL METHOD FOR CONTROLLING AUTHORITY DELEGATE SYSTEM - An authority delegate system including a first server system to manage specific information, a second server system to provide a service, an authentication device, and a client operated by a first user who is authorized to use the service, includes a reception unit, a transmission unit, a management unit, a determination unit, and a provision unit. The reception unit receives an authorization token shared range for authorizing specific information usage. The transmission unit transmits to the client a setting screen for setting whether to permit users within the shared range to share the authorization token. The management unit manages the setting screen set shared range, and the authorization token issued by the authentication device. The provision unit provides, in response to determining that the second user is included in the shared range and confirmation that the authorization token is valid, the service to the second user using the specific information. | 07-18-2013 |
20130191905 | SECURE DATA EXCHANGE BETWEEN DATA PROCESSING SYSTEMS - A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server. | 07-25-2013 |
20130212666 | TOKENIZATION IN MOBILE ENVIRONMENTS - Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules. | 08-15-2013 |
20130219481 | Cyberspace Trusted Identity (CTI) Module - The Cyberspace Trusted Identity (CTI) module provides secure storage of a cyberspace user's personal identity information and a security infrastructure to guarantee the integrity and privacy of a cyberspace transaction. When the owner of an electronic device registers their biometric samples on the CTI module the module becomes locked and the information stored on the module can only be accessed when the device owner provides a live biometric sample, which matches the registered biometric sample. When the CTI Module is registered under a trusted third party system; a Cyberspace Identification Trust Authority (CITA) system, the module provides a secure mechanism for storing a cyberspace user's digital identity tokens and for conducting safe and reliable cyberspace transactions between two cyberspace users. The CTI Module eliminates the need to carry man-made identity tokens, or the need to remember and/or openly exchange personal identity information, when conducting a cyberspace transaction. | 08-22-2013 |
20130219482 | METHOD FOR UNIQUELY ADDRESSING A GROUP OF NETWORK UNITS IN A SUB-NETWORK - In embodiments of the present disclosure improved capabilities are described for delivering a command to a group of computing devices, comprising sending a message from a controller to a first of a plurality of computing devices, wherein the plurality of computing devices are on the same network, and where the message includes a plurality of bit-wise addresses and a command. The message is then broadcast from the first of the plurality of computing devices to the remaining of the plurality of computing devices. The execution of the command amongst the executing each of the plurality of computer devices is made with low time-latency due to the near-simultaneous delivery of the message to the plurality of computing devices. | 08-22-2013 |
20130232563 | SYSTEM AND METHOD FOR UNLIMITED LICENSING TO A FIXED NUMBER OF DEVICES - A method and system providing access to electronic content includes receiving a request to access the electronic content from a user device, accessing a unique ID of the user device, and comparing the unique ID to a list of authorized user devices. The unique ID is used to determine if the user device is an authorized user device. If the user device is authorized, access is provided to the electronic content. If the user device is not authorized, determining if a maximum number of authorized user devices is reached. The user device is converted to an authorized user device, if the maximum number is not reached. If the maximum number of authorized user devices is reached, the user can be denied access to the electronic content or the system can request de-authorization of one of the authorized user devices to convert the user device to an authorized user device. | 09-05-2013 |
20130239196 | SECURE EXPANDABLE ADVERTISEMENTS USING AN API AND CROSS-DOMAIN COMMUNICATIONS - A system to present secure expandable advertisements using an API and cross-domain communication. A content publishing system that hosts a website can implement an expandable advertisement using IFRAMEs that are expanded upon receiving an API call from a third party rich media vendor that hosts the expandable advertisement when the content publishing system and the third party media vendor are of differing domains. | 09-12-2013 |
20130239197 | IC CHIP, INFORMATION PROCESSING APPARATUS, SYSTEM, METHOD, AND PROGRAM - An IC chip, an information processing apparatus, system, method, and program are provided. An IC chip includes an authentication control unit configured to authenticate a request using authentication information. The request and/or the authentication information is received from outside the IC chip. | 09-12-2013 |
20130263242 | TENANT DRIVEN SECURITY IN A STORAGE CLOUD - Tenant driven security in a storage cloud is provided. A method includes determining whether a tenant places a physical key into a slot associated with a hard disk provided by a service provider. The method further includes allowing the tenant to have access to the hard disk after determining that the tenant has placed the physical key into the slot. | 10-03-2013 |
20130269019 | Systems and Methods for Controlling a Local Application Through a Web Page - A system, computer-readable storage medium storing at least one program, and a computer-implemented method for controlling a local utility are disclosed. A first request originating from an application and including a first token is received at a local utility. The application received a web page, including a plurality of links and the first token, from a first server. The plurality of links are received by the application from a second server. The first token is authenticated. Authentication includes sending the first token to a third server. In response to authenticating the first token, a second token is generated at the local utility. The second token is sent to the application for inclusion in subsequent requests from the application. | 10-10-2013 |
20130269020 | Authenticating Cloud Computing Enabling Secure Services - Authenticating cloud computing enabling secure services (ACCESS) offloads “client authentication” activity onto a third-party authenticating cloud computing enabling secure services (ACCESS) node. Instead of having a client device authenticate itself directly to a network server, the client device instead authenticates itself to a third-party authenticating cloud computing enabling secure services (ACCESS) node. The authenticating cloud computing enabling secure services (ACCESS) node then provides credentials that are used by the client device to communicate directly with the server (and utilize the service) without any further authentication being necessary. | 10-10-2013 |
20130276086 | PEER APPLICATIONS TRUST CENTER - Concepts and technologies are disclosed herein for a peer applications trust center. A trust client can execute on a client computer and a trust service can execute on a server computer to provide the peer applications trust center. The trust client or trust server can register applications. During registration, the trust server or the trust client can generate a public key or other identifier for identifying the registered application. If another application requests access to the registered application, the trust server or the trust client can determine if the request specifies a registered application by name. If the requestor is granted access to the application, the requestor can be issued a token. Tokens can be revoked, updated, replaced, or renewed for various purposes. | 10-17-2013 |
20130276087 | MULTIFACTOR AUTHENTICATION - Aspects of the subject matter described herein relate to identity technology. In aspects, a user device requests access to a service provided by a relying party. In response, the relying party indicates required claims and may also indicate claims providers from which the required claims may be obtained. The user device may obtain the required claims from different claims providers, and send the claims obtained from the different claims providers in one or more messages to the relying party. The relying party may verify the claims or employ a validating service to verify that the claims are valid prior to providing access to the requested service. | 10-17-2013 |
20130276088 | IDENTITY MANAGEMENT WITH HIGH PRIVACY FEATURES - Aspects of the subject matter described herein relate to identity technology. In aspects, a user device sends a request for access to a service. In response, the service directs the user device to a user agent that may be downloaded or that may already exist on the user device. The user agent includes code that executes on the user device to create a security boundary. The security boundary controls transmission of identity information that may be used to identify a user of the device. | 10-17-2013 |
20130291084 | METHOD FOR ACCESSING A SECURE ELEMENT AND CORRESPONDING SECURE ELEMENT AND SYSTEM - The invention relates to a method for communicating information. A first device is coupled to a secure element. The secure element sends, at an initiative of the secure element, to the first device a secure element identifier. The first device sends to a second device at least one first message comprising the secure element identifier. The second device sends to a third device at least one second message comprising the secure element identifier and two communication network subscription identifiers, as associated data, the second device adding the two communication network subscription identifiers. The third device stores the associated data. The invention also relates to a corresponding system. | 10-31-2013 |
20130298217 | SECURITY MODEL FOR INDUSTRIAL DEVICES - Systems and/or methods are described relating to a security model that provides interoperability with foreign security domains while remaining scalable to small embedded devices. A security token service is provided, which is configured to issue, renew, and/or validate security tokens in response to a token request. A communication protocol, corresponding message structures, and the security tokens are defined in accordance with protocol buffer definitions. | 11-07-2013 |
20130305339 | METHOD OF LOADING DATA INTO A PORTABLE SECURE TOKEN - The invention is a method for loading data into a portable secure token comprising a plurality of security domains. A first security domain comprises a first administration agent and a second security domain comprises a second administration agent. A remote application server comprises a first data to be provided to the second administration agent. A syndication server, which is distinct from the remote application server, contains a list which comprises a reference to the first data. The list is sent in response to a polling request that is sent by the first administration agent. This list is comprised in a polling response which is sent by the syndication server. | 11-14-2013 |
20130312077 | USER AUTHENTICATION - A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results. | 11-21-2013 |
20130312078 | SYSTEM AND METHOD FOR EMBEDDED AUTHENTICATION - Various systems and methods of embedded authentication are described herein. One method of the preferred embodiment can include receiving at an authentication server a transaction token from a host website, the host website including an embeddable interface and prompting a user challenge by the authentication server at the embeddable interface. The method of the preferred embodiment can also include creating a signed authentication token in response to a successful user challenge, and transmitting the signed authentication token from the authentication server to the embeddable interface. | 11-21-2013 |
20130318592 | SYSTEMS AND METHODS FOR PROVIDING ACCOUNT INFORMATION - Systems and methods for accessing account information are provided. For example, an indication to launch an application that may provide account information may be received. A determination may be made regarding whether the indication is an initial interaction with the application. If the indication is an initial interaction, one or more credentials may be received via an interface that may be displayed via the application. If the indication is not the initial interaction, a token may be accessed. A request that may include the credentials or token may then be generated and transmitted such that credentials or token may be used to authenticate a device that includes the application and a user thereof, a new token may be generated, and a response with the new token and/or account information may be transmitted. The account information may then be displayed by an interface of the application. | 11-28-2013 |
20130318593 | METHODS, ARCHITECTURES AND SECURITY MECHANISMS FOR A THIRD-PARTY APPLICATION TO ACCESS CONTENT IN A CLOUD-BASED PLATFORM - Techniques are disclosed for methods, architectures and security mechanisms for a third-party application to access content in a cloud-based platform. In one embodiment, a method includes, providing a third-party application with direct access to content in a cloud-based environment. The third-party application is hosted by an entity different from that of the cloud-based environment. In some embodiments, the direct access to the content in the cloud-based environment is provided to the third-party application and accomplished without a need to access an application that is native to the cloud-based environment. | 11-28-2013 |
20130333016 | WIRELESS SESSION CONFIGURATION PERSISTENCE - A wireless access point employs a wireless configuration database for retrieving a stored wireless profile corresponding to a subscriber device from a remote location that enables the user to establish an Internet connection using their subscriber device with the same network identifiers and settings employed from the home wireless profile. The network identifier is typically an SSID (Service Set Identification), and labels the wireless configuration using a mnemonic name familiar to the user. The wireless configuration also denotes authentication and security (pas sphrase) tokens required for access, and would therefore enable the user to sign on at the remote wireless access point using the passphrase already known from their home WiFi arrangement. Subsequent attempts automatically establishing a connection to the subscriber device upon detection and authentication using the retrieved wireless profile without broadcasting an open SSID receivable by other wireless devices within range. | 12-12-2013 |
20130340063 | SYSTEMS AND METHODS FOR ACCESSING A VIRTUAL DESKTOP - Methods, computer-readable storage medium, and systems described herein facilitate enabling access to a virtual desktop of a host computing device. An authentication system receives one of an authentication token and a reference to the authentication token, wherein the authentication token is indicative of whether a user successfully logged in to an authentication portal using a client computing device. The authentication system generates a private key, a digital certificate, and a personal identification number (PIN) for the user in response to receiving the one of the authentication token and the reference to the authentication token. The private key, the digital certificate, and the PIN are stored in a virtual smartcard, and the client computing device is authorized to log into a virtual desktop using the virtual smartcard. | 12-19-2013 |
20130347092 | Remote Direct Memory Access Authentication of a Device - An approach is provided in which a server receives a first request from a client over a command port connection. The server, in turn, sends a first phase authentication token to the client over the command port and receives a second request from the client over a management port connection. In response, the server sends a second phase authentication token to the client over the management port connection, which the server receives back from the client over the command port connection. In turn, the server authenticates the client to utilize the command port connection accordingly. | 12-26-2013 |
20130347093 | TOKEN DEVICE RE-SYNCHRONIZATION THROUGH A NETWORK SOLUTION - A system and method are illustrated as including receiving a request for a current time and transmitting the current time to a password device. The current time is used to synchronize a clock in the password device to reflect the current time of an authentication server. The synchronized clock is used to generate a first token value at the password device. A request for the first token value is received from a server of the site by the authentication server. The server of the site is provided with the first token value. The server of the site sends a list of token values including the first token value to a computing device associated with the password device. The list of token values, presented at the same time on the computing device, are compared to the first token value generated by the password device to determine a matching first token value. | 12-26-2013 |
20140007213 | SYSTEMS AND METHODS FOR PUSH NOTIFICATION BASED APPLICATION AUTHENTICATION AND AUTHORIZATION | 01-02-2014 |
20140013410 | ACCESS RIGHT MANAGEMENT SYSTEM, ACCESS RIGHT MANAGEMENT METHOD, AND ACCESS RIGHT MANAGEMENT PROGRAM - An authentication includes a unit that issues right transfer information that is to be transmitted to a service providing device and a token that corresponds to the right transfer information and is to be transmitted to a service proxy access device on a basis of information about a user to whom a right is transferred and a condition under which the right is transferred, a unit that provides the token to the service proxy access device, and a unit that receives from the service providing device the token transferred from the service proxy access device and transmits to the service providing device the right transfer information that corresponds to the token and is kept by the authentication device. | 01-09-2014 |
20140020080 | CONTROLLING THIRD PARTY ACCESS TO NETWORK DEVICES - A device may receive a command from a source device, may receive information that identifies a destination device associated with the command, may receive information that identifies a user associated with the source device, and may determine a network condition of a network associated with the destination device. The device may determine that the user is associated with an available token, where the available token is associated with the user, the command, and the network condition. The device may transmit, to the destination device and based on determining that the user is associated with the available token, the command. | 01-16-2014 |
20140020081 | Portable Token Device - Disclosed is a portable token device that may be used to assist a user in generating a PIN at one device and to then pass the PIN to another device such that the two devices can securely communicate with one another. The portable token device may include: an interface; and a processor. The processor may execute operations including: determining if a close proximity coupling through the interface to a first device has occurred; transmitting a PIN request to the first device; and obtaining a PIN. Further, the processor may determine if a close proximity coupling through the interface to a second device has occurred. If so, the processor may command transmitting the PIN to the second device. The second device may perform device registration with the first device based upon the received PIN. | 01-16-2014 |
20140026203 | AUTHENTICATING A USER FOR TESTING PURPOSES - Authenticating a user for testing purposes. A web server receives a request from a client that includes an authentication credential and that is formatted to be handled by a particular authentication module. The authentication module is configured to obtain authentication tokens based on authentication credentials included in requests, while refraining from generating any interactive authentication dialogue. Based on the request, the web server passes at least a portion of the request, including the authentication credential, to the authentication module. The authentication module determines that the request is formatted in a manner that triggers the authentication module. The authentication module obtains an authentication token from an identity provider based on the authentication credential, while refraining from generating any interactive authentication dialogue. The authentication module returns the authentication token to the web server. The web server returns the authentication token to the client. | 01-23-2014 |
20140026204 | METHOD AND SYSTEM FOR AUTHENTICATING ENTITIES BY MEANS OF TERMINALS - In the disclosed method, users are provided with sets of authentication codes, each set includes a secret, a private key container and a matching public key container, the private and public key container are generated from respectively a first string including a domain name of an authentication server system and a PKI private key and a second string including the same domain name and a matching PKI public key. Upon receipt on the authentication server system of the first strings as a result of a first user reading the respective private key container, an action definition procedure is performed in which the first user is requested to enter a secret of the same set of authentication codes. If a check returns a positive result, the first user can define a set of actions to be performed upon receipt of the second string belonging to the same set of authentication codes. | 01-23-2014 |
20140026205 | Federated Realm Discovery - A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm. | 01-23-2014 |
20140033292 | System and Method for Authenticating Suspect Devices - In one embodiment, a system includes a memory and a processor communicatively coupled to the memory. The processor is operable to receive a first notification and determine whether the first device is associated with the user account. The processor is also operable to communicate a token to the first device in response to determining that the first device is associated with the user account. Additionally, the processor is operable to receive a second notification comprising a request to authenticate the user. The processor may also determine if the second notification comprises the token. The processor is operable to authenticate the user if the second notification comprises the token. The processor is also operable to authenticate the user if the second device is not associated with the user account and the second notification comprises user credentials associated with the user account. | 01-30-2014 |
20140041009 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - There is provided an information processing apparatus including a non-contact communication section that performs non-contact communication with a communication device which stores at least two pieces of software outputting information necessary for enjoying a predetermined service provided by a server, an obtaining section that obtains connection target information for connecting to the server and identification information indicating the software corresponding to the connection target information, and a control section that performs control of, via the non-contact communication section, issuing an instruction to the communication device to execute the software indicated by the identification information, obtaining an execution result of the software executed in accordance with the instruction, and transmitting the execution result to the server. | 02-06-2014 |
20140047531 | System and Method for Controlling User's Access to Protected Resources Using Multi-Level Authentication - Disclosed are systems, methods and computer program products for multi-level user authentication. In one example, method includes detecting a plug-in token connected to a device that controls user access to a protected resource; identifying one or more authorized users associated with the detected token who are authorized to access the protected resource; authenticating whether a first user requesting accessing the protected resource is associated with the detected token and authorized to access the protected resource; detecting presence of one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user; and providing access to the protected resource to the first user when the first user is authenticated as an authorized user associated with the detected token and the transponder of at least the first user is detected. | 02-13-2014 |
20140053256 | USER AUTHENTICATION DEVICE HAVING MULTIPLE ISOLATED HOST INTERFACES - Devices and methods provide for enabling a user to use a single user authentication device such as smart-card reader, such that the user is capable of securely interfacing with two or more isolated computers and enabling the user to authenticate and remain authenticated at multiple computers at the same time. Once the user removes the smart-card from the smart-card reader, the authentication session on all coupled computers is terminated at once. The user authentication device comprises: an authentication module connected via a channel selection switch to one of a plurality of channels, each interfacing with a respective coupled computer. | 02-20-2014 |
20140053257 | Universal Authentication Token - A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory. | 02-20-2014 |
20140059666 | METHODS, APPARATUSES & COMPUTER PROGRAM PRODUCTS FOR UTILIZING VISUAL AUTHENTICATION TOKENS AS CROSS-PLATFORM CREDENTIALS - An apparatus is provided for facilitating cross-platform authentication. The apparatus may include at least one memory and at least one processor configured to detect that a visual token includes data indicating one or more authentication credentials for accessing a communication device in response to scanning the visual token. The computer program code may further cause the apparatus to communicate the authentication credentials of the detected visual token to the communication device to request the communication device to determine whether the authentication credentials are valid for a user. The computer program code may further cause the apparatus to enable access to the communication device in response to receiving an indication from the communication device that the authentication credentials of the detected visual token are valid. Corresponding computer program products and methods are also provided. | 02-27-2014 |
20140068744 | Surrogate Secure Pairing of Devices - Methods and apparatuses for secure pairing are disclosed. In one example, a pairing surrogate is utilized to issue a pairing token to a first device and a second device to be paired. | 03-06-2014 |
20140068745 | CLIENT CREDENTIALS DATA STRUCTURE AND METHOD OF EMPLOYING THE SAME - A client credentials data structure, a method of employing the same and a secure client-server communication system employing the data structure or the method. One embodiment of the data structure is associated with a client and includes: (1) a pre-provisioned set of credentials configured to register the client with a server, (2) a standard user set of credentials employable for secure client-server communication, and (3) a re-acquisition token combinable with the pre-provisioned set of credentials to allow the client to re-register the client with the server. | 03-06-2014 |
20140068746 | METHOD FOR AUTHORIZING ACCESS TO PROTECTED CONTENT - The invention refers to a method for authorizing access to a third party application, called client ( | 03-06-2014 |
20140075531 | USING IDENTITY/RESOURCE PROFILE AND DIRECTORY ENABLERS TO SUPPORT IDENTITY MANAGEMENT - Embodiments of the present invention provide methods, system and machine-readable media for dynamically providing identity management or other services. According to one embodiment, dynamically providing services can comprise receiving a request related to an unknown principal. A service to which the principal is known can be selected. Once a service to which the principal is known has been located, an identity management result can be obtained from the selected service. The method can further comprise determining based on the identity management result whether the principal is authorized to access a requested resource. In response to determining the principal is authorized, the requested resource can be accessed. | 03-13-2014 |
20140075532 | Authentication Server and Communication Device - There is provided an authentication server. The server includes a receiving unit configured to receive a request from a network apparatus. The request includes a subscription identity. The server further includes a determination unit configured to determine whether the received subscription identity is a predetermined subscription identity and an obtaining unit configured to obtain, when it is determined that the received subscription identity is the predetermined subscription identity, a key and a subscription identity. The key is derived by applying a key derivation function to a random number and a key associated with the predetermined subscription identity. The server further includes a storage unit configured to store the obtained key and the obtained subscription identity and a response unit configured to send a response including the random number and an authentication token to the network apparatus. The authentication token includes the obtained subscription identity. | 03-13-2014 |
20140082717 | System and Method for Providing Secure Access to a Remote File - A method and system for providing secure access to a remote file is disclosed. According to one embodiment, a portable memory device containing a secure desktop is provided to a user. The user has a user device that removably accepts the portable memory device. The user is allowed to securely access a dedicated storage of the cloud storage system that is created at a request from an administrator. The secure desktop runs independently from a user desktop of the user device. The user's access to a local storage of the user device is blocked while the secure desktop is running. | 03-20-2014 |
20140082718 | METHOD AND APPARATUS FOR GENERATING A SECURITY TOKEN CARRIER - A method and an apparatus for generating a security token carrier, which belong to the field of data security, are disclosed. The method may include: generating multiple pieces of token information, establishing a relation which associates the token information with location information of a pre-set interactive security token carrier; obtaining security data which is set by a user for protecting the interactive security token carrier; and generating the interactive security token carrier by using the token information, the relation, the security data and public information of the interactive security token carrier. The apparatus may include: a token information processing module, a security data obtaining module and an interactive security token carrier generating module. | 03-20-2014 |
20140090045 | SYSTEMS AND METHODS FOR FACILITATING LOGIN AID FUNCTIONALITY IN MOBILE COMMERCE - This disclosure describes systems, methods, and computer-readable media related to systems and methods for facilitating login functionality in mobile commerce. A user device may receive information. The user device may transmit the information to a remote server. The user device may receive a token generated by the remote server based at least in part on the information. The user device may receive a request for the information. The user device may transmit the token associated with the information to the remote server. The user device may receive a notification that the remote server transmitted the requested information. | 03-27-2014 |
20140096219 | Assisted Registration of Audio Sources - Systems and methods are provided for assisting a user with setting up an audio system with audio content services the user is already registered with. One method may involve receiving a list of a plurality of audio services supported by an audio system, selecting an audio service from the list of plurality of audio services, and determining whether a computing device application corresponding to the audio service is present on a computing device operated by the user and associated with the audio system. If the computing device application is present on the computing device operated by the user, the audio service may be set up with the audio system based on the user's registration information. In one case, the setup of the audio system with the audio service may require additional user input. In another case, the setup of the audio system with the audio service may be automatic. | 04-03-2014 |
20140096220 | DEVICE, METHOD, AND SYSTEM FOR AUGMENTED REALITY SECURITY - Devices and methods for authenticating a user of a mobile computing device to a content server include establishing a communication session between a target computing device and the content server that is identified by a session ID. The target computing device generates a pairing token using the session ID, which pairing token may be a two-dimensional bar code such as a quick response (“QR”) code, and presents the pairing token to the mobile computing device. The mobile computing device captures the pairing token and authenticates the user of the mobile computing device to an authentication server. The target computing device receives an authentication token from the authentication server in response to the mobile computing device successfully authenticating the user to the authentication server. The target computing device accesses content on the content server using the authentication token. Other embodiments are described and claimed. | 04-03-2014 |
20140096221 | System and Method for Implicitly Resolving Query Scope in a Multi-Client and Multi-Tenant Datastore - An apparatus comprising a multi-tenant datastore and a processor coupled to the multi-tenant datastore, wherein the processor is configured to receive a request comprising one or more security tokens, wherein the one or more security tokens comprise identification information, and generate a query based on the request to access the multi-tenant datastore, wherein generating the query comprises deriving a query scope based on the one or more security tokens. | 04-03-2014 |
20140096222 | SECURE USER AUTHENTICATION USING A MASTER SECURE ELEMENT - The master secure element comprises a processor, a memory and a logic unit and at least controls the user input of the handset in order to secure the user authentication based on PIN entry. The PIN code is entered directly into the secure element with no possibility for the host processor to intercept the code or for a malware program to inject the code into the master secure element. | 04-03-2014 |
20140096223 | AUTOMATED SECURITY TOKEN ADMINISTRATIVE SERVICES - This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services. | 04-03-2014 |
20140096224 | HANDLING OPEN AUTHENTICATION OF AN INVOKED WEB SERVICE IN A PROCESS - Embodiments relate to methods, systems, and computer program products for handling open authentication (OAuth) of an invoked web service in a process. An aspect includes determining whether an OAuth access token has expired. Another aspect includes initiating an automatic update of the OAuth access token based on determining that the OAuth access token has expired. | 04-03-2014 |
20140101746 | SYSTEMS AND METHODS FOR INHIBITING ATTACKS WITH A NETWORK - Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided. | 04-10-2014 |
20140101747 | SYSTEM AND METHOD FOR COMMUNICATION BETWEEN DYNAMIC TOKEN AND TOOL - The present invention relates to the field of information security. Disclosed are a system and method for communication between a dynamic token and a tool, the system comprising a tool part and a dynamic token part; the tool part comprises a control module and a tool radio frequency communication module; the dynamic token part comprises an MCU and liquid crystal module and an OTP radio frequency communication module. The method comprises: the tool part transmits a modulated wake-up command signal to the dynamic token part in the form of an electromagnetic wave; when a wake-up response command signal returned by the dynamic token part is correctly received, the tool part transmits the modulated command signal to the dynamic token part in the form of an electromagnetic wave; and the tool part detects the amplitude variation of the generated carrier signal, judges whether the response signal is correctly received, and operates correspondingly. | 04-10-2014 |
20140115683 | SYSTEMS AND METHODS FOR PEER-TO-PEER ONLINE VERIFICATION USING THIRD PARTY AUTHENTICATION - The present disclosure is directed to methods and systems for indicating bias-less trust levels to online users for the purpose of facilitating safe and secure online purchase transactions within an online community. | 04-24-2014 |
20140115684 | MULTIPLE ACCESS POINT ZERO SIGN-ON - The ability to connect a device to the Internet or another type of network from various network access points in a convenient manner is contemplated. The device may be conveniently connected to the desired network without requiring user input of a username and password when connecting to the various network access points. | 04-24-2014 |
20140115685 | SMART SPACE ACCESS METHOD, SYSTEM, CONTROLLER, AND SMART SPACE INTERFACE SERVER - The present disclosure provides a smart space access method, a system, a controller, and a smart space interface server. The smart space access method includes: determining, by a controller that the controller enters a smart space in a smart space list; receiving a main mobile code corresponding to the smart space; and loading and executing the main mobile code, displaying a main service interface, generating a smart space request according to a service number of a selected application, sending the smart space request to the interface server, executing a result mobile code sent by the interface server, and displaying a processing result of the selected application. According to the present disclosure, access to different smart applications in different smart spaces can be implemented in a uniform manner by using a single controller without preinstalling a control program of a smart space, thereby providing a good expansibility. | 04-24-2014 |
20140130145 | USER DEVICE ADDING SECURE TOKEN TO NETWORK REQUESTS - A user device is configured to receive a request to obtain a service, an application, or content from a provider; obtain, based on receiving the request, a token that may correspond to a user of the user device and may obfuscate an identity of the user to the provider; modify the request to include the token and to form a modified request; provide the modified request to the provider; receive, based on providing the modified request, information regarding the service, the application, or the content from the provider; and present the information for display on a display screen. | 05-08-2014 |
20140143848 | DELIVERY OF MULTIPLE THIRD-PARTY SERVICES TO NETWORKED DEVICES - Systems and methods for authenticating a media device or other information handling system so as to be able to receive content from one or more media content providers. Authenticating the device includes determining what authentication information the media content providers require for access and then to generating and providing to the media device an authentication token that includes the required information. In some embodiments this may be accomplished by a service center, which removes the need for additional authentication steps to be performed by the media device or the media content providers. In addition, the service center may also determine when changes are made to the authentication information and may then ensure that the authentication token is changed or updated to reflect these changes. This ensures that the media device is at least partially immune to changes to authentication. | 05-22-2014 |
20140150080 | AUTHORIZING ACCESS TO DIGITAL CONTENT - Systems and methods for controlling access to content are disclosed. Content can be consumed by a device. Access to the content is controlled by duration. A device is provided with a token that allows the user to consume content via a subscription basis. | 05-29-2014 |
20140157391 | SECURITY CERTIFICATION AND STORAGE COMBINED APPARATUS HAVING WIRELESS COMMUNICATION FUNCTION - A security certification and storage combined apparatus provides a wireless communication function in that it can provide a function of a security certification and a function of a storage device through a general terminal having an USB communication function and a mobile device, which is not equipped with an USB port, and it can exchange data with the mobile device or change the data received from the mobile device through a wireless communication module, thereby easily implementing the certificate verification interface. | 06-05-2014 |
20140157392 | SYSTEM AND METHOD FOR USING A SEPARATE DEVICE TO FACILITATE AUTHENTICATION - A system that incorporates the subject disclosure may perform, for example, operations including receiving a request from a first device to access information content of a second device. The process further includes determining that the first device is authorized to access the information content according to authorization credentials, and determining a token associated with the request in response to determining that the first device is authorized to access the information content. The token is forwarded to the first device, and it is confirmed that the token was received at the first device. Access to the information content of the second device is authorized in response to confirming that the token was received at the first device. Other embodiments are disclosed. | 06-05-2014 |
20140157393 | PROXY AUTHENTICATION NETWORK - A Proxy Authentication Network includes a server that stores credentials for subscribers, along with combinations of devices and locations from which individual subscribers want to be authenticated. Data is stored in storage: the storage can be selected by the subscriber. The data stored in the storage, which can be personally identifiable information, can be stored in an encrypted form. The key used to encrypt such data can be divided between the storage and server. In addition, third parties can store portions of the encrypting key. Subscribers can be authenticated using their credentials from recognized device/location combinations; out-of-band authentication supports authenticating subscribers from other locations. Once authenticated, a party can request that the encrypted data be released. The portions of the key are then assembled at the storage. The storage then decrypts the data, generates a new key, and re-encrypts the data for transmission to the requester. | 06-05-2014 |
20140165177 | PHISHING AND ONLINE FRAUD PREVENTION - Phishing and online fraud prevention in one aspect includes a user computer implementing operations such as establishing a VPN tunnel between the user computer and a network operations center, activating a website launcher, reading user credentials from a smartcard, launching a browser in a sandboxed execution environment, and requesting a whitelisted webpage from the network operations center, via the VPN tunnel. The network operations center comprises one or more servers implementing operations such as determining if a user requested webpage is listed for access by the user, and loading and sending the requested webpage to the user, via the VPN tunnel, if the requested webpage is listed for access by the user. The user computer supplies the user credentials to the website and presents a webpage, a homepage, or a one-time password entry page for the website. | 06-12-2014 |
20140165178 | LEVERAGING ONLINE IDENTITIES TO GRANT ACCESS TO PRIVATE NETWORKS - An authentication service running on a processing device receives a request from a local area network (LAN) to authenticate a computing device (and/or a user of the computing device) that has attempted to access the LAN, the request comprising a first identifier (ID) that uniquely identifies the computing device. The authentication service determines whether to authenticate the computing device based on the first ID, information from a third party data set, and an authentication criterion of the LAN. Responsive to determining that the information from the third party data set satisfies the authentication criterion, the authentication service notifies the LAN that the computing device is authenticated. | 06-12-2014 |
20140165179 | APPLICATIONS LOGIN USING A MECHANISM RELATING SUB-TOKENS TO THE QUALITY OF A MASTER TOKEN - Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction. | 06-12-2014 |
20140181947 | ADMINISTRATION OF WEB PAGE - Personalization and projection of television or other content related services is contemplated. Services may be personalized according to a user identifier or other identifier associated with a mobile device, a second screen device or other type of device. The personalized services may be projected, transferred or otherwise accessed through another device, such as but not necessarily limited to a computer, a television, a settop box (STB), a gateway, etc. | 06-26-2014 |
20140181948 | Authenticating Using Cloud Authentication - An authentication mechanism in a local area network may use a cloud authentication mechanism to allow or deny authentication requests. A user may gain access within a local area network by entering a cloud identification and password, which may be verified by a cloud authentication mechanism. If the authentication is successful from the cloud authentication mechanism, the user identification and password are stored locally for subsequent authentication requests. In some embodiments, the cloud password may be periodically flushed so that subsequent requests may be passed to the cloud authentication mechanism. The authentication mechanism may be used in both domain and workgroup local area networks, and may operate in parallel with other users who may have local area network or client credentials which may not be authenticated from the cloud. | 06-26-2014 |
20140189840 | METHOD AND APPARATUS FOR SINGLE SIGN-ON COLLABORATION AMONG MOBILE DEVICES - A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices. | 07-03-2014 |
20140189841 | APPARATUS FOR AND METHOD OF MULTI-FACTOR AUTHENTICATION AMONG COLLABORATING COMMUNICATION DEVICES - Multi-factor authentication is enabled across a plurality of communication devices. A user performs authentication by using a first authentication factor on a first of the communication devices, and by using a second authentication factor on a second of the communication devices. A collaboration credential is shared among the devices to enable the devices to collaborate with each other. Both of the authentication factors are bound together. A multi-factor identification token is issued to each device, to support multi-factor authentication for the user across the devices. | 07-03-2014 |
20140189842 | METHOD FOR DEFENDING AGAINST SESSION HIJACKING ATTACKS AND FIREWALL - The present disclosure provides a method for defending against session hijacking attacks, including: receiving a first access request transmitted from a legal client side and transmitting the first access request to a server; receiving a first response comprising a first authentication token returned from the server; generating a first sequence value according to a network address of the legal client side and an identification code of the legal client side, and recombining the first authentication token and the first sequence value to form a second authentication token; and replacing the first authentication token in the first response with the second authentication token, and transmitting the first response comprising the second authentication token to the legal client side. | 07-03-2014 |
20140189843 | AUTOMATIC CONFIGURATION OF AN ENDPOINT - A method for automatically configuring at least one mobile device associated with a user, via a client software application stored on said mobile device using a token generated by a provisioning server and a hashed username with a publicly available redirect server. | 07-03-2014 |
20140189844 | METHOD AND APPARATUS FOR SEARCHING METADATA - Methods and apparatuses for searching metadata are described herein. In one embodiment, an example of a process for search metadata includes, hut is not limited to, in response to a search query for metadata stored in one or more of metadata stores, the search query is partitioned into multiple search query segments. Thereafter, searches corresponding to the search query segments are performed, where each search is performed independently within the one or more metadata stores. Other methods and apparatuses are also described. | 07-03-2014 |
20140196137 | UNIFIED COMMUNICATIONS WITH A CLOUD CLIENT DEVICE - In one embodiment, a cloud client device receives an indication of a coupling with a client device. The cloud client device sends authentication data to a cloud services system and receives data for configuring the cloud client device from the cloud services system, the data including one or more software modules associated with a communication protocol. The cloud client device receives input from a user of the client device and transmits the input in accordance with the communication protocol. | 07-10-2014 |
20140196138 | METHOD AND SYSTEM FOR PROCESSING A DATA TRANSFER RELATED TO A DATA-STORING CARD - In a method for processing a data transfer, an electronic device accesses card-specific data and a card account number from a data-storing card. The electronic device generates a device-generated authentication number which is associated with the data transfer, and which is transmitted, together with the card account number and the card-specific data, to a network platform. The network platform compares an inputted authentication number from a portable device and the device-generated authentication number, and transmits to-be-transferred data to the portable device when the authentication numbers correspond with each other. | 07-10-2014 |
20140196139 | PRIVACY PROTECTED INTERNET NETWORKS, SUBNETWORKS AND SUB-SUBNETWORKS - A computerized methods and systems to create, control and manage restricted scope and closed internet interactive networks, subnetworks and sub-subnetworks. The invention permits the protected network, subnetworks and sub-subnetworks to be connected to an open or previously established network, yet still remaining protected, secure and anonymous. Entrance into the protected interactive networks, subnetworks and sub-subnetworks by the user is achieved through a protected network device, anonymous address code, anonymous access code and/or anonymous login information. As the user interacts with the digital elements within the protected interactive networks, subnetworks and sub-subnetworks, a database of said interactions is created and used by the protected network provider in various ways, such as for user behavior information. No personal identifiable information is stored within interactive networks, subnetworks and/or sub-subnetworks and communication on said networks is unique, which inhibits and deters the targeting of the networks by cyber-criminals. | 07-10-2014 |
20140208409 | ACCESS TO DATA STORED IN A CLOUD - It is proposed that known digital rights management (EDRM: Enterprise Digital Rights Management) be extended such that control over the access to data stored in a cloud remains with the user or originator of the data. This requires the access information to be coordinated between a rights application in the cloud and a rights server in the region of the user (that is to say outside the cloud). A rights policy can be used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. In this context, the access comprises a wide variety of actions which can be performed with the data. In particular, it is advantageous that a server application is provided with (temporally limited) access to a portion of the data in order to index said data, for example, without the server being able to access the complete contents of the data in the process. By way of example, the approach for works for document management and for databases that have been relocated in the cloud. The invention can be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations. | 07-24-2014 |
20140208410 | SIMPLIFIED USER REGISTRATION - Methods, systems, and computer-readable media are provided. Some embodiments include receiving, at a computing device, a security token identifier and a request to access one or more resources of the computing device. The computing device obtains information that identifies one or more domains each having a trust relationship with the domain associated with the computing device. The computing device determines that an entry in a first data store associated with a first domain of the one or more domains matches the security token identifier. In response to the determining that an entry in the first data store matches the security token identifier, the computing device updates a local data store such that, in the local data store, the security token identifier is associated with first domain information that identifies the first domain. The computing device grants the requested access to one or more resources of the computing device. | 07-24-2014 |
20140215596 | METHOD FOR PERSONALIZING AN AUTHENTICATION TOKEN - An authentication token using a smart card that an organisation would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user. | 07-31-2014 |
20140215597 | Transparent Reconnection - In the event of an unintentional interruption, a token issued by a host system to a client system is used to reestablish communications without disrupting applications on the client system. If the host system provided an Internet Protocol address to the client system to be used during the interrupted communications session, the host system reserves the communications address during an interruption in communications for a period sufficient to permit reestablishment of communications using the reserved address. | 07-31-2014 |
20140223534 | MANAGING AN ENVIRONMENT OF A VIRTUAL SPACE BASED ON CHARACTERS MADE ACCESSIBLE RESPONSIVE TO CORRESPONDING TOKENS BEING DETECTED - Objectives, an environment, and/or a theme associated with a virtual space may be managed based on characters made accessible responsive to corresponding tokens being detected. Tokens, including a first token associated with a first character or a second token associated with a second character, may be detected based on signals received from one or more token readers. The first character may be made accessible in the virtual space responsive to the first token being detected and the second character may be made accessible in the virtual space responsive to the second token being detected. Responsive to one or both of the first token being detected or the second token being detected, a given objective associated with the virtual space may be effectuated in the virtual space, an environment of the virtual space may be modified, and/or a theme of the virtual space being modified. | 08-07-2014 |
20140237580 | SERVER SYSTEM AND CONTROL METHOD - There is provided a method of a server system including identifying a first token and a second token based on an identifier received from a first external information processing apparatus, acquiring data from the first external information processing apparatus with use of the first token, generating a document from the acquired data, transmitting the second token to an authentication processing apparatus, acquiring a verification result of the second token from the authentication processing apparatus, and transmitting the generated document to a second external information processing apparatus with use of the second token. | 08-21-2014 |
20140237581 | AUTHENTICATION PLATFORM AND RELATED METHOD OF OPERATION - An authentication platform comprises an authentication unit configured to authenticate the user based on received input data, and a control unit configured to enable communication between a client device and an authentication host as a consequence of successful authentication of the user by the authentication unit. | 08-21-2014 |
20140245418 | AUTOMATIC SIGN IN OF A USER AT MULTIPLE ENDPOINTS - The present disclosure is directed to methods and systems for user registration, where a user is logged in to a first device in communication with a server, including: receiving an anonymous registration of a second device comprising a token, where the second device is in communication with the server; receiving a credential of the user and the token; finding the second device using the token; and registering the user on the second device using the credential. | 08-28-2014 |
20140245419 | Methods and Systems for Accessing Account Information Electronically - Methods and systems for accessing customer account information involve, for example, binding a computing device with a customer's profile via one or more attributes of the computing device and an encrypted token stored on the computing device and thereafter receiving an authentication request consisting at least in part of the computing device attributes and the encrypted token stored on the computing device. A determination is made as to whether or not entry of a customer credential was received within a pre-determined preceding interval of time, and predefined customer account information is displayed on the computing device without requiring entry of the customer credential when a determination is made that entry of the customer credential was received within the pre-determined preceding interval of time. | 08-28-2014 |
20140250518 | COMPUTER IMPLEMENTED MULTI-FACTOR AUTHENTICATION - Computer implemented multi-factor authentication method for authenticating a user of a secured component ( | 09-04-2014 |
20140282984 | SERVICE RELATIONSHIP AND COMMUNICATION MANAGEMENT - Communication between a user and various services (e.g., websites) often involves creating a user profile comprising contact information (e.g., a personal email address) that the service uses to contact the user. However, managing communication may be burdensome and ineffective; the user's privacy may be diminished; and revocation of previously issued permission may be unachievable. Presented herein are techniques for providing a communication manager that establishes relationships with services on behalf of users, and that issues tokens to the services representing such relationships. In order to communicate with the user, the service presents the token to the communication manager, which conditions the authorization of the communication on verification of the current permission of user in the relationship represented by the token, optionally including the communication channel of the user requested by the service. This architecture enables more consistent, convenient, privacy-preserving, and revocable user control of communication permissions with the services. | 09-18-2014 |
20140282985 | Remote Access Authentication - An electronic device may be used to authenticate a user when accessing a remote system. In this regard, authentication information required to authorize accessing the remote system may be stored securely on a secure device, with the authentication information being configured such that it is inaccessible or unreadable while in the electronic device. The electronic device may obtain (e.g., read) the authentication information from the secure device when attempting to access the remote system. Obtaining (e.g., reading) the authentication information from the secure device may be triggered based on (i.e., in response to) a challenge by the remote system. The electronic device may then communicate the authentication information to the remote system, which may be configured to determine whether to grant or deny access to the user based on the authentication information. | 09-18-2014 |
20140282986 | CONTENT SERVICE ON DEMAND - A method is provided and may include receiving a request for a network content delivery service from an access device; directing the access device to a network service provider for authentication for the network content delivery service; receiving a network authorization token from the access device, where the network authorization token is associated with the access device; obtaining a network access token from the network service provider; and binding the network access token to a content access token. | 09-18-2014 |
20140282987 | PERSONAL DIGITAL IDENTITY DEVICE WITH MICROPHONE - A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere. | 09-18-2014 |
20140282988 | Retry and Snapshot Enabled Cross-Platform Synchronized Communication Queue - A queue in a connector service provides a unified communication channel and stores service packets sent to a target service from client applications. Incoming service request packets are modified at run time to add valid security tokens without requiring the user's action or notice. Before sending the packets, the connector service determines whether the authentication tokens are valid. Packets with valid authentication tokens are sent to the target service. If the communication request fails, the queue automatically adds the original communication packet to the end of the queue, so that it can be conditionally retried. When a loss of connectivity is detected, the connector service takes a snapshot of the queue by copying the packets to a storage module in the same order. When the connectivity is restored, the queue loads the saved requests from the storage module and starts processing them in the order they were received. | 09-18-2014 |
20140282989 | Actively Federated Mobile Authentication - To make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user's credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay. | 09-18-2014 |
20140282990 | USING AN IP MULTIMEDIA SUBSYSTEM FOR HTTP SESSION AUTHENTICATION - Disclosed is a method and system for utilizing an Internet Protocol Multimedia Subsystem (IMS) to authenticate an HTTP session between a communication device and an online application program. The method includes registering a communication device on an IMS, and generating an authorization token which is sent to the communication device. The communication device then embeds the authorization token in HTTP request communication directed to the IMS. The IMS, after verifying the authorization token, forwards the HTTP request and token to a selected Web server that hosts an online application to authenticate an HTTP session. | 09-18-2014 |
20140282991 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing apparatus receives user information and a request, generates authentication information in response to the request, stores the authentication information associated with the user information, receives the authentication information from a terminal apparatus and device identification information identifying the terminal apparatus, stores the device identification information and the user information stored associated with the authentication information in a manner of associating them with one another when information coincident with the received authentication information is stored, determines, when receiving the user information, the device identification information and a service request from the terminal apparatus, whether information coincident with the user information and information coincident with the device identification information are stored, and provides a service concerning the service request when determining that information coincident with same the user information and information coincident with the same device identification information are stored. | 09-18-2014 |
20140282992 | SYSTEMS AND METHODS FOR SECURING THE BOOT PROCESS OF A DEVICE USING CREDENTIALS STORED ON AN AUTHENTICATION TOKEN - Methods and systems are provided for securing devices in which a secure external authentication token is used to verify user credentials prior to enabling the operating system of the device by loading or decrypting the operating system. Suitable external authentication tokens can include smartcards such as a common access card and may be verified by cryptographic processes either at a local server or via a remote credentials processor. | 09-18-2014 |
20140282993 | System and Method for Physical Access Control - The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types of physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example. | 09-18-2014 |
20140282994 | METHOD FOR CALLING UP A CLIENT PROGRAM - A method for calling up a client program: transmitting a message to a server computer system using an Internet browser, wherein the message contains at least one parameter for communication of the client program with the Internet browser; dynamically generating a URL by the server computer system, wherein the URL calls up the client program according to a URL scheme, wherein the URL contains the at least one parameter; transmitting a website having the URL from the server computer system to the user computer system and displaying the website having the URL in a browser window of the Internet browser for selection by a user; starting the client program on a user computer system and imputing the at least one parameter into the client program on the basis of the selection of URL by the user; and communicating a result. | 09-18-2014 |
20140289838 | SYSTEM AND METHOD FOR PROVIDING A REST-BASED MANAGEMENT SERVICE IN A TRAFFIC DIRECTOR ENVIRONMENT - Described herein are systems and methods for providing software administration tools, for use in administering server configurations, such as in a traffic director or other type of server environment. In accordance with an embodiment, the system comprises a traffic director having one or more traffic director instances, which is configured to receive and communicate requests, from clients, to origin servers having one or more pools of servers. An administration server can be used to manage the traffic director, including a REpresentational State Transfer (REST) infrastructure and management service which maps REST calls to mbeans or other management components registered on the administration server, for use in managing the traffic director. | 09-25-2014 |
20140289839 | RESOURCE CONTROL METHOD AND APPARATUS - Embodiments of the present invention disclose a resource control method and apparatus. A client sends an authorization request message to a content provider. The content provider sends an authorization response message to the client according to a user identifier carried in the authorization request message, where the authorization response message carries an authorized access token. The client sends a content request message to a storage server corresponding to the content provider, where the content request message carries an identifier of content requested by the client and the authorized access token. The client receives the content sent by the storage server according to the authorized access token. The present invention is applied to the field of network resource management. | 09-25-2014 |
20140298443 | SYSTEM AND METHOD OF EXTENDING A HOST WEBSITE - Some embodiments of the present disclosure provide a system for providing access control. The system may include an extension module for extending a host website; and a marketplace server that is configured to: receive a request to access the extension module from a browsing device, the browsing device is for maintaining a browsing session with the host website, and the extension module is for exchanging data with the host website; generate a first authorization token that is associated with the browsing session; and send, to the browsing device, the first authorization token. The extension module may be configured to receive a second authorization token from the browsing device. One of the extension module or the marketplace server may then be further configured to: verify that the second authorization token matches the first authorization token; and if verification is successful, the extension module can be allowed to exchange data with the host website and communicate with the browsing device. | 10-02-2014 |
20140304795 | MODULAR AUTHENTICATION DEVICE COMBINING BIOMETRIC AND RFID SENSORS - A modular identity authentication apparatus for a computer system includes at least two different authentication technologies, such as biometric fingerprint readers, NFC-RFID receivers, and BYOD sensors. Each modular apparatus provides multiple authentication sensors that are connected through a single port at a computer terminal location. System software permits terminal use when all module devices are authenticated, and shuts down the terminal whenever the module is disconnected. | 10-09-2014 |
20140304796 | PROVIDING GUEST USERS NETWORK ACCESS BASED ON INFORMATION READ FROM A CREDIT CARD OR OTHER OBJECT - Guest user are enabled to access network resources through an enterprise network using a guest user account. A guest user account may be created for a guest for a limited time. Guest account credentials of the guest account may be provided to the guest to use the guest account using any of a variety of techniques described herein, for example, by scanning a guest access card, credit card or mobile telephone of guest user, and providing the guest account credentials to the user based on the information obtained. A guest access management server may be configured to generate and maintain guest accounts, authenticate guest users, and track and log guest activity. A VLAN technology may be used to separate guest traffic from host enterprise traffic on the host enterprise network. After a guest user is authenticated, communications to and from the guest user may be routed to a guest VLAN. | 10-09-2014 |
20140317716 | Extending infrastructure security to services in a cloud computing environment - A cloud deployment appliance (or other platform-as-a-service (IPAS) infrastructure software) includes a mechanism to deploy a product as a “shared service” to the cloud, as well as to enable the product to establish a trust relationship between itself and the appliance or IPAS. The mechanism further enables multiple products deployed to the cloud to form trust relationships with each other (despite the fact that each deployment and each product typically, by the nature of the cloud deployment, are intended to be isolated from one another). In addition, once deployed and provisioned into the cloud, a shared service can become part of a single sign-on (SSO) domain automatically. SSO is facilitated using a token-based exchange. Once a product registers with a token service, it can participate in SSO. This approach enables enforcement of consistent access control policy across product boundaries, and without requiring a user to perform any configuration. | 10-23-2014 |
20140325632 | METHOD FOR USING AND MAINTAINING USER DATA STORED ON A SMART CARD - In a method for using and maintaining user data stored on a smart card, a smart card receives a user data request for the user data stored on the smart card. The smart card determines whether the user data request is a data maintenance request or a data use request. A data maintenance request is for modifying user data stored on the smart card. A data use request is for read only access to user data stored on the smart card. The smart card uses a first process to determine whether to allow the user data request when the user data request is determined to be a data maintenance request. The smart card uses a second process, different from the first method, to determine whether to allow the user data request when the user data request is determined to be a data use request. | 10-30-2014 |
20140331302 | METHOD FOR SECURING AN ELECTRONIC DOCUMENT - The object of this invention is a method for securing an electronic document. In particular, this invention relates to a method that prevents the forging of documents in which an electronic chip is incorporated. To that end, the invention proposes a method in which the data on the document medium are associated with a fingerprint of the document, so as to make them inseparable. That fingerprint is determined on the basis of measurable physical units of the electronic chip or the medium. Thus, the invention allows the combination of the physical protection of the document and the protection of the chip so as to reinforce the security of said documents. | 11-06-2014 |
20140337955 | AUTHENTICATION AND AUTHORIZATION WITH A BUNDLED TOKEN - Authentication and authorization can be performed with a bundled token, which encapsulates two or more security tokens in a single security token. The bundled token can be supplied in response to a request for a token from a token service, for example. Subsequently, the bundled token can be sent in conjunction with a request for resource access, wherein more than one token is required to access the resource. | 11-13-2014 |
20140337956 | SYSTEM AND METHOD FOR MULTIFACTOR AUTHENTICATION AND LOGIN THROUGH SMART WRIST WATCH USING NEAR FIELD COMMUNICATION - A system and method for multifactor authentication and login using a smart wrist watch with at least one NFC (Near Field Communication) technology tag, with a computing device such as mobile, pda, tablets, laptop, desktop, or any similar system comprising user Authentication NFC login support and multifactor login support system or website wherein at least one NFC tag id arrayed in Smart Wrist watch is used for said device system or said website already registered at the time of sign up or setting user name and password is treated as second authentication factor. | 11-13-2014 |
20140337957 | OUT-OF-BAND AUTHENTICATION - In one aspect, the present disclosure is generally directed to a hardware token for completing an out-of-band authentication. In one embodiment, the hardware token performs a method that comprises: receiving an out-of-band encryption key from a client computing device; deriving a security credential that uniquely identifies the hardware token; transmitting the derived security credential and received out-of-band encryption key over the out-of-band communication channel to a network backend over a wireless network; receiving an in-band encryption key over the out-of-band communication channel; and transmitting the received in-band encryption key to the paired client computing device. | 11-13-2014 |
20140337958 | SECURITY FRAMEWORK FOR HTTP STREAMING ARCHITECTURE - Methods and apparatus for preventing unauthorized access to online content, including in particular streaming video and other media, are provided. In various embodiments, techniques are provided to authorize users and to authenticate clients (e.g., client media players) to a content delivery system. The content delivery system may comprise a content delivery network with one or more content or “edge” servers therein. The requesting client is sent a program at the time of content delivery. The program may be embedded in the content stream, or sent outside of the stream. The program contains instructions that are executed by the client and cause it to return identifying information to the content delivery system, which can then determine whether the client player is recognized and, if so, authorized to view the content. Unrecognized and/or altered players may be prevented from viewing the content. | 11-13-2014 |
20140337959 | SYSTEMS AND METHODS FOR CONTROLLING A LOCAL APPLICATION THROUGH A WEB PAGE - A system, computer-readable storage medium storing at least one program, and a computer-implemented method for controlling a local utility are disclosed. A first request originating from an application and including a first token is received at a local utility. The application received a web page, including a plurality of links and the first token, from a first server. The plurality of links are received by the application from a second server. The first token is authenticated. Authentication includes sending the first token to a third server. In response to authenticating the first token, a second token is generated at the local utility. The second token is sent to the application for inclusion in subsequent requests from the application. | 11-13-2014 |
20140359744 | SECURITY INFORMATION CACHING ON AUTHENTICATION TOKEN - A method of operating a security token to authenticate a user in a multi-factor authentication system is disclosed. The method includes: monitoring user custody of the token, the token having an identifying characteristic representing a possession factor for use through possession factor authentication; during a period of continuous user custody of the token based on the monitoring, obtaining a knowledge factor from a user having the continuous user custody; caching the knowledge factor in a memory of the token; and in response to a second authentication request, retrieving the knowledge factor from the memory to demonstrate to an authentication system knowledge of the knowledge factor, during the period of the continuous user custody. | 12-04-2014 |
20140359745 | AUTHENTICATING A THIRD-PARTY APPLICATION FOR ENABLING ACCESS TO MESSAGING FUNCTIONALITIES - A method for authenticating a third-party application for enabling access to messaging functionalities, including: receiving a first application launching request for an establishment of a connection between the first application and a server, wherein the connection enables a set of messaging functionalities that reside at the server and that are available for implementation by a second application to be available for implementation by the first application; validating that the first application is allowed to access the set of messaging functionalities at the server, wherein the validating includes: sending an indication of the first application launching request, to the server; and receiving an authentication token from the server, wherein the authentication token is configured for providing an authentication pass to the server when delivered thereto by the first application, thereby allowing the first application access to the set of messaging functionalities; and delivering the authentication token to the first application. | 12-04-2014 |
20140359746 | AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, AUTHENTICATION METHOD, AND AUTHENTICATION PROGRAM - A validity judgment means | 12-04-2014 |
20140373126 | USER AUTHENTICATION IN A CLOUD ENVIRONMENT - Embodiments are directed to authenticating a user to a remote application provisioning service. In one scenario, a client computer system receives authentication credentials from a user at to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications. The client computer system sends the received authentication credentials to an authentication service, which is configured to generate an encrypted token based on the received authentication credentials. The client computer system then receives the generated encrypted token from the authentication service, stores the received encrypted token and the received authentication credentials in a data store, and sends the encrypted token to the remote application provisioning service. The encrypted token indicates to the remote application provisioning service that the user is a valid user. | 12-18-2014 |
20140380451 | APPARATUS AND METHOD FOR PROVIDING A SECURITY ENVIRONMENT - A method for providing a security environment. The method includes detecting user information from an accessory in response to detection of the accessory, performing security authentication with input security information if the user information is detected; and providing the security environment when the security authentication is successful. | 12-25-2014 |
20140380452 | SECURITY TOKEN AND TRANSACTION AUTHORIZATION SYSTEM - A security token is conceived, in particular a smart card, being adapted to support multi-factor user authentication, said security token comprising: a tactile sensing user interface being adapted to capture a stream of input data corresponding to a sequence of positions of a finger engaging with said tactile sensing user interface and representing a user-specific credential for authorizing a transaction; a conversion unit being adapted to convert said stream of input data into a machine-readable credential; a computation unit being adapted to compute a machine-readable authentication code based on the machine-readable credential; a contact-bound interface being adapted to transmit said machine-readable authentication code to a first transaction device; a contactless interface being adapted to transmit said machine-readable authentication code to a second transaction device. | 12-25-2014 |
20140380453 | COMPUTER IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST USER AUTHENTICATION AND COMPUTER PROGRAMS PRODUCTS THEREOF - The computer implemented method comprising: receiving a first server a request in the name of a user to be logged into a service of said first server and authenticating said request by verifying user identification information of said user, wherein a second server in connection with a user computing device with a dedicated program is used for: receiving a request about a status associated to said user; initializing a credential exchange in order to provide mutual authentication; verifying said associated status that has been previously set as valid or as invalid by said user; and sending said associated status to said first server wherein the latter allows the logging of said request or rejects it if said associated status is set as valid or as invalid. | 12-25-2014 |
20150020185 | Communication Session Transfer Between Devices - Methods and apparatuses, including computer program products, are described for communication session transfer between a plurality of computing devices. A first computing device detects a presence of a second computing device in proximity to the first device, where the first device has established a first communication session with a remote computing device. The first device establishes a wireless connection to the second device. A first token is transmitted to the second device. A second token is received from the second device. The second token is authenticated via comparison to the first token. The first device transmits, to the second device, information indicating a state of the first communication session to enable the second device to establish a second communication session with the remote device, where the second communication session is established using the state of the first communication session. | 01-15-2015 |
20150033316 | FEATURE LICENSING IN A SECURE PROCESSING ENVIRONMENT - Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave. | 01-29-2015 |
20150033317 | LINKING TOKEN DETECTION AT A SINGLE COMPUTING PLATFORM WITH A USER IDENTIFICATION TO EFFECTUATE MODIFICATIONS IN VIRTUAL SPACE INSTANCES PRESENTED VIA MULTIPLE COMPUTING PLATFORMS - Token detection at a single computing platform may be linked with a user identification to unlock content and/or effectuate modifications in virtual space instances presented via multiple computing platforms, in accordance with one or more implementations. Exemplary implementations may enhance consistency in a user's experiences of a virtual space across multiple computing platforms. | 01-29-2015 |
20150040205 | System and Method for Physical Access Control - The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types or physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example. | 02-05-2015 |
20150052597 | MESSAGE CONTENT AJUDICATION BASED ON SECURITY TOKEN - A computer program product for processing a message is provided. The computer program product comprises a computer readable storage medium having program instructions embodied therewith. The program instructions readable by a processing circuit cause the processing circuit to perform a method. The method validates a security token for a user. The method allows the user to compose a message. Based on the security token, the method verifies that the user is authorized to send the message to an intended recipient of the message and that a security level of the message is at or below a security level of the user. | 02-19-2015 |
20150058962 | SYSTEM AND METHOD OF AUTHENTICATION OF A FIRST PARTY RESPECTIVE OF A SECOND PARTY AIDED BY A THIRD PARTY - A method and system of authenticating a service to access data respective of a user on a low-end mobile device are provided. The method includes receiving a request from a service to access data respective of the user device, wherein the user device is a low-end mobile device; sending the user device a first authentication token over a first communication path; receiving a second authentication token over a second communication path, wherein the second authentication token is received from a host server hosting the service; comparing the first authentication token to the second authentication token; and allowing access to the data upon determination that the first authentication token matches the second authentication token. | 02-26-2015 |
20150058963 | MANAGEMENT AND DELIVERY OF PROFILE DATA - Aspects of the invention relate to systems and methods for securely retaining profile data and the use of such data for the targeted delivery of content. In one embodiment, a unique profile that represents the user location and is keyed to profile attributes selected from both a first set of data collected from the user location and the second set of profile data collected from an external source, is generated. The key does not allow a third party to identify the end-user location or a user associated with the end-user location. Electronic content transmitted to end-user locations may be encoded such that it may only be accessed by an authorized user and/or on a specific electronic device at the user location. A graphical user interface may be utilized to allow a third-party to provide selection criteria for determining user locations to receive targeted content. Further aspects of the invention relate to an electronic device configured to present targeted content to a user at a user location. | 02-26-2015 |
20150058964 | Streaming Music Using Authentication Information - Systems and methods are provided for assisting a user with setting up an audio system with audio content services the user is already registered with. One method may involve receiving a list of a plurality of audio services supported by an audio system, selecting an audio service from the list of plurality of audio services, and determining whether a computing device application corresponding to the audio service is present on a computing device operated by the user and associated with the audio system. If the computing device application is present on the computing device operated by the user, the audio service may be set up with the audio system based on the user's registration information. In one case, the setup of the audio system with the audio service may require additional user input. In another case, the setup of the audio system with the audio service may be automatic. | 02-26-2015 |
20150058965 | PASSPORTING CREDENTIALS BETWEEN A MOBILE APP AND A WEB BROWSER - Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session. Embodiments may operate by authenticating a device session from a native app executing on a client device producing a device session token; passing the device session token from a native app to an embedded browser to authenticate a user when entering a web flow; and entering the web flow, according to the session token, on an embedded browser driven by the native app so that the user encounters a single shared session (device session and web session) running at least two parallel secure communication interactions with an infrastructure. | 02-26-2015 |
20150067810 | SYSTEM AND METHOD FOR PROTECTING SPECIFIED DATA COMBINATIONS - A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter. | 03-05-2015 |
20150067811 | CONDUCTING SESSIONS WITH CAPTURED IMAGE DATA OF PHYSICAL ACTIVITY AND UPLOADING USING TOKEN-VERIFIABLE PROXY UPLOADER - A token-verifiable proxy uploader is disclosed. A token request may be transmitted from an end-user communication device for requesting an upload token from a hosted services server that is configured to authorize transmission of a first media file to a hosted proxy server. The upload token may be transmitted to the end-user communication device. Validation of the user of the end-user communication device may be conducted without the end-user device providing any credentials to the media sharing site and in which the end-user device is does not transmit any credentials specific to the media sharing site as part of the validation. The token validation call may be in response to the hosted proxy server receiving the upload token and either: (1) the first media file from the end-user communication device; or (2) a request from the end-user communication device to upload the first media file to the hosted proxy server. | 03-05-2015 |
20150067812 | LOCAL STREAMING PROXY SERVER - A local application streaming proxy can create a virtual image of storage media, which allows cloud operators to rapidly deliver applications, or deliver any operating system remotely, while providing better security, network utilization, low power requirements, and consistent performance for streamed applications and operating systems. A station using its WiFi/LAN provides QoS guarantees (or priority) for application streaming network communications to create a consistent user experience regardless of other application bandwidth utilization. “HTTP demand paging” is also possible. | 03-05-2015 |
20150074784 | USING SERVICE REQUEST TICKET FOR MULTI-FACTOR AUTHENTICATION - In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint. | 03-12-2015 |
20150074785 | USING SERVICE REQUEST TICKET FOR MULTI-FACTOR AUTHENTICATION - In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint. | 03-12-2015 |
20150074786 | METHOD OF AUTOMATICALLY AUTHENTICATING A USER AND ELECTRONIC DEVICE THEREFOR - A method of operating by an electronic device is provided. The method includes displaying a user interface that requests an input of login information on a display, wherein the display is comprised in the electronic device, displaying that a login using biometric information is possible, instead of the login using the login information, on the display, receiving the biometric information associated with the login information, and performing the login in response to reception of the biometric information. | 03-12-2015 |
20150074787 | System and Method for an Asynchronous Processor with a Hierarchical Token System - Embodiments are provided for an asynchronous processor with a Hierarchical Token System. The asynchronous processor includes a set of primary processing units configured to gate and pass a set of tokens in a predefined order of a primary token system. The asynchronous processor further includes a set of secondary units configured to gate and pass a second set of tokens in a second predefined order of a secondary token system. The set of tokens of the primary token system includes a token consumed in the set of primary processing units and designated for triggering the secondary token system in the set of secondary units. | 03-12-2015 |
20150082406 | METHOD AND APPARATUS FOR CONTROLLING ACCESS TO ELECTRONIC DEVICES - According to an aspect of the present disclosure, a method for controlling access to a plurality of electronic devices is disclosed. The method includes detecting whether a first device is in contact with a user, adjusting a security level of the first device to activate the first device when the first device is in contact with the user, detecting at least one second device within a communication range of the first device, and adjusting a security level of the at least one second device to control access to the at least one second device based on a distance between the first device and the at least one second device. | 03-19-2015 |
20150082407 | CONFIRMING THE IDENTITY OF INTEGRATOR APPLICATIONS - An application service system receives, from a merchant service system, an application program code comprising identifying information. The identifying information is extracted and the application is distributed for operation on a user device. A user interacts with the application, creating an access request that is transmitted to the application service system along with the extracted identifying information. The application service system transmits an access token to the user device comprising the received identifying information. The user device transmits the access token with a service request to the application service system. The application service system compares the identifying information from the access token to the identifying information extracted from the application program code received from the merchant services system. If the identifying information matches, the service request is processed. If the identifying information does not match, the service request is denied and an error message is transmitted to the user device. | 03-19-2015 |
20150082408 | QUICK LOGIN TO USER PROFILE ON EXERCISE MACHINE - A personal mobile device such as a music player or mobile telephone is equipped with the capability to easily authenticate users into a public gym and into individual exercise equipment at the gym. | 03-19-2015 |
20150082409 | AUTHORIZED REMOTE ACCESS TO AN OPERATING SYSTEM HOSTED BY A VIRTUAL MACHINE - Proposed is a concept for providing authorized remote access to an operating system hosted by a virtual machine. first and second authentication tokens are generated at a client system and communication to a server system providing the virtual machine. the validity of the first and second authentication tokens is verified at the server system. if the validity of the first authentication token is verified, the operating system is shut-down. then, if the validity of the second authentication token is verified, the operating system is re-started. | 03-19-2015 |
20150082410 | SYSTEMS AND METHODS FOR DEVICE DATA TRANSFER - There is provided a method and system for securely coupling and transferring data between devices. In a preferred embodiment, the devices may comprise two devices, a transferring device and a receiving device, and both devices are mobile devices. Embodiments of the present invention allow the wireless transfer of data such as contacts, photo images, video files, or other data from one device to another device, without need for special hardware or cabling. | 03-19-2015 |
20150089621 | SECURE LOGIN FOR SUBSCRIBER DEVICES - A network service may receive an authentication request from a subscriber device, the authentication request including a user credential and a device identifier of the subscriber device. The service may validate the authentication request based at least in part on the included user credential, and when the authentication request is validated, provide an authentication reply to the subscriber device indicative of allowance of the subscriber device to access the service, the authentication reply including a hash token keyed to the device identifier of the subscriber device for use in validation of subsequent authentication requests. The service may further generate a second hash token based on the device identifier of a subsequent authentication request; validate a subsequent authentication request according to the hash token and the second hash token; and when the subsequent authentication request is validated, allowing the subscriber device to access the service. | 03-26-2015 |
20150089622 | MOBILE OAUTH SERVICE - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 03-26-2015 |
20150089623 | SERVICE PROFILE-SPECIFIC TOKEN ATTRIBUTES AND RESOURCE SERVER TOKEN ATTRIBUTE OVERRIDING - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 03-26-2015 |
20150089624 | SECURITY MANAGEMENT METHOD AND APPARATUS IN A HOME NETWORK SYSTEM - To solve the problems that may occur due to the leakage of user account information, the present disclosure may manage the security using the device token that is used independently of that of the server, that is generated by a home device, and that can be used for device authentication when a smart phone controls home appliances. With the use of the device token, the present disclosure may solve the problems that the status information of home appliances is exposed by another person or the home appliances are controlled by another person, even though the user account information is leaked. | 03-26-2015 |
20150096006 | MOVING TARGET DEFENSE AGAINST CROSS-SITE SCRIPTING - A method, in a server, implementing a moving target defense against cross-site scripting includes receiving a request for a web page, wherein the server has N versions of the web page each with a mutated version of JavaScript; selecting a web page of the N versions; and sending an indication of the mutated version of JavaScript associated with the web page in response to the request. Another method, in a client device, using a moving target defense against cross-site scripting includes requesting a web page; receiving an indication of a mutated version of JavaScript for the web page; and adjusting a JavaScript interpreter based on the mutated version of JavaScript for the web page. | 04-02-2015 |
20150101034 | SYSTEM AND METHOD FOR A FACET SECURITY FRAMEWORK - An example method is provided and includes intercepting an action request from an entity for an action to be performed with respect to a resource in a cloud environment, where the action request comprises a resource facet that controls access to the resource. The method also includes determining whether the resource facet is valid for the action by evaluating a policy associated with the resource; and allowing the action. | 04-09-2015 |
20150106906 | METHOD AND APPARATUS FOR TRANSMITTING ADDITIONAL AUTHORIZATION DATA VIA GSSAPI - A system and method for using a GSSAPI security token to transport additional non-GSSAPI data that includes authorization data used by third-party software. The system includes a hook that intercepts a client process's interactions with the GSSAPI. When a client process requests a security context from the GSSAPI, the hook intercepts the security token the GSSAPI provides for the client process. The hook checks to see if there is additional authorization data to transport, adds the additional data to the security token, then gives the token to the client process. The client process sends the security token to the server process, which submits the token to the GSSAPI for evaluation. A hook on this computer intercepts the security token, removes additional data added earlier, gives the added authorization data to a version of the third-party authorization software, then passes the now-unaltered security token to the server process which uses the security token to finish establishing a security context with the client process. | 04-16-2015 |
20150106907 | METHOD AND SYSTEM FOR SECURE CO-BROWSING OF PATIENT RECORDS ON COMMUNICATION DEVICES - A method and system are provided for co-browsing of patient records on communication devices. The method includes setting up a communication session between a first communication device and one or more second communication devices, where the communication session is initiated by the first communication device. Further, the method includes accessing one or more patient records via a server, where the one or more patient records are accessed at the first communication device. The method further includes sending a reference of the one or more patient records to the one or more second communication devices, where the reference is sent from the first communication device. | 04-16-2015 |
20150106908 | TRUSTED INTERNET IDENTITY - A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requestor by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request. | 04-16-2015 |
20150121504 | IDENTIFICATION PROCESS OF APPLICATION OF DATA STORAGE AND IDENTIFICATION HARDWARE WITH IC CARD - The present invention relates to an identification process of application of data storage and identification hardware with IC (Integrated Circuit) card, and particularly to an IC card and within identification ICCID and GLN, which can be installed in a USB compatible flash memory, as identification hardware device. This can be as a useful authorization process of records companies or intellectual property owners. The hardware can also be used as storage media. Use non-duplication code in IC card and encryption system to ensure user authentication and data confidentiality on Internet or any other information system of computer. As using normal private key the invention is easy and convenient to use. | 04-30-2015 |
20150121505 | WIRELESS SESSION CONFIGURATION PERSISTENCE - A wireless access point employs a wireless configuration database for retrieving a stored wireless profile corresponding to a subscriber device from a remote location that enables the user to establish an Internet connection using their subscriber device with the same network identifiers and settings employed from the home wireless profile. The network identifier is typically an SSID (Service Set Identification), and labels the wireless configuration using a mnemonic name familiar to the user. The wireless configuration also denotes authentication and security (passphrase) tokens required for access, and would therefore enable the user to sign on at the remote wireless access point using the passphrase already known from their home WiFi arrangement. Subsequent attempts automatically establishing a connection to the subscriber device upon detection and authentication using the retrieved wireless profile without broadcasting an open SSID receivable by other wireless devices within range. | 04-30-2015 |
20150128242 | Federated identity mapping using delegated authorization - A method for identity mapping across web services uses a delegated authorization protocol, such as OAuth. In response to a request from a first user at a first web service, a connection to a second web service is established using the protocol. The second web service responds by sending information associated with a second user of the first web service who previously logged into the second web service from the first web service using the protocol. The second user may be a “contact” of the first user. The information received from the second web service is a access token that was obtained by the second user during that prior login. The access token is provided in lieu of data associated with the second user's account at the second web service. Thereafter, the first web service uses the access token it received to map to an identity of the second user. | 05-07-2015 |
20150128243 | METHOD OF AUTHENTICATING A DEVICE AND ENCRYPTING DATA TRANSMITTED BETWEEN THE DEVICE AND A SERVER - A method of authenticating a device for secure communications between the device and a server comprises transmitting a security token request via a data communications network using a data communications protocol. A message is received from the device that no security token is available. In response, an identification request is transmitted from the server to the device via the data communications network and an identification message is received from the device via a mobile communications network using a mobile communications protocol, the identification message including an identification of the device. The identification of the device is stored in a memory. A security token is generated and transmitted to the device via the data communications network. The security token is stored associated with the identification of the device in a memory connected to the server for use in future secure communications with the device via the data communications network. | 05-07-2015 |
20150143500 | SYSTEMS AND METHODS FOR SECURE OPERATION OF AN INDUSTRIAL CONTROLLER - A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode. | 05-21-2015 |
20150150109 | AUTHENTICATED ACCESS TO A PROTECTED RESOURCE USING AN ENCODED AND SIGNED TOKEN - Techniques are disclosed for authenticated access to a protected resource. A third party application receives a request to access a protected resource, including a bearer token encoded in an HTTP Authorization request header field. The bearer token includes a client identification value that is encrypted and signed in a predefined syntax. The third party application determines whether the bearer token conforms to the predefined bearer token syntax, such as a JavaScript Object Notation Web Token syntax. If the bearer token conforms to the bearer token syntax, the client identification value is extracted from the bearer token. The client identification value is compared to a predefined list of authorized client identification values associated with the protected resource. If the client identification value matches any of the values on the list of authorized values, the bearer token is validated, which permits the third party application to access to the protected resource. | 05-28-2015 |
20150150110 | IDENTIFYING AND DESTROYING POTENTIALLY MISAPPROPRIATED ACCESS TOKENS - A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint. | 05-28-2015 |
20150150111 | SELF-SINGLE SIGN-ON - Techniques are described for providing sign-on within a trusted environment across multiple application servers. For example, a method can be provided for a single sign-on within a trusted environment across application servers. The method comprises, by a first application operating within the trusted environment, connecting to a first application server via a first access channel, and retrieving an authentication token from the first application server via the first access channel. The method further comprises, by a second application operating within the trusted environment, connecting to a second application server via a second access channel, and authenticating with the second application server with the authentication token. | 05-28-2015 |
20150294307 | USER AUTHENTICATION BY OPERATING SYSTEM-LEVEL TOKEN - Embodiments are directed to communicating an operating system-level token for user identification and/or authentication. Embodiments store a token at an operating system-level, wherein the token is accessible by an operating system running on the apparatus, and wherein the token comprises user identification information and/or user authentication information; and in response to an initiating event, initiate communication of the token to a second apparatus external to the apparatus. Some embodiments include initiation of an operation system-level instruction set for periodically, continuously, or in response to detecting a request, initiating communication of the token. | 10-15-2015 |
20150294346 | STATE INFORMATION SESSION TOKEN - A system includes register a received token, generated by a web browser client of a client device, as being associated with a web session of the web browser client, receive a request including the token from a secure application of the client device, identify state information according to the web session of the web browser client associated with the token, and send the state information to the secure application of the client device responsive to the request. | 10-15-2015 |
20150295916 | Scoped Access to User Content - Techniques for scoped access to user content are described. According to one or more embodiments, an access token is generated that includes an indication of a scope of permitted access to user content. The access token, for example, can specify scope by identifying a particular category and/or instance of content to which access is permitted. In at least some embodiments, a uniform resource identifier (URI) is used to specify the scope within the access token. When the access token is used to request user content, the URI can be mapped directly to a particularly category and/or instance of content. In at least some embodiments, direct mapping obviates the requirement for intermediate mapping and/or translation of the access token to identify requested user content. | 10-15-2015 |
20150295918 | USER AUTHENTICATION SYSTEM IN WEB MASH-UP CIRCUMSTANCE AND AUTHENTICATING METHOD THEREOF - Disclosed is a user authenticating method in a web mash-up circumstance, including: requesting, by a mash-up server, updating an access authority token for accessing a data server to an authentication server; requesting, by the authentication server, a user authentication to the mash-up server; and issuing, by the authentication server, the updated access authority token to the mash-up server based on a response result to the user authentication request. | 10-15-2015 |
20150295919 | SELF-AUTHENTICATING CARD - A self-authenticating card includes a magnetic stripe storing a card authentication code and a network authentication code. The card also includes an authentication circuit that is operable to read the card authentication code and the network authentication code from the magnetic stripe using at least one sensor and authenticate the card using the card authentication code by comparing the card authentication code with an expected code stored in memory separate from the magnetic stripe. In response to authenticating the card using the card authentication code, the authentication circuit enables data communication with a card reader, provides the network authentication code to the card reader, generates a new network authentication code, and writes the new network authentication code to the magnetic stripe using at least one write head. | 10-15-2015 |
20150295920 | SELF-AUTHENTICATING CHIPS - A self-authenticating chip includes first and second memory regions storing, respectively, first and second authentication codes. The second memory region is adapted to be unreadable and unmodifiable by the chip or a chip reader. The chip also includes a comparator for providing an indicator of whether given input matches the second authentication code. The chip also includes an authentication circuit that is operable to read the first authentication code from the first memory region, present the first authentication code to the comparator, and in response to receiving an indicator from the comparator indicating that the first and second authentication codes match, unlock at least one of (i) a communication interface of the chip to allow data to be transmitted therethrough to a chip reader and (ii) a third memory region of the chip to allow data to be read therefrom. | 10-15-2015 |
20150302187 | APPARATUS AND METHOD FOR MANAGING MULTIPLE USER ACCOUNTS ON A MEMORY CARD - A memory card having a memory resident on the memory card and having stored thereon multiple isolated user accounts each having an associated user account data, and a firmware stored in memory, the firmware including coded instructions, which when executed, selectively manages each isolated user account so that an account access data for a predetermined isolated user account is accessed from the associated user account data when the firmware determines a predetermined condition is satisfied. | 10-22-2015 |
20150304305 | MANAGING ACCESS TO AN ON-DEMAND SERVICE - In accordance with embodiments, there are provided mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can enable embodiments to help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability of embodiments to provide such management may lead to an improved security feature for accessing on-demand services. | 10-22-2015 |
20150304313 | ONE-TIME PASSWORD OPERATING METHOD - Disclosed is a one-time password operating method, comprising: when a one-time password detects a valid key, judging the type of a pressed key, if the pressed key is a power-on key, detecting whether a current power-on logo is set, if yes, resetting same, otherwise, setting same and inspecting whether a locking logo is set, if yes, entering an unlocking code interface, otherwise entering an information interface; if the pressed key is a delete key, deleting data at the tail end of a data cache area; if the pressed key is a number key and the one-time password is not in the information interface, storing corresponding data in the data cache area; if the one-time password is in the information interface, judging whether the time for the key being pressed down goes beyond a preset time period, if yes, entering a power-on password modifying interface, otherwise storing corresponding data in the data cache area; if the pressed key is an Enter key and the one-time password is not in the information interface, judging whether the data in the data cache area are correct or meet requirements, if the one-time password is in the information interface, generating a dynamic password and displaying corresponding contents. | 10-22-2015 |
20150304319 | SYSTEM AND METHODS FOR ONLINE AUTHENTICATION - A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer. | 10-22-2015 |
20150310194 | Authentication Using Device ID - A system for authenticating a customer is disclosed. The customer may attempt to access protected resources located at an authentication server. The customer may log in to the authentication server's website, thereby submitting an authentication request. The authentication request may comprise attributes of the device the customer uses to log in. The authentication server may generate a device ID using the received device attributes and generate an authentication token that is signed with the device ID. The authentication server may transmit the authentication token to the client device. Subsequent requests to access protected resources from the client device may include the authentication token that is signed with the device ID. | 10-29-2015 |
20150312241 | IDENTITY BASED TICKETING - A system for identity based ticketing is provided, wherein a user device sends a challenge to a terminal; the terminal updates a filter based on the challenge and sends the contents of the filter to the user device. The user device sends the contents of the filter, relating to the user device and the terminal, to a backend server; and the backend server derives from the contents of the filter information concerning user behavior. | 10-29-2015 |
20150319158 | SYSTEM AND METHOD FOR TOKEN DOMAIN CONTROL - A method for providing a token code in conjunction with a value token is disclosed. The token code serves as a shared secret for authenticating the use of the value token. Multiple token holders can possess the same value token, but each token holder may have a different token code for use with the value token. | 11-05-2015 |
20150326560 | REGISTRATION AND NETWORK ACCESS CONTROL - In embodiments of registration and network access control, an initially unconfigured network interface device can be registered and configured as an interface to a public network for a client device. In another embodiment, a network interface device can receive a network access request from a client device to access a secure network utilizing extensible authentication protocol (EAP), and the request is communicated to an authentication service to authenticate a user of the client device based on user credentials. In another embodiment, a network interface device can receive a network access request from a client device to access a Web site in a public network utilizing a universal access method (UAM), and the request is redirected to the authentication service to authenticate a user of the client device based on user credentials. | 11-12-2015 |
20150326578 | METHOD AND APPARATUS FOR CONTROLLING RESOURCES ACCESS - Controlling resource access, a first device responsive to a request for access to a resource, determines whether to grant the access to the resource, based on an identity of a requestor requesting the access to the resource. The resource is provided by a second device that is separate from the first device. The first device customizes an access token with an access constraint to control the access to the resource, the access token is generated responsive to the first device determining that, based on the identity of the requestor requesting the access to the resource, the access to the resource is granted. | 11-12-2015 |
20150332029 | SYSTEM AND METHOD FOR ESTABLISHING AND MONETIZING TRUSTED IDENTITIES IN CYBERSPACE WITH PERSONAL DATA SERVICE AND USER CONSOLE - A system and method for establishing and monetizing trusted identities in cyberspace relying upon user opt in. Users request to attain secure IDs by accessing parties that will rely on secure IDs to complete a transaction, for example merchants and service providers (relying parties). The relying parties (RPs) communicate with identity service providers and attribute providers via an Attribute Exchange Network (AXN) in order to obtain verified attributes associated with an entity (end user or user) that wishes to conduct business with the relying party. The relying party makes requests for verified attributes that are important to consummating business transactions for the relying party. Users are informed of requests for attributes on behalf of relying parties and users have the option to verify attributes, and add new attributes that may be useful or required for conducting business with relying parties. | 11-19-2015 |
20150334098 | Service Channel Authentication Processing Hub - A computer system receives a service request over a service channel from a user device, initiates a challenge to the user device to provide authentication information based on a set of authenticators, and determines an initial level of authentication. When the initial level of authentication is not sufficient for the service channel or protected resource, the apparatus generates a challenge to the user device with at least one additional authenticator and determines an achieved level of authentication based on the further authentication information. When the achieved level of authentication reaches a target authentication level for the service channel, the apparatus continues processing the service request by the service channel. The computer may transfer the service request to another service channel with the authentication token obtained on the original service channel and further challenges the user device with additional authenticators when a higher level of authentication is necessary. | 11-19-2015 |
20150341346 | Bifurcated Authentication Token Techniques - Bifurcated authentication token techniques are described in which sign-on credentials are separated from corresponding privilege data for resources. During client authentication, a determination is made regarding whether a service provider is configured to support bifurcated authentication token techniques. If the techniques are supported, a lightweight token is issued to the client and corresponding privilege data is stored separately from the token in a centralized authentication database. If a service provider does not support bifurcated authentication token techniques, a traditional, combined authentication token that includes privilege data is issued to the client. The lightweight token contains identity information and a reference to the privilege data, but does not contain the actual privilege data. Therefore, the lightweight cookie token alone is not sufficient to gain access to corresponding resources. Moreover, privileges associated with a lightweight token may be revoked or altered without having to change or invalidate the lightweight token itself. | 11-26-2015 |
20150347729 | SYSTEMS AND METHODS FOR A CREDENTIAL INCLUDING MULTIPLE ACCESS PRIVILEGES - A credential for use in an access control system may include a first sector including first data of a first database type, and a second sector including second data of a second database type. The credential may further include a third sector including third data related to the second data. The first database type and the second database type may he different types. | 12-03-2015 |
20150347888 | SYSTEMS, METHODS, AND APPARATUSES FOR ASSOCIATING FLEXIBLE INTERNET BASED INFORMATION WITH PHYSICAL OBJECTS - Systems, apparatuses and methods for associating flexible Internet based information with physical objects is described. An example system includes a database server configured to generate a tag responsive to receiving a request from a requesting device. The tag is encoded with a uniform resource locator. The database server is further configured to associate a tag type of a plurality of tag types with the tag. The tag type indicates an intended use of the tag. The system further includes a memory configured to store data corresponding to the tag. The data may include the uniform resource locator and the tag type. | 12-03-2015 |
20150350180 | PERSONAL AREA NETWORK - An entity may store various levels of sensitive and personal data in a secure computing environment. The entity may create permission rules which allow the data to be shared or not shared depending on the circumstances and situation. As an entity such as a human moves through life, the entity may be in touch with numerous electronic devices that act like sensors. The entity may share a token which may allow a sensor or operator of the sensor to access various levels of the sensitive data stored in the secure computing environment. | 12-03-2015 |
20150350186 | AUTHORIZATION TOKEN CACHE SYSTEM AND METHOD - A system includes one or more processors to request access tokens from a token service computer, cache the access tokens and related information in a token cache, transmit the access tokens with a resource request to a resource server, and receive requested resources in response to the resource request. The resource server transmits representations of requested resources to computing devices having valid tokens. The access tokens and related information including credentials information and token metadata are stored in the token cache. | 12-03-2015 |
20150350188 | RESOURCE ACCESS CONTROL FOR VIRTUAL MACHINES - To provide enhanced operation of virtualized computing systems, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system to control access to data resources by virtual machines is provided. The method includes receiving an access token and an instantiation command from an end user system. Responsive to the instantiation command, the method includes instantiating a virtual machine identified by the instantiation command using the access token as user data for the virtual machine during instantiation. The method also includes, in the virtual machine, executing a security module responsive to instantiation that transfers the access token for delivery to an authorization system, receiving credentials responsive to the access token, and accessing a data resource using the credentials. | 12-03-2015 |
20150350199 | SECURE ACCESS SYSTEM AND OPERATING METHOD THEREOF - A method of operating a secure access module (SAM) includes receiving an operation parameter via a terminal from a management server, the operation parameter including a registered value indicating a permissible range for operation of the SAM, receiving an authentication request for providing a card-related service from the terminal when a corresponding card is coupled to the terminal, determining whether the SAM is within the permissible range for operation in response to the authentication request, and transmitting information on a determination result to the terminal. | 12-03-2015 |
20150350204 | CLOUD-BASED DEVICE AUTHENTICATION - System, apparatus, and methods for authenticating a device for access to a server. The method includes receiving a set of device-specific attributes from the device as a part of a device registration process, storing the set of device-specific attributes in a device attribute storage, and receiving a request to perform an operation using the device and involving the server. The method further includes transmitting a set of device-specific challenge questions derived from the set of device-specific attributes to the device, receiving responses to the set of device-specific challenge questions from the device, confirming that the responses each conform to the set of device-specific attributes, and enabling the operation involving the server. | 12-03-2015 |
20150350208 | TOKEN SERVER-BASED SYSTEM AND METHODOLOGY PROVIDING USER AUTHENTICATION AND VERIFICATION FOR ONLINE SECURED SYSTEMS - One embodiment of the invention could be a method of authenticating a requesting party's request to access to a secure system or website as entity authorized to access the secure system or website, the method comprising of the following steps: sending via a first communication network from the secure system or website an user authentication request associated with an identifier for an authorized user's communication device; receiving by the token server user the user authentication request, generating a token by the token server, transmitting the token via a second an different communication network to user's communication device, using a receipt by the token server of the token sent back by the user's communication device to determine whether or not a requesting entity of the secure system or website is an entity authorized by the secure system or website to access the secure system or website | 12-03-2015 |
20150358165 | METHOD AND ARRANGEMENT FOR DISTRIBUTED REALISATION OF TOKEN SET MANAGEMENT AND RECOMMENDATION SYSTEM WITH CLUSTERING | 12-10-2015 |
20150365403 | NETWORK-BASED AUTHENTICATION FOR THIRD PARTY CONTENT - A system may be configured to allow for network-based authentication of a user device, which may reduce or eliminate the need for a user to provide credentials. The authentication may be performed when the user device attempts to access content provided by a third party content provider. The network-based authentication may be performed by, or in conjunction with, a device that is associated with the same telecommunications network as the user device, and which can authenticate the identity of the user device. | 12-17-2015 |
20150373005 | BROWSER PLUG-IN FOR SECURE CREDENTIAL SUBMISSION - Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements. | 12-24-2015 |
20150373011 | CREDENTIAL COLLECTION IN AN AUTHENTICATION SERVER EMPLOYING DIVERSE AUTHENTICATION SCHEMES - An aspect of the present invention facilitates flexible credential collection in an authentication server employing diverse authentication schemes. In an embodiment, an access manager in the authentication server determines that an authentication scheme is to be used for allowing access to a resource requested by a user. A custom module (implementing the authentication scheme) in the authentication server then sends to the access manager commands indicating corresponding sets of credentials to be collected. The access manager, in response to receiving each command, collects the corresponding credentials from the user and checks whether the collected credentials authenticates the user. The custom module sends each command after the checking of the previously collected credentials. Accordingly, a developer of the custom module is enabled to request for and to perform the authentication of the user based on different sets of credentials. | 12-24-2015 |
20150373015 | AUTHENTICATION AND AUTHORIZATION USING DEVICE-BASED VALIDATION - A method includes authenticating a user of a client device and sending a response to the client device. The response includes browser code configured to retrieve respective first values for a plurality of device properties from the client device. The method also includes storing session information for the user in a memory. The session information includes the first values and criteria for triggering validation of the client device. The method further includes receiving a request, sent from a requesting device, to access a protected resource and determining whether the request is authenticated by determining that the request is associated with the session information and determining that the criteria has been met. Determining whether the request is authenticated also includes retrieving respective second values for the plurality of device properties from the requesting device, and determining whether the second values match the first values to authenticate the request. | 12-24-2015 |
20150373016 | SHARING CONTENT USING A DONGLE DEVICE - A content sharing device may receive, from a content providing device, information that identifies content to be shared with a dongle device via a content sharing service. The content sharing device may receive, from the content providing device, information that identifies a contact with which the content is to be shared. The content sharing device may determine, based on the information that identifies the contact, a dongle device identifier. The dongle device identifier may include a network address associated with the dongle device. The content sharing device may provide, to the dongle device and based on determining the dongle device identifier, information that identifies the content. The information that identifies the content may cause the content to be accessible by a content receiving device connected to the dongle device. | 12-24-2015 |
20150373017 | SHAPING I/O TRAFFIC BY MANAGING QUEUE DEPTH IN FRACTIONAL INCREMENTS - A method for managing input/output (I/O) traffic in an information handling system. The method may include receiving electronic I/O requests from a network-attached server, determining a queue depth limit, monitoring latency of processed electronic I/O requests, and processing received electronic I/O requests. The number of electronic I/O requests permitted to be processed over a period of time may be based on a mathematical combination of the queue depth limit and a latency of processed electronic I/O requests. The determined queue depth limit may be a fractional value. | 12-24-2015 |
20150381605 | METHOD, SYSTEM AND APPARATUS FOR AUTHENTICATION USING APPLICATION - The present invention relates to a method, system and apparatus for authentication using an application. Particularly, this invention can use an integrated ID by acquiring a reliable relationship between applications installed in a single terminal, or can perform the authentication of other applications by sharing authentication information through a representative application among applications. According to this invention, the account registration is performed by referring to the representative application, and thus the SSO authentication scheme may be implemented even in a mobile environment. | 12-31-2015 |
20150381609 | WEARABLE ELECTRONIC DEVICES - Wearable electronic device technology is disclosed. In an example, a wearable electronic device can include a handling portion that facilitates donning the wearable electronic device on a user. The wearable electronic device can also include a user authentication sensor associated with the handling portion and configured to sense a biometric characteristic of the user while the user is donning the wearable electronic device. In addition, the wearable electronic device can include a security module to determine whether the sensed biometric characteristic indicates an authorized user of the wearable electronic device. | 12-31-2015 |
20150381613 | SMARTCARD BASED MULTIFACTOR BANKING AUTHENTICATION - A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy. | 12-31-2015 |
20150381622 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AUTHENTICATION APPARATUS, AND RECORDING MEDIUM - An authentication system includes a communications terminal, an authentication apparatus providing a function to the communications terminal using an access token, a first request part requesting the authentication apparatus to transmit client information for issuing the access token, a first transmitter generating the client information to be transmitted to the communications terminal in response to the request from the first request part, a second request part transmitting the client information to the authentication apparatus and requesting the authentication apparatus to provide the access token, a determination part determining whether the received client information is the client information transmitted from the first transmitter in response to the request from the second request part, a generator generating the access token when determining that the received client information is the client information transmitted from the first transmitter, and a second transmitter transmitting the generated access token to the communications terminal. | 12-31-2015 |
20160006727 | Interconnect Assembly - An interconnect assembly and authentication method are disclosed herein. An example of the authentication method includes coupling a wireless connector to a wireless communications port and creating a secure pairing between the wireless communications port and the wireless connector. The authentication method additionally includes permitting data to be transceived via the wireless communications port and the wireless connector subsequent to verification of the secure pairing. Other elements and features of the authentication method are disclosed herein as is an example of the interconnect assembly. | 01-07-2016 |
20160007196 | APPARATUS AND METHOD FOR IRREPUDIABLE TOKEN EXCHANGE - A server apparatus is operable in communication with mobile client apparatuses for securely recording the occurrence of a transactional exchange meeting between holders of the mobile client apparatuses. A token component sets up a meeting arrangement mediated by the server and to communicate a first issued token to a first mobile client apparatus and a second issued token to a second mobile client apparatus. A token validator component receives at least a portion of each of the tokens from the mobile client apparatuses. The token validator component validates that the at least a portion of the token received from the first mobile client apparatus matches at least a portion of the second issued token, and vice-versa. A transaction recorder component creates and maintains a secure record of at least the request, the response, the validation of the tokens, and a completion signal from each of the mobile client apparatuses. | 01-07-2016 |
20160014109 | Universal Relationships, system and method to build and operate a repository to manage and share trusted information of entities and their relationships. | 01-14-2016 |
20160014117 | Authentication method using security token, and system and apparatus for same | 01-14-2016 |
20160014119 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, PROGRAM AND COMMUNICATION SYSTEM | 01-14-2016 |
20160014143 | PUSH NOTIFICATIONS OF SYSTEM EVENTS IN A RESTRICTED NETWORK | 01-14-2016 |
20160014152 | SYSTEM AND METHOD FOR INNOVATIVE MANAGEMENT OF TRANSPORT LAYER SECURITY SESSION TICKETS IN A NETWORK ENVIRONMENT | 01-14-2016 |
20160019381 | METHOD FOR WRITING CARD OVER THE AIR, SERVER AND SMART CARD - The present invention provides a method for writing a card over the air, a server and a smart card, the method includes: receiving, by a server, a card writing request transmitted by a portal site, where the card writing request carries a preset number and a card writing number corresponding to a smart card to be written; acquiring first card data corresponding to the card writing number according to the card writing number; transmitting the first card data to the smart card according to the preset number to instruct the smart card to correspondingly replace, except an original authentication key parameter, original card data corresponding to the preset number with the first card data, and correspondingly replace the original authentication key parameter in the original card data with a first authentication key parameter presorted in the smart card, so that the smart card completes card writing over the air. | 01-21-2016 |
20160021085 | Streaming Music Using Authentication Information - Techniques provided herein may facilitate set-up of an audio system with audio content services that have been previously registered on a second system. An example technique involves a computing device maintaining data representing a list of audio services from which an audio system can receive streaming music and data indicating that a first audio service is registered with the audio system. The device receives data indicating a second audio service added to the list of audio services. An application on the computing device may be configured to receive streaming music from the second audio service using particular authentication information. The device causes display of a graphical representation of the second service indicating that the particular authentication information is available from the application. The device may detect a selection of the second service and cause the audio system to receive streaming music from the second service using the particular authentication information. | 01-21-2016 |
20160021089 | CONTENT DELIVERY SUBSCRIPTION - Various embodiments of the present technology involve a synchronized content management system (CMS) automatically receiving and storing content items associated with a digital content subscription in a single location. For example, the CMS can establish and maintain a persistent relationship with various service providers that enable the service providers to push content items to a respective user account at the CMS. The persistent relationship can, in one example, be a one-way relationship established using a security token to prevent a service provider from accessing other content items store in the user's account. | 01-21-2016 |
20160021091 | PROOF OF PRESENCE VIA TAG INTERACTIONS - A system and method for determining presence information for mobile devices ( | 01-21-2016 |
20160021093 | SYSTEM AND A METHOD FOR VALIDATING AN IDENTIFICATION TOKEN - An Identification Device ( | 01-21-2016 |
20160021107 | Multi-function Smart Communication Card - Various embodiments are described that relate to a smart card. When not connected to an external system, such as a laptop computer, the smart card can be configured to power itself. Thus, various functions can be practiced on the smart card in absence of connection to the external system. Example functions of the smart card can include user identification and authorization. In addition, the smart card can be configured to distinguish between different users and provide different access levels to different users and/or difference access to containers resident within the smart card. This can be done prior to when the smart card is connected to the external system. | 01-21-2016 |
20160026594 | MODULE FOR A DATA BUS - A module for a data bus comprises a terminal. The terminal comprises two opposite outer faces, each comprising at least one contact, wherein the two contacts are connected by means of an internal data-bus line for forwarding data through the terminal via said internal data bus. The module further comprises a software-protection unit which is integrated into the terminal and connected to said data-bus line. | 01-28-2016 |
20160028707 | Protecting Network Communication Security - A method and apparatus for protecting a network communication security. In one embodiment, there is provided a method for protecting network communication security at a server. The method comprises: in response to a request from a client, determining whether a token from the client is included in a valid token queue, the valid token queue being a First-In-First-Out queue; in response to the token being included in the valid token queue, managing the valid token queue based on a position of the token in the valid token queue; and sending a response to the client based on the managing of the valid token queue. There is further disclosed a corresponding method and apparatuses at client side. | 01-28-2016 |
20160028717 | METHOD AND DEVICE FOR CONTROLLING THE ACCESS TO DIGITAL CONTENT - A method for controlling the access to digital data in a system including a mobile terminal having a network interface, a geographically limited network segment that provides a network solution which ensures that the localization of the mobile terminal takes place and the identification of the network segment can be carried out, a usage server which controls access to the digital data and ensures the compliance with specific rights, includes the steps: obtaining the unique identification of the network segment in which the mobile terminal is located; evaluation of the unique identification on a usage server which controls the access to digital data based on the unique identification by transferring an access list to the application; and display of the digital data on the mobile terminal via the application. | 01-28-2016 |
20160028729 | ROUTING MESSAGES BETWEEN APPLICATIONS - A system and method for enabling the interchange of enterprise data through an open platform is disclosed. This open platform can be based on a standardized interface that enables parties to easily connect to and use the network. Services operating as senders, recipients, and in-transit parties can therefore leverage a framework that overlays a public network. | 01-28-2016 |
20160042182 | DYNAMIC VERIFICATION OF A COMPUTER SOFWARE APPLICATION EXECUTION PATH - Dynamic verification of a computer software application execution path by detecting execution of a target instruction of a computer software application, wherein the computer software application is configured to generate a token at an instruction near a waypoint instruction of the computer software application, and wherein the waypoint instruction lies along an execution path that leads to the target instruction. Determining, responsive to detecting execution of the target instruction, whether a token exists. Performing a computer-security-related remediation action responsive to determining that the token does not exist. | 02-11-2016 |
20160050202 | IDENTITY CARD HOLDER AND SYSTEM - An identity card holder with a processor, a memory, an antenna, an interface for communicating with an identity card, positioning circuitry for obtaining position data of the identity card holder and communications circuitry for communicating with a remote server apparatus. The processor being configured to receive identification data from the identity card via the interface to identify a user, to cause a credential of the user associate with the identity card to be determined, to obtain position data of the identity card holder from the positioning circuitry and to cause restricted information related to a location to be provided to the user, where the restricted information has an access requirement related to the credential of the user and wherein the restricted information is provided to the user only if the user credential meets the access requirement and the position of the identity card holder is proximate the location. | 02-18-2016 |
20160050565 | SECURE PROVISIONING OF AN AUTHENTICATION CREDENTIAL - Techniques are described for securely provisioning a client device. A client device may output first client information over a secure interface to a trusted device to be transmitted to an authentication server. Second client information related to the first client information may be transmitted to the authentication server. The authentication server may link the second client information and the first client information. The client device may receive an encrypted authentication credential from the authentication server. The authentication credential may be encrypted based at least in part on the first client information or the second client information. The client device may decrypt the encrypted authentication credential using the first client information, the second client information, or a shared secret key. | 02-18-2016 |
20160065563 | METHOD AND APPARATUS FOR ACCESSING THIRD-PARTY RESOURCES - A method, system, and apparatus for providing a client access to third-party resources by utilizing third-party access tokens via a network gateway. The method can prevent the third-party access tokens from being exposed directly to the client environment. The client receives a gateway security credential, which encapsulates the third-party access token in an encrypted form. The client provides the gateway access token to the network gateway where the third-party access token is decrypted and then used to access the third-party resource. Client requests to the network gateway are executed using a custom API. The gateway relays the client requests to the appropriate third-party resources using the third-party-specific API with the decrypted third-party access token. Gateway access tokens are short-lived and can be renewed according to the client-environment life cycle. | 03-03-2016 |
20160072795 | SERVICE LOCKING METHOD, APPARATUSES AND SYSTEMS THEREOF - Disclosed are a service locking method, apparatuses and systems thereof. The method includes: receiving a locking request including identification information of a designated service and an identifier of an operating terminal, the designated service being a service of performing a sensitive operation to network virtual property; and sending an authentication request containing the identification information of the designated service and the identifier of the operating terminal to an authentication server, and locking the designated service upon receiving successful authentication information from the authentication server. By locking the designated service in the operating terminal after the authentication server authenticates the operating terminal successfully, the problem that the network virtual property of a legal user is likely to undergo an unauthorized operation is solved; a designated service, once locked, may not be directly operated by any operating terminal, thereby preventing unauthorized operations on the designated service. | 03-10-2016 |
20160072797 | MOBILE VIRTUAL COMMUNICATION AND ENTERTAINMENT SERVICE - Aspects of the subject disclosure may include, for example, a method including providing, by a processor in a dongle coupled to a display device, a graphical user interface at the display device, and transmitting a message to an authentication server in accordance with authentication information stored in a storage device of the dongle and an input via the graphical user interface. The method also includes obtaining an authentication confirmation; obtaining content from a content server; and recording the content in accordance with a second input via the graphical user interface. The recorded content is transmitted for storage at a storage server. The display device communicates with equipment of a video provider that is associated with a service area. In accordance with the authentication confirmation, the processor is authorized to obtain the content based on the location of the dongle relative to the service area. Other embodiments are disclosed. | 03-10-2016 |
20160080354 | RECOVERY FROM ROLLING SECURITY TOKEN LOSS - An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a | 03-17-2016 |
20160080367 | ADAPTIVE TIMEOUTS FOR SECURITY CREDENTIALS - Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session. | 03-17-2016 |
20160080383 | RECOVERY FROM ROLLING SECURITY TOKEN LOSS - An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource. | 03-17-2016 |
20160080938 | METHOD FOR PROCESSING AUTHENTICATION, ELECTRONIC DEVICE AND SERVER FOR SUPPORTING THE SAME - Disclosed is an electronic device including a processor that receives an input signal for requesting an authentication, determines whether a mobile oriented (MO) server is available based on at least one of an international mobile subscriber identity (IMSI) or network Internet Protocol (IP) information of the electronic device, and if it is determined that the MO server is available, creates an authentication code, and a communication module that transmits the created authentication code to the MO server. | 03-17-2016 |
20160087951 | SYSTEMS AND METHODS FOR INHIBITING ATTACKS WITH A NETWORK - Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided. | 03-24-2016 |
20160088477 | COORDINATOR AND DEVICE IN A RADIO COMMUNICATION NETWORK - A method in a coordinator in a radio communication network. The method comprises obtaining a token identifying a radio device. The method also comprises obtaining information confirming that the radio device is authorized to connect to the coordinator. The method also comprises calculating a device filter comprising a plurality of tokens, wherein the plurality of tokens include the obtained token of the radio device and identifies a plurality of devices authorized to connect to the coordinator. The method also comprises sending a broadcast radio signal comprising the device filter. The method also comprises allowing the radio device to connect to the coordinator. The present disclosure also relates to a coordinator, as well as to a radio device and a method of a radio device. | 03-24-2016 |
20160092665 | Liveness Detection for User Authentication - An initial authentication of a user, if successful, causes a token to be stored on, and presented from, a wearable device (WD). The WD continually monitors one or more of the wearer's vital signs to confirm that (1) the WD is being worn by a living person rather than an inanimate simulacrum, and (2) the WD is still worn by the same person who underwent the authentication. The token can be read by a token-reader on at least one protected device (PD). If the token is valid, its presentation serves as authentication and the token-reader grants the user access to the PD. If the WD vital-sign signal is interrupted when the user removes the WD, the WD stops presenting the token and can no longer be used to access a PD. | 03-31-2016 |
20160099927 | HACKER SECURITY SOLUTION FOR PACKAGE TRANSFER TO AND FROM A VEHICLE - A cloud based system for a package exchange with a vehicle service is discussed. The system can have servers having processors, ports, and databases and a security module running on the processors to receive a virtual key and one of a request for package exchange with a vehicle service, data, or both, from a package delivery vehicle. The virtual key has a first shelf life and is used for authentication of communications from the delivery vehicle. The security module can receive a security token having a second shelf life from a user. The security token is used for verification of the user and target vehicle. After the first authentication and in an overlap window of the two shelf lives, the security module can send the one or more commands to an on-board actuation module of the target vehicle to cause an electro-mechanical operation in the target vehicle. | 04-07-2016 |
20160105410 | OMA DM Based Terminal Authentication Method, Terminal and Server - A method for implementing terminal authentication based on an OMA DM protocol, a terminal and a server are disclosed. The method includes: a terminal initiating a registration request to a target server, wherein a user name, a password and a device identifier are carried; the terminal receiving and storing an access token generated through registration; and the terminal carrying the access token and the device identifier in a message of initiating services to the target server for authentication. In the present document, user identity authentication is performed based on the access token, which brings a higher security and more convenient terminal life cycle management. | 04-14-2016 |
20160110534 | ENABLING ACCESS TO DATA - Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module. | 04-21-2016 |
20160112421 | METHOD AND APPARATUS FOR SELECTIVE ACTIVATION OF UNIVERSAL SERIAL BUS (USB) PORTS - A method, non-transitory computer readable medium, and apparatus for selectively activating a universal serial bus (USB) port are disclosed. For example, the method receives a predefined list of services that are acceptable to work with the USB port, configures the USB port based on the predefined list of services, receives an indication that a service is requested via the USB port and provides the service via the USB port when the USB port is configured to provide the service based on the predefined list of services. | 04-21-2016 |
20160119315 | CONFERENCING INTELLIGENCE ENGINE IN A COLLABORATION CONFERENCING SYSTEM - Aspects of the present disclosure involve systems, methods, computer program products, and the like, for collaboration conferencing with multiple participants over a communications network, and more specifically for a conferencing controller in the network configured to control certain aspects of establishing a collaboration conference. In one particular embodiment, the user of the network may access the control system application to provide one or more conferencing parameters or settings the user wishes to be present during a collaboration conference session. The parameters may then be established by the control system and associated with the conferencing session involving the user. In one embodiment, such information may be associated with the identification token. In yet a further embodiment, a user to the collaboration control system may subscribe to receive a notification when another user of the system accesses a portion of a collaboration of the system. | 04-28-2016 |
20160119319 | METHOD AND APPARATUS FOR FACILITATING THE LOGIN OF AN ACCOUNT - Systems and methods are provided for facilitating account login, wherein the method is implemented by a first server that is associated with a first account. In some embodiments, the method comprises receiving, from a terminal device, a request to log into a second account associated with a second server, wherein the request includes a first identifier associated with the first account and a second identifier associated with the second server. The method further comprises generating account information to be transmitted to the second server based on the first identifier; and transmitting the account information to the second server based on the second identifier; wherein the transmission of the account information enables the second account to be automatically logged into at the second server. | 04-28-2016 |
20160127341 | A Method and Apparatus for Anonymous and Trustworthy Authentication in Pervasive Social Networking - A method for anonymous authentication may comprise: issuing token information to a first node registered with a network entity, wherein the token information indicates one or more tokens for the first node; distributing a token list to a plurality of nodes registered with the network entity, wherein the token list is associated with respective tokens for the plurality of nodes comprising at least the first node and a second node, and wherein the token information and the token list are used for an anonymous authentication between the first node and the second node. | 05-05-2016 |
20160127343 | AUTHENTICATING DATA TRANSFER - In an embodiment, a method for authenticating data transfer is provided. A user-agent is redirected between an enterprise, an intermediary platform, and an application server. | 05-05-2016 |
20160134616 | DESKTOP APPLICATION FULFILLMENT PLATFORM WITH MULTIPLE AUTHENTICATION MECHANISMS - A service provider system may include an application fulfillment platform that delivers desktop applications to desktops on physical computing devices or virtual desktop instances. A computing resource instance may be registered with the platform, which generates a unique identifier and a security token for the computing resource instance using multiple authentication mechanisms. An end user of a customer organization may be registered with the platform, which generates a unique identifier and a security token for the end user using multiple authentication mechanisms. An application delivery agent may submit service requests to the platform on behalf of itself or the given user. The identity and security credentials included in the requests may be dependent on the request type and the entities on whose behalf they are submitted. A proxy service on the platform may receive the requests and validate the credentials, then dispatch the requests to other services on the platform. | 05-12-2016 |
20160135045 | METHOD TO AUTHENTICATE PEERS IN AN INFRASTRUCTURE-LESS PEER-TO-PEER NETWORK - Methods, systems, apparatuses, and devices are described for authenticating in a network. A mobile device may establish a group account with an authentication server associated with the group. Upon successfully completing group account establishment, the mobile device receives a group authentication token that includes information associated with the authentication server, the group, the mobile device, a group key, versioning information, etc. The mobile device may use the group authentication token to authenticate with another mobile device that is a member of the same group. The versioning information may support backwards-compatibility between the group authentication tokens having different versions. | 05-12-2016 |
20160140550 | Ensuring Information Security Using One-Time Tokens - Methods, systems, and computer-readable media for ensuring information security using one-time tokens are presented. In one or more embodiments, a computing platform may receive, from a user device, a request to access an online banking portal using a user account. Based on the request, the computing platform may generate and send a notification to a registered mobile device linked to the user account. After sending the notification, the computing platform may generate a one-time token message that includes a prompt for authorizing the user device to access the online banking portal using the user account. The computing platform then may send the one-time token message to the mobile device and receive token response input from the mobile device. Based on the input, the computing platform may prevent the user device from accessing the online banking portal or, alternatively, may provide the user device with access to the online banking portal. | 05-19-2016 |
20160142380 | SYSTEMS AND METHODS FOR MAINTAINING USER PRIVACY AND SECURITY OVER A COMPUTER NETWORK AND/OR WITHIN A RELATED DATABASE - Systems and methods are provided to maintain the privacy of a user's actions and/or experiences on a computer network. The user's privacy is maintained by making the user, the user's data and the user's tracks anonymous to network operators and content providers, while supporting pattern analysis for purposes including, but not limited to, analytics, reputation management, search, discovery, hashtag or geotag management. Unique and dynamically generated tokens are used to make the user's identity and actions anonymous during the user's activities, exchanges or communications on the computer network. Collected information regarding the actions of the anonymous users can be used to generate analytical data. However, the collected information is not associated with an individual user unless that user is a registered user and even then, a specific user's data and track are only available to that user. If a registered user requests his/her information, the information is provided to the user in an encrypted format using a public key provided by the user and can only be decrypted with a private key held by the user. | 05-19-2016 |
20160142388 | SECURE, UNTETHERED PROVISIONING AND TROUBLESHOOTING OF WIRELESS NETWORK DEVICES - A wireless network device only installs configuration information that is wirelessly received from a provisioning device if the wireless network device successfully authenticates a security token it receives from the provisioning device. The provisioning device can obtain the security token by scanning a label associated with the wireless network device or by other methods. | 05-19-2016 |
20160142390 | THIRD-PARTY DOCUMENTED TRUST LINKAGES FOR EMAIL STREAMS - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for establishing third-party documented trust linkages. In one aspect, a method includes receiving linkage context data from a sending user, creating a linkage context based on the linkage context data, sending the linkage context to the sending user, receiving linkage initiation data from the sending user, sending linkage initiation email based on the linkage initiation data to a recipient user, receiving confirmation opt-in data from the recipient user; and creating a trust linkage between the sending user and the recipient user, where the trust linkage allows the sending user to successfully send at least one future message stream and where the trust linkage allows the recipient user to successfully receive the at least one future message stream. Further aspects include testing trust linkages for processing message streams and destroying trust linkages to stop message streams. | 05-19-2016 |
20160142408 | SECURE IDENTITY PROPAGATION IN A CLOUD-BASED COMPUTING ENVIRONMENT - The present disclosure describes methods, systems, and computer program products for providing secure identity propagation in a cloud-based computing environment. One computer-implemented method includes receiving, from a user, a first security response message, transmitting, to the user in response to receiving the first security response message, a second security response message, wherein the second security response message comprises a Token Granting Token (TGT), receiving, from a cloud application, a Service Token (ST) request, wherein the ST request comprises the TGT, verifying the ST request based on the TGT, generating, in response to the verifying, a ST, wherein the ST is used to validate an access request to access a backend system, and transmitting the ST to the cloud application. | 05-19-2016 |
20160142416 | SYSTEM AND METHOD FOR USING A SEPARATE DEVICE TO FACILITATE AUTHENTICATION - A system that incorporates the subject disclosure may perform, for example, operations including receiving a request from a first device to access information content of a second device. The process further includes forwarding a token to the second device by way of a second wireless network, to obtain a second device token, and forwarding the token to the first device by way of the first network to obtain a first device token, wherein the first device forwards the first device token to the second device by way of a third network. A confirmation that the token was received at the first device is based on the result of the comparison indicating a match between the first device token and the second device token. Access to the information content of the second device is authorized in response to the confirmation. Other embodiments are disclosed. | 05-19-2016 |
20160148211 | Identity Protection - Some embodiments provide holistic and comprehensive identity protection solutions. The solutions protect user identity by screening the information trail that a user leaves behind online in order to suppress or neutralize information crumbs that can subsequently be used to harm the user. The solutions audit user privacy settings, established online friends and contacts, and friend and contact activity online to limit the exposure and disclosure of user information online. The solutions perform white-hat penetration tests. The solutions report on user risk based on available online information. The solutions validate completed transactions based on monitored user movements and site visits. The solutions provide a crowd-sourced approach to identify risk based on common transactions and visits of others. The solutions prevent identity theft by verifying that disbursements are made to the correct entity. | 05-26-2016 |
20160149891 | Sharing Access to a Media Service - Examples provided herein are directed to a computing device and media playback system sharing access to a media service corresponding to a media application installed on the computing device. In one example, a media playback system may be configured to (i) receive from the computing device an authorization code that corresponds to a media application installed on the computing device that is authorized to access media from a media service, (ii) transmit to the media service an authorization request with the authorization code, (iii) receive from the media service an authorization token that facilitates obtaining media from the media service, and (iv) transmit to the media service a request for media for playback by the media playback system, where the request for media includes the authorization token. | 05-26-2016 |
20160149897 | INTERACTIVE BASE AND TOKEN CAPABLE OF COMMUNICATING WITH COMPUTING DEVICE - A smart charm bracelet that includes an elongated band or other base, at least one smart charm or other token that may be coupled to or otherwise associated with the elongated band or base, wherein the elongated band is able to communicate with the charm. The band and/or charm may also be able to communicate with a computing device, including but not limited to a mobile device. In addition, the band and/or charm may produce a light, sound, and/or vibration indication to a user upon the occurrence of an event. | 05-26-2016 |
20160156610 | Message Pushing System And Method | 06-02-2016 |
20160162676 | METHOD, APPARATUS AND SYSTEM FOR GESTURE BASED SECURITY - A method, system, token and scanning device for gesture-based security are provided. The token includes an information storage module such as an RFID system or a microchip system of a contactless smart card, and a fiducial marker of the token, such as a unique optically recognizable pattern. The token scanning device includes a detection module configured for retrieving details from the information storage module, a motion tracking module for tracking a trajectory of the fiducial marker relative to the scanning device, and an authentication module for authenticating the token if the tracked trajectory matches sufficiently to a reference trajectory associated with the token. A user can authenticate a usage of the token such as a financial transaction by gesture-based motion of the token to match the reference trajectory. | 06-09-2016 |
20160173453 | PERSONAL AUTHENTICATION AND ACCESS | 06-16-2016 |
20160173483 | AUTOMATED ACCESS DATA PROVISIONING | 06-16-2016 |
20160182487 | PERMISSION ARCHITECTURE FOR REMOTE MANAGEMENT AND CAPACITY INSTANCES | 06-23-2016 |
20160191482 | SYSTEM AND METHOD FOR PROVIDING AUTHENTICATED COMMUNICATIONS FROM A REMOTE DEVICE TO A LOCAL DEVICE - A method and system for enabling authenticated communications between a local device and a remote device over a network. An authentication service verifies user credentials and transmits an identity token to the local device. The local device transmits the identity token to the device manager, and receives an associated channel identifier for a device specific channel. The local device transmits to the device message relay a request to receive data on the device specific channel. The local device listens for approval on an approval channel and transmits to the device message relay the channel identifier and the identity token. The device message relay transmits an approval via the approval channel if the identity token is authentic and the user has permission to receive data on the device specific channel. Data from the remote device can be transmitted via the device specific channel. | 06-30-2016 |
20160191493 | SYSTEM AND METHOD OF AUTHENTICATING A LIVE VIDEO STREAM - A method of authenticating a video streaming transmission comprising generating a secure token at an application server, providing the secure token to a user device, receiving the secure token at a media server with a publish request from the user device, transmitting the secure token to the application server for authentication, and authenticating the secure token. The publish request from the user device is enabled if the secure token is authenticated by the application server. The connection between the media server and the user device is terminated if the secure token fails to authenticate. | 06-30-2016 |
20160191496 | ESTABLISHING ACCESS TO A SECURE NETWORK BASED ON USER-CREATED CREDENTIAL INDICIA - In various aspects, code-based indicia contain secured network access credentials. In some aspects, a computer processor receives user input that specifies secured network access credentials, and the computer processor creates or modifies credentials for establishing a secured network connection. In these aspects, the computer processor generates code-based indicia that contain at least part of the secured network access credentials. In other aspects, a computer processor scans the code-based indicia and extracts the network access credentials. In these aspects, the computer processor employs the network access credentials to establish the secured network connection. In additional aspects, a network router apparatus renders the code-based indicia to an active display. In further aspects, a network router apparatus conditions grant of network access to a device on receipt from the device of an answer to a security question included in the secured network access credentials. | 06-30-2016 |
20160191510 | SECURITY AND PRIVACY ENHANCEMENTS FOR SECURITY DEVICES - A tamper-resistant security device, such as a subscriber identity module or equivalent, has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The tamper-resistant security device includes an application that cooperates with the AKA module and an internal interface for communications between the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. For increased security, the security device may also detect whether it is operated in its normal secure environment or a foreign less secure environment and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly. | 06-30-2016 |
20160205093 | INFORMATION SECURITY SYSTEM IN SMART MOBILE ENVIRONMENT | 07-14-2016 |
20160380997 | DEVICE AUTHENTICATION - The present invention relates to a computer network that provides secure authentication. The computer network comprises a server operable to generate a token comprising identification information; a first device to be authenticated, the first device being operable to receive the token; a second device associated with a trusted identifier, the second device being operable to retrieve the token from the first device and associate the token with the trusted identifier to authenticate the first device at the server. | 12-29-2016 |
20160381023 | DETECTION OF COMPROMISED UNMANAGED CLIENT END STATIONS USING SYNCHRONIZED TOKENS FROM ENTERPRISE-MANAGED CLIENT END STATIONS - Techniques related to detecting compromised unmanaged client end stations using synchronized tokens placed on enterprise-managed client end stations are described. A token distribution module causes token(s) to be placed with user data of a managed client end station in specific locations. The placement locations are selected due to the token(s) likely being synchronized, the token(s) being unlikely to be discovered or used by an authorized user, but likely discovered by an attacker. During a synchronization process, the token(s) are sent to an unmanaged client end station. The token(s) can be detected and/or acquired from the unmanaged client end station by an attacker, and thereafter used in an attempt to access an apparent enterprise resource. A token detection module can detect this use of the token(s) to thereby detect the compromise of the unmanaged client end station, without needing direct access to the unmanaged client end station. | 12-29-2016 |
20180026960 | Preventing Unauthorized Access to Secured Information Systems Using Tokenized Authentication Techniques | 01-25-2018 |
20180027411 | BEHAVIORAL AUTHENTICATION | 01-25-2018 |
20190147147 | Analogs of Proxisome Proliferator Activated Receptor (PPAR) Agonists and Methods of Using the Same | 05-16-2019 |
20190149987 | SECONDARY DEVICE SETUP | 05-16-2019 |