Class / Patent application number | Description | Number of patent applications / Date published |
713159000 | Including intelligent token | 60 |
20080215879 | METHOD AND SYSTEM FOR AUTHENTICATING A WIDGET - A system and computer implemented method for providing a widget are described. The widget is portable, embeddable and for dynamically displaying multimedia content. The method and system include receiving a request corresponding to the widget and performing an authentication corresponding to the request. The method and system also include fulfilling the request if the authentication is successful. | 09-04-2008 |
20080270791 | Method and Apparatus for Remote Administration of Cryptographic Devices - Techniques are disclosed for performing operations in an authentication token or other cryptographic device in a system comprising an authentication server. In one aspect, a code generated by the authentication server is received in the cryptographic device. The code may have associated therewith information specifying at least one operation to be performed by the cryptographic device. The cryptographic device authenticates the code, and responsive to authentication of the code, performs the specified operation. If the code is not authenticated, the operation is not performed. The code may be determined as a function of a one-time password generated by the authentication server. The function may also take as an input an identifier of the operation to be performed. | 10-30-2008 |
20080313457 | SECURE PHYSICAL DISTRIBUTION OF A SECURITY TOKEN THROUGH A MOBILE TELEPHONY PROVIDER'S INFRASTRUCTURE - The present invention discloses a system and method of leveraging mobile telephone provider assets and distribution network to securely deliver security tokens, such as PKI certificates. The invention is not limited to using a mobile telephony infrastructure and other pre-existing distributions can also be used. In the invention, a user requested security token can be delivered to a storefront associated with a mobile telephone provider. The storefront can be one proximate to a requesting user. An optional activation key can also be conveyed to the requesting user. The requesting user can be required to physically travel to the storefront to receive the security token. At the storefront, an identity of the requesting user can be verified, such as through photo identification. The security token can be provided when the requesting user has been successfully verified. Use of the security token can still require activation involving the activation key. | 12-18-2008 |
20090006846 | Bluetooth device as security access key - This application is directed to a system for remotely directing a host device to perform an operation using a key. The key may include a communications circuitry for transmitting data, for example a key identifier or an instruction to perform an operation, within a personal area network created by the communications circuitry. When a host device is within the personal area network, the key may transmit data received by a transceiver on the host device. In response to receiving the data, the host device may perform an operation (e.g., an authentication operation). In some embodiments, the key may transmit data identifying an operation for the host device to perform. In some embodiments, the host device may store in memory key identification information and an associated operation which may be retrieved when the key is brought in proximity of the host device. | 01-01-2009 |
20090037730 | Device For Protection of the Data and Executable Codes of a Computer System - A security and protection device ( | 02-05-2009 |
20090150667 | MOBILE SMARTCARD BASED AUTHENTICATION - In an authentication server, information representing a first part of a response to a challenge is received during the authentication preparation phase. The challenge and the first part of the response are stored for further use. The challenge is resent and information representing a second part of the response to the challenge is received during a modified authentication phase. The first and second parts of the response are checked against the challenge for authenticating the user. In a smartcard reader, the response received from the smartcard is sent to a computing device, when the smartcard reader received the challenge via an interface to the computing device during normal authentication. In response to the smartcard reader having received the challenge via the interface to the computing device during an authentication preparation phase, the smartcard reader sends the first part of the response to the computing device. In response to the smartcard reader having received the challenge via a user interface, it presents at least the second part of the response to a user via the user interface. | 06-11-2009 |
20090164777 | METHOD AND SYSTEM FOR SECURELY COMMUNICATING BETWEEN A PRIMARY SERVICE PROVIDER AND A PARTNER SERVICE PROVIDER - A method and system for authenticating a partner service provider and a primary service provider includes a network and, a partner service provider generating a request for a first encrypted token from a partner service provider and communicating the request to the network. An authentication web service receives the request for the first encrypted token from the network and generates the first encrypted token. The partner service provider generates a request for data with the first encrypted token and communicates the request for data to the network. A data web service receives the request for data and communicates the request for data from the data web service to the authentication web service. The authentication web service validates the request for data and communicates a validation result to the data web service. The data web service communicates data to the partner service provider from the data web service after validating. | 06-25-2009 |
20090164778 | METHOD AND APPARATUS FOR COMMUNICATING BETWEEN A REQUESTOR AND A USER RECEIVING DEVICE USING A USER DEVICE LOCATING MODULE - A system and method for communicating between a user device locator module and a user receiving device includes forming a secure connection with a user device locator module. The user receiving device communicates user identifier data and port data to the user device locator module. An authentication module authenticates the user data from the user device locator module and generates an authentication signal. The user device locator module registers the port data at the user device locator module in response to the authentication signal. | 06-25-2009 |
20090177882 | Authentication Token for Identifying a Cloning Attack onto such Authentication Token - The invention relates to an authentication token ( | 07-09-2009 |
20090249063 | ENCRYPTION DATA MANAGEMENT SYSTEM AND ENCRYPTION DATA MANAGEMENT METHOD - A system includes an agent-side apparatus and an owner-side apparatus. The agent-side apparatus includes a transmission unit for responding to operation inputs from an agent, and a transfer unit for transferring a data processing request to the owner-side apparatus, and transferring a processing result to a management object apparatus. The owner-side apparatus includes a commission condition storage unit in which a commission condition of the agent; an agent authentication unit for authenticating authentication information; a performing unit for performing data processing associated with decryption of an encryption data, when the agent authentication unit normally performs the authentication, and when the data processing request falls within a range of the agent commission condition, upon receiving the data processing request from the agent-side apparatus; and a result transmission unit for transmitting the processing result of the performing unit to the agent-side apparatus. | 10-01-2009 |
20090282243 | PUZZLE-BASED AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A puzzle-based protocol is provided that allows a token and verifier to agree on a secure symmetric key for authentication between the token and verifier. A token stores a secret key and one or more puzzle-generating algorithms. The verifier independently obtains a plurality of puzzles associated with the token, pseudorandomly selects at least one of the puzzles, and solves it to obtain a puzzle secret and a puzzle identifier. The verifier generates a verifier key based on the puzzle secret. The verifier sends the puzzle identifier and an encoded version of the verifier key to the token. The token regenerates the puzzle secret using its puzzle-generating algorithms and the puzzle identifier. The token sends an encoded response to the verifier indicating that it knows the verifier key. The token and verifier may use the verifier key as a symmetric key for subsequent authentications. | 11-12-2009 |
20100031032 | Method, apparatus, and system for network security via network wall plate - A wall plate assembly has a first port adapted to be coupled to a device and a second port adapted to be coupled to a communications network. The wall plate assembly is operable to obtain authentication information from a user and to determine from the obtained authentication information whether the user should be granted or denied access to the network. The assembly is operable when the determination indicates the user should be granted access to provide endpoint location identification information associated with the wall plate assembly and the authentication information to the second port, and is operable responsive to a acknowledgement signal received via the second port to grant access to the network via the first port. The assembly is operable when either no acknowledgment signal is received or the determination indicates the user should be denied access to isolate the first port from the network. | 02-04-2010 |
20100049972 | Apparatus and method for using contents information in digital rights management - An apparatus and method for determining contents information corresponding to a Rights Object (RO) by transmitting information on contents together when the RO is moved from a mobile device to a memory card or a smart card or when the RO is moved from the memory card or the smart card to the mobile device are provided. The apparatus includes a meta information manager for determining information on contents corresponding to the RO when the RO is moved, and for generating meta information containing the determined contents information, and a controller for providing control to transmit the RO and the meta information generated by the meta information manager to a portable storage device. Accordingly, the conventional problem can be solved in which information on contents cannot be determined by using a Contents IDentifier (CID) if the RO does not exist together with the contents. | 02-25-2010 |
20100088509 | SYSTEM AND METHOD FOR SEQUENTIALLY PROCESSING A BIOMETRIC SAMPLE - This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users. Signals generated by the stateful server are used by the security token to allow or deny access to a resource or function. In both embodiments of the invention, the heuristics remain with the security token. | 04-08-2010 |
20100115270 | Authentication of a Consumable - A method authenticating a consumable is disclosed. The consumable includes a first integrated circuit operative to receive data and return the data encrypted. The method receives a random number from a trusted second integrated circuit. The random number is communicated to the first integrated circuit, and in response a first message containing the random number encrypted by the first integrated circuit is received from the first integrated circuit. Also, a second message containing the random number encrypted by the trusted integrated circuit is received from the trusted second integrated circuit. By comparing the first and second messages it is determined that the consumable is authentic when the first and second messages are the same. | 05-06-2010 |
20100122082 | USER IDENTITY VALIDATION SYSTEM AND METHOD - An identity validation system and method for the Internet provides user accountability while supporting user privacy to counter SPAM, Internet vandalizers, and predators, as well as cyber bullies who use the Internet to communicate with actual or potential victims. The system includes network authority software that issues a permanent identity and secret code to a user and disseminates different hashed versions of the permanent identity and secret code to different agents. A user hardware Internet passport generates hashed versions of the permanent identity and secret code as well as a passcode that is generated from the hashed secret code and user software generates a temporary identity from the hashed permanent identity. The user software transmits the temporary identity and passcode to a selected agent that performs the actual identity validation. | 05-13-2010 |
20100161973 | REQUEST AUTHENTICATION TOKEN - An authentication mechanism for use in network-based services generates an authentication token. The authentication token is provided to a client device as part of the code comprising a content page. The content page code is received and loaded by a browser application at the client device. When the content page code is received and loaded by the browser application, the authentication token is loaded by the browser as well. Upon receiving subsequent input, the browser application may send a content request to the server. The content request includes the authentication token maintained by the browser application in the content page. A server may validate the authentication token provided in the request using version information and one or more master authentication tokens. | 06-24-2010 |
20100185851 | EFFICIENT AND SECURE CRYPTOGRAPHIC COUPON RELOADING - A system and a method for cryptographic coupon reloading are provided for, wherein a coupon comprises, on one hand, a pseudo-random number r | 07-22-2010 |
20100205432 | METHOD, SYSTEM, TRUSTED SERVICE MANAGER, SERVICE PROVIDER AND MEMORY ELEMENT FOR MANAGING ACCESS RIGHTS FOR TRUSTED APPLICATIONS - A method for granting trusted applications (SP | 08-12-2010 |
20100223461 | SECURE DATA TRANSFER ON A HANDHELD COMMUNICATIONS DEVICE - A handheld communications device comprises a display device, and a data processor that is in communication with the display device. The data processor is configured to generate an encryption key, and vary a visual output of the display device in accordance with a bit sequence of the encryption key. The varying visual output comprises a sequence of colours rendered on the display device and/or brightness levels output by the display device. | 09-02-2010 |
20100235629 | INFORMATION STORAGE MEDIUM, AUTHENTICATION DATA GENERATION METHOD, AND MEDIUM AUTHENTICATION SYSTEM - An authentication data generation method includes receiving an authentication command from an authentication device, determining a communication protocol with the authentication device, changing encryption key reference information contained in the authentication command based upon the determination result of the communication protocol with the authentication device, selecting a target encryption key corresponding to the changed encryption key reference information from a plurality of encryption keys stored in advance, generating authentication data based upon the target encryption key and inclusion data included in the authentication command, and transmitting the authentication data to the authentication device. | 09-16-2010 |
20110145570 | Certified Abstracted and Anonymous User Profiles For Restricted Network Site Access and Statistical Social Surveys - An arrangement, system, and methods for creating and distributing authenticated personal information for users of network services and participants in social surveys, and in chat rooms and other forums. A trusted organization verifies that personal information presented by a user is correct, and authenticates the information in an encapsulated form as “certified profiles” within a smart card or other secure portable hardware device issued to the user Certified profiles are authenticated by digital signatures of the trusted organization and the profile users. Personal information in certified profiles can be in raw and/or in statistically-processed and abstracted form, and can be tailored by the user for specific needs to include whatever personal information is required, and to exclude all other personal information. By the use of unique aliases, it is possible for users to anonymously access restricted network sites and participate in surveys, while still satisfying recipients that supplied personal information is accurate, and for surveys that the user has not responded to the same survey more than once. Users enroll for certified profiles via trusted enrollment vendors who market the service to the public and also make hardware and software available to users for managing, maintaining, and distributing the certified profiles. | 06-16-2011 |
20110225421 | METHOD OF OBTAINING CONTENT FOR MOBILE TERMINAL, MOBILE TERMINAL USING THE METHOD, AND NEAR FIELD COMMUNICATION SYSTEM HAVING THE MOBILE TERMINAL - A method of operating a near field communication system includes receiving an electronic tag having information signed by using a private key, verifying the signed information of the electronic tag by using a public key corresponding to the private key, and connecting the mobile terminal to a content server using a result of the verification. The near-field communication system transfers the signed information of the smart poster by using the public key, and connects to the content server after verifying the signed information of the smart poster, thereby preventing malicious phishing using the smart poster. | 09-15-2011 |
20110302412 | PSEUDONYMOUS PUBLIC KEYS BASED AUTHENTICATION - Systems and methods for pseudonymous public keys based authentication are described that enable an authentication to achieve pseudonymity and non-repudiation, for example, at the same time. Pseudonymity may provide, for example, that a user can show to different parties different digital identifiers for authentication instead of, for example, always using a single digital identifier everywhere, which may lead to a breach of privacy. Non-repudiation may provide, for example, that the authentication data at the server side can be used, for example, to verify a user's authentication request, but not to generate an authentication request, which might lead to user impersonation. A user may use a physical token to generate the authentication request corresponding to the user's identity to pass the authentication. | 12-08-2011 |
20120124370 | PORTABLE INTEGRATED SECURITY STORAGE DEVICE AND SERVICE PROCESSING APPARATUS, AND SERVICE PROCESSING METHOD USING THE SAME - A portable integrated security storage device includes: a password generation module for generating a password; a universal authentication module for storing universal authentication information; a communication interface connected to an external system for transmitting and receiving data with the external system; and a memory for storing the received data received through communication with the external system. The password and universal authentication information are transmitted to the external system for user authentication and device authentication, and encrypted data and a service secret key are received from the external system and stored in the memory. | 05-17-2012 |
20120233459 | System and Method for Content Protection on a Computing Device - Systems and methods for handling user interface field data. A system and method can be configured to receive input which indicates that the mobile device is to enter into a protected mode. Data associated with fields displayed on a user interface are stored in a secure form on the mobile device. After the mobile device leaves the protected mode, the stored user interface filed data is accessed and used to populate one or more user interface fields with the accessed user interface field data for display to a user. | 09-13-2012 |
20120278614 | USER AUTHENTICATION SYSTEM, USER AUTHENTICATION APPARATUS, SMART CARD, AND USER AUTHENTICATION METHOD FOR UBIQUITOUS AUTHENTICATION MANAGEMENT - A user authorization system, a user authorization apparatus, a smart card, and a user authorization method for ubiquitous authorization management are disclosed. The user authorization system for ubiquitous authorization management according to the present disclosure comprises: a PKI (public key infrastructure) certificate issuing server for issuing a PKI (public key infrastructure) certificate matching a biometric signature of registered subscribers; a smart card for storing the biometric signature of the subscriber and the PKI (public key infrastructure) certificate from a user with the stored biometric signature of the subscriber, and generating a tunneling start signal in case the inputted biometric signature matches the stored biometric signature; a service server for providing various services for the authorized user on the basis of the PKI (public key infrastructure) certificate issued by the PKI (public key infrastructure) certificate issuing server; and a terminal, connected to the smart card through a wired or wireless communication method, for establishing a virtual private network(VPN) between the smart card and the service server in correspondence to the tunneling start signal received from the smart card, and transmitting an authorization information based on the PKI (public key infrastructure) certificate to the service server through the established VPN. | 11-01-2012 |
20120311324 | METHOD OF MAPPING KEY INFORMATION - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for performing a method. The method includes checking whether information to be translated between a key token and a key block is valid and, in an event a result of the checking is affirmative, preparing an output by translating the information between the key token and the key block such that the key token and the key block each include key control information cryptographically bound to key material via a wrapping method of the key token and the key block, respectively. The key control information of the key block is related to the key control information of the key token following the translation and disambiguation information for guiding the translation specified prior to or during the translation. | 12-06-2012 |
20130173915 | SYSTEM AND METHOD FOR SECURE NEWORK LOGIN - Systems and methods for providing an expedited login process that is relatively fast and that still provides a reasonable level of security and a reasonable method for mitigating compromised login information are described. In one configuration, a web server sends an anonymous unique machine readable login identifier code to a browser display of a client computer. A server account holding user then uses his smartphone to scan the code and send a message including the login identifier code and a smartphone identifier code to the server. The server obtains the identity of the user and authenticates the user by determining possession of the smartphone using the smartphone identifier. The server then uses the login identifier code to log the user into the server and into the user account at the client computer. | 07-04-2013 |
20130332727 | ACCESS TOKEN EVENT VIRTUALIZATION - Systems, devices, and methods are disclosed for access token event virtualization. An access token may be received at a central server computer system from a terminal device. The access token event may indicate that an access device associated with the terminal device has received an access token. A virtual session associated with the received access token event may be identified at the central server computer system, and a set of rules may be applied to the received access token event and the identified virtual session to determine an action associated with the identified virtual session. The central server computer system may transmit an instruction to at least one device communicatively coupled with the central server computer system to carry out the action associated with the identified virtual session. | 12-12-2013 |
20140149741 | ACCESS MANAGEMENT SYSTEM USING TRUSTED PARTNER TOKENS - A method of using an access manager server to establish a communication session between a resource and a user device may include receiving a request from the user device to access the resource, determining that the client system is registered as a trusted partner, sending the client system a first encrypted token that includes a resource identifier where the client system has access to a first cryptographic key that decrypts the first encrypted token. The method may also include receiving a second encrypted token that signifies that access to the resource has been granted by the client system where the second token comprises a user identifier and the access manager server has access to a second cryptographic key that decrypts the second token. The method may additionally include decrypting the second token and establishing the communication session between the user device and the resource using the user identifier. | 05-29-2014 |
20140149742 | METHOD AND SYSTEM OF PROVIDING AUTHENTICATION OF USER ACCESS TO A COMPUTER RESOURCE VIA A MOBILE DEVICE USING MULTIPLE SEPARATE SECURITY FACTORS - A method and system of authenticating a computer resource such as an application or data on a mobile device uses a contactless token to provide multi-factor user authentication. User credentials are stored on the token in the form of private keys, and encrypted data and passwords are stored on the device. When application user requires access to the resource an encrypted password is transmitted to and decrypted on the token using a stored private key. An unencrypted data encryption key or password is then transmitted back to the device under the protection of a cryptographic session key which is generated as a result of strong mutual authentication between the device and the token. | 05-29-2014 |
20140181507 | LINKING TOKEN DETECTION AT A SINGLE COMPUTING PLATFORM WITH A USER IDENTIFICATION TO EFFECTUATE MODIFICATIONS IN VIRTUAL SPACE INSTANCES PRESENTED VIA MULTIPLE COMPUTING PLATFORMS - Token detection at a single computing platform may be linked with a user identification to unlock content and/or effectuate modifications in virtual space instances presented via multiple computing platforms, in accordance with one or more implementations. Exemplary implementations may enhance consistency in a user's experiences of a virtual space across multiple computing platforms. | 06-26-2014 |
20140223175 | SYSTEM, DESIGN AND PROCESS FOR EASY TO USE CREDENTIALS MANAGEMENT FOR ONLINE ACCOUNTS USING OUT-OF-BAND AUTHENTICATION - The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect a large number of documents without the need to remember all the document passwords. When opened, the secure document application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the secure document application and triggers an out-of-band outbound mechanism. The portable mobile device invokes the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the secure document. The process of the invention includes an authentication server, a secure document application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application. | 08-07-2014 |
20140237229 | BLUETOOTH DEVICE AS SECURITY ACCESS KEY - This application is directed to a system for remotely directing a host device to perform an operation using a key. The key may include a communications circuitry for transmitting data, for example a key identifier or an instruction to perform an operation, within a personal area network created by the communications circuitry. When a host device is within the personal area network, the key may transmit data received by a transceiver on the host device. In response to receiving the data, the host device may perform an operation (e.g., an authentication operation). In some embodiments, the key may transmit data identifying an operation for the host device to perform. In some embodiments, the host device may store in memory key identification information and an associated operation which may be retrieved when the key is brought in proximity of the host device. | 08-21-2014 |
20140281506 | SOFT TOKEN SYSTEM - Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a method is provided for soft token management. A mobile device of a user of a secure network resource receives and installs a soft token application. A unique device ID of the mobile device is programmatically obtained by the soft token application. A seed for generating a soft token for accessing the secure network resource is requested by the soft token application. Responsive to receipt of the seed by the soft token application, the soft token is generated based on the seed and the soft token is bound to the mobile device by encrypting the seed with the unique device ID and a hardcoded pre-shared key. | 09-18-2014 |
20140298011 | SECURE AND EFFICIENT AUTHENTICATION USING PLUG-IN HARDWARE COMPATIBLE WITH DESKTOPS, LAPTOPS AND/OR SMART MOBILE COMMUNICATION DEVICES SUCH AS IPHONES.TM. - A portable apparatus is removably and communicatively connectable to a network device to communicate authentication or authorization credentials of a user in connection with the user logging into or entering into a transaction with a network site. The apparatus includes a communications port to connect and disconnect the apparatus to and from the network device and to establish a communication link with the network device when connected thereto. A processor receives a secure message from the network security server via the port. The message has a PIN for authenticating the user to the network site, and is readable only by the apparatus. The processor either transfers, via the port, the received PIN to an application associated with the network site that is executing on the network device or causes the apparatus to display the received PIN for manual transfer to the application associated with the network site. | 10-02-2014 |
20140351582 | DATA PROTECTION SYSTEM AND METHOD - An authentication system to authorize access to data to be protected, including a token having a memory that stores: an array containing alphanumeric information and random data; and a seal scheme vector containing information to enable access to each of the information items in their respective positions in the array. The authentication system is configured to: subject access to the token to the insertion of a password; decrypt the seal scheme vector; acquire the arrangement information and the size information of each random data from the seal scheme vector; check correspondence between the acquired arrangement information and the effective arrangement of the information in the array, and between the acquired size information and the effective size of the random data; authorize or deny access to the data to be protected on the basis of a result of the previous check. | 11-27-2014 |
20140351583 | METHOD OF IMPLEMENTING A RIGHT OVER A CONTENT - Disclosed are methods and systems of implementing a right over a content or contents. Various implementations may include means and operations for receiving, for example in an execution environment and from a secure element, a first key for implementing a right over an encrypted content; decrypting said content in said execution environment with the help of the first key; and implementing the right over the content in said execution environment. Various implementations may also include means and operations for receiving a second key in, for example, said execution environment, from the secure element; and encrypting said content in sad execution environment with the help of the second key. | 11-27-2014 |
20150058621 | PROOF OF POSSESSION FOR WEB BROWSER COOKIE BASED SECURITY TOKENS - In one embodiment, a user device | 02-26-2015 |
20150304291 | Proximity Security Tokens - Disclosed embodiments comprise one or more security methods, systems or apparatus suitable to provide additional security to personal property or financial transactions. Embodiments feature a proximity security token which is physically separate from a protected device. A communications link is provided between the proximity security token and the protected device which communications link operates over a limited range. Thus, the presence and active operation of the limited range communications link between the proximity security token and protected device indicates that the protected device has not been lost and stolen. Interruption of the communications link indicates that the protected device may have been lost or stolen causing the commencement of security actions. | 10-22-2015 |
20150312243 | STORAGE SYSTEM AND METHOD OF STORING AND MANAGING DATA - A system for and method of storing and managing data comprising: encoding a file into a plurality of fragments; retrieving storage configuration data from a data management store; retrieving encryption key data from a keystore; identifying a storage strategy using the storage configuration data, the storage strategy associating each fragment with a remote storage volume; and for each fragment: using the encryption key data to identify an encryption key associated with a remote storage volume identified in the storage strategy; encrypting the fragment using the identified encryption key; communicating the encrypted fragment to the associated remote storage volume as identified by the storage strategy; and storing the encrypted fragment at that identified remote storage volume. | 10-29-2015 |
20150319166 | DUAL-PARTY SESSION KEY DERIVATION - Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another. | 11-05-2015 |
20150326396 | DATA PROTECTION SYSTEM AND METHOD - An authentication system to authorize access to data to be protected, including a token having a memory that stores: an array containing alphanumeric information and random data; and a seal scheme vector containing information to enable access to each of the information items in their respective positions in the array. The authentication system is configured to: subject access to the token to the insertion of a password; decrypt the seal scheme vector; acquire the arrangement information and the size information of each random data from the seal scheme vector; check correspondence between the acquired arrangement information and the effective arrangement of the information in the array, and between the acquired size information and the effective size of the random data; authorize or deny access to the data to be protected on the basis of a result of the previous check. | 11-12-2015 |
20150341791 | ELECTRONIC SUBSCRIBER IDENTITY MODULE PROVISIONING - A method for preparing an eSIM for provisioning is provided. The method can include a provisioning server encrypting the eSIM with a symmetric key. The method can further include the provisioning server, after determining a target eUICC to which the eSIM is to be provisioned, encrypting the symmetric key with a key encryption key derived based at least in part on a private key associated with the provisioning server and a public key associated with the target eUICC. The method can additionally include the provisioning server formatting an eSIM package including the encrypted eSIM, the encrypted symmetric key, and a public key corresponding to the private key associated with the provisioning server. The method can also include the provisioning server sending the eSIM package to the target eUICC. | 11-26-2015 |
20160014112 | WIRELESS COMMUNICATION OF A USER IDENTIFIER AND ENCRYPTED TIME-SENSITIVE DATA | 01-14-2016 |
20160044021 | METHODS AND SYSTEMS FOR SECURING PROOFS OF KNOWLEDGE FOR PRIVACY - Embodiments described herein relate to securing the privacy of knowledge used to authenticate a user (i.e., Proof of Knowledge (PoK) test(s)). In some embodiments, a client device is operable to receive a first encryption key and encrypted test(s) from a PoK server. The client device also receives a second encryption key from a Relying Party (RP) server. The client device can decrypt the encrypted test(s) by using the first encryption key and the second encryption key to thereby render decrypted test(s). The client device is further operable to obtain answer(s) for the decrypted test(s), send a communication to the PoK server based on the answer(s), and receive a communication from the | 02-11-2016 |
20160050072 | DIGITAL APPARATUS FOR SEPARATELY SAVING AN ACCOUNT NUMBER AND PASSWORD FOR ANTI-HACKING PURPOSES - A digital apparatus being capable of separately saving account number and corresponding password for anti-hack includes a smart computing device for running a separating-type secret account management software to divide an encrypted account number and corresponding password into two parts that are respectively saved in two different devices. The separating-type secret account management software respectively collects the separated account number and corresponding password and recovers the divided account number and corresponding password to a complete and encrypted account number and corresponding password when the operator want to use the account number and corresponding password. | 02-18-2016 |
20160072796 | Preserving Data Protection With Policy - Data files are encrypted based on a key associated with an entity that sets a data protection policy controlling access to the data files. The data protection policy identifies various restrictions on how the plaintext data of the encrypted data in the data files can be used. The data files have corresponding metadata identifying the entity that sets the data protection policy, and processes that are running instances of applications that are allowed to access the plaintext data are also associated with the identifier of the entity. These identifiers of the entity, as well as the data protection policy, are used by an operating system of a computing device to protect the data in accordance with the data protection policy, including having the protection be transferred to other devices with the protected data, or preventing the protected data from being transferred to other devices. | 03-10-2016 |
20160072805 | System And Method For Data Quality Analysis Between Untrusted Parties - A system and method for data quality analysis between untrusted parties is provided. A dataset having attributes each associated with one or more elements is maintained. An encrypted request is received from a client regarding data quality for one of the attributes. The encrypted request includes an interest vector of separately encrypted values identifying those elements of interest for the attribute. A condensed data vector representing the elements is generated for the attribute and is the same length as the interest vector. An aggregate of the elements of interest is determined by calculating for each element in the condensed data vector, an encrypted product of that element and a corresponding element of the interest vector and by determining a total product of all the encrypted products. A data quality value is assigned to the elements of the attribute in the dataset based on the aggregate. | 03-10-2016 |
20160191494 | METHOD AND APPARATUS FOR SECURING A MOBILE APPLICATION - Methods, apparatus, and systems for personalizing a software token using a dynamic credential (such as a one-time password or electronic signature) generated by a hardware token are disclosed. | 06-30-2016 |
20160205549 | METHOD, SYSTEM AND DEVICE FOR GENERATING, STORING, USING, AND VALIDATING NFC TAGS AND DATA | 07-14-2016 |
20160255077 | SYSTEM FOR MANAGING MULTI-USER SIGN-ON IN A SEGMENTED NETWORK | 09-01-2016 |
20160380998 | TOKENIZATION USING MULTIPLE REVERSIBLE TRANSFORMATIONS - Technologies for tokenizing data including a computing device to extract plaintext data from an input file to be tokenized. The computing device performs data domain-specific format-preserving encryption on the extracted plaintext data based on a first cryptographic key to generate encrypted data and replaces one or more portions of the encrypted data with corresponding portions of alternative data based on a mapping table that maps encrypted data to alternative data. The computing device further performs data domain-specific format-preserving encryption on the alternative data based on a second cryptographic key to generate a token and stores the token in an output file. | 12-29-2016 |
20170235969 | CONTROLLING SECURITY IN RELATIONAL DATABASES | 08-17-2017 |
20170237728 | SELF-ADAPTIVE COMMUNICATION METHOD FOR ENCRYPTION DONGLE | 08-17-2017 |
20180026962 | TOKENIZED ACCOUNT INFORMATION WITH INTEGRATED AUTHENTICATION | 01-25-2018 |
20180026963 | AUTHORIZED CONTROL OF AN EMBEDDED SYSTEM USING END-TO-END SECURE ELEMENT COMMUNICATION | 01-25-2018 |
20220141019 | SYSTEM AND METHOD FOR AUTONOMOUS MAPPING OF ENTERPRISE IDENTITY - The present disclosure may provide methods, systems, and computer-readable instructions for enabling the following operations: generating a secret key based on, at least in part, a target party's public key; encrypting a payload with the secret key, the payload comprising an auth token with a limited time to live (TTL); broadcasting, to a public blockchain, a message comprising the encrypted payload; receiving a request to establish a channel of communication outside of the public blockchain; receiving, with the request, the auth token within the TTL; validating the auth token within the TTL; establishing the channel of communication upon a validation of the auth token; engaging in a data-exchange over the channel of communication; verifying matching properties of the exchanged data with at least one internal system of record; and mapping an internal identifier within the at least one system of record to a decentralized identifier associated with the target party. | 05-05-2022 |
20220141042 | AUTOMATICALLY VERIFYING VEHICLE IDENTITY AND VALIDATING VEHICLE PRESENCE - Systems, apparatuses and methods may provide for infrastructure node technology that conducts a mutual authentication with a vehicle and verifies, if the mutual authentication is successful, location information received from the vehicle. The infrastructure node technology may also send a token to the vehicle if the location information is verified, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time. Additionally, vehicle technology may conduct a mutual authentication with an infrastructure node and send, if the mutual authentication is successful, location information to the infrastructure node. The vehicle technology may also receive a token from the infrastructure node. | 05-05-2022 |