| Entries |
| Document | Title | Date |
|---|
| 20080209223 | TRANSACTIONAL VISUAL CHALLENGE IMAGE FOR USER VERIFICATION - A method and a system generate a transactional visual challenge image to be presented to a user thereby to verify that the user is human. For example, an image module generates a visual challenge to be presented to a user as part of a challenge-response to verify that the user is human. A transactional background image module identifies a transactional background that is associated with a specific transaction and a combiner image module combines the visual challenge and the transactional background into an image which is to be presented to the user during transaction authorization, the transactional background associating the visual challenge with the particular transaction. | 08-28-2008 |
| 20080209224 | METHOD AND SYSTEM FOR TOKEN RECYCLING - Embodiments of the present invention provide for recycling a locked token in an enterprise. A secure connection can be established between a locked token and a server and a security process activated to determine an identity of an authorized user of the locked token. An unlock procedure can be activated to unlock the locked token upon receipt of an out-of-band parameter associated with a requester of the unlock procedure to produce an unlocked token. The out-of-band parameter can be provided by the requester of the unlock procedure in an independent communication to an enterprise agent associated with the security server so as to verify that the requester is the authorized user of the locked token. A password reset process associated with a new password for the unlocked token can be activated to provide an assigned password or a password entered by the requester. | 08-28-2008 |
| 20080209225 | METHODS AND SYSTEMS FOR ASSIGNING ROLES ON A TOKEN - An embodiment relates generally to a method of assigning roles to a token. The method includes determining a first role for a first participant on a token and providing exclusive access to a first section of the token for the first participant base on the first role. The method also includes determining a second role for a second participant on the token and providing exclusive access to a second section of the token for the second participant based on the second role. | 08-28-2008 |
| 20080222425 | System and Method for Expressing and Evaluating Signed Reputation Assertions - A method for expressing and evaluating signed reputation assertions is disclosed. In one embodiment, a first entity receives a request to generate a signed assertion relating to a piece of content. The first entity generates a reputation statement about a second entity from reputation-forming information (RFI) about the second entity available to the first entity. The first entity then generates a signed assertion from the reputation statement and the piece of content at least in part by binding the piece of content to the reputation statement and signing a portion encompassing at least one of the bound piece of content and the bound reputation statement. The signed assertion is then transmitted to a receiving entity. | 09-11-2008 |
| 20080235513 | Three Party Authentication - A trust provider uses established relationships with a client device and a server of an e-commerce merchant or service provider to assure the identity of each to the other. The e-commerce merchant can request an encrypted token from the client. The client may use a trust-provider key to generate the encrypted token. The server then passes the token to the trust provider, who only accepts tokens from known, authenticated entities. The trust provider then verifies the token and returns a response to the server. The response may include a client verification for use by the server and an encrypted server verification that is forwarded by the server to the client. In this fashion, both the server and client may be authenticated without prior knowledge of each other. | 09-25-2008 |
| 20080235514 | SAFEGUARDING ROUTER CONFIGURATION DATA - Systems for safeguarding router configuration data are described herein. Some illustrative embodiments include a system that includes a network router, a configuration device comprising configuration data used to configure the network router, and a connector capable of detachably coupling the configuration device to the network router and further capable of detachably coupling a second device to the network router (the connector routes electrical power provided by the network router to a coupled device). The electrical power is set to a voltage level usable to operate the configuration device, while capable of rendering the second device inoperative. | 09-25-2008 |
| 20080263364 | System and method for providing access to a computer resource - There is provided a device and method for providing access to a computer resource. An exemplary device that is adapted to provide access to a computer resource comprises a Universal Serial Bus (USB) security token having a pressure sensor that is adapted to detect pressure applied to the USB security token, and a structure that is adapted to create authentication information to be provided to the computer resource in response to a detection of pressure by the pressure sensor. An exemplary method of providing access to a computer resource comprises detecting an application of pressure to a USB security token, and providing authentication information to the computer resource in response to the detection of the application of pressure to the USB security token. | 10-23-2008 |
| 20080263365 | INTEGRATING LEGACY APPLICATION/DATA ACCESS WITH SINGLE SIGN-ON IN A DISTRIBUTED COMPUTING ENVIRONMENT - The present invention provides methods, systems, computer program products, and methods of doing business whereby legacy host application/system access is integrated with single sign-on in a modern distributed computing environment. A security token used for signing on to the modern computing environment is leveraged, and is mapped to user credentials for the legacy host environment. These user credentials are programmatically inserted into a legacy host data stream, thereby giving the end user the look and feel of seamless access to all applications/systems, including not only modern computing applications/systems but also those residing on (or accessible through) legacy hosts. In addition to providing users with the advantages of single sign-on, the disclosed techniques enable limiting the number of user identifiers and passwords an enterprise has to manage. | 10-23-2008 |
| 20080301463 | Method for Documenting Property or Possession and Transfer of Property or Possession of a Merchandise - In order to provide a method wherein, by using a storage medium arranged on goods, it is possible to distinctly register a conveyance of ownership or title on this storage medium, and wherein only the current owner or proprietor and possibly also an independent verifying agency has access to the storage medium, the following method is proposed: | 12-04-2008 |
| 20080313471 | ELECTRONIC SYSTEM AND DIGITAL RIGHT MANAGEMENT METHODS THEREOF - An electronic system is provided, in which a smart chip, a smart chip controller, a processor, a system memory, and an access management module is provided. The smart chip controller communicates with the smart chip. The processor performs a mutual authentication with the smart chip. The system memory is accessible to the smart chip and the processor. The access management module is coupled between the processor and the smart chip controller. The access management module prevents the processor accessing a certain range of the system memory according to a block command from the smart chip controller, in response of that the mutual authentication between the processor and the smart chip is failed. | 12-18-2008 |
| 20090006858 | Secure seed provisioning - A method is used for secure seed provisioning. Data is derived from inherent randomness in an authentication device. Based on the data, the authentication device is provisioned with a seed. | 01-01-2009 |
| 20090013190 | SECURE MEMORY DEVICE FOR SMART CARDS - A secure memory device which can be used for multi-application smart cards for secure identification in data transfer, or for component verification in a computer system, without the requirement of an internal microprocessor. The secure memory device features a dual authentication protocol in which the memory and host authenticate each other. The secure memory device also includes an encrypted password feature, as well as using stream encryption to encrypt the data. | 01-08-2009 |
| 20090049307 | System and Method for Providing a Multifunction Computer Security USB Token Device - The invention discloses a small token device, ideally about the size of a key, which can plug into the USB interface of a host computer, which need not be fully trusted, and handle a variety of different security functions. The device is capable of serving as a secure USB hub, and thus can function on a host computer that only has one available USB port. Among the multiple functions that the device can perform include communicating through the internet in a secure manner, storing data in a secure manner, and access secure information through public key (PKI) methods. The invention also allows secure USB peripherals to maintain security while being hooked up to either a non-secure host computer or other non-secure USB peripherals. | 02-19-2009 |
| 20090070591 | Grid Mutual Authorization Through Proxy Certificate Generation - A mechanism for mutual authorization of a secondary resource in a grid of resource computers is provided. When a primary resource attempts to offload a grid computing job to a secondary resource, the primary resource sends a proxy certificate request to the user machine. Responsive to a proxy certificate request, the user machine performs authorization with the secondary resource. If authorization with the secondary resource is successful, the user machine generates and returns a valid proxy certificate. The primary resource then performs mutual authentication with the secondary resource. If the authorization with the secondary resource fails, the user machine generates and returns an invalid proxy certificate. Mutual authentication between the primary resource and the secondary resource will fail due to the invalid proxy certificate. The primary resource then selects another secondary resource and repeats the process until a resource is found that passes the mutual authorization with the user machine. | 03-12-2009 |
| 20090132828 | CRYPTOGRAPHIC BINDING OF AUTHENTICATION SCHEMES - Methods and apparatus cryptographically bind authentication schemes to verify that a secure authentication sequence was executed for access to sensitive applications/resources. Users execute two login sequences with a strong authentication framework. Upon completion of the first, the framework generates an unencrypted token from underlying data, later hashed into an authentication token. With a private key corresponding to the first sequence, the authentication token is encrypted and passed to the second sequence where it is encrypted again with a private key corresponding to the second sequence. Upon access attempts to the sensitive applications/resources, verification of execution of the two login sequences includes recovering the authentication token from its twice encrypted form and comparing it to a comparison token independently generated by the application/resource via the underlying data. An audit log associated with the application/resource stores the data, the recovered authentication token, etc., for purposes of later non-repudiation. | 05-21-2009 |
| 20090144556 | GENERIC ELECTRONIC KEY PROVIDED WITH A CUSTOMIZED SMART CARD - A portable electronic device has a case including: a smart chip, an application which is stored in the smart chip, at least one interface for a user, and a microcontroller which controls the smart chip and the interface. The aforementioned microcontroller is configured to execute the primitive functions of the electronic key in order for the interface to be used, while the smart chip is configured to execute the application. The application is configured to generate calls to the primitive functions in order to communicate with the user by means of the interface. | 06-04-2009 |
| 20090177892 | PROXIMITY AUTHENTICATION - A security token is coupled to a computer and is available for use by both local and remote processes for on-demand response to a challenge. To minimize the security risk of an unattended session, the challenge may be issued to verify the presence of the token. When the token has a user interface, it may be used in conjunction with the computer to require that a user also participate in transferring displayed data between the token and computer. This helps to ensure that not only the token, but the user are both present at the computer during operation. For the most sensitive operations, such a confirmation may be required with each data submission. | 07-09-2009 |
| 20090249078 | OPEN ID AUTHENTICATION METHOD USING IDENTITY SELECTOR - Provided is an Open ID authentication method using an identity selector, which can simplify the authentication of an open ID and reduce phishing and hacking risks by automatically performing an open ID-based login process without the need to manually input an open ID uniform resource locator (URL) to a login window. | 10-01-2009 |
| 20090265560 | Numbering Method, Numbering Device, and Laser Direct Drawing Apparatus - An object is to give an identification number which is hard to guess from the previous and next identification numbers without overlap, to give an identification number by using a simple program, or to generate rapidly an identification number without using a memory medium having large capacitance. An integer obtained as a set of ciphertexts through bijective mapping from a set of integers which is a plaintext is used as an identification number. In specific, a set of integers without overlap is used as a plaintext space and encryption thereof is performed, so that an element of a ciphertext space obtained from the set of the plaintext space is used as an identification number. As the encryption, a bijective encryption method is employed; for example, RSA cryptosystem or ElGamal cryptosystem can be employed. | 10-22-2009 |
| 20090271633 | Data Access and Identity Verification - A user access interface for a processor device comprises a control program adapted to receive a first access data indicative of a first access key, so that upon receiving the first access data the control program causes the database to be interrogated, thereby obtaining a first verification data that is indicative of access verification for one or more accessible services associated with the first access data, the physical access key and a respective registered first user. | 10-29-2009 |
| 20090282259 | NOISY LOW-POWER PUF AUTHENTICATION WITHOUT DATABASE - The present invention relates to a method of authenticating, at a verifier ( | 11-12-2009 |
| 20090287937 | IDENTITY VERIFICATION - The invention provides a method for verifying the identity of an entity to a computerised system. The entity is in possession of a personal identification device (PID) having a PID ID and storing a Codec that can be used to encode and decode data. The computerised system holds data associated with the entity including the PID ID of the entity's PID, the Codec and a password associated with and known to the entity. The method involves transmitting an encoded Challenge from the computerised system to the PID, calculating a Reply using the Challenge and the password entered by the user, and transmitting the Reply from the PID to the computerised system. The transmitted Reply is compared with a reply calculated by the computerised system and the identity of the entity is verified if the comparison determines that Replies are the same. | 11-19-2009 |
| 20090292927 | METHODS AND SYSTEMS FOR SINGLE SIGN ON WITH DYNAMIC AUTHENTICATION LEVELS - Method and systems for single sign on with dynamic authentication levels is described. The method include receiving a data request for access to a second application, where the user is already authenticated to the first application at a first authentication level. Application information about the authentication level necessary to access the second application is retrieved. In response to a request, the user provides the further authentication data for accessing the second application. The type of the further authentication data required is based on the first authentication level and the minimum authentication level necessary to access the second application. The user is then authenticated to the second application at the minimum authentication level necessary to access the second application. | 11-26-2009 |
| 20090313479 | Method and System for Restricted Service Access - A method and system for restricted service access is described. To access adult content, the user has to enter an administrator personal identification number into a mobile device. Upon receipt of the administrator personal identification number, an access code is generated, which is provided to a content provider. The content provider can calculate a valid time window and/or request an acknowledge message from a central server. If the current usage is within the valid time window or otherwise verified, access to the content is allowed. Thus, children are prevented from accessing adult content, while adult access is permitted. | 12-17-2009 |
| 20100005313 | PORTABLE TELECOMMUNICATIONS APPARATUS - Portable telecommunications apparatus having one or more functionalities including providing user access to a telecommunications network, the portable telecommunications apparatus comprising integrated circuit card (ICC) reader circuitry, storage circuitry and processing circuitry, wherein the ICC reader circuitry is configured to communicate with one or more network-access ICCs; the storage circuitry is arranged to comprise a list of at least one network-access ICC authorised for use with the apparatus; and wherein the processing circuitry is arranged to undertake an authentication process on removable storage circuitry in communication with the apparatus to determine whether or not the security circuitry is authenticated for use with the apparatus; to allow the authorisation of network—access ICCs in the storage circuitry according to whether authenticated security circuitry is in communication with the apparatus; and to permit a user access to the one or more functionalities of the apparatus according to whether an authorised network-access ICC is in communication with the ICC reader circuitry. | 01-07-2010 |
| 20100011223 | METHOD FOR MAKING SMART CARDS CAPABLE OF OPERATING WITH AND WITHOUT CONTACT - The invention concerns a method for making smart cards capable of operating with or without contact called mixed cards and contactless smart cards. In order to avoid the risk of deteriorating the antenna the method consists in producing an antenna comprising at least two turns, on a support sheet, said antenna having its turns located outside the connecting pads, and in providing an insulating bridge so as to connect each of the antenna ends to a connection pad respectively. | 01-14-2010 |
| 20100017617 | RADIO FREQUENCY IDENTIFICATION (RFID) SECURITY APPARATUS HAVING SECURITY FUNCTION AND METHOD THEREOF - Disclosed are a radio frequency identification (RFID) security apparatus and a method thereof. According to the RFID security method, a secure tag reader performs determining an AES key using security information received from a secure tag and generating an output key using the determined AES key, decrypting AES data received from the secure tag using the output key, and encrypting data to be transmitted to the secure tag using the output key and transmitting the data, and a secure tag performs generating an output key using an AES key and security information, and transmitting the security information to a secure tag reader, encrypting data to be transmitted to the secure tag reader using the output key, and transmitting the encrypted data to the secure tag reader, and decrypting data received from the secure tag reader using the output key. | 01-21-2010 |
| 20100037063 | METHOD, SYSTEM AND PROGRAM PRODUCT FOR SECURING DATA WRITTEN TO A STORAGE DEVICE COUPLED TO A COMPUTER SYSTEM - A method, system and program product for securing data written to a storage device coupled to a computer system. The method includes providing a detachable data security key device for controlling access to data written to a storage within a computer system and attaching the security key device to the computer system for enabling access to the data written to the storage. Further, the method includes detaching the security key device from the computer system for disabling access to the data written to the storage, wherein removal of the security key device from the computer system renders the data written to the storage unreadable. In an embodiment, the security key device includes an encryption key module coupled to the security key device for encrypting the data written to the storage and includes a decryption key module coupled to the security key device for decrypting the data written to the storage. | 02-11-2010 |
| 20100042849 | Device and method for generating digital signatures - For the secure creation of digital signatures and/or for the secure authentication of users with a chip card, an apparatus is plugged into a computer and the PIN is input. The computer operating system activates the autorun function of a read drive in the apparatus and loads an http responder program into the computer. A standard http protocol is used to send a signature request containing all the signature data to the http responder, which writes these data to the interface memory area of a read/write drive in the apparatus, and said interface memory area is read by the internal software in the apparatus, which interprets the data and uses configuration data to check the admissibility of the instruction. If appropriate, the signature request is then forwarded via a chip card read/write apparatus to the chip card, and the signature created by the card is written to the interface memory area, from where it is read by the http responder and is made available to the application as an http response. | 02-18-2010 |
| 20100100746 | SECURE AUTHENTICATION USING HARDWARE TOKEN AND COMPUTER FINGERPRINT - A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token. | 04-22-2010 |
| 20100146290 | TOKEN CACHING IN TRUST CHAIN PROCESSING - A method, system, and computer usable program product for token caching in a trust chain processing are provided in the illustrative embodiments. An information in a token associated with a first request is mapped. A determination is made whether a requester of the first request has provided a constraint in the first request, the constraint concerning the token, the constraint forming a client constraint. The client constraint is stored. The information and the mapped information is stored, forming stored information. The token is received in a second request. The stored information is reused if the client constraint allows reusing the stored information. A further determination may be made whether a target system receiving the mapped information has provided a server constraint, the second constraint concerning the mapped information, the second constraint forming a server constraint. The stored information may be reused if the server constraint allows reusing the stored information. | 06-10-2010 |
| 20100153736 | METHOD FOR ISOLATING SPECIAL FUNCTIONALITIES IN FIELD DEVICES USED IN AUTOMATION TECHNOLOGY - A method for activating special functionalities in field devices used in automation technology uses an activation code, encrypted with a private key and containing an activation option and field-device-specific information transferred to a field device. Decrypting of the activation code occurs with a public key stored in the field device. Then, the field-device-specific information contained in the activation code is compared with information stored in the field device. If these two pieces of information, match, then the activation option in the activation code is ascertained, and the corresponding special functionality is activated. This method makes it possible to activate special functionalities securely in field devices. | 06-17-2010 |
| 20100199100 | Secure Access by a User to a Resource - A method for securing interface access via visual array patterns in combination with hidden operations improves the security of computer systems and dedicated terminals. A hint display is generated in at least a quasi-random fashion that may be an array of numerical digit values. A user input token is received that represents selection of a pattern of elements chosen from the hint display and combined in an algorithm using one or more mathematical, relational and/or logical operations. A pre-defined pattern and algorithm are used to generate a token from the hint display that is compared with the user input to verify that the user knows the pattern and algorithm. Further ease of use can be provided by dividing a hint display array into sub-arrays while providing a clue such as color to indicate each sub-array to the user. | 08-05-2010 |
| 20100205448 | DEVICES, SYSTEMS AND METHODS FOR SECURE VERIFICATION OF USER IDENTITY - In one embodiment, devices, systems, and methods provide authentication of a user using two-factor authentication to enhance security. In such embodiment, a user presents login information and a valid token, wherein the token may be generated by a portable authentication device that comprises a processor, a memory, and/or an activation interface. | 08-12-2010 |
| 20100205449 | Image forming apparatus, method for validating IC card holder, and computer program product thereof - A disclosed image forming apparatus includes a validating unit validating a holder of an IC card having a first security information set, login information set and first identifier information set, based on the first security information set; a login unit performing a login process for the IC card holder to log in based on the login information set; and a storage unit storing the first security information set as a second security information set and the first identifier information set as a second identifier information set obtained when the login process performed is successful. In the image forming apparatus, the validating unit validates, provided that first identifier information set from the IC card matches the second identifier information set in the storage unit, the holder of the IC card by reusing the second security information set in the storage unit when the first security information is requested using the IC card. | 08-12-2010 |
| 20100205450 | VEHICLE DIAGNOSTIC TOOL WITH COPY PROTECTION AND AUTOMATIC IDENTIFICATION OF VEHICLE ECUS AND FAULT DISPLAY - A diagnostic tool for a vehicle configured to automatically identify different communication protocols used by Electronic Control Units (ECUs) on-board the vehicle. The diagnostic tool includes a connector connectable to a data port of the vehicle; a data processor and a data storage device configured to store a list of different communication protocols. The data processor automatically initiates communications with the ECUs on-board the vehicle using a first communication protocol and if the data processor receives a response comporting to the first communication protocol, the data processor determines that at least one ECU on-board the vehicle is using the first communication protocol. Additionally, the data processor automatically initiates communications with the ECUs on-board the vehicle using a second communication protocol and if the data processor receives a response comporting to the second communication protocol, the data processor determines that at least one ECU on-board the vehicle is using the second communication protocol. | 08-12-2010 |
| 20100205451 | Method and Computing Device for Interfacing with a Memory Device in Operations - A method for interacting with a memory device is provided. In this method, a cryptographic communication application is registered to be associated with a protocol type in a web browser. A message encapsulated in the protocol type from the web browser is received and thereafter transmitted to the memory device. Here, the message is associated with a cryptographic operation. | 08-12-2010 |
| 20100211797 | SECURELY PROVIDING A CONTROL WORD FROM A SMARTCARD TO A CONDITIONAL ACCESS MODULE - Various embodiments of the invention provide a method, a smartcard, a conditional access module (CAM) of a receiver and a receiver, such as e.g. a set-top box, for securely providing a control word from the smartcard to the CAM. In various embodiments, diversification data from the smartcard and the CAM is used to make the encryption key and decryption key to encrypt and decrypt the control word in the smartcard and CAM, respectively, dependent on a user interaction with the receiver, such as e.g. selecting a service in the set-top box. | 08-19-2010 |
| 20100217999 | METHOD AND SYSTEM FOR SECURE AUTHENTICATION - A system and method configured to provide secure Personal Identification Number (PIN) based authentication is disclosed. A passcode or PIN associated with a customer value card can be securely authenticated by an issuer prior to authorizing payment. An Access Control Server (ACS) can receive the PIN or passcode from a customer via a secure connection over a public network. The ACS can generate an encrypted PIN and can communicate the encrypted PIN to a remote issuer for authentication. The ACS can use one or more hardware security modules to generate the encrypted PIN. The hardware security modules can be emulated in software or implemented in hardware. The system can be configured such that the PIN is not exposed in an unencrypted form in a communication link or in hardware other than the originating customer terminal. | 08-26-2010 |
| 20100228989 | ACCESS CONTROL USING IDENTIFIERS IN LINKS - Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device. | 09-09-2010 |
| 20100228990 | Using Hidden Secrets and Token Devices to Create Secure Volumes - A system for encrypting Secure Volumes using an encryption key which is saved in the open after being encoded inside a hardware token device utilizing a secure secret which is stored inside the device, and which never leaves the device. The encrypted volume can be accessed again only after a hardware token has decoded this encryption key. The system also provides means whereby the holder of a Master token and the holder of a Grand Master token may also have access to the volume as long as the user token was previously registered to the Master token, and the Master Token was previously registered to the Grand master token before the secured volume was encrypted. Also, the system allows members of user groups so designated at the time the volume is encrypted, to be able to have access to the volume as long as their token was previously registered with the same Master Token as the user that encrypted the volume and as long as the token encrypting the volume was also a member of the authorized user group. | 09-09-2010 |
| 20100228991 | Using Hidden Secrets and Token Devices to Control Access to Secure Systems - A system for using an encrypted version of a password or access code which is stored in the open on a computer or other device, which utilizes a hardware token to decrypt the password or access code utilizing a secure secret which is stored inside the device, and which never leaves the device, to allow the owner of the device to have access to the Secure System. The system also provides means whereby the holder of a Master token and the holder of a Grand Master token may also have access to the Secure System as long as the user token was previously registered to the Master token and the Master Token was previously registered to the Grand master token before the secured resource was locked by the user token. Also the system allows members of user groups so designated at the time the resource is locked, to be able to have access as long as their token was previously registered with the same Master Token as the user that locked the resource and as long as the token locking the resource was also a member of the authorized user group. | 09-09-2010 |
| 20100241866 | Computer System and Method for Storing Data - A method is provided for generating a first key to encode and/or decode data and a first pointer, with said data stored and/or storable on a first data processing system in a memory area identified by said first pointer, comprising the following steps: recursive generating of said first key from a second key, recursive generating of said first pointer from a second pointer, with the number of recursions for implementing the recursive generating of said first key and said first pointer determined by an index value. | 09-23-2010 |
| 20100241867 | SYSTEM AND METHOD FOR ENCRYPTED SMART CARD PIN ENTRY - A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers. | 09-23-2010 |
| 20100250955 | Brokered information sharing system - A brokered information sharing system including a primary broker configured with software to store cards of a principal, to transmit the cards when requested by the principal, to authenticate the principal, and to provide a master authentication of the principal to at least one issuing party. A selector is used by the principal and is configured with software to provide authentication of the principal to the primary broker, and to request and receive cards from the primary broker. | 09-30-2010 |
| 20100250956 | METHOD AND SYSTEM FOR FACILITATING DATA ACCESS AND MANAGEMENT ON A SECURE TOKEN - A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed. | 09-30-2010 |
| 20100262835 | METHOD AND SYSTEM FOR OBTAINING A PIN VALIDATION SIGNAL IN A DATA PROCESSING UNIT - The present invention relates to a method for obtaining a PIN validation signal in a data processing unit, the method including the steps of receiving a PIN in the data processing unit, submitting it to a first portable object for verifying it and obtaining a validation signal. The method further includes the steps of catching or receiving an entered PIN directly in said first portable object for verifying it; transmitting a fake PIN to the data processing unit, the fake PIN being seen by the data processing unit as a PIN to submit to the first portable object for verifying it, and returning a validation signal in case the entered PIN is verified successfully in the first portable object. The invention relates also to corresponding system and secure portable object. | 10-14-2010 |
| 20100287381 | AUTOMATED PASSWORD AUTHENTICATION - A method of automated password authentication by pattern matching regions of screen pixels against a repository of previously captured regions, and submitting a username and a password stored with the regions of the screen pixels for authentication includes triggering an autorunnable application to startup by inserting a memory stick by a user, challenging the user for a master password to access an encrypted database held on the memory stick, running the autorunnable application as a background task following a successful authorization of the user, and checking whether the user has triggered the autorunnable application by a pre-defined key sequence. If the user has triggered the autorunnable application, then the method proceeds with prompting the user to highlight at least one rectangle around a text or an image which uniquely identifies a login panel, capturing a username and a password when entered by the user, and returning the autorunnable application to a background task. If the user has not triggered the autorunnable application, then the method proceeds with monitoring a screen buffer for a matching signature based on the rectangle drawn by the user. | 11-11-2010 |
| 20100287382 | Two-factor graphical password for text password and encryption key generation - This invention details systems, methods, and devices for providing a two-factor graphical password system to a user so that the user may obtain access to a restricted resource. A first previously selected image (previously selected by the user) is presented to the user to enter his password by sequentially selecting predetermined areas on the first image. The user's input is used to create an encryption/decryption key which is used for communicating between a user application and a device. If the user has entered the correct password, then the device can communicate with the user application. Once the device can communicate with the user application, a second previously selected image (previously selected by the user) is presented to the user from the device. The user enters his second password and the user's input is sent to the device. The device then creates the user's alphanumeric password or another encryption key from the user's input and sends this to the user application. The user application then transmits the password or key to the system which restricts access to the restricted resource. | 11-11-2010 |
| 20100306549 | METHOD AND DEVICE FOR MANAGING ACCESS CONTROL - In a method for managing access control with locking units, particularly locks, and electronic keys, wherein access authorizations are stored and managed in a central processor, the keys are programmed with authorization information for a pregiven selection of locking units as a function of the respective access authorization, the authorization information is wirelessly sent from a key to a locking unit in the event of an access request, and the access authorization is determined in the locking unit as a function of the received authorization information, the programming of a key comprises the sending of the authorization information via a wireless telecommunication network to a wireless mobile telecommunication device and the transmitting of the authorization information received by the mobile telecommunication device to a memory of the key. | 12-02-2010 |
| 20100325441 | PRIVACY-PRESERVING FLEXIBLE ANONYMOUS-PSEUDONYMOUS ACCESS - Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms. | 12-23-2010 |
| 20110016326 | Chip Lockout Protection Scheme for Integrated Circuit Devices and Insertion Thereof - A system for implementing a chip lockout protection scheme for an IC device includes an on-chip password register that stores a password externally input by a user; an on-chip security block that generates a chip unlock signal, depending on whether the externally input password matches a correct password; an on-chip false data generator; an input protection scheme configured to gate the external data inputs to functional chip circuitry upon entry of the correct password; and an output protection scheme in communication configured to steer true chip data to external outputs of the IC device upon entry of the correct password, and to steer false data generated by the false data generator to the external outputs upon entry of an incorrect password. The false generated by the false data generator is deterministic and based upon external data inputs, thereby obfuscating whether or not the correct password has been entered. | 01-20-2011 |
| 20110083017 | METHOD AND APPARATUS FOR USING CRYPTOGRAPHIC MECHANISMS TO PROVIDE ACCESS TO A PORTABLE DEVICE USING INTEGRATED AUTHENTICATION USING ANOTHER PORTABLE DEVICE - A method and system for providing authentication of a user to a first peripheral device connected to a host computer using an authentication of the user on a second peripheral device, thereby allowing the user access to both devices through a single authentication. A security function on the second peripheral device is used to create an authorization phrase. Subsequent accesses to the first peripheral device requires the second peripheral device to re-create the same authorization phrase thereby demonstrating that the same second peripheral device is being used to access the first peripheral device and that a user was successfully authenticated to the second peripheral device. Other systems and methods are disclosed. | 04-07-2011 |
| 20110087891 | METHOD FOR PRODUCING, ALLOCATING AND CHECKING AUTHORIZATION APPROVALS - In a method for producing, allocating and checking authorization approvals that are required in order to fulfill tasks specified by an action plan through performance, by a service technician, of actions defined by the tasks on a device or component of a distributed structure on-the-fly generation and distribution of authorization approvals for service technicians is enabled as a function of necessary actions or measures which are to be performed in the form of tasks and are defined as part of an action plan which is contained or recorded in a work schedule. | 04-14-2011 |
| 20110113255 | SYSTEM AND METHOD FOR PROVIDING USER MEDIA - An identification system includes at least one user medium, which is equipped to store a derived key and authenticate itself using the same with respect to a write and/or read device. Furthermore, at least one key dispensing medium is present, which comprises a monolithic first integrated circuit having storage means and processor means, wherein the first integrated circuit is equipped to store a source key and derive therefrom the derived key and to pass it on for storage in the user medium, wherein the user medium is enabled neither directly nor by way of aids to read the source key from the key dispensing medium and/or the user medium is not enabled to calculate a derived key. | 05-12-2011 |
| 20110119497 | SMART CARD AND ACCESS METHOD THEREOF - A smart card and an access method thereof for use with a smart card management system are provided. The smart card management system comprises a smart card access apparatus and a card server. The smart card access apparatus is electrically connected to the smart card. The smart card is configured to store a plurality of application data and management information corresponding to the application data. The smart card access apparatus may transmit a modification signal of a user to the smart card. The smart card may modify the management information according to the modification signal to generate modified management information when the smart card access apparatus is disconnected from the card serve. Therefore, the contents of the smart card may be managed when the smart card access apparatus is disconnected from the card server. | 05-19-2011 |
| 20110131418 | METHOD OF PASSWORD MANAGEMENT AND AUTHENTICATION SUITABLE FOR TRUSTED PLATFORM MODULE - A password management and authentication method suitable for an electronic device with a trusted platform module (TPM) is provided. An authentication code is automatically generated according to a TPM password, and the authentication code is stored into an authentication device selected by a user. The authentication device storing the authentication code is directly served as an electronic key of the TPM so that the user needs not to memorize any password and can access data or a hard disk (HD) encrypted by the TPM by simply connecting the authentication device to the electronic device. Thereby, it is very convenient to the user. | 06-02-2011 |
| 20110145589 | OBLIVIOUS TRANSFER WITH ACCESS CONTROL - A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record. | 06-16-2011 |
| 20110145590 | SECURE DATA EXCHANGE BETWEEN DATA PROCESSING SYSTEMS - A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server. | 06-16-2011 |
| 20110154049 | SYSTEM AND METHOD FOR PERFORMING DATA BACKUP OF DIGITAL VIDEO RECORDER - A system and method for performing data backup of a digital video recorder determines if a second safe mechanism key stored in a secure digital (SD) card is valid when the SD card is detected by the digital video recorder, and changes a data storage path from a first hard disk of the digital video recorder to the SD card if the safe mechanism key stored in the SD card is valid. The system and method further changes the data storage path from the SD card to a second hard disk when the second hard disk is installed, and copies backup data stored in the SD card to the second hard disk. | 06-23-2011 |
| 20110179283 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 07-21-2011 |
| 20110197073 | METHOD AND APPARATUS FOR SECURE DISTRIBUTION OF DIGITAL CONTENT - A method and apparatus for secure distribution of digital content is provided. In accordance with at least one embodiment, an intermediate device maintains an authorized content sink list which it uses to allow reauthorization of a first content sink for access to first content from a first content source when the first content sink has a first content sink entry on the authorized content sink list. In accordance with at least one embodiment, reauthorization is conditioned upon a first content sink entry currency status having not yet expired. In accordance with at least one embodiment, the intermediate device allows authentication of the first content sink by the first content source when no first content sink entry exists on the authorized content sink list or when the first content sink entry currency status has expired. | 08-11-2011 |
| 20110213985 | TWO FACTOR AUTHENTICATION SCHEME - An improved method is provided for generating an authentication factor for authenticating a user. The method includes: assigning a unique identifier to a user of the computing resource; determining a value for a challenge to the user, where the value is determined by a random determination method; concatenating the identifier with the value to form an input string; encrypting the input string using a one-way hash function to yield an output string of characters; and selecting a subset of characters from the output string to serve as the authentication factor for the user. This improved method may be used to generate grids used in a grid authentication scheme. | 09-01-2011 |
| 20110283111 | Apparatus for Verifying and for Generating an Encrypted Token and Methods for Same - Embodiments show an apparatus for verifying a validity of an encrypted token associated to a product, wherein the apparatus has a decryptor for decrypting an encrypted token using a decryption key to obtain a decrypted token having information bits related to the product and structure bits. The apparatus further has an evaluator for evaluating whether the structure bits fulfill a predetermined condition, wherein the encrypted token is verified to be valid when the predetermined condition is fulfilled or is not verified to be valid when the predetermined condition is not fulfilled. Further embodiments show an apparatus for generating an encrypted token associated to a product, wherein the apparatus has a plain token generator and an encryptor for encrypting the plain token using an encryption key to obtain an encrypted token. | 11-17-2011 |
| 20110296194 | SECURE AUTHENTICATION AT A SELF-SERVICE TERMINAL - A method of providing secure authentication of a service user at a self-service terminal is described. The method comprises: detecting attempted access by the service user to a restricted function on the self-service terminal; ascertaining if a removable storage device is in communication with the self-service terminal; in the event that a removable storage device is not in communication with the self-service terminal, denying access to the restricted function; in the event that a removable storage device is in communication with the self-service terminal, prompting the service user to enter login credentials. The method further comprises comparing the entered login credentials with access details stored on the removable storage device; denying access to the restricted function if the entered login credentials do not comply with the access details; permitting access to the restricted function if the login credentials do comply with the access details; and storing details relating to the access. | 12-01-2011 |
| 20110314296 | Host Device and Method for Communicating a Password between First and Second Storage Devices Using a Double-Encryption Scheme - A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device. | 12-22-2011 |
| 20120042170 | DEVICE AND METHOD FOR ESTABLISHING SECURE TRUST KEY - The invention relates to an electronic device configured for encrypted data transfer with a smart card under a trust key. The electronic device comprises at least one secured portion, wherein the electronic device is configured for performing a key exchange algorithm with the smart card for establishing the trust key for the encrypted data transfer between the electronic device and the smart card and wherein the electronic device is configured for storing the trust key in the secured portion of the electronic device. | 02-16-2012 |
| 20120066506 | METHODS, APPARATUS AND SYSTEMS FOR ONSITE LINKING TO LOCATION-SPECIFIC ELECTRONIC RECORDS OF LOCATE OPERATIONS - Providing access at a jobsite to an electronic record of a locate operation. Data related to the locate operation is acquired by locate equipment and transmitted to a data repository for storage in the electronic record of the locate operation. A site-specific access mechanism is provided that establishes a link to the electronic record of the locate operation. In one example, the site-specific access mechanism is a physical mechanism, such as a printout of a website address, a barcode, or an RFID tag. In another example the site-specific access mechanism is a virtual mechanism, such as geographic location information provided by a location tracking system (e.g., GPS apparatus) and/or derived from information available to a wireless communications system or WiFi network. In one aspect, the access mechanism may be configured for use at the jobsite only by a person particularly authorized to access the electronic record of the locate operation. | 03-15-2012 |
| 20120110339 | Security Software For Vector File Format Data - Systems and/or methods where a file requires an associated token to be accessed (see DEFINITIONS section) by the software used to access the file and that the token effectively requires that: (i) a particular authorized copy (or subset of authorized copies) of the software is being used to access the file; and (ii) that the authorized software is being run on an authorized hardware set (for example, organizational server computer). In at least some preferred embodiments, the files are specifically vector file format data files (“vffdf's”). In at least some preferred embodiments: (i) the token associated with the file is called a public token; (ii) the authorized software copy includes a private token; (iii) the file is encrypted; and (iv) the public and private tokens must sufficiently correspond in order for the file to be decrypted and thereby accessed. In at least some preferred embodiments, files that have an associated token cannot be accessed unless each licensing condition of a set of licensing (see DEFINITION of “license”) conditions, including at least one licensing condition is met, such that the use of the software on the file bearing the token is considered to be authorized. If the licensing conditions are not all met, then the software may or may not still be allowed to process files that do not bear a token according to the present invention. | 05-03-2012 |
| 20120151219 | SECURITY USB STORAGE MEDIUM GENERATION AND DECRYPTION METHOD, AND MEDIUM RECORDED WITH PROGRAM FOR GENERATING SECURITY USB STORAGE MEDIUM - The present invention relates to a security USB storage medium generation and decryption method, and a medium having the record of a program for the generation of a security USB storage medium. The generation method of the present invention is for a USB host constituted by a USB connection port, an input interface, an output interface, a storage unit and a host control unit to code a USB storage medium constituted by a USB interface, a storage region and a USB control unit so as to generate a security USB storage medium, the method comprising the steps of: in the host control unit, outputting through the output interface information that requests for the input of a 1st user password to be set, when the connection of the USB interface to the USB connection port is detected; generating a random key and a disk key based on a 1st user password that is input from the input interface in response to the request for the input of the 1st user password; hashing the 1st user password and the random key after the random key and the disk key are generated, so as to generate a 1st encryption and decryption key; and generating a security volume header by dividing the storage region into a header and a body using the 1st encryption and decryption key, encrypting a 1st data and then storing the data in the header, and also generating a security volume body by encrypting a 2nd data using the disk key and then storing the data in the body. In this manner, no one is allowed to read the content stored in the USB storage medium through a disk dump for example without inputting a user password that was input during the generation of security volume, thereby increasing the security of the USB storage medium. | 06-14-2012 |
| 20120185697 | Universal Authentication Token - A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory. | 07-19-2012 |
| 20120210137 | SECURE ID CHECKING - A cost-effective system that provides for the efficient protection of transmitted non-public attribute information may be used, for example, to control access to a secure area. Encryption of the attribute information may be performed using symmetric encryption techniques, such as XOR and/or stream cipher encryption. A centralized database that stores and transmits the encrypted attribute information may generate the encryption/decryption key based on selected information bytes, for example, as taken from a card inserted into a handheld device used at the secure area. The selected information to generate the encryption key stream may be varied on a periodic basis by the centralized database. Information as to which selected bytes are to be used for a particular access authorization request may be transmitted to the handheld unit or may be input through action of a user of the handheld unit, for example by entry of a PIN code. | 08-16-2012 |
| 20120216047 | DIGITAL KEY FEATURING ENCRYPTION AND WEB GUIDE - The present invention targets at providing a digital key featuring encryption and web guide. When users electrically connect the digital key to a computer, the computer can automatically execute to activate a browser program and automatically key in (simultaneously read) a specific web address and specific log-on data without users' operation so as to prevent the attack tricks of unscrupulous persons from stealing information at user end and secure digital information security at user end. Additionally, users don't need to memorize specific log-on data and won't forget or lose log-on information, thereby rendering sufficient convenience. | 08-23-2012 |
| 20120265997 | PRIVACY-PRESERVING FLEXIBLE ANONYMOUS-PSEUDONYMOUS ACCESS - Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms. | 10-18-2012 |
| 20130054975 | ELECTRONIC PASSWORD LOCK SYSTEM AND METHOD FOR ITS USE - A lock system includes a locker device and a USB key. The locker device includes a first USB connector, a password input unit and a control unit. The USB key includes a second USB connector for connection to the first USB connector, a memory unit, and a decrypting unit. The memory unit is configured for storing a password. The decrypting unit includes a password identification unit configured for determining whether a password inputted into the password input unit matches the password stored in the memory unit and producing a decrypting instruction if the inputted password matches the stored password. The locker device is configured for transmitting the inputted password to the USB key. The USB key is configured for transmitting the decrypted instruction to the locker device through the connected first and second USB connectors to enable the control unit to unlock the locker device. | 02-28-2013 |
| 20130086389 | Security Token and Authentication System - Techniques are provided for entering a secret into a security token using an embedded tactile sensing user interface with the purpose of verifying the secret against a stored representation of the same secret. In particular, an embodiment of the security token according to the invention comprises a tactile sensing user interface being arranged to receive a user-encoded secret, a decoding unit being arranged to generate a decoded secret by decoding the user-encoded secret, a comparison unit being arranged to compare the decoded secret with a copy of the secret stored in the token in order to verify the authenticity of a user. Thereby, the security token provides on-card matching functionality. | 04-04-2013 |
| 20130097429 | Method and System for Secure Authentication of a User by a Host System - A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which a user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of an application server by an encryption applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server. | 04-18-2013 |
| 20130103950 | SYSTEM AND METHOD FOR SECURELY CREATING MOBILE DEVICE APPLICATION WORKGROUPS - Presented are systems and methods for providing moderator control in a heterogeneous conference including activating a secure workgroup sharing system between an organizing mobile device and one or more invitee mobile devices, such that activating the secure workgroup sharing system generates a secure workgroup invitation. The secure workgroup sharing system sends the secure workgroup invitation and a security key to one or more invitees associated with the one or more invitee mobile devices. The secure workgroup sharing system receives a security key, matching the sent security key, and an acceptance of the secure workgroup invitation from at least one of the one or more invitee mobile devices, and establishes a peer-to-peer workgroup allowing direct secure communications between the organizing mobile device and at least one of the one or more invitee mobile devices. | 04-25-2013 |
| 20130145172 | TOKEN ACTIVATION - Systems and methods for activating a token to enable a user to enter a transaction based on information received from a recovery key and a passcode are described herein. | 06-06-2013 |
| 20130145173 | TOKEN MANAGEMENT - Systems and methods for generating replacement tokens are described herein. | 06-06-2013 |
| 20130179693 | Providing Integrity Verification And Attestation In A Hidden Execution Environment - In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed. | 07-11-2013 |
| 20130185567 | Method or process for securing computers or mobile computer devices with a contact or dual-interface smart card - A method or system providing for the persistence of a computer session upon removal of a contact or dual-interface smart card from a smart card reader and locking, logging off, or disconnecting from the session when the contact or dual-interface smart card is re-presented to the smart card reader. | 07-18-2013 |
| 20130185568 | INFORMATION PROCESSING SYSTEM - An information processing system includes an information processing device and a portable terminal. The information processing device includes a card processing section that communicates with an IC chip of an IC card (card IC chip), and when security is satisfied between the information processing device and the card IC chip, performs information processing function of the card IC chip. Authentication processing between an IC chip (terminal IC chip) of the portable terminal and the card IC chip is performed through the card processing section, and secure communication is provided between the terminal IC chip and the card IC chip through the card processing section when the authentication processing is successful. Information input on the portable terminal is transmitted to the card IC chip through the secure communication. In this way, high user convenience can be achieved and increased security can also be achieved for the entire system. | 07-18-2013 |
| 20130212402 | TECHNIQUES FOR CALIBRATING MEASURING DEVICES - Techniques for calibrating measuring devices are provided. A universal serial bus (USB) drive is inserted into a USB port on a device of a checkout system. A key in the USB drive initiates a calibration sequence on one or more weighing devices (measuring devices) of the checkout system. Audit information is captured during the calibration and usage of the weighing devices. When a command is recognized to communicate the audit information, the audit information is audibly communicated from speakers associated with the checkout system. | 08-15-2013 |
| 20130268766 | WIRELESS TOKEN DEVICE - A first computing device is detected as substantially collocated with a wireless token device, using a short-range wireless communication network and a connection is established between the first computing device and the token device over the short-range wireless network. Authentication data is sent to the first computing device from the token device over the short-range wireless network to authenticate the token device at the first computing device. Authentication of the token device permits data accessible through the first computing device to be made available to a holder of the token device and to be presented on a user interface of the first computing device. In some instances, the wireless token device may otherwise lack user interfaces for presenting the data itself. | 10-10-2013 |
| 20130268767 | WIRELESS TOKEN AUTHENTICATION - Authentication data is received, from a first computing device, based on data received by the first computing device from a wireless token device, the authentication data used to authenticate a first user to a particular computing session hosted remote from the first computing device. The first computing device is authenticated to the particular computing session based on the received authentication data. The first computing device is permitted to consume resources of the particular computing session. In some instances, the data received by the first computing device from the wireless token device includes the authentication data. | 10-10-2013 |
| 20130268768 | USER AUTHENTICATION - A method includes receiving user input including a user password while an authentication token is retained at a first position in an authentication token receiver of an authentication token reader by an insertion force applied to the authentication token by a user. The authentication token reader includes a bias member that applies an ejection force to the authentication token while the authentication token is at the first position. The method also includes reading authentication data from a memory of the authentication token while the authentication token is retained at the first position by the insertion force applied to the authentication token by the user. The method also includes authenticating the user based on the authentication data. | 10-10-2013 |
| 20130297944 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 11-07-2013 |
| 20130305054 | TRULY ANONYMOUS CLOUD KEY BROKER - Embodiments of systems and methods for providing anonymous cloud encryption are provided. One embodiment of a method for providing anonymous cloud encryption includes communicating an anonymizing token to a key broker. Additionally, the method may include communicating at least one encryption key associated with the anonymizing token to the key broker. The method may also include conducting a secure anonymous transaction with a cloud service using at least one of the encryption keys associated with the anonymizing token. | 11-14-2013 |
| 20130311784 | SYSTEM AND METHOD FOR PREVENTING UNAUTHORIZED ACCESS TO INFORMATION - An authentication system protects a hardware cryptographic chip from being commanded to decrypt or sign data by someone other than the legitimate owner(s) of the certificate residing on the chip. Openness of present cryptographic hardware systems are limited by imposing a condition that the cryptographic chip will only perform critical cryptographic tasks if the task is accompanied by a signature which only the legitimate owner can provide. | 11-21-2013 |
| 20130318359 | SYSTEMS AND METHODS FOR VERIFYING UNIQUENESS IN ANONYMOUS AUTHENTICATION - A method for anonymous authentication by an electronic device is described. The method includes obtaining biometric data. The method also includes generating a token. The method also includes blinding the token to produce a blinded token. The method also includes sending the blinded token and biometric information based on the biometric data to a verifier. The method also includes receiving a signature of the blinded token from the verifier if corresponding biometric information is not stored by the verifier. | 11-28-2013 |
| 20130339747 | Secure Identification Card (SID-C) System - In accordance with one embodiment of the present invention a secure electronic identification device is presented. The secure electronic identification device includes a display mode for displaying government furnished information, a display mode for displaying user furnished information, and a public display mode for displaying public information. | 12-19-2013 |
| 20140068272 | STRONG AUTHENTICATION TOKEN WITH ACOUSTIC DATA INPUT OVER MULTIPLE CARRIER FREQUENCIES - Strong authentication tokens for generating dynamic security values having an acoustical input interface for acoustically receiving input data are disclosed. The tokens may also include an optical interface for receiving input data and may have a selection mechanism to select either the acoustical or the optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device. The acoustic signal received by the token may comprise a plurality of modulated carrier frequencies whereby each carrier frequency has been modulated with a data signal representing the full input data such that the input data are redundantly emitted over more than one modulated carrier frequency. | 03-06-2014 |
| 20140122894 | PRINT MEDIUM, CARD CREATION METHOD, AND PROGRAM - There is provided a print medium, whereon a public key used for authentication in a public-key authentication scheme is displayed as character information. | 05-01-2014 |
| 20140149746 | METHOD AND SYSTEM OF PROVIDING AUTHENTICATION OF USER ACCESS TO A COMPUTER RESOURCE ON A MOBILE DEVICE - A method and system of authenticating a computer resource such as an application or data on a mobile device uses a contactless token to provide user authentication. User credentials are stored on the token in the form of private keys, and encrypted data and passwords are stored on the device. When application user requires access to the resource an encrypted password is transmitted to and decrypted on the token using a stored private key. An unencrypted data encryption key or password is then transmitted back to the device under the protection of a cryptographic session key which is generated as a result of strong mutual authentication between the device and the token. | 05-29-2014 |
| 20140173289 | MOBILE IDENTITY PROVIDER WITH TWO FACTOR AUTHENTICATION - An approach is provided for generating and decoding secure machine readable codes with a processor where the machine readable codes have multiple layers of security. | 06-19-2014 |
| 20140245022 | APPARATUS FOR VERIFYING AND FOR GENERATING AN ENCRYPTED TOKEN AND METHODS FOR SAME - Embodiments show an apparatus for verifying a validity of an encrypted token associated to a product, wherein the apparatus has a decryptor for decrypting an encrypted token using a decryption key to obtain a decrypted token having information bits related to the product and structure bits. The apparatus further has an evaluator for evaluating whether the structure bits fulfill a predetermined condition, wherein the encrypted token is verified to be valid when the predetermined condition is fulfilled or is not verified to be valid when the predetermined condition is not fulfilled. Further embodiments show an apparatus for generating an encrypted token associated to a product, wherein the apparatus has a plain token generator and an encryptor for encrypting the plain token using an encryption key to obtain an encrypted token. | 08-28-2014 |
| 20140281563 | MEMORY DEVICE AUTHENTICATION PROCESS - An authentication process for a memory device that stores a host identification key and a host constant, includes generating a first key based on the host constant, decrypting encrypted secret identification information read from the external device using information generated with the host identification key to generate a secret identification information, generating a random number, generating a session key using the first key and the random number, generating a first authentication information by processing the secret identification information with the session key in a one-way function operation, and authenticating access to the memory device based on whether or not there is a match between the first authentication information and a second authentication information that is generated by the external device with the host constant transmitted to the external device. | 09-18-2014 |
| 20140281564 | METHOD OF AUTHENTICATING ACCESS TO MEMORY DEVICE - A method of authenticating access to a memory device that stores a host identification key and a host constant, includes generating a first key based on the host constant, decrypting a family key block read from an external device using the host identification key to generate a family key, decrypting encrypted secret identification information read from the external device using the family key to generate a secret identification information, generating a random number, generating a session key by using the first key and the random number, generating a first authentication information by processing the secret identification information with the session key in one-way function operation, and authenticating access to the memory device based on whether or not there is a match between the first authentication information and a second authentication information that is generated by the external device with the host constant transmitted to the external device. | 09-18-2014 |
| 20140281565 | CONFIGURABLE PERSONAL DIGITAL IDENTITY DEVICE RESPONSIVE TO USER INTERACTION - A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere. | 09-18-2014 |
| 20140281566 | PERSONAL DIGITAL IDENTITY DEVICE WITH MOTION SENSOR - A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere. | 09-18-2014 |
| 20140317416 | METHOD FOR INPUTTING ACCOUNTS AND PASSWORDS TO COMPUTER OR TELECOM DEVICE VIA AN AUDIO INTERFACE - A method for inputting accounts and passwords to a computer or telecom device via an audio interface via an audio jack. The method includes the following steps: fabricating a data storage device with audio interface; storing an account and password into the data storage device; setting a software capable of being implemented on the computer or telecom device; said software has the functions of data encryption and decryption as well as data access via the audio interface; and connecting the data storage device via the audio interface to the audio jack of the computer or telecom device. When the software requests the user to input accounts and passwords, the accounts and passwords in the data storage device could be obtained and then decrypted via the audio jack and audio interface, thus finishing the input of the users accounts and passwords by non-keying means. | 10-23-2014 |
| 20140331058 | ENCAPSULATED SECURITY TOKENS FOR ELECTRONIC TRANSACTIONS - Functional data for use in one or more digital transactions are secured by using an encapsulated security token (EST). In certain embodiments, the EST is created by encapsulating digital data including the functional data using at least two cryptographic systems of two parties. The encapsulation and subsequent de-encapsulation can utilize cryptographic systems of the parties that involve a private key for signing and decryption and a public key for encryption and signature verification. If constructed carefully over a series of rigorous events, the resulting EST can be practically impossible to counterfeit. In addition, a propagation of rights can be tracked for auditing and rights can be easily terminated or modified. | 11-06-2014 |
| 20140359301 | UNIFORM MODULAR FRAMEWORK FOR A HOST COMPUTER SYSTEM - A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session. | 12-04-2014 |
| 20140365781 | Receiving a Delegated Token, Issuing a Delegated Token, Authenticating a Delegated User, and Issuing a User-Specific Token for a Resource - Some embodiments relate to a computer readable medium including a program code, which is configured, when running on a programmable hardware component, to receive a delegated token from a user's device, including receiving a signal indicative of at least the delegated user identifier and a delegating security pattern from the delegated user and including providing the device of the user with a signal indicative of at least a delegated user identifier, and a delegation challenge value. It is further configured to receive, from the device of the user, a signal indicative of at least, in an encrypted form, a delegated token, a user-specific token, a delegation authentication key, a user-specific delegation challenge value, and a delegation check value. The program code is further configured to store in the device of the delegated user the delegation authentication key, the delegated token, and the user-specific token. | 12-11-2014 |
| 20150113283 | PROTECTING CREDENTIALS AGAINST PHYSICAL CAPTURE OF A COMPUTING DEVICE - A method of activating credentials that are stored encrypted while inactive. In one embodiment a decryption key is retrieved from a key storage service after the device authenticates to the service by sending a passcode and/or a biometric key, a public key and a signature computed with a private key, the service verifying the signature and comparing a hash of the public key and the passcode and/or biometric key to a reference hash. | 04-23-2015 |
| 20150121085 | Cookie Information Sharing Method and System - This invention discloses a cookie information sharing method that comprises the following steps: reading cookie information in a parent browser, said parent browser being a browser which stores the cookie information; importing the cookie information read from the parent browser into a child browser, said child browser being a browser which needs to acquiring the cookie information from the parent browser. This application also provides a cookie information sharing system for realizing the proceeding method. The cookie information sharing method and system of this application are able to reduce occupancy of system resources by user's information records, and also to realize sharing of the user's information records. | 04-30-2015 |
| 20150302188 | SYSTEM AND METHOD FOR WIRELESS PROXIMITY-BASED ACCESS TO A COMPUTING DEVICE - Disclosed herein is a system and method for wireless proximity-based access to a computing system, which in accordance with certain aspects of an embodiment of the invention includes a small, portable, person-carried or personal-item-carried (e.g., by attachment to a user's key's, purse, knapsack, etc.) wireless transmitter that serves as a “key,” and a wireless receiver configured for attachment to the computing system that serves as a “lock.” The lock may comprise, for example, a USB device that both wirelessly communicates with the key to detect its physical proximity, and communicates with the computer access software that is native on the computing system (e.g., standard WINDOWS username and password authentication processes) to either allow or disallow such computer access software from allowing access to the computing system based upon the physical proximity of the key to the lock. | 10-22-2015 |
| 20150304111 | CERTIFIED IDENTIFICATION SYSTEM AND METHOD - A certified identification system for a subject is described. The system has a certification station configured to issue first identification means representing the subject, second identification means, suitable for identifying at least one identification station, and configured to be associated with the subject, wherein the identification station is configured to combine the identification means and the first code of the second identification means, issuing a unique identification code comprising first data, a second code and a first code, wherein the identification station ( | 10-22-2015 |
| 20150339474 | USER AUTHENTICATION SYSTEM - A method of authenticating a user to each of a plurality of services provided by at least one service provider, the method comprising: providing the user with a smart card having stored therein a plurality of authentication keys and comprising communication circuitry for communicating with a communication device that the user uses to communicate with the at least one service provider; and communicating with the smart card to authenticate the user responsive to an authentication key of the plurality of authentication keys. | 11-26-2015 |
| 20150347737 | SERVICE ACCOUNT ACCESS - A computer system detects an external media device and determines the external media device contains authentication data for the computer system. In response, a first password is generated based on an identifier unique to the computer system. A prompt is displayed for a second password obtained from a service provider. The second password is received through an input device. The computer system provides access to the service account if the second password matches the first password. | 12-03-2015 |
| 20160006566 | READING OF AN ATTRIBUTE FROM AN ID TOKEN - The disclosure relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, said method comprising: determining, by a terminal, of whether a contact-based interface of the ID token is present and can be used for data exchange with the terminal. If the ID token does not have the contact-based interface or this cannot be used, implementing a zero-knowledge authentication protocol via a contactless interface of the terminal and ID token; and deriving an ID token identifier by the terminal. If the ID token has the contact-based interface and this can be used, authenticating the user to the ID token via the contact-based interface; accessing to an ID token identifier by the terminal; sending of the ID token identifier from the terminal to an ID provider computer; use of the ID token identifier by the ID provider computer in order to authenticate the ID provider computer to the ID token; and read access of the ID provider computer to the at least one attribute stored in the ID token. | 01-07-2016 |
| 20160006567 | Cryptographic Device that Binds an Additional Authentication Factor to Multiple Identities - Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact. | 01-07-2016 |
| 20160036594 | WIRELESS KEY MANAGEMENT FOR AUTHENTICATION - Disclosed are methods, systems, and computer-readable media for wireless key management for authentication. Authentication includes transmitting a request to a locking device, transmitting a security challenge to the mobile device, and transmitting a response to the challenge and an encrypted user profile for the locking device. The response includes data generated with an access key that is stored by both the mobile device and the locking device, and the user profile is encrypted by a server using a secret key that is stored by the server and the locking device. Authentication further includes verifying the response to the challenge, where the response is verified using the access key, and validating additional data from the mobile device. An action of the locking device may be initiated as specified by the request. | 02-04-2016 |
| 20160048692 | TOKEN FOR SECURING COMMUNICATION - A token includes an interface for communicating with a host, a processor communicably coupled to the interface, and to a persistent storage unit. The processor receives, via the interface, a command from the host; determines whether the command is valid for the token and, if not, returns a result to the host indicating the command is not valid; otherwise, if the command is determined to be valid for the token, performs the command and return a result of performing the command to the host. The command is one of: a command to activate the token, a command to begin authentication, a command to authenticate the host, a command to generate an encryption key, and a command to change a token activation code (TAC) stored by the token, said TAC for use in activating the token. | 02-18-2016 |
| 20160080154 | METHOD OF CONTROLLING ELECTRONIC DEVICE USING WEARABLE DEVICE AND METHOD OF OPERATING ELECTRONIC DEVICE - In a method of controlling an electronic device using a wearable device, the electronic device is paired with the wearable device. A cryptographic key, which corresponds to the electronic device, is stored in a secure storage device included in the wearable device. A distance between the wearable device and the electronic device is estimated by the wearable device. An unlock signal including the cryptographic key, which is stored in the secure storage device, is transmitted from the wearable device to the electronic device when the estimated distance is smaller than a threshold distance. The electronic device is unlocked based on the unlock signal. | 03-17-2016 |
| 20170236353 | WIRELESS KEY MANAGEMENT FOR AUTHENTICATION | 08-17-2017 |
| 20180026983 | SYSTEM AND METHODS TO ESTABLISH USER PROFILE USING MULTIPLE CHANNELS | 01-25-2018 |
| 20190149334 | SYSTEM FOR DIGITAL IDENTITY AUTHENTICATION AND METHODS OF USE | 05-16-2019 |
