| Entries |
| Document | Title | Date |
|---|
| 20080201769 | SYSTEM AND METHOD FOR PROCESSING PAYMENT OPTIONS - Disclosed is a system and method for processing payment options, including consolidation, selection, and secure identification. In one embodiment, multiple payment options such as credit, debit and loyalty cards are registered by a consumer and consolidated into a secure central repository. The consumer securely accesses the central repository over a secure communications channel from a remote access device, such as a point-of sale (POS) terminal at a merchant store, to retrieve and select from one of the available payment methods. Upon selection, additional data sufficient to complete the payment transaction is sent to the POS terminal. The consumer may use a piece of identification and password (e.g., one of the registered cards together with a password or personal identification number) to securely access the multiple payment options. Alternatively, the consumer is identified by using a biometric identifier, such as a fingerprint or retina scanner, without need for additional identification. | 08-21-2008 |
| 20080201770 | COMMUNICATION CONTROL DEVICE - A communication control device with high confidentiality is provided, which allows content access only from devices in a specific group, and ensures that no content information is exposed to any devices for which content access is not allowed. A password selection portion selects a common password required for connecting to a network, or a secret password required for establishing a communication channel with a specific reception device. A transmission portion transmits contents or information associated therewith to the reception device via the network established by using the common password or the secret password. | 08-21-2008 |
| 20080201771 | Authentication apparatus, authentication system, authentication method, and authentication program using biometric information for authentication - In order to enable multiple logins by a same user, the authentication server includes a registration portion to store a user record including a fingerprint image for authentication of identity of a user and owner authentication information stored in a IC card issued to the user; an identity authentication portion to compare a fingerprint image received from one of MFPs with the one included in the user record for authentication; a first permission portion to transmit a permission signal permitting login based on the authenticated fingerprint image to the MFP that transmitted the fingerprint image; an owner authentication portion to compare owner authentication information received from one of the MFPs with the one included in the user record for authentication; and a second permission portion to transmit a permission signal permitting login based on the authenticated owner authentication information to the MFP that transmitted the owner authentication information. | 08-21-2008 |
| 20080216162 | NETWORK DEVICE MANAGEMENT APPARATUS AND NETWORK DEVICE MANAGEMENT METHOD - A network device management apparatus according to this invention is directed to a network device management apparatus, which is connected to a network and manages a network device connected to the network, acquires status information indicating the status of the network device from the network device, saves the acquired status information in a storage unit, randomly generates an address required to access the storage unit, and notifies a pre-registered destination of the generated address, and provides, when an access is made to the address, the status information saved in the storage unit to an accessing party. | 09-04-2008 |
| 20080216163 | Method and Apparatus for Network Authentication of Human Interaction and User Identity - A method and apparatus are provided to enable a server to determine if a client connecting to the server is doing so by means of human user interaction, as opposed to an automated process. In order to authorize access to services, the option of determining user identity, such as by means of a graphical shared secret, is also provided. Three aspects are described: (i) image formation from an object model; (ii) presentation of image choices to a user, and (iii) user action. Image formation includes the creation of one or more categorized 2-dimensional images with object regions for each image automatically qualified. These one or more categorized images can be created by means of a Randomizable Image Generation Object for Human Recognition, comprised of (i) a 3-dimensional object model, (ii) a plurality of rendering threshold and constraint parameters, and (iii) categorization and qualitative metadata. The one or more 2-dimensional images are preferably transmitted to the user for authentication without the image metadata, which may be retained on the server. Related inquiry text can be sent when human user interaction is being determined and not user identity authentication. | 09-04-2008 |
| 20080222710 | SIMPLIFIED ELECTRONIC MESSAGING SYSTEM - A simplified messaging system is provided. In various embodiments, the simplified messaging system receives a selection of an image representing an identification for a user that the user previously provided, receives a selection of multiple images representing a password for the user that the user previously selected, and logs the user into an electronic messaging system based on the selected images. In various embodiments, the simplified messaging system comprises a mail transport server that receives and forwards electronic messages, a mail registration server comprising an images component that stores images associated with user identifications and user passwords, and a mail client that receives a selection of an image identifying a user and multiple images associated with a password of the user, and logs the user into an electronic messaging system when the images are selected. | 09-11-2008 |
| 20080222711 | Method and Apparatus to Create Trust Domains Based on Proximity - Devices and methods use close range communication links, e.g., near field communication (NFC) links, to authenticate communication devices to one another to create or join a new device to a trust domain. Once two devices establish a close range communication peer-to-peer link the devices exchange credential information that provide an infrastructure for the trust domain. Medium or long range wireless or wired network communication links can then be used for secure and trusted communications. Proximity limits of the close range communication P2P link enables mutual trust to be presumed among devices, providing added security to the process of extending a trust domain and reducing the need for security and authentication signaling. Embodiments provide a variety of methods for extending credential infrastructure among devices. Embodiments further enable simple to use virtual cables that can provide secure point-to-point communications that are configured merely by touching two communication devices together. | 09-11-2008 |
| 20080222712 | User-Browser Interaction Analysis Authentication System - Systems, methods and media for authenticating a user based on user-browser interaction are disclosed. Embodiments of a method may include, during an e-commerce session with a user, receiving a request for an action from the user and determining whether the requested action requires additional authentication. Embodiments may also include requesting analysis of user-browser interaction for the session, receiving a pattern matching score for the session, and performing an action based on the pattern matching score and the requested action. The pattern matching score may provide an indication of a comparison between the user's interaction with a browser during the session and a user-browser interaction profile for the user. The performed action may include completing an e-commerce transaction, accessing or modifying information, changing a password, requesting additional information, denying the requested action, or other action. Further embodiments may provide for authenticating the user with a first-level authentication. | 09-11-2008 |
| 20080229400 | Remote Entry System | 09-18-2008 |
| 20080235774 | Authentication Apparatus and Authentication Method Using Random Pulse Generator - This invention provides an authentication apparatus and an authentication method using a random pulse generator for generating completely random pulses and using a completely random signal as an authentication signal. The authentication apparatus includes: a random pulse generator (hereinafter referred to as the RPG), arranged in a body or a partner side or in both the body and the partner side which generates random pulses; a unit which outputs an authentication signal based on the random pulses generated by the RPG; a unit which stores the authentication signal; a communication unit which transmits/receives an authentication signal; and a control unit which controls the communication of an authentication signal and collate an authentication signal, whereby a complete security can be maintained and safety can be established on the part of the user. | 09-25-2008 |
| 20080235775 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO MULTIPLE PUBLIC NETWORKS AND FOR CONTROLLING ACCESS TO MULTIPLE PRIVATE NETWORKS - A system and method for controlling access to multiple public networks and for controlling access to multiple private networks is provided. Authentication is used with unique public shared secrets and unique private shared secrets to control access to the networks. The invention includes a user device for communicating with at least a public network and/or a private network. The device may be capable of accessing multiple networks through one or more private networks with multiple access control servers. The user device must provide a correct response to each access control server, before access to the network may be granted. The device generates a one-time password, or response, to gain access to a controlled network server. The response generated by the device is matched to a response generated by an access control server that may have generated a challenge that prompted the response. If the two responses match, the device is authenticated and a user of the device is granted access to the network server. | 09-25-2008 |
| 20080235776 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM, AND COMPUTER-READABLE MEDIUM - An information processing apparatus is disclosed that includes a user authentication unit that identifies a current user, a task acquiring unit that acquires task information of a relevant task associated with a file to be processed by the current user, and a file information storage unit that stores file information of the file to be processed in association with the task information of the relevant task. | 09-25-2008 |
| 20080235777 | SYSTEM AND COMPUTER PROGRAM PRODUCT FOR DENYING UNAUTHORIZED ACCESS TO A PRIVATE DATA PROCESSING NETWORK - Systems and methods for denying access to a data processing system by an intruder are provided. Input/output (I/O) on the intruder's connection may be taken over and responses mimicking a local terminal session passed back. On an attempted reconnect by the intruder, the user name and password used by the intruder to access the system may be captured. The password may then be changed on the edge system and the intruder's terminal session disconnected, or alternatively, continue to log the intruder's activity. | 09-25-2008 |
| 20080250482 | Network invitation arrangement and method - Method and arrangement for enabling communications between an entity operating a network including a first user, and a second user includes sending a message from the first user to the entity informing the entity of identification information of the second user interested in joining the network, sending from the entity to the first user a key to allow the second user to communicate with the entity, providing a message from the first user directly to the second user containing the key, sending a message from the second user to the entity using the key, determining whether the key sent by the second user corresponds to the key provided by the entity to the first user, and if so enabling communications between the second user and the entity. The ability of the first user to obtain a key to enable the second user to join the network is time-limited. | 10-09-2008 |
| 20080250483 | Method and System for Authenticating Products Using Serial Numbers and Passwords Over Communication Network - The present invention relates to a method and system for authenticating products using serial numbers and passwords over a network, which can determine whether the products are genuine based on the serial numbers, which are attached to the respective products, and the passwords, which can be viewed at the time of unsealing the products. When the present invention is used, authentication for a product is performed according to whether the serial number and password of the product match and whether a request for the authentication of the serial number has been made, and thus a reliable authentication system can be provided. Furthermore, one or more passwords for the product are sealed in or attached to the product, so that, if the password is not known, an imitation is distinguished as not being a genuine product, therefore an effective authentication system can be provided. | 10-09-2008 |
| 20080250484 | SYSTEM AND METHOD FOR CONTENT FILTERING - The system for content filtering includes at least one content server that stores content. The system also includes at least one client computer configured to transmit a request for the content to the at least one content server. The request contains an address of the content server and a port number associated with such a request for the content. A gateway is coupled to the at least one client computer. The gateway is configured to receive and renumber the request with a new rarely used port number associated with a filter privilege of a user of the at least one client computer. The system also includes a content filtering server, configured to block restricted content based on the filter privilege. Finally, a switch is coupled to the gateway, the content filtering server, and the content server. The switch is configured to listen for the request on the rarely used port number and to redirect the request to the content filtering server. | 10-09-2008 |
| 20080263648 | SECURE CONFERENCING OVER IP-BASED NETWORKS - Methods and systems for secure conferencing over an IMS network or other networks include sending request by at least one user to access to an application server. The user is validated using a validation coupon provided by the user equipment followed by identifying and allowing the user equipment to download a valid media client. Conference data is encrypted and transmitted to the user equipment, and processed by the media client. Typically, the encrypted conference data is decrypted by the media client and communicated to a user interface presentation to the user. In some examples, the conference data is validated prior to downloading to the user equipment. | 10-23-2008 |
| 20080271128 | Method and System for Retaining and Protecting Sensitive User-Related Information - A method, device and system for managing and altering a plurality of sensitive information are disclosed. The device comprises a memory for storing the sensitive information, an interface device for enabling communication between the memory and an external device, and a timer for providing a time-based value associated with the storing of each of the sensitive information. The device may communicate with a processor-based system that includes an input device via a wired or wireless communication media. The processor-based system receives selected sensitive information from the device and may provide altered sensitive information to the device. | 10-30-2008 |
| 20080289015 | Resetting of Security Mechanisms - The security mechanism of a product is realized in such a manner that the data, which is assigned thereto, cannot, in contrast to the remaining data of the product, be accessed from outside the product. The resetting is effected by deleting the data following an intervention from inside the product. The data D | 11-20-2008 |
| 20080289016 | SYSTEM AND METHOD FOR CONFIGURING A CUSTOMER PREMISES EQUIPMENT IN A SERVICE PROVIDER NETWORK - A system and method for authentication for configuring a customer premises equipment (CPE) in a service provider network. In a multiple dwelling unit (MDU) a customer device (e.g., voice over Internet protocol (VOIP) phone) can be configured with CPE functionality, thereby enabling the customer device CPE to support the provision of service to multiple additional customer devices in a customer premises. A dedicated CPE device is thereby eliminated from the service provider network. The customer device CPE can be designed to support a form of authentication (e.g., Layer 2, Layer 3) that would be sufficient for access by the multiple additional customer devices to various network services. | 11-20-2008 |
| 20080295160 | Biometrically controlled personal data management system and device | 11-27-2008 |
| 20080295161 | OPERATION SUPPORT SYSTEM | 11-27-2008 |
| 20080301791 | Single sign-on system, method, and access device - A system, method, and access device enabling a user to securely access a plurality of password-protected servers with a single entry of the user's User ID and associated password. When the access device receives the User ID and password from the user, it sends only the User ID to each of the password-protected servers. The servers each return a unique index value to the access device. The access device uses each index value to retrieve different password modification information from a database or lookup table. The access device then creates a plurality of modified passwords based at least in part on the password modification information. The access device then transmits each of the modified passwords to the corresponding password-protected server. | 12-04-2008 |
| 20080307514 | AUTHENTICATION APPARATUS, AUTHENTICATION METHOD, AND COMPUTER PROGRAM PRODUCT - A monitoring unit monitors a client terminal used by a user, and when there is a predetermined access operation to a resource from the client terminal, acquires identification information from the client terminal. A verifying unit verifies whether the identification information matches stored identification information. When it is verified that the identification information matches the stored identification information, a referring unit refers to an access management system to check an entry status of the user to a facility. A determining unit determines whether to allow the access operation based on a check result from the referring unit. | 12-11-2008 |
| 20080307515 | System and Method For Dynamic Multifactor Authentication - A method of authenticating a user. The method comprises the step of sending an authentication request to a remote authentication device and generating a first piece of authentication information. A mobile device receives the first piece of authentication information from either an access terminal or the remote authentication device. The mobile device of the user generating a second piece of authentication information which is at least partially based on the received first piece of authentication information. The second piece of authentication information is sent to the remote authentication devices and the second piece of authentication information validated. If the second piece of authentication information is successfully validated an authentication signal is generated. | 12-11-2008 |
| 20080313722 | MOBILE TERMINAL FOR SETTING BOOKMARKING AREA AND CONTROL METHOD THEREOF - A mobile terminal for setting a bookmarked region and its control method are disclosed. According to the method for controlling a mobile terminal, one region of a screen image of an accessed Web page is selected as a select region, and the select region is set as a bookmarked region. When the Web page is re-accessed, the set bookmarked region is displayed as an initial access screen image. Accordingly, when the Web page is re-accessed through bookmarking, the set bookmarked region can be displayed as the initial screen image. | 12-18-2008 |
| 20080313723 | AUTHENTICATION METHOD OF INFORMATION TERMINAL - One embodiment of the present invention provides an information terminal that includes: a first receiver for receiving trust information from a trust information provider, the trust information including identification information of a terminal belonging to an authenticatee and showing that the terminal belonging to the authenticatee is authenticated by the trust information provider; a storage device for storing the trust information; a second receiver for receiving an identification tag of the terminal belonging to the authenticatee from a server; and an outputting device for outputting information for performing an identification judgment of the terminal belonging to the authenticatee based on the identification tag of the terminal belonging to the authenticatee and the trust information stored in the storage device. | 12-18-2008 |
| 20080320574 | SYSTEM, METHOD AND PROGRAM FOR AUTHENTICATION AND ACCESS CONTROL - System, method and program for managing a production server. An authentication server sends to the production server via a network a group password for a GroupID to access a file in the production server. A user at a workstation sends via a network to the authentication server an individual UserID and corresponding individual password for the user and a request for the group password for the GroupID to access a file in the production server protected by the group password. In response, the authentication server authenticates the individual UserID with the corresponding individual password and returns to the workstation the group password for the GroupID. After receiving the group password from the authentication server, the user at the workstation sends via a network to the production server the group password and GroupID and a request to access the file in the production server protected by the group password. In response, the production server authenticates the GroupID with the group password and grants the user access to the file. | 12-25-2008 |
| 20080320575 | SYSTEM AND METHOD FOR DATA CAPTURE AND REPORTING - A database system includes an intermediary program that provides a variety of functions. Logging on to the intermediary program results in log-in information being transmitted from an encrypted file to the database system via the intermediary program. The database system includes the ability for the user to enter criteria for a query in a variety of different manners, including the ability to directly modify generated SQL statements and the ability to use input lists in creating queries. In addition, the queries entered by the user can be stored in a separate database, such that the efficiency and operation of the database system can be improved. In addition, the delivery of query results and reports allows for delivery of files that are associated with a data period in any format and also allows the user to receive multiple reports in a single, compressed file. | 12-25-2008 |
| 20090013392 | Network Information Protection Method and Storage Medium - Biological certification information of a user A and access certification information for each user are stored in a memory in an electronic circuit that is installed on a disc. At the time of driving the disc, the user's biological certification information and the biological certification information stored in the electronic circuit are compared and access certification information is sent out to a network when both information agree to each other. At the network, connection of the user's terminal to a service community is permitted when the user is determined to be an authorized one based on the received access certification information. Determined in the service community are an on-duty concierge who takes care of the service request by the user's terminal and an administration concierge who monitors communication information between the user and the on-duty concierge. Then, the administration concierge keeps monitoring communication information between the terminals used by the user and the on-duty concierge for generating a warning or compulsively interrupting the communication when the monitoring information meets the predetermined condition. | 01-08-2009 |
| 20090013393 | METHOD AND SYSTEM FOR PERFORMING SECURE LOGON INPUT ON NETWORK - A trusted input technique in which switching is made between an OS environment unreliable in security and a BIOS reliable in security. Rapid switching to a secure environment, such as BIOS mode, upon request for secure input, is enabled. An OS environment of a user can be quickly resumed after the user completes the input of a cryptogram. The technique does not and will not have any influence on secure transaction architecture. The identification of a server is authenticated in a trusted secure environment, and thus it is possible to prevent such problem as “phishing” websites. The user cryptogram is present as plaintext only in a BIOS environment and server and as encrypted during intermediate transmission. Thus, it is impossible to be intercepted by any virus such as a “Trojan horse”. | 01-08-2009 |
| 20090025071 | PROCESS AND ARRANGEMENT FOR AUTHENTICATING A USER OF FACILITIES, A SERVICE, A DATABASE OR A DATA NETWORK - A process for authenticating a user to control remote access to a service, data base or data network is provided, in which during an enrolment step, an initial voice sample provided by the user is analyzed to obtain an initial user-specific voice profile and, in a later verification step, a current voice sample of the user is analyzed and compared to the initial voice profile to generate an access control signal. An additional user-dedicated authentication is generated in a pre-enrolment period, and the additional authentication is used to authenticate the user in the enrolment step and/or in an access control step prior to and independent on the enrolment step, in a provisional or supplementary authentication procedure. | 01-22-2009 |
| 20090025072 | Image output authentication system, image output authentication server, and image output authentication method - An authentication server: has user identification information and a password of that user identification information previously stored therein in association with each other; receives user identification information transmitted, the user identification information being determined from information input at and received by an image output apparatus; obtains a password received by an image transmission apparatus used by a user associated with the received user identification information, from that image transmission apparatus after that user identification information is received; determines whether the obtained password and the password stored in the authentication server in association with the received user identification information match; and, if a decision is made that the passwords match, permits the image output apparatus that had sent the received user identification information, to output an image corresponding to image data transmitted from the image transmission apparatus and stored in that image output apparatus in association with that user identification information. | 01-22-2009 |
| 20090025073 | CLIENT AUTHENTICATION DEVICE AND METHODS THEREOF - A method of authenticating a data processing device includes receiving a request to authenticate the data processing device. In response, an authentication key is accessed an authenticated at an authentication module. The authentication key is stored at a storage module that is located within the same integrated circuit package as the authentication module, so that the authentication key can be communicated to the module without exposing the key to unauthorized probing. The integrated circuit package also includes a tamper detection module to determine whether a memory of the data processing device has been accessed. In response to determining the memory has been accessed, the tamper detection module instructs the authentication module to not authenticate the data processing device. | 01-22-2009 |
| 20090031405 | AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - A portable terminal possessed by a user of a client personal computer is capable of being connected to a server independently. The server has a function of transmitting identifier-including challenge data to the client personal computer for an authentication process, receiving identifier-including response data from the client personal computer, extracting corresponding challenge data and authenticating the client personal computer based on the extracted challenge data and the received response data. The client personal computer has a function of receiving the identifier-including challenge data from the server and displaying the identifier-including challenge data. The portable terminal has a function of acquiring the identifier-including challenge data received by the client personal computer, generating identifier-including response data from the acquired identifier-including challenge data and transmitting the identifier-including response data to the server. | 01-29-2009 |
| 20090031406 | AUTHENTICATION INFORMATION PROCESSING DEVICE, AUTHENTICATION INFORMATION PROCESSING METHOD, STORAGE MEDIUM, AND DATA SIGNAL - An authentication information processing device includes a receiving unit that receives an authentication request containing user identification information and a password from a terminal; an attack determination condition information storage unit that stores attack determination condition information for determining whether or not the received authentication request is made by an attacker; an attack determination unit that determines, by comparing the received authentication request and the attack determination condition information stored in the attack determination condition information storage unit, whether or not the authentication request is made by an attacker; and a transmission unit that transmits, when the attack determination unit determines that the authentication request is made by an attacker, input instruction information asking for input of an authentication request to the requesting terminal. | 01-29-2009 |
| 20090031407 | Method and system for security check or verification - An security check or verification method includes generating at least one verification code or number for each user at a security check/verification server, sending the generated verification code or number to user's dedicated mobile device though a secured connection, entering the verification code when user login to a web site, sending the verification code or number to the security check server from the web site server, allowing the user access based on the correct user name, password, and the confirmation form the security check server. | 01-29-2009 |
| 20090037993 | Information Authentication Gateway, Information Acquisition System Using the Information Authentication Gateway, and Information Acquisition Method - It is possible to provide an information authentication gateway used when acquiring information on an object according to hierarchical position information contained in an information code attached to the object. The information authentication gateway includes: metadata storage means for storing metadata indicating an entire hierarchical structure in which basic semantic units are shown; hierarchical position information acquisition means for reading an information code attached to an object by a reader and receiving hierarchical information included therein from a user terminal capable of transmitting/receiving information to/from the reader; information comparison means for performing a comparison to decide whether the received hierarchical position information is included in the metadata stored in the metadata storage means; and ticket issuing means used when the information comparison means indicates that the information is included, for passing information required to access a server storing the information corresponding the hierarchical position information to the user terminal. | 02-05-2009 |
| 20090049533 | USER AUTHENTICATION METHOD AND APPARATUS - A user authentication method and apparatus, the user authentication method including: performing a user authentication using user information transmitted by a host through a protocol supporting user authentication; generating user authentication information from the transmitted user information if the user authentication is performed successfully; and determining whether a service requested from the host using a protocol that does not support user authentication is permitted by using the generated user authentication information. Thus, the method can be used to selectively provide a service even when a service using a protocol that does not support user authentication is requested. | 02-19-2009 |
| 20090049534 | GENERATION AND AUTHENTICATION OF DIGITIZED BIOMETRIC DATA FOR CONDUCTING A TRANSACTION - A method for conducting a transaction over an electronic network may comprise receiving transaction data, receiving biometric data including a relational check code representative of the biometric data, a date time stamp, an identifier of the hardware that recorded the biometric data, or a combination thereof, comparing the biometric data with biometric data previously stored, or with a predetermined threshold value, or with a combination thereof, for authenticating the biometric data for approving or disapproving the transaction. If approved, the transaction data is processed for conducting the transaction. Biometric data may include a locus-based digitized signature, a biometric digital signature, a fingerprint, a palm print, hand geometry, facial geometry, an iris scan, an iris print, a retinal scan, a retinal print, an eye scan, an eye print, or any combination thereof. | 02-19-2009 |
| 20090055913 | Method for Secure Transmittal of PINs Over Telecommunications Networks - A method and facilitator system ( | 02-26-2009 |
| 20090055914 | SOFTWARE UPDATE METHOD - A method of updating first software in at least one apparatus in which a first password is set and which determines, when receiving a second password and second software, whether or not the received second password matches the first password set in the apparatus and whether or not the received second software is for the apparatus, when the second password matches the first password and the second software is for the apparatus. The method includes; causing a user to select the apparatus from among a plurality of apparatuses; causing the user to input the second password; causing the user to designate an update file pertaining to the second software; storing information of the apparatus selected by the user, the second password input by the user and the update file designated by the user; and performing update processing to transmit the second password and the second software in the update file to the apparatus selected by the user in accordance with the stored information. | 02-26-2009 |
| 20090064299 | History-based downgraded network identification - Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network. The stored characteristics may be compared to known good characteristics of a network (including characteristics of a wireless access point or other portion of the wireless network) prior to connection to the network to determine whether the characteristics match. | 03-05-2009 |
| 20090064300 | APPLICATION NETWORK APPLIANCE WITH BUILT-IN VIRTUAL DIRECTORY INTERFACE - An application network appliance with a built-in virtual directory interface is described herein. According to one embodiment, a network element includes a virtual directory interface (VDI) coupled to multiple directory servers, and an authentication and authorization unit coupled to the VDI. In response to a packet of a network transaction received from a client over a first network for accessing a server of a datacenter over a second network, the authentication and authorization unit obtains user attributes from the directory servers via the VDI and performs authentication and authorization using the user attributes to determine whether a user of the client is eligible to access the server of the datacenter, where the network element operates as a security gateway to the datacenter. Other methods and apparatuses are also described. | 03-05-2009 |
| 20090070862 | Method and System for Enabling a First Party to Provide a Second Party With Personalized Digital Content - A method for enabling a first party to provide a second party with personalized digital content includes at a network unit: in response to receiving a request from a first party, the request including an identifier identifying a second party, retrieving identity credentials of the second party; and transmitting the identity credentials of the second part to a first party or to a content providing system; and in a content providing system: in response to receiving: a) an identifier from the first party, the identifier identifying digital content in a digital content storage, and b) the identity credentials of the second party, personalizing digital content using the identity credentials, the personalizing adapted to enable the second party to reproduce the digital content but to prevent any unauthorized party to reproduce it; and delivering the personalized digital content to the first party. | 03-12-2009 |
| 20090070863 | ACCESS SERVER AND CONNECTION RESTRICTION METHOD - The access server receives an authentication packet including an authentication result, a port change setting information, a port change time, a filtering setting information and a filtering time from the authentication server. The access server stores the respective information in the authentication packet into a memory. The access server refers to the memory, and in the case where the port change setting information on an arbitrary user identifier is set to perform port change, when it becomes the port change time, the access server changes the output destination of a packet from a user terminal to, for example, a proxy server B from a proxy server A. Besides, in the case where the filtering setting information on an arbitrary user identifier is set to perform filtering, when it becomes the filtering start time, the access server performs filtering on the port to which the user terminal is connected. | 03-12-2009 |
| 20090070864 | Image forming apparatus, image forming method, recording medium, and image forming system - An image forming apparatus receives authentication information about a user who requests a function and determines whether the user needs to be authenticated before executing the requested function. The image forming apparatus then transmits the authentication information to an authentication device that performs authentication of the user, and receives an authentication result from the authentication device indicative of whether the user is authentic. The image forming apparatus executes the function specified in the request only when the authentication result shows that the user is authentic. | 03-12-2009 |
| 20090077644 | APPARATUS AND METHOD FOR INTEGRATING AUTHENTICATION PROTOCOLS IN THE ESTABLISHMENT OF CONNECTIONS BETWEEN COMPUTING DEVICES - An apparatus and method for integrating authentication protocols in the establishment of connections between a controlled-access first computing device and at least one second computing device. In one embodiment, network access user authentication data needed to access the at least one second computing device is transmitted to an authentication server automatically if the user has access to use the first computing device, thereby not requiring the user to manually enter the authentication data needed for such access at the first computing device. The network access user authentication data may be, for example, retrieved from a memory store of the first computing device and/or generated in accordance with an authentication data generating algorithm. | 03-19-2009 |
| 20090083841 | Apparatus and method for performing hosted and secure identity authentication using biometric voice verification over a digital network medium - Apparatus, methods, and machine-readable articles of manufacture enable a means of performing vocal tract based authentication and vocal tract based enrollment via the Internet or similar computing network as a communication medium. A protocol and process is outlined which enables Internet or similar network based authentication among three parties; a party wishing to prove a claimed identity, a party requesting to authenticate the claimed identity, and a party performing the authentication or enrollment process. Further, the party requesting authentication is a separate entity from the party performing authentication or enrollment. In such an arrangement, the party performing the authentication or enrollment is termed “hosted” or “software as a service”. The protocol and process is suitable for execution by distinct software components installed and running on computers located at the location of each of the three parties. | 03-26-2009 |
| 20090083842 | SECURE DETECTION NETWORK SYSTEM - A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node. | 03-26-2009 |
| 20090089868 | INFORMATION PROCESSING DEVICE AND COMPUTER IMPLEMENTED METHOD FOR INFORMATION PROCESSING DEVICE - An information processing device that causes a router to open a new communication port and permits an active access from a terminal when the terminal connected to an outer network requires is provided. A multi function device (an information processing device) accesses to a POP server and acquires a mail. In a case where the mail from an outer terminal describes an access request, the multi function device transmits to a router a port-open-command that requests the router to open a new communication port. The multi function device transmits to the outer terminal a port identifier of the new communication port that was opened by the router. The outer terminal transmits data to the multi function device with the received port identifier designated therein. The multi function device, triggered by the mail from the outer terminal, can cause the router to open a new communication port that permits an active access from the outer terminal. Therefore, the outer terminal can actively access to the multi function device through the new communication port that has been opened by the multi function device. | 04-02-2009 |
| 20090089869 | TECHNIQUES FOR FRAUD MONITORING AND DETECTION USING APPLICATION FINGERPRINTING - Techniques for fraud monitoring and detection using application fingerprinting. As used herein, an “application fingerprint” is a signature that uniquely identifies data submitted to a software application. In an embodiment, a plurality of historical application fingerprints are stored for data previously submitted to a software application. Each historical application fingerprint is associated with one or more contexts in which its corresponding data was submitted. When new (i.e., additional) data is subsequently submitted to the application, a new application fingerprint is generated based on the new data, and the new application fingerprint is associated with one or more contexts in which the new data was submitted. The new application fingerprint is then compared with one or more historical application fingerprints that share the same, or substantially similar, context(s). Based on this comparison, a risk score is generated indicating a likelihood that the new data was submitted for a fraudulent/malicious purpose. | 04-02-2009 |
| 20090094688 | METHOD AND SYSTEM FOR SYNCHRONIZING USER SESSIONS - Method, system and storage medium encoding a computer program for synchronizing a first user session and a second user session in a client-server system. The first user session is between a first Web service and a client and the second user session is between a second Web service and the same client. A request is received with a first session value by the second Web service. an indicator of the first session value is assigned to a shadow, and the shadow is sent in a response to the client. A subsequent request with the shadow and a subsequent session value is received from the client. The indicator is used to verify the subsequent session value at the second Web service. The second user session is terminated if the indicator in the shadow does not correspond to the subsequent session value. | 04-09-2009 |
| 20090094689 | AUTHENTICATION METHOD AND SYSTEM - A codebook, comprising a number of groups of symbols in a predetermined pattern printed on a card or the like is issued to a user. The user is attributed or selects an extraction pattern representing an order of progression through the symbols in each group of symbols. When the user wishes to make an authentication action an authentication party challenges the user to submit the symbols found at selected positions in the extraction pattern. The user applies the extraction pattern to the codebook and retrieves the symbols found at the selected positions, and submits these to the authenticating party. The authenticating party applies the same extraction pattern to the same codebook, and determines whether the results match those submitted by the user, and in a case where the two sets of symbols match, authenticates the user. | 04-09-2009 |
| 20090094690 | Person oneself authenticating system and person oneself authenticating method - There is provided person oneself authenticating means for authentication of a user, which is mainly used for person oneself authentication in Internet banking or the like and is high in security, and is realizable by functions ordinarily provided in a PC, a mobile phone, or the like, the authenticating means being less in burden required for user authentication key management and authentication operations. Sound or an image is adopted as an authentication key for person oneself authentication. Authentication data is edited by combining an authentication key, which is selected by a registered user, and sound or an image that is other than the authentication key, and the authentication data is continuously reproduced in a user terminal. A time in which a user has discriminated the authentication key from the reproduced audio or video is compared with a time in which the authentication key should normally be discriminated, which is specified from the authentication data. When both times agree, the user is authenticated as a registered user. | 04-09-2009 |
| 20090100509 | EMERGENCY NOTIFICATION SYSTEM - The emergency notification system includes a plurality of client devices operatively connected to a server through a communication network for communication of threats. The server administers a monitoring program that permits an administrator to monitor the user client device and communicate with users of the user client device regarding threats. Specifically, alert information and instructions is communicated to a discrete subset of client devices regarding a threat. | 04-16-2009 |
| 20090100510 | System and Method for Representing Multiple Security Groups as a Single Data Object - A system and method for representing multiple security groups as a single data object are provided. With the system and method, a complex group object is created that consists of a group set value and a mask value. The complex group object represents a plurality of groups by the group set value. The mask value is used to apply to group identifiers received during an authentication process to generate a value that is compared against the group set value to determine if the group identifiers are part of the complex group. For example, in a first step of authorization processing, the group identifier received in an authorization request is bit-wise AND'd with the mask value for the complex group data object. In a second step, the masked group identifier from the received request is compared to the group set value of the complex group object. Such comparison may take the form of masking the group set value and comparing the masked group set value to the masked group identifier from the received request, for example. If the two values match, then access is granted. If the two values do not match, then access is denied. | 04-16-2009 |
| 20090106826 | METHOD AND SYSTEM FOR USER AUTHENTICATION USING EVENT TRIGGERED AUTHORIZATION EVENTS - According to one aspect of the invention, authorization events trigger authentication requests for a user during the course of a computer session. In one example an authorization event trigger occurs as a user navigates through a web interface. In one embodiment, a user authenticates him or herself to enter a secure site. During the course of navigation through the secure site, authentication events are triggered. Authorization events occur when, for example, the user wishes to perform some action associated with the secure site or provide comment on information obtained from the secure site or obtain information from the secure site. The act of submitting or taking some action comprises a triggering event. In response to a triggered authorization request, a system related to the secure site (or the same system) generates authentication information, in one example, as a one-time password (OTP) that is transmitted to the user. The hardware/software necessary to accomplish the generation of a secure OTP resides with the provider hosting the secure site, although one should appreciate that the OTP generation may be delegated to another site or received as a service from a third party. In one embodiment, the user receives the OTP in the form a page to a pager. With respect to the medical field, a physician may be required to maintain a pager and liability can result from its loss or absence. In one example, such a requirement can be leveraged to provide additional layers of security where patient data is accessible over networks, and in one example over the Internet. Authorization event triggers are also used in conjunction with a system that does not require an authenticated user before reaching the authorization event triggers. Such environments can include a medical services/treatment environment, a financial services environment, and an information brokerage service environment. | 04-23-2009 |
| 20090106827 | SYSTEM AND METHOD FOR USER PASSWORD PROTECTION - A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method. | 04-23-2009 |
| 20090106828 | DEVICE ADMINISTRATION APPARATUS, DEVICE ADMINISTRATION METHOD AND RECORDING MEDIUM - A device administration apparatus includes an apparatus information obtainer that obtains via a network, apparatus information stored in a device, a judger that judges whether or not the device is an administration object based on the obtained apparatus information, and an administrator that administers use of the device, if the judger judges that the device is an administration object. | 04-23-2009 |
| 20090113532 | LOCATION-TARGETED ONLINE SERVICES - Described are various implementations of location-targeted online services. When a user accesses the Internet from a supported location, he'll be able to use premium or exclusive online services (premium content, member-only discounts etc.) for free and without going through an elaborate subscription process. The location owner may promote these services before the user enters the location. Example: in addition to mentioning “free Internet”, the hotel owner can attract new customers by mentioning “free Netflix movies” or “free access to premium content, from Zagat reviews to stock reports”. It allows the location owner to utilize a network (WIFI) service provider as a means of increasing its core business and not just as a source of incremental advertisement income. | 04-30-2009 |
| 20090113533 | Method and System for a Single-Sign-On Operation Providing Grid Access and Network Access - A user device initiates a network access authentication operation via a network access device with a network access authentication server, e.g., a Remote Authentication Dial-In User Service (RADIUS) server, which also generates an X.509 proxy certificate and includes the proxy certificate with the information, such as a set of network access parameters, that is returned to the user device in response to a successful completion of the network access authentication operation. The user device extracts and stores the proxy certificate. The network access parameters are used by the user device to communicate via the network access device on a network, which supports a grid. When the user device accesses a resource in the grid, the proxy certificate is already available, thereby obviating the need to generate a new proxy certificate and allowing a user of the user device to experience an integrated single-sign-on for network access and grid access. | 04-30-2009 |
| 20090119762 | WLAN Access Integration with Physical Access Control System - A network access system. In particular implementations, a method includes monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client, and determining user credential information associated with a user of the client based on one or more messages of the authentication session. The method also includes accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter, and conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client. | 05-07-2009 |
| 20090125998 | SYSTEMS, METHODS AND DEVICES FOR SECURE REMOTE-ACCESS COMPUTING - Previous attempts to provide systems or methods for remote-access computing typically involve the use of subscription-based third party platforms. The third party platforms serve as an intermediary between a home (or primary) computer and a local-host computer. There are a number of problems associated with these third party platforms that generally affect the security of information and possible performance expectations of users. By contrast, provided by aspects of the present invention there are systems, methods and devices for secure remote-access computing that enable more secure remote-access computing and may enhance predictability of performance from the perspective of the user. | 05-14-2009 |
| 20090125999 | User Authorization Technique - Described are a system and method for invisible authorization of a visitor to a web site. A system uses a specially formed URL that provides visitors access to secure content without requiring a sign-in and/or sign-up step, yet, if the URL is forwarded to others the content is not accessible. The URL can be delivered in an electronic message. | 05-14-2009 |
| 20090133108 | SYSTEMS FOR SECURE AUTHENTICATION FOR NETWORK ACCESS - Systems and methods for authenticating the identity of a user over a network. The user must supply a removable physical medium such as CD, DVD, or memory stick that contains security information about the user and the user's account as well as a user identification and password. This information is verified before the user is allowed to access the account. | 05-21-2009 |
| 20090133109 | METHOD AND APPARATUS FOR ACCESSING A NETWORK - According to one embodiment of the present invention, there is provided a method of authorising a computing device to access a network, comprising receiving authentication data including a user identifier from the computing device, determining whether approval to verify the authentication data is given, and where it is so determined, authorising the device to access the network upon verification of the authentication data. | 05-21-2009 |
| 20090138950 | TWO-FACTOR ANTI-PHISHING AUTHENTICATION SYSTEMS AND METHODS - A computerized method of providing access to a secure resource includes, to each of a plurality of authorized users, providing a link to the secure resource. Each link includes a unique password embedded therein and each unique password relates to a particular user identification (userID) and personal identification number (PIN). The method also includes receiving a request to access the resource using a link having a password embedded therein, which request originates at a web browser. The method further includes directing the browser to a login screen and receiving via the login screen a userID and PIN. The method also includes determining whether the userID and PIN relate to one another and to the password and allowing or denying access to the resource in accordance with the determination. | 05-28-2009 |
| 20090138951 | Dynamic Cache Lookup Based on Dynamic Data - A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code. This invention stores the user credentials in a distributed cache and provides a system and method to compute the unique key based on the dynamic security credentials for cache lookup | 05-28-2009 |
| 20090144815 | ACCESS TO DOMAIN - The invention relates to a method of allowing access to an authorized domain ( | 06-04-2009 |
| 20090150983 | SYSTEM AND METHOD FOR MONITORING HUMAN INTERACTION - A method and system to authenticate human interactive proof (HIP) are described here. In response to a request from a web server, a motion random HIP in the form of motion-captcha is generated. The web server can then display the generated the motion random HIP in a requested web page. The web page is accompanied with a request from the user to provide the response for the generated motion captcha. After evaluation and verification of response received from the particular user, the authentication system determine whether the response to the HIP challenge is from human or from other source like computer software scripted agent. | 06-11-2009 |
| 20090150984 | Method and system for securely authorizing VoIP interconnections between anonymous peers of VOIP networks - A peering authority or settlement clearinghouse can be used to control access, collect session accounting information, and provide financial settlement of interconnect or session fees among anonymous Internet Protocol (IP) peers or networks. The addition of peering policy criteria, such as price and quality of service, to peer to peer route discovery mechanisms enable a trusted intermediary, such as the settlement clearinghouse, to authorize acceptable interconnection or peering sessions between anonymous IP peers. Any financial settlement transactions which result from the peering sessions may be subsequently executed by the settlement clearinghouse. | 06-11-2009 |
| 20090158410 | NETWORK SYSTEM, ITS CONTROL METHOD, AND PROGRAM - The invention provides a network system which can prevent an illegal access to a network or the like set in a specific area and improve security of the network. The network system permits the entering of the user into a security area in accordance with security information (user ID) read out of a contactless IC in a carrying ID card by an entering/leaving room managing apparatus and registers an MAC address of a notebook computer carried by the user when he enters the security area to a managing server as ID information corresponding to the user ID. When a leaving request of the user is received through the entering/leaving room managing apparatus, the network system deletes the registered ID information and restricts connection between the notebook computer and the network on the basis of a registration situation of the ID information to the managing server. | 06-18-2009 |
| 20090158411 | Method and system for enabling remote access to a computer system - Method and systems configured for allowing a non-local remote user to access a computer system with a particular authorization level. Such access is facilitated by examining non-local directory services group memberships of the user and performing a mapping of the user's identity to a corresponding universal local user account that have the proper authorization level or levels. Such methods and systems allow any number of non-local remote users access to the computer system in such a way that the remote user assumes the identity of (i.e., is mapped to) a corresponding universal local user account of an appropriate privilege level. All non-local remote users that the computer system determines to be of the same privilege level will share the identity of the same universal local user account. | 06-18-2009 |
| 20090165105 | METHOD AND APPARATUS FOR COMMUNICATING BETWEEN A USER DEVICE AND A USER DEVICE LOCATING MODULE TO ALLOW A PARTNER SERVICE TO BE PROVIDED TO A USER DEVICE - A system and method for communicating between a user device locator module and a user receiving device includes forming a secure connection with the user device locator module. The user receiving device communicates user identifier data and port data to the user device locator module. An authentication module authenticates the user data from the user device locator module and generates an authentication signal. The user device locator module registers the port data at the user device locator module in response to the authentication signal. | 06-25-2009 |
| 20090165106 | Network Security Management for Ambiguous User Names - A method of managing network security can include receiving a user input comprising a user name and a password, determining whether the input user name potentially corresponds to a plurality of user accounts, determining whether the password is valid, and determining whether each of the user accounts is locked. The method can include selecting a security response to the user input based upon whether the input user name potentially corresponds to the plurality of user accounts, whether the password is valid, whether each of the user accounts is locked, and outputting the security response. | 06-25-2009 |
| 20090165107 | IDENTIFICATION MANAGMENT SYSTEM FOR ELECTRONIC DEVICE AUTHENTICATION - The conventional vertical integration system management form has a problem that a first user cannot receive a service provided by a second user belonging to another service system. To cope with this, a following system is suggested. That is, according to a second judgment server use request from a first electronic device used by a first user, an identification management server which has received a guarantee request outputted from a first judgment server searches for master-slave relationship information based on a common identifier. According to the search result, a guarantee is outputted. According to the guarantee, the first judgment server outputs a guaranteed service request to the second judgment server. Thus, the first user can receive the service used by the second user belonging to other vertical integration type system. | 06-25-2009 |
| 20090165108 | METHOD FOR VERIFYING SERVER END APPARATUS - A method for verifying a server end apparatus, suitable for verifying the identity of a server end apparatus from a client end apparatus, is provided. In the present invention, authentication data is sent to the server end apparatus by the client end apparatus, such that the server end apparatus verifies the authentication data. Afterwards, the server end apparatus must return an initial number, which is preset by the user, to the client end apparatus to verify whether the initial number is correct or not. If the initial number is incorrect, the connection with the server end apparatus is shut down. Therefore, the efficiency for verifying the server end identity is strengthened, so as to enhance the security. | 06-25-2009 |
| 20090165109 | CONTROLLED AND CLIENT-SIDE AUTHENTICATION MODULE - A computerized method of accessing a secure resource using an application associated with a user's computing device is provided. The application is programmed, in part, to monitor user browsing activity and wherein the application has associated therewith one or more predefined Uniform Resource Locaters (URLs) to trusted sites, each having an associated trusted root certificate and security key. The method includes the application detecting a user attempt to log into a secure resource, the application scanning in-process browser processes to identify a browser process that is in a login state, the application associating the browser process in a login state with one of the trusted sites, the application initiating a new browser session with the trusted site using the associated predefined URL, the application obtaining a login password from the user, the application supplying to the trusted site the associated security key and login password, and the user's computer displaying subsequent browsing activity. | 06-25-2009 |
| 20090172794 | LOCATION BOUND SECURE DOMAINS - A method, apparatus, and electronic device with secure operation based on geography are disclosed. A positioning mechanism | 07-02-2009 |
| 20090172795 | SECURE SINGLE-SIGN-ON PORTAL SYSTEM - A computer-implemented portal system facilitates access to secure data and multiple secure-access internet sites. The system authenticates a user based on a single-sign-on identifier (ID) and password. The system stores user authentication information for the secure-access internet sites so that once the user is authenticated, the system can automatically authenticate the user to the sites, thus allowing the user to access multiple secure sites after a single manual authentication. | 07-02-2009 |
| 20090172796 | DATA PLAN ACTIVATION AND MODIFICATION - A method, implemented by a router device, for guiding a user in establishing access privileges for a data exchanger includes causing the data exchanger to establish a remote link with a data service provider. Access content is obtained from the data service provider and presented to a client device. Access data provided in response to the presenting of the access content is received. The access content when presented by the client device enables a user to supply the access data. The access data is useable by the data service provider to set access privileges associated with the data exchanger that enable the data exchanger to be utilized to perform a desired function. The access data is returned to the data service provider via the remote link. The data exchanger is utilized to implement the desired function. | 07-02-2009 |
| 20090178127 | Authentication system, authentication server, authenticating method, authenticating program, terminal, authentication requesting method, authentication requesting program, and storage medium - Disclosed herein is an authentication system offering high degrees of security and convenience by use of two storage media. An automatic log-in system ( | 07-09-2009 |
| 20090178128 | NETWORK SYSTEM, DIRECT-ACCESS METHOD, NETWORK HOUSEHOLD ELECTRICAL APPLIANCE, AND PROGRAM - A network system includes a first device, a second device, and a server device capable of registering the first and second devices in correlation and establishing an always-on connection session with the second device. The first device includes a callback request transmission section for transmitting a callback request containing designation information on the first device on a network to the server device. The server device includes a callback request relay section for transmitting the callback request from the first device to the second device through the connection session. The second device includes a direct-access session establishment request section for connecting with the first device through the network based on the designation information in the callback request received from the server device and transmitting a request for establishment of a session for direct access, and a direct-access communication section for communicating with the first device through the session for direct access. | 07-09-2009 |
| 20090183245 | Limited Functionality Mode for Secure, Remote, Decoupled Computer Ownership - In one embodiment, a computer system comprises one or more components and a secure computing environment coupled to the components. The secure computing environment is configured to program at least one of the components to enter a limited functionality mode responsive to expiration of a use right to the computer system, wherein operation of the computer system in the limited functionality mode is reduced compared to operation when the use right has not expired. The secure computing environment is configured to monitor the components in the limited functionality mode to detect that a limited functionality mode configuration has been modified by an unauthorized entity and to cause the computer system to enter a second mode in which operation of the computer system is reduced compared to operation in the limited functionality mode in response. In another embodiment, the secure computing environment detects a non-temporal event that indicates a violation of an owner-imposed restriction and enters a limited functionality mode. | 07-16-2009 |
| 20090183246 | Universal multi-factor authentication - An authentication system includes logic to receive and identify authentication requests from a plurality of service providers, each including a one time code. Unique ids are identified for users corresponding to each of the one time codes. The unique ids are applied to generate one time codes to compare with the one time codes received from the service providers. Authentication results are communicated to the service providers. | 07-16-2009 |
| 20090183247 | SYSTEM AND METHOD FOR BIOMETRIC BASED NETWORK SECURITY - Systems and methods of securing access to a network are described. Access to the network is secured using multifactor authentication, biometrics, strong encryption, and a variety of wireless networking standards. Biometrics include fingerprints, facial recognition, retinal scan, voice recognition and biometrics can are used in combination with other authentication factors to create a multi-factor authentication scheme for highly secure network access. Requests that require access to secured network resources may be intercepted and a captive portal page returned to challenge a user. Biometric information returned in response to the portal page is used to authenticate the user and determine access rights to the network. | 07-16-2009 |
| 20090187981 | FILE DOWNLOADING SERVER AND METHOD - A method for downloading files from a server is provided. The method includes the steps of: receiving a registered account and a password; determining whether the current user is an authorized user of the server; reading a terminal ID of a terminal when the user is an authorized user; displaying files whose download status are to-be-downloaded status when the read terminal ID matches the corresponding terminal ID of the registered account; recording the selected files and delivering the selected files to the corresponding terminal; and updating information in relation to the files that are viewed by the registered account in the file list and updating the download status of the viewed files to the to-be-downloaded status when the read terminal ID does not match the corresponding terminal ID of the registered account, and updating the download status of the files to the downloaded status when the files are downloaded to the terminal. | 07-23-2009 |
| 20090199281 | METHOD AND APPARATUS FOR VIRTUAL WI-FI SERVICE WITH AUTHENTICATION AND ACCOUNTING CONTROL - A method of providing virtual Wi-Fi service with accounting and authentication control via a virtual Wi-Fi access network is provided. The method comprises: connecting a subscriber to the virtual Wi-Fi access network, wherein the virtual Wi-Fi access network comprises a plurality of individual Wi-Fi access points in communication with at least one virtual Wi-Fi access server; prompting the subscriber for an account ID and password; performing subscriber authentication at the virtual Wi-Fi access server; where the subscriber has been authenticated, establishing a Wi-Fi session for the subscriber in the virtual Wi-Fi access network and applying an accounting function to the Wi-Fi session; and notifying the virtual Wi-Fi access server when the subscriber exits from the virtual Wi-Fi network. | 08-06-2009 |
| 20090199282 | TECHNIQUES FOR NON-UNIQUE IDENTITY ESTABLISHMENT - Techniques for non-unique identity establishment are presented. A plurality of biometric data associated with a user is acquired from a plurality of biometric devices. The intersection of the biometric data is registered or a vector for the biometric data is registered. This information is also registered along with answers to questions provided by the user. When a user attempts to subsequently access a secure resource of a network, the retained information is compared against user-supplied biometric data and in some cases where appropriate user-supplied answers to establish an identity of the user and to authenticate the user for access to the secure resource. | 08-06-2009 |
| 20090199283 | WIRELESSLY RECEIVING BROADCAST SIGNALS USING INTELLIGENT CARDS - The present disclosure is directed to a system and method for wirelessly receiving broadcast signals using intelligent cards. In some implementations, a service card includes a physical interface, a communication module, memory, and a service module. The physical interface connects to a port of a mobile host device. The mobile host device includes a Graphical User Interface (GUI). The communication module wirelessly receives broadcast signals encoding content. The memory stores user information used to decrypt the encoded content independent of the mobile host device. The stored information is associated with a content provider. The service module decrypts the encoded content in response to at least an event and presents the content through the GUI of the mobile host device. | 08-06-2009 |
| 20090205031 | NETWORK SYSTEM, SERVER DEVICE, UNAUTHORIZED USE DETECTING METHOD, RECORDING MEDIUM, AND PROGRAM - A log-in information receiving unit ( | 08-13-2009 |
| 20090205032 | IDENTIFICATION AND ACCESS CONTROL OF USERS IN A DISCONNECTED MODE ENVIRONMENT - The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode. | 08-13-2009 |
| 20090205033 | BIOMETRIC FINANCIAL TRANSACTION SYSTEM AND METHOD - Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant. These steps accomplish a biometrically authorized electronic financial transaction without the consumer having to present any personalized man-made memory tokens. | 08-13-2009 |
| 20090210934 | Systems and Methods for Secure Handling of Secure Attention Sequences - A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine. | 08-20-2009 |
| 20090210935 | Scanning Apparatus and System for Tracking Computer Hardware - Apparatus and system for tracking computer hardware consisting of a network interface card configured in promiscuous mode capable of passively listening for OSI layer 2 network traffic on a medium for use in the recovery or location of lost or stolen devices. The device of interest, one located, can then be tracked via signal strength. GPS may also be used to track locations where devices of interest have been located. | 08-20-2009 |
| 20090217365 | AUTOMATIC DISPLAY OF MESSAGES ON DISPLAY SCREEN - A method, Internet protocol television (IPTV) enabled communication device, and computer program product for automatic message services are provided. A processor executes instructions from a memory. An input and output (I/O) device is for transmitting and receiving, respectively. A client application is stored in the memory and configured to provide the automatic message service. The client application receives input of a message to be presented at an appropriate time, receives input of an action associated with the message, receives input of a recipient for the message, and presents the message for display to the recipient at the appropriate time. | 08-27-2009 |
| 20090222898 | METHOD FOR SECURE TRANSFER OF MEDICAL DATA TO A MOBILE UNIT/TERMINAL - A method is described for secure transfer of medical data to a mobile unit/terminal, where encoded medical data from a patient's regular doctor are made available via a central server in a network. The method comprises the following steps: to order transfer of encoded information to the mobile unit/terminal, in that a request is sent to the central server; to generate encoded information containing medical data in the central server; to transfer information in encrypted and encoded format from the server to the mobile unit/terminal, after the user has authenticated himself; to store and protect the encoded information in the mobile unit/terminal; to transform the encoded information to a readable format in that the user authenticates himself with a personal code that is sent from the mobile unit/terminal to the server, whereupon the ID is verified in the server, and that encoded information is sent to the server for decoding; and to transfer from the server a picture in clear text to the mobile unit/terminal. | 09-03-2009 |
| 20090235342 | REMOTE DESKTOP ACCESS - A method of accessing a first computing device from a second computing device using a remote desktop service is disclosed. The first and second device register are authenticated and registered with a remote access gateway. In some embodiments, the remote access gateway stores a copy of the first computer and changes made to the copy are synchronized with the actual first computer when it access the remote access gateway. A virtual operating system experience on the second computer is virtually the same as the real operating system experience on the first computer. | 09-17-2009 |
| 20090235343 | RESOURCE SERVER PROXY METHOD AND SYSTEM - A resource request method and system. The method includes receiving by resource server software application, session key life data. The resource server software application receives from a requester, an authentication request, a session ID, and an address associated with the requestor. The resource server software application transmits the session ID and a request for groups associated with the request. The resource server software application receives group IDs. The resource server software application generates a session key associated with the requester. The resource server software application calculates a specified lifetime associated with the session key. The resource server software application stores the session key, the session ID, the address, the group IDs, and the specified lifetime. The resource server software application transmits to the requester, the session key. | 09-17-2009 |
| 20090235344 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING PROGRAM PRODUCT - In an information processing apparatus that includes a master agent and a subagent for SNMP and performs communication between the master agent and the subagent using an AgentX packet conforming to a standard stipulated by AgentX protocol, an authenticating unit determines whether a manager is legitimate based on authentication data included in the data acquisition request received from the manager by an authentication-data acquiring unit; a session-data creating unit creates session data including at least a result of authentication; a session-data providing unit provides to the subagent the session data; and an access control unit performs access control for data requested in the data acquisition request based on the session data received by the subagent. | 09-17-2009 |
| 20090235345 | AUTHENTICATION SYSTEM, AUTHENTICATION SERVER APPARATUS, USER APPARATUS AND APPLICATION SERVER APPARATUS - An authentication system having a user apparatus that performs authentication using first authentication data and a second authentication server that performs authentication using second authentication data is provided. The user apparatus acquires the second authentication data from a user and requests authentication of the user by sending the acquired second authentication data to the second authentication server. The second authentication server performs authentication of the user on a basis of the second authentication data received from the user apparatus and sends the user apparatus a result of the authentication and when the authentication is successful, first authentication data stored being associated with the user. The user apparatus acquires a result of authentication based on the first authentication data received from the second authentication server and performs login processing when the acquired result of the authentication based on the first authentication data indicates success. | 09-17-2009 |
| 20090241175 | METHODS AND SYSTEMS FOR USER AUTHENTICATION - The present invention relates to authentication, and in particular, to methods and systems for authenticating a user using electronic readable identifiers, networks, and data terminals. The user experience in accessing private accounts is enhanced while keeping such access secure from unauthorized individuals. | 09-24-2009 |
| 20090241176 | LOAD BALANCING IN SERVER COMPUTER SYSTEMS - Systems and methods to implement load balancing of connections to a server computer in a server collection are described. The server collection receives connection requests from remote clients over a network. A session broker evaluates one or more load parameters of the server computers in the server collection and, based on those load parameters, determines load associated with each server computer. The session broker redirects the connection requests to the server computer which has a lesser load. | 09-24-2009 |
| 20090241177 | SECURITY SYSTEM FOR A COMMUNITY BASED MANAGED HEALTH KIOSK SYSTEM - The present invention is directed to security systems for community based managed health kiosk systems, and more particularly to protecting the privacy of a user's health information originally obtained at a community-based kiosk system. The disclosed security systems can be combined with community based managed health kiosk systems to enable a patient, or user, to obtain knowledge of his or her health condition/status and to obtain health services from remotely located health care professionals without risk of dissemination of confidential personal health information and records. | 09-24-2009 |
| 20090249458 | Systems and methods of network operation and information processing, including user engagement and profiling features - Embodiments of a system and method for network operation and information processing, including user engagement and profiling features are described. A method includes transmitting a request for authorization to use a public-access network from a computer, including, with the request, identifier information regarding the user. Data including additional information, such as a terms and conditions page, a splash page, relevant information based on user-specific information such as user location, and other like information is then transmitted over the network. The data to be transmitted is determined by processing software as a function of the identifier information regarding the user. A network connection is then opened up for the user of the computer. | 10-01-2009 |
| 20090249459 | SYSTEM AND METHOD FOR RECEIVING REQUESTS FOR TASKS FROM UNREGISTERED DEVICES - Embodiments of a system and method for receiving task requests from unregistered devices are described. Embodiments may include a communication interface service configured to receive from a communication device a message indicative of a request to perform a task. The communication interface service may determine that the communication device is not registered with an existing account that provides information for performing said task. The communication interface service may obtain identification and authentication information for an existing account via a communication channel. The existing account may be an account for that is accessible via a network-based interface. The communication channel through which the identification and authentication information is received by the communication interface service may be any communication channel that does not include the network-based interface of the existing account. Additionally, the communication interface service may use the identification and authentication information for performance of the task using the existing account. | 10-01-2009 |
| 20090249460 | SYSTEM FOR MONITORING THE UNAUTHORIZED USE OF A DEVICE - The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a device monitors its use, its local environment, and/or its operating context to determine that the device is no longer within the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. Additional embodiments also address methods and systems for gathering forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device. | 10-01-2009 |
| 20090249461 | BUSINESS MANAGEMENT SYSTEM - There is provided a management server technology that allows a user to continuously use a business function of a business server without logging in again to the business server, even if the authority of the user to the business server is changed. The business server receives an access from a user terminal, and requests a management server to perform user authentication. In response to the authentication request, the management server determines a future scheduled authority of the user, generates not only authority information at the time of the user authentication, but also a determination result including the future scheduled authority information, and transmits them to the business server. The business server provides the user terminal with a new business function based on the scheduled user authority information, upon expiration of a validity period of the user authority to the current business function. | 10-01-2009 |
| 20090260067 | Method and system for legitimate lending and sharing of digital copyrighted content items over a data network - The present invention relates to a method of enabling concurrently lending at least one digital copyrighted content item from one user's terminal to a certain number of other users' terminals over a data network, according to a number of copyright users' licenses of each of said at least one digital copyrighted content item, said method comprises: (a) indexing at least one digital copyrighted content item provided from at least one user's terminal over a data network, giving rise to an items index; (b) receiving a request to lend a digital copyrighted content item to user's terminal over said data network; (c) conducting a search for the requested digital copyrighted content item by means of said items index; (d) if said requested digital copyrighted content item is found by means of said items index, checking whether it is available for lending to said user's terminal, according to a number of available copyright users' licenses of said requested digital copyrighted content item; (e) if said requested digital copyrighted content item is available for lending, then enabling lending it to said user's terminal; and (f) upon receiving another request to lend said digital copyrighted content item, repeating steps ‘d’ and ‘e’, and enabling concurrently lending said copyrighted content item to a certain number of users' terminals until said certain number does not exceed said number of available copyright users' licenses of said digital copyrighted content item. | 10-15-2009 |
| 20090260068 | Efficient, Peer-to-Peer Captcha-Based Verification and Demand Management for Online Services - A system and method configured that may allow performing a human-computer verification including crediting a verified task from a first user to a second user. In additional embodiments, may allow the user to perform a computer operation that require human-computer verification based upon an amount of credits that the user has been provided. | 10-15-2009 |
| 20090260069 | IMAGE FORMING SYSTEM AND IMAGE FORMING APPARATUS - An image forming system comprising: a server device including user information, for performing a user authentication via a computer network and for receiving and adding up count data on a user basis; and an image forming apparatus including: a storage unit to which a data area for storing therein the count data including a count value of an occurrence of a predetermined event can be allocated; a login processing unit for determining whether or not to permit a user to log in; a count unit for updating, when the predetermined event occurs based on an operation performed by the user permitted to log in, the count data for the user; and a transmission unit for transmitting, when the user logs out, the count data for the user to the server device. | 10-15-2009 |
| 20090265770 | SECURITY SYSTEM BASED ON QUESTIONS THAT DO NOT PUBLICLY IDENTIFY THE SPEAKER - A method and system for authenticating a user seeking access to a secured system in a public area. Access is granted when a user demonstrates sufficient knowledge of the user's personal characteristics stored in the system. The user initiates the access process by tapping into the stored characteristics without overtly stating information that may be overheard. The user statements reflect an awareness about the categories of user uniqueness without divulging details. The system response statements act to elicit further information from the user for response and the response statements are scored. After a cumulative score threshold is met, the user is granted access. | 10-22-2009 |
| 20090265771 | System and method for hosting multiple kerberos service principal names - An authentication system and method for allowing an administrator to host a plurality of service principal names (SPNs) over a common network port of a backend server. The authentication system includes a client computer, a backend server, and a service principal name (SPN) apparatus. The client computer sends an authentication request to the backend server. The backend server performs an authentication procedure in response to a reception of the authentication request from the client computer. The SPN apparatus configures a plurality of service SPNs for the web service application over the common network port. | 10-22-2009 |
| 20090265772 | Secure Key Distribution to Internet Clients - A server may bridge between a wide area network, such as the Internet, and a local area network and may process authentication requests from clients on the wide area network. The server may filter the requests to enable specific types of requests to pass, and may forward the requests to a credential server within the local area network and pass any responses back to the client. The server may be configured with some or all of a set of domain services objects, but such objects may be stored in a read only format. The server may further contain a minimum of or no sensitive data such that, if compromised, an attacker may gain little advantage. The client may request evidence of authentication available to devices within the local area network and may use the evidence of authentication to access services made available to the wide area network. | 10-22-2009 |
| 20090265773 | SYSTEM AND METHOD FOR PASSWORD-FREE ACCESS FOR VALIDATED USERS - A new approach is proposed that first validates identity of a user/individual who is initiating a request for a web service for the first time. Once validated, the user is allowed to access the web service, to register securely with the provider of the web service, and to create a series of personalized questions to be used for future validation purposes. During the user's subsequent request for the web service, the user will be asked, in addition to his/her user name, one or more of the personalized questions he/she created on rotation basis in place of a PIN or password. | 10-22-2009 |
| 20090265774 | Method and Apparatus for Tracking Functional States of a Web-Site and Reporting Results to Web Developers - A software tool for enabling automated tracking of activity related to the status and usage statistics of a plurality of Web sites on a data packet network is provided. The software tool comprises a network communication capability for establishing network communication between the software tool and the tracked Web sites; a plurality of data-reporting modules for obtaining and reporting data about tracked Web sites; a data input function for excepting data from the reporting modules and from external sources; a data recording function for recording and logging the data received from the reporting modules and from the external sources; and a data management function for organizing and storing the received data and rendering the data accessible for use in software development. A software engineer or developer accesses the site-tracking software and connected database through a Web browser from a network-connected workstation in order to utilize data mined from Web sites for the purpose of creating routines enabling automated navigation and site manipulation by proxy for subscribed users. | 10-22-2009 |
| 20090271854 | System for Performing Web Authentication of a User by Proxy - A data gathering system is guided by an Internet-capable appliance associated with a user, which has a Pin Vault software instance executing from a digital memory media coupled to the appliance and a Pin Vault file stored in a data repository coupled to the appliance. The Pin Vault file comprises data for authenticating the user to one or more web sites storing information of interest to the user, and the Pin Vault software cooperates with an Internet service to provide, from the Pin Vault, data as needed by the Internet service to log onto and authenticate as the user at the one or more web sites storing information of interest to the user, to gather information on behalf of the user. The data for authentication is never kept at the Internet service. | 10-29-2009 |
| 20090276838 | PASS-THROUGH HIJACK AVOIDANCE TECHNIQUE FOR CASCADED AUTHENTICATION - A hijack avoidance technique avoids presenting an access to more than one of a chain of authentication objects, such as a chain of Lightweight Directory Access Protocol (LDAP) authenticators. A pre-filter determines whether an authentication object should be presented with the access by comparing either all or a portion of a domain suffix, an IP address, or other identification other than the user ID with predetermined values. If the filter criterion is met, the associated authentication object accepts or rejects the access. Otherwise, the access is passed to the next authentication object in the chain. The first authentication object may be associated with a hosting entity and successive authentication objects each associated with different customers of the hosting entity. By virtue of the filtering, each authentication object is presented only with a particular subset of all of the possible access identifiers, which avoids presenting all of the previously unauthenticated accesses to each authentication object in the chain. | 11-05-2009 |
| 20090282466 | User Authentication System, Terminal Used in the Same, Authentication Verification Device, and Program - The user authentication system includes a profile generation unit | 11-12-2009 |
| 20090282467 | METHOD AND SYSTEM FOR CONTROLLING ACCESS TO NETWORKS - A method of providing access to both a first and a second network ( | 11-12-2009 |
| 20090288154 | Security System and Method for a Remote Device in a Wireless Wide Area Network - The present invention provides a security system and method for a remote device in a wireless wide area network which particularly provides a remote use authority according to a system unique code and a network identification code. The present invention is characterized in that, when the remote processing device is connected to a network server, a network connecting module and a basic input output module of a remote processing device produce the network identification code and the system unique code, which the network server receives, and after verifying the network identification code and the system unique code, then a use authority is produced and transmitted back to a control module of the remote processing device, thereby controlling authority management when the operating system within a storage module is executing application programs. | 11-19-2009 |
| 20090300744 | TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service. | 12-03-2009 |
| 20090300745 | ENHANCED MULTI FACTOR AUTHENTICATION - In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel. | 12-03-2009 |
| 20090307764 | Biometric Authenticaton System and Method with Vulnerability Verification - A biometric authentication device has a threat of an attack of pretending to be someone else by such as forgery. The present invention supports a service provider to appropriately decide the level of such threat. | 12-10-2009 |
| 20090307765 | AUTHENTICATING USERS AND ON-LINE SITES - A method and system enables a user and/or an on-line site to be authenticated by comparing a received password with an expected password, transmitting a new password if the received and expected passwords match, and authenticating a communication if the new password matches what is expected by the on-line site. The initially received password may be distorted, such as with CAPTCHA. | 12-10-2009 |
| 20090313684 | USING WINDOWS AUTHENTICATION IN A WORKGROUP TO MANAGE APPLICATION USERS - An system for authenticating users of an application program executing at a front-end computer using the security features built into the operating system of a logon computer is provided. Initially, an administrator establishes user accounts for each user with an operating system executing at the logon computer with access to application resources. When the application program starts executing at the front-end computer, the application program prompts the user for credentials. The application program attempts to access resources managed by the logon computer using the received credentials. When access to a resource is successful, the application program knows that the logon computer has authenticated the user and the user is authorized to access the resource. In this manner, the application program can take advantage of the security features built into the operating system executing at the logon computer to authenticate users of the application program and authorize access to application resources. | 12-17-2009 |
| 20090313685 | Method and System for Instant Messaging - The present invention provides an instant messaging method to establish a corresponding relationship between a browser application and a message port of an instant messaging server; start the browser application to establish a session with the message port of the instant messaging server; and, through the session, send to the instant messaging server an instant message intended to a communication party and receive from the instant messaging server an instant message sent by the communication party. Using the instant messaging server to provide a message port to a browser application enables a user who does not have instant messaging tools installed to do instant messaging with another party which has instant messaging tools installed, by simply starting the browser application. The invention significantly improves the convenience and user participation in instant messaging. Especially in electronic commerce, the present invention increases the extent of instant messaging between sellers and buyers while keeps it quick and easy for buyers, and expedites the electronic transactions. | 12-17-2009 |
| 20090313686 | Method of tracking a network-enabled device - Methods of tracking a network-enabled device are provided. One method may include establishing a link between the network-enabled device and a predetermined network portal via a tracking tool operating on the network-enabled device, transmitting identifying indicia to database server(s) operably coupled to the predetermined network portal, comparing the identifying indicia to predetermined information stored on the database server(s) to determine if the identifying indicia matches the predetermined information, and upon determining that the identifying indicia matches the predetermined information, storing the identifying indicia in a logging database stored on the database server(s). | 12-17-2009 |
| 20090320112 | Method of Gaining Access to a Device - The method is for activating a device. A communication device ( | 12-24-2009 |
| 20090320113 | HOME NETWORKING WEB-BASED SERVICE PORTAL - A web-based service portal provides a user interface to configure and/or access device(s) of a home network. The service portal can communicate with device(s) through application program interfaces (APIs). The service portal can provide a standardized user interface for specific feature(s) of a device. | 12-24-2009 |
| 20090328169 | Apparatus and method for convenient and secure access to websites - A website access application accesses an encrypted central repository on a user's computer to store and access a variety of user-based website login and authentication information in the repository. The central repository provides a single point of access for the authentication information and, by accessing the repository; the process of user identification and authentication for multiple websites can be automated. A single user-selected keystroke combination can be utilized to initiate user sessions with multiple disparate secure websites by accessing the user website login information contained in the central repository and extracting the user login and authentication information contained therein. Additionally, the website access application will track and report on the times savings associated with the streamlined login process for accessing secure websites. In yet another preferred embodiment of the present invention, the website access application will analyze the user authentication information for various websites and provide suggestions to enhance the relative strength of the authentication information. Finally, the website access application supports a wide variety of user authentication protocols, thereby ensuring secure access to the repository. | 12-31-2009 |
| 20090328170 | Method and Systems for Dynamically Providing Communities of Interest on an End User Workstation - A method and system provide dynamic communities of interest on an end user workstation utilizing commercial off the shelf products, with central management and the ability for a users to log on only once (also known as “single sign on” or “SSO”). The software images that make up the virtual machine can be patched and updated with other required changes from a central storage area where the image can be administratively updated just once. A digital signature can be applied to the software images to ensure authenticity and integrity, along with determining whether a software image is up to date. | 12-31-2009 |
| 20090328171 | Method and system for secure remote storage of electronic media - Secure remote storage of electronic media. A virtual safe application resides on a server and provides for encrypted storage, display, and access to critical electronic media. The virtual safe communicates with trusted entities, which can automatically populate the virtual safe with pre-selected types of files into pre-selected locations. A user can access the virtual safe over a network to customize the display, manage files, upload files, and/or share files. Sharing a file grants selected access rights to a selected file by another authorized user. The shared file is displayed on the interface associated with the other authorized user, allowing the other user to view the file and to perform functionality consistent with the access rights. The sharing capability facilitates communication for use in streamlining business and/or personal matters. The virtual safe thus provides access to documents anytime, anywhere, while ensuring security, facilitating communication, and eliminating manual steps. | 12-31-2009 |
| 20090328172 | SESSIONLESS REDIRECTION IN TERMINAL SERVICES - Embodiments described herein are directed to establishing a terminal services (TS) session between a TS server and the client without creating a temporary session. In one embodiment, a computer system receives a user request indicating that a TS session with a first TS server is to be initiated. The request includes an indication that the user is authenticated and authorized to use the first TS server. The computer system searches for any prior TS sessions previously initiated by the user with other TS servers and determines, based on the search, that at least one prior TS session was initiated with a second TS server. The computer system also sends redirection data to the user indicating that the user request is to be redirected to the second TS server to reestablish the prior TS session with the second TS server. | 12-31-2009 |
| 20090328173 | Method and system for securing online identities - Various methods, systems and apparatus for associating fictitious user identities (e.g. screen names, user names, handles, etc.) used in electronic communications (e.g. over the internet via instant messenger, e-mail, social networks, eCommerce and auction websites, etc.) with real personal information (e.g. the true identity of an individual such as their name, address, credit score, driving record, etc.) are disclosed. One such method may include storing real personal information, associated with fictitious user identities, in a CGI, hosted by a GICS. The CGI may be a unique record for an individual person and may contain real personal information verified with proper authorities (e.g. a name, address and driving record of the individual verified with a department of motor vehicles), as well as fictitious user identities used by the individual, feedback receiving from other users, etc. The method may further include allowing a remote user to submit a query to the GICS requesting information associated with a fictitious user identity, whereby the GICS may search for a CGI associating information with the fictitious user identity; and, transmit some or all of the information to the remote user. One apparatus, according to aspects of the present invention, may include means of associating real personal information, submitted by a user, with fictitious user identities, means of verifying the real personal information and the ownership of the real personal information by the submitting user, means of receiving a request for some personal information associated with a fictitious user identity, from a remote user, means for identifying the CGI associated with the fictitious user identity, means of retrieving some of the personal information from the CGI and means of transmitting some of the information to the remote user. The system may further include means of limiting the information transmitted to the remote user. (e.g. the remote user may be transmitted the credit score of the person owning a fictitious screen name, without being transmitted any further information identifying the person.) | 12-31-2009 |
| 20090328174 | Method and system for providing internet services - A service integration platform system for providing Internet services includes: an interface configured to receive a service request message that is initiated by a user of an application provided by an Independent Software Vendor (ISV), the service request message being implemented according to an Application Programming Interface (API) type and including a plurality of platform-level parameters that conform to the API type. The system further includes one or more processors coupled to the interface, configured to: locate a set of authentication checks that are appropriate for the API type, based at least in part on the plurality of platform-level parameters included in the service request message and a mapping of predefined combinations of platform-level parameters and corresponding sets of authentication checks; perform authentication of the service request according to the set of authentication checks; and route the service request to a service address of the Internet Service Provider (ISP) in the event that the service request is authenticated. | 12-31-2009 |
| 20090328175 | IDENTITY VERIFICATION VIA SELECTION OF SENSIBLE OUTPUT FROM RECORDED DIGITAL DATA - A digital data sampler operating in a computer processor selects and stores digital data samples from a data stream used for generating audio-visual output during a session with a client operated by a user. The session generates the data stream independently of the data sampler. The data sampler may collect parameter data correlated to a probability will be remembered by the user at some future time, for each sample. The data sampler may store the data samples and parameter data as shared secret data for use in a future authentication session. During a future authentication session, an authentication device selects test data from the shared secret data to generate sensible output in an authentication process. The authentication process grants access to a controlled resource in response to user input indicating specific knowledge of the shared secret data selected from a presentation of similar sensible outputs. | 12-31-2009 |
| 20090328176 | Web Based Access To Clinical Records - A system and method for providing access to clinical data over the Internet. The system includes a server, and a database in communication with the server. The database stores clinical data sets. The system further includes a thin client, a communication link between the server and the Internet, and a communication link between the thin client and the Internet. Software executing on the server receives a request for one or more clinical data sets, retrieves the requested clinical data sets, and transmits the clinical data sets to the thin client. | 12-31-2009 |
| 20100005521 | Method of Securing Password in Web Page and Computer-Readable Recording Medium Storing Program for Executing the Same - Provided are a method of securing a password in a web page and a recording medium storing a program for executing the method. The method of accessing a web page provided by a specific web server through a web browser of a user terminal and then securing a password value input from a keyboard of the user terminal to a password input window provided by the web page includes encoding the password value input to the password input window, and then decoding the encoded password value at the same time when a log-in event of the web page occurs. According to the method, it is possible to prevent a password value input to a password input window of a web page from being intercepted by malicious programs before the password value is transmitted to the corresponding web server. | 01-07-2010 |
| 20100011426 | Subscriber-Specific Enforecement of Proxy-Mobile-IP (PMIP) Instead of Client-Mobile-IP (CMIP) - A method provides subscriber-specific activation of network-based mobility management using an authentication server. According to the method, network-based mobility management is enforced, even if the mobile terminal supports terminal-based mobility management. This gives a network provider complete control over mobility management in his network, preventing configuration problems during the configuration of mobile terminals. In the method, after the successful authentication of a subscriber, the authentication server transmits an authentication confirmation message to an authentication client in an access network. The received authentication confirmation message contains an activation attribute for activating network-based mobility management, if the authentication server does not provide a common mobile key for terminal-based mobility management. | 01-14-2010 |
| 20100011427 | Information Storage Device Having Auto-Lock Feature - An information storage device is protected from unauthorized access by requiring periodic re-authentication of user credentials. Failure to correctly re-authenticate within a time window results in the automatic locking of the portions of the storage device that have been previously enabled for the user so that they are no longer accessible. | 01-14-2010 |
| 20100011428 | SYSTEM, METHOD AND COMPUTER PROGRAM, FOR ENABLING ENTRY INTO TRANSACTIONS ON A REMOTE BASIS - A system, method and computer program for enabling transactions on a remote basis is provided. The method of the present invention comprises the steps of: (1) providing a first computer at a location of a customer, and providing a second computer at a location of a financial institution, the first computer and the second computer being linked so as to provide a two-way audiovisual communication system; (2) providing an authentication request at the second computer and communicating the request to the first computer; (3) the customer reviewing the request and providing a signature or other writing as an input to an input device connected to the first computer; (5) transmitting the signature from the first computer to the second computer; (6) receiving the signature and providing the signature to a plotting device connected to the second computer; and (7) applying the signature to a transactional document, wherein the audiovisual information received by the second computer and the signature received by the second computer in combination provide a means of transaction authentication and non-repudiation. | 01-14-2010 |
| 20100011429 | Secure on line accounts (SOLA) system using cell phones and other wireless devices - This invention describes a cell phone, or other wireless device (henceforth known as “device”), to transmit sound (audible and inaudible) alphanumeric code in any language, special characters or symbols or graphic or pictures or videos or any combination thereof, to an on-line account at a web server that is equipped with a compatible digital transceiver card and software driver and/or firmware for the operation, management and maintenance of this system. Upon verification of the transmitted code or sound, by the web server, access is granted. The said server then transmits a randomly selected new code of any combination of the codes or sounds stated above to the device for storage. The said transmission from the web server cannot be stored in any other device. The device has a menu item and/or numeric code for each on-line account of the user. | 01-14-2010 |
| 20100011430 | Computer architecture for managing courseware in a shared use operating environment - Methods, devices, and systems are provided in a multi-level computer architecture which provides improved capabilities for managing courseware and other content in a shared use operating environment such as a computer network. In particular, the invention provides a commercial networked instruction content delivery method and system which does not exclude synchronous sharing but is focused on asynchronous sharing. Security means in the architecture provide content property holders with the ability to know how many minutes of use an individual made of licensed material and with increased certainty that their material cannot be used, copied, or sold in usable form unless and until a user site is connected or reconnected to a minute-by-minute counter which is located off the premises of the user. This security link helps protect software and other works which are being sold or licensed to an individual, organization, or entity, and creates income opportunities for owners of such content. | 01-14-2010 |
| 20100017860 | AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - The security of an authentication system using a one-time password is increased, a shift from an authentication system using a fixed password is simplified, and a range of use is increased. An authentication system wherein a one-time password is synchronized with time, or an authentication system wherein a one-time password is synchronized with the number of online service authentication requests, is provided. When a one-time password client | 01-21-2010 |
| 20100017861 | APPARATUS AND METHOD FOR MOBILE VIRTUAL NETWORK OPERATOR (MVNO) HOSTING AND PRICING - A method and apparatus facilitating access to a communication session for a client is provided. The method may comprise receiving, at a mobile virtual network operator (MVNO), an access request from a client, wherein the MVNO is associated with a set of mobile network operators (MNOs), receiving, from the client, client connection parameters associated with at least one of the set of MNOs, formulating at least one option for a communication session over a network associated with at least one of the set of MNOs, the at least one option based on the client connection parameters and MVNO-connection parameters associated with the set of MNOs, and establishing a selected communication session based on the at least one option. | 01-21-2010 |
| 20100017862 | METHOD AND RELATED SYSTEM FOR AUTHENTICATING E-LEARNING STUDY - This invention provides an e-learning system having a capability for authenticating the learner's ID via Internet with the learner's physical Bio-ID such as a fingerprint, an iris and/or a vein of the learner into the login process and additional periodic checking according to the instruction signal generated by the contents. Accordingly, once a learner successfully logs into his or her account, the computer will monitor each learner's progress on a lecture or an examination. Thus, the invention enable to operate a full online distance education from a single database for the worldwide learners, at each learner's own space and scheduling, anytime, anyplace, in any of the major languages selected by the learners and accurately account credit hours of each learner by the lectures and examination on demand for conferring a degree or to transfer the credit to the university where they will earn their degrees. | 01-21-2010 |
| 20100017863 | PORTABLE STORAGE APPARATUS FOR PROVIDING WORKING ENVIRONMENT MIGRATION SERVICE AND METHOD THEREOF - Provided are an apparatus and method for providing a working environment migration service. The portable storage apparatus, includes: a management and execution unit for performing user authentication by connection to an external user terminal, managing a user profile and application information, and executing a context management unit; a working environment storage unit for storing an application context and data representing the working state at the time of log out; and the context management unit for recovering and executing the application context and data stored in the working environment storage unit upon execution by the management and execution unit, and collecting the application context and data representing the working state at the time of log out, and storing them in the working environment storage unit. | 01-21-2010 |
| 20100017864 | SYSTEM FOR PUBLISHING AND CONVERTING MESSAGES FROM IDENTIFIED, AUTHORIZED SENDERS - A message publishing system operative to process a message from a sender in a first format has a central processor; at least one sender account, at least one storage area configured to store at least a first portion of the message, and software executing in the central processor. The processor is configured to identify the sender of the message as an authorized sender based on information associated with the message in comparison to data in the sender account, wherein the identification is dependent upon the first format. The processor is configured to convert at least a second portion of the message from the first format to a second format. The processor is also configured to publish the converted second portion of the message so as to be viewable in the second format only if the sender has been identified as an authorized sender. | 01-21-2010 |
| 20100017865 | METHOD AND SYSTEM FOR PREVENTING FRAUDULENT ACTIVITIES - A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application. | 01-21-2010 |
| 20100024016 | Method and apparatus for protection domain based security - A first application instance is associated with a protection domain based on credentials (e.g.: a signed certificate) associated with a set of application code that, when executed, gives rise to the application instance. The first application instance executes in a first execution context. An indication is received that the first application instance seeks access to protected functionality associated with a second execution context. In response to receiving the indication, a determining is made as to whether the first application instance has permission to access the protected functionality. The determination is made by determining the protection domain with which the first application instance is associated, and determining if the protection domain with which the first application instance is associated is in the set of one or more protection domains. | 01-28-2010 |
| 20100024017 | Location-Based Authentication of Online Transactions Using Mobile Device - Systems, methods, and software for implementing location-based authentication of both online and mobile web-based transactions. This implementation may involve verifying whether a mobile device (such as a cellular telephone) is proximate to a computer from which the transaction is being performed. Depending upon the location of the mobile device, further transactions may be approved or rejected. In further implementations, the transactions may be made from the mobile device itself. In this case, the location of the mobile device compared with one or more pre-stored locations may affect whether further transactions from the mobile device are approved or rejected. | 01-28-2010 |
| 20100024018 | Keyboard Display Posing An Identification Challenge For An Automated Agent - Methods, systems, and computer readable medium storing computer executable programs for communicating symbol data using a keyboard display that poses an identification challenge for an automated agent are disclosed. A first plurality of symbols is provided. A dynamic version of each of the first plurality of symbols is defined. The dynamic version of each of the first plurality of symbols includes a noise component. A keyboard display arrangement for displaying the dynamic version of each of the first plurality of symbols in a keyboard display is defined. A display mechanism operable to display the keyboard display including the dynamic version of the first plurality of symbols in accordance with the keyboard display arrangement is provided. | 01-28-2010 |
| 20100024019 | Authentication - User authentication is based on a home network user database that authenticates users to external service providers. A user logs into home network and starts accessing the external service by clicking on a link labelled for the external service provider. The link is directed to script at a home server. The script causes the home server to obtain details related to the user from a home network user database. The home server passes information related to the user to a foreign server associated with the service provider. Based on the passed information, the foreign server grants or denies authentication of the user to the external service. If granting, the foreign server provides the home server with access data and the home server forwards the access data to the user so that the user can initialise an authorised external service session using the access data. | 01-28-2010 |
| 20100024020 | Wireless mobile device with privacy groups that independently control access to resident application programs - An exemplary method implemented by a wireless mobile device controls user access to programs and files defining items that are resident on the mobile device. A first icon associated with a corresponding first program installed on the wireless mobile device is displayed on the screen of the wireless mobile device, where the first icon can be seen by any person using the wireless mobile device and the corresponding first program is available for execution to said person. A privacy gate and a corresponding privacy icon displayed on the screen are created using a privacy interface program installed on the wireless mobile device. A password associated with the privacy gate is entered by a first user so that a subsequent request by a user to traverse the privacy gate will require entry of this password. The first program and the privacy gate are linked so that a user must traverse the privacy gate in order to execute the first program. | 01-28-2010 |
| 20100024021 | SYSTEM AND METHOD FOR SECURE OPERATION OF A MEDICAL RECORDS REPORTING SYSTEM - A system for accessing, updating, and maintaining health records of a medical data and reporting system. The system can comprise one or more data processors and a module configured to execute on the one or more data processors. The module can be configured to validate a particular user based upon patient identifying information, where the module is further configured to obtain patient identifying information from one or more computer-readable mediums, a voice response system, a mobile device, a global positioning system, and a biometric system. Additionally, the module can be configured to enable the user to securely access the medical data and reporting system and to report the data to the user. | 01-28-2010 |
| 20100024022 | METHODS AND SYSTEMS FOR SECURE KEY ENTRY VIA COMMUNICATION NETWORKS - According to some embodiments, a member authentication request is received at a security server from a client server. The member authentication request may be associated with, for example, a member attempting to access confidential information from the client server. A secure key associated with the member may be determined and data associated with that key may be transmitted to the member (e.g., via his or her wireless device or computer). Secure key information may be received from the member and validated. Based on the validated secure key information, it may be arranged for the member to receive the confidential information from the client server. | 01-28-2010 |
| 20100031333 | SECURE EMAIL - Methods of paying debt over a network and debtor computer systems are provided for forming a secure email link between the debtor computer system and a creditor computer system; transmitting a notice of debt from the creditor computer system to the debtor computer system using the secure email link; and paying at least a portion of the debt at the debtor computer system based upon the notice of debt. The secure email link may be formed over a peer-to-peer email system. | 02-04-2010 |
| 20100031334 | SECURE ACCESS - A system and method for controlling access to a protected network resource is provided. Access is controlled as follows. User credentials received with a request from a user for access to the protected network resource are checked against predetermined user information so as to authenticate the user; The request is made via a network access point located within a restricted area. The recorded location of the user is checked to determine whether the user is recorded as being within the restricted area. Access to the protected network resource is allowed if the user credentials are authenticated and the user is recorded as being within the restricted area. The user's network connection is monitored and, on detection that the user is disconnected from the network, the user is recorded as not located within the restricted area. Additional credentials are required from the user to support the user's request when the user is not recorded as being within the restricted area. | 02-04-2010 |
| 20100037304 | USER-CENTRIC RESOURCE ARCHITECTURE - Some embodiments include a computer-implemented method for controlling access to resources of a platform in a computer system. The method can comprise detecting a request to access a resource, wherein the resource resides in the computer system, and wherein the resource is associated with an owner; requesting a first resource access decision from a first policy decision unit associated with the owner; receiving, from the first policy decision unit, the first resource access decision and first trust information, wherein the first trust information indicates trust of a second policy decision unit; requesting a second resource access decision from the second policy decision unit associated with the virtual universe platform; receiving, from the second policy decision unit, a second resource access decision; and returning the second resource access decision. | 02-11-2010 |
| 20100037305 | WINDOW OVERLAY FOR ONLINE COLLABORATION PLATFORM - In an example embodiment, an online advertising management platform maintains an account that includes data relating to an order for advertising provided by an ad network affiliated with the platform. When the platform receives a login that identifies a user as having access rights to the account, the platform displays a view that includes a window displaying data relating to the order and a toolbar in a standardized location relative to the window. The toolbar includes a tab. When the user clicks on the tab, the platform displays a tabbed window that includes a list of the informational messages, regardless of whether an informational message on the list has been read or dismissed by another user allowed access to the account. The platform locates the window contiguous to the toolbar over some but not all of the view displaying the data relating to the order. | 02-11-2010 |
| 20100037306 | ELECTRONIC DEVICE AND ACCESS CONTROL METHOD THEREOF - An electronic device and an access control method include selecting a login image, determining and constructing a coordinate system for a touch panel of the electronic device, and recording coordinates of a first group of touch points on the login image and a first touch sequence correspondingly. The electronic device and the access control method further include confirming a touchable area corresponding to each touch point of the first group of touch points and a preset error range, and storing the login image and the touchable areas into a storage system of the electronic device. | 02-11-2010 |
| 20100043064 | Method and system for protecting sensitive information and preventing unauthorized use of identity information - This invention features a method and system for protecting sensitive information and preventing the unauthorized use of identity information by third parties. Virtual identifiers that identify an information holder whose sensitive information is involved in the process, are dynamically created by an entity called processing entity. The virtual identifiers are usually linked to a static identity of the information holder through a data management mechanism, such as a database system. A virtual identifier could serve for multiple functions. Usually, validity attributes that indicate when and for how long a virtual identifier is valid for the different functions, are associated with the virtual identifier. When the information holder interacts with a third party in a process that involves the information holder's sensitive information, the information holder uses virtual identifiers. Then, through a device connected to a network including wireless devices, telephone or a mail service, the party either passes along the virtual identifiers to other parties or submits requests along with the virtual identifiers to the processing entity which could map the virtual identifiers to the static identity information and uses the static information to realize the requests. | 02-18-2010 |
| 20100050244 | Approaches for Ensuring Data Security - Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules operating in the BIOS of the client. The policy data describes one or more security policies which the client is to follow. In response to the client following at least one of the one or more security policies, a persistent storage medium of the client is locked by instructing a controller of the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential. In this way, a malicious user without access to the recognized authentication credential cannot access the data stored on the persistent storage medium, even if the persistent storage medium is removed from the client. | 02-25-2010 |
| 20100058450 | PASS CODE PROVISION - A device includes a processor and a computer-readable medium including computer-readable instructions. Upon execution by the processor, the computer-readable instructions cause the device to receive a first request from a second device, where the first request is for a pass code. The first request includes an identification of a coded system for which the pass code is requested. The computer-readable instructions also cause the device to provide a second request to a third device, where the second request includes the identification of the coded system. The computer-readable instructions also cause the device to receive a plurality of pass code segments from the third device. The computer-readable instructions further cause the device to provide the plurality of pass code segments to the second device for assembly into the pass code. | 03-04-2010 |
| 20100058451 | LOAD BALANCING FOR SERVICES - The present invention extends to methods, systems, and computer program products for load balancing for services. Embodiments of the invention facilitate load balancing between instances of a service based on affinitization of messages, based on content of the message. For example, messages in the same session can be dispatched to the same service instance. A sequence or series of related messages associated with long running and/or stateful services are more likely to be dispatched to the same instance of the service. Thus, if the service instance has persisted client state, there is an increased likely of utilizing the persisted client state and not having another service instance recreate the client state. | 03-04-2010 |
| 20100058452 | METHODS AND A DEVICE FOR ASSOCIATING A FIRST DEVICE WITH A SECOND DEVICE - A method and device for device association. A user enters login and password on a first device that searches for reachable devices. The first device asks the reachable devices if they know the login, preferably by sending a salted hash of the login. The devices that know the login respond positively and the first device lists the responding devices. The first device then successively performs Secure Remote Authentication (SRP) with each device on the list until an authentication succeeds or there are no further devices on the list. The SRP authentication makes sure that the first device knows the login and that the other device knows a password verifier without transmitting any knowledge that allows recuperation of this info by an eavesdropper. The authenticated devices then establish a secure channel over which a community secret key is transferred, and the first device also calculates and stores the password verifier. | 03-04-2010 |
| 20100064359 | USER CREDENTIAL VERIFICATION INDICATION IN A VIRTUAL UNIVERSE - User credential verification indication in a virtual universe is disclosed. A method, system and program product are provided that include verifying a credential of the user of a first avatar in the virtual universe; and establishing a zone that causes an indication of the credential of the user of the first avatar to appear in response to an action being taken relative to the zone. | 03-11-2010 |
| 20100071042 | SELECTION AND APPLICATION OF ROLES AND SYSTEMS BASED ON USERNAME AND LAYOUT ID - In one embodiment a computing system comprises one or more processors, a display device coupled to the computing system, and a memory module communicatively connected to the one or more processors. The memory module comprises logic to receive, in a connection server, a service request from a user via a remote connection client, wherein the service request comprises at least one of a user credential, a connection client identifier, and a layout identifier, authenticate, in the connection server, the user credential and the connection client identifier, retrieve, in the connection server, a user profile associated with the user, a connection client layout associated with the layout identifier, connection data for at least one remote system, and a policy associated with the user profile, and transmit the user profile, the connection client layout, a remote system and the connection data for a remote system and a policy associated with the user profile from the connection server to the remote connection client. | 03-18-2010 |
| 20100071043 | UNINTERRUPTED VIRTUAL PRIVATE NETWORK (VPN) CONNECTION SERVICE WITH DYNAMIC POLICY ENFORCEMENT - Techniques for uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement are provided. An existing VPN session between a VPN client and a VPN server detects a change in a VPN network being used for the existing VPN session. New credentials and new policies are received by the VPN client. The new credentials are automatically used to re-authenticate the VPN client to the change during the existing VPN session, and the new policies are dynamically used to enforce the new policies during the existing VPN session on the VPN client. | 03-18-2010 |
| 20100071044 | Method for tracking location of patients and doctors in a medical office or hospital practice - A method of operating a paperless medical office or hospital practice office of multiple physicians seeing multiple patients during the course of a single day through the use of radio-frequency identification transponder tags secured within the walls, ceilings and/or doors of examination and consultation rooms of a health-care environment in cooperation with codified smart cards or fingerprint scans in physician carried tablet PC's to supply medical record and like information relevant to a patient only to the physician with whom such patient is meeting at any given instant of time. | 03-18-2010 |
| 20100077467 | AUTHENTICATION SERVICE FOR SEAMLESS APPLICATION OPERATION - In one embodiment, a client computer system receives user credentials from a computer user. The client computer sends the received user credentials to an authentication service running on a server computer in a datacenter, where the authentication service is configured to authenticate the user credentials so that the user is authorized to access datacenter-provided information corresponding to various client-side applications. The client computer receives an authorization indication from the authentication service indicating that the user is authorized to access the datacenter-provided information and stores the received authorization indication in a credential store on the client computer. The computer system also receives from a client-side application an authentication request to authenticate the user and automatically sends the stored authorization indication indicating that the user is authorized to access the datacenter-provided information, without prompting the user to provide user credentials for authentication. | 03-25-2010 |
| 20100077468 | METHOD AND SYSTEM FOR PROVIDING EFFICIENT AND COMPLEX DATABASE FUNCTIONALITY TO A MOBILE DEVICE - Methods, systems, and apparatus provide efficient and complex database functionality for an electronic device, e.g. a mobile device. These mechanisms and methods for providing efficient and complex database functionality to an electronic device can enable embodiments to provide quick access to certain data using a local application and seamless access within the local application to other data and complex presentation formats that are supplied by a server. The ability of embodiments to provide this hybrid functionality can enable users of the electronic devices to be more productive. | 03-25-2010 |
| 20100083359 | TRUSTED DATABASE AUTHENTICATION THROUGH AN UNTRUSTED INTERMEDIARY - A method, system and computer-usable medium are disclosed for validating user credentials submitted to a data source by an untrusted intermediary. An untrusted intermediary attempts to access a data source on behalf of a user. The untrusted intermediary challenges the user to provide credentials of the type and format required to access the data provided by the data source. The user's trust client connects to an authentication service and identification credentials of the required type and format are generated. The identification credentials are conveyed to the user's trust client, which then provides them to the user's client, which in turn conveys them to the untrusted intermediary. The untrusted intermediary then presents the identification credentials to an authentication plug-in of the data source. The authentication plug-in validates the authenticity of the provided credentials with their associated authentication service. Once the credentials are successfully validated, the requested data is provided to the user's client by the untrusted intermediary. | 04-01-2010 |
| 20100083360 | PORTABLE AUTHENTICATION DEVICE - In one aspect, a disclosed portable authentication device (PAD) includes a processor, storage media, an interface for enabling communication with an external information handling system (IHS), e.g., a computer or a telephony device, and executable instructions embedded in the storage media, for automated authentication. The embedded instructions include instructions for enabling a user to store authentication information, e.g., use ID and password information, corresponding to an IHS destination, e.g., a telephone number of an interactive voice response system or an IP address of a web server. If the PAD recognizes the current destination, the PAD may respond to an assertion of a keypad control element by making authorization information corresponding to the current destination available to the user or providing the authorization information directly to the current destination. The PAD may include one or more telephony interface(s), e.g., RJ-11 jack(s) and one or more computer interfaces, e.g., USB connector(s). | 04-01-2010 |
| 20100095360 | METHOD AND SYSTEM FOR AUTHENTICATION - A method and system of authenticating communications sessions between two or more parties over one or more simultaneous communications channels using one or more communicating devices is provided including having a first party create a first set of signatures, wherein the first set of signatures includes a signature for each communications channel, communicating with at a second party over at least one communications channel, whereby the second party authenticates the first party's signature associated with the at least one communications channel and accepts communication with the first party. | 04-15-2010 |
| 20100095361 | Signaling security for IP multimedia services - An apparatus in one example has: a predetermined tunnel that operatively couples a UE and a firewall; and the predetermined tunnel structured to convey at least signaling messages. The embodiments according to the present method and apparatus provide a solution for signaling security of IP multimedia services that is compatible with firewalls. For example, such embodiments establish an IPsec or SSL/TLS tunnel between the UE and the firewall, instead of an end-to-end IPsec or SSL/TLS connection between the UE and the CSCF. | 04-15-2010 |
| 20100095362 | Method and Arrangement for Handling Client Data - A method and arrangement for authorizing an initially unauthorized watching client to receive client data of an observed client from a client data server. The watching client sends an expanded request for client data to the server. The expanded request contains additional information such as a text string, a picture, or a video/audio clip. The server extracts the additional information and sends it to the observed client. The observed client can then decide whether to authorize the watching client to receive the observed client's data based on the additional information. | 04-15-2010 |
| 20100095363 | Method and System for Authentication Based On NASS - A method for authentication based on NASS is disclosed. UAAF authenticates the accessing of CNG. UAAF produces the management authentication credential between CNG and CNGCF, and sends the management authentication credential to CNGCF. CNG obtains the management authentication credential. CNG authenticates CNGCF by the obtained management authentication credential and CNGCF authenticates CNG by the management authentication credential. A system for authentication based on NASS is also disclosed. The authentication credential can be automatically produced, distributed and modified. And the operation cost is reduced and the operation efficiency is enhanced. | 04-15-2010 |
| 20100100949 | IDENTITY AND POLICY-BASED NETWORK SECURITY AND MANAGEMENT SYSTEM AND METHOD - A system and method for providing security for a network connecting a source and a destination. The system and method provide a security and management system between the source and the destination which is configured to apply rules and policies which are specific to the user to the connection between the source and the destination. The user-specific policies are used to govern. | 04-22-2010 |
| 20100100950 | CONTEXT-BASED ADAPTIVE AUTHENTICATION FOR DATA AND SERVICES ACCESS IN A NETWORK - A method includes sending a command set to a client module via a network, receiving via the network a context identifier and a data set associated with the command set, verifying the command set, and authenticating the client module. The command set is verified based on the data set. The client module is authenticated based on the context identifier. A service is made accessible to the client module after the authenticating, The service is inaccessible to the client module before the authenticating. | 04-22-2010 |
| 20100107231 | FAILURE INDICATION - Methods and network node in a network for receiving a network access request related to a subscriber via at least one external network interface and treating the network access request by using at least a first function and second function. A failure indication related to the subscriber is obtained from at least one of the first function or the second function. The network access request is thereafter denied by sending an access result via the external network interface. The access result comprises a cause of failure indicating the at least one of the first function or the second function as a source for the failure. The first and second functions may be, for instance, an AAA function and a DHCP function. | 04-29-2010 |
| 20100107232 | COMMUNICATION PROTOCOL SYSTEM AND METHOD FOR A DISTRIBUTED-ARCHITECTURE HEATING, VENTILATION AND AIR CONDITIONING NETWORK - The disclosure provides an HVAC data processing and communication network and a method of manufacturing the same. In an embodiment, the network includes a user interface and a system device. The user interface is configured to publish a privilege request message to a data bus. The system device is configured to receive messages via the data bus and to store configuration data in nonvolatile memory. The system device is further configured to enable a privileged operating mode not normally available to a user of the network in response to the privilege request message. | 04-29-2010 |
| 20100107233 | METHOD, SYSTEM, AND APPARATUS FOR IDENTIFICATION NUMBER AUTHENTICATION - A computer based method of authentication including the steps of displaying a field operatively arranged for entry of data representative of a mathematical function of digits in a person's Social Security Number and displaying instructions to the person indicating a specific mathematical function to be performed by the person to arrive at the representative data, performing the specific mathematical function of digits in the person's Social Security Number, and comparing a result of the performing the specific mathematical function of digits in the person's Social Security Number with the received data representative of the mathematical function of digits in the person's Social Security Number to authenticate the person's identity. | 04-29-2010 |
| 20100115595 | Method and Apparatus for Establishing Security Inflow Contracts - A method and apparatus for establishing a security inflow contract between a work-initiating system and a work-performing system. A portable, generic security inflow contract between an EIS/connector and an application server is provided that enables the connector to establish security information while submitting a work instance for execution to a work manager and while delivering messages to message endpoints of the application server. The security inflow contract enables all activities of a work instance that is submitted by a connector to be performed in the context of an established identity, thus insuring that all interactions between an application server and an EIS/connector are secure, and may prevent unauthorized access to application components deployed in an application server. | 05-06-2010 |
| 20100115596 | Method and System for Creating and Sharing Bookmarks of Media Content - A method for facilitating a bookmark server to create a bookmark from content associated with a content source is disclosed. The method comprises a remote device selecting a portion of the content associated with the content source, based on an input received via a user interface. The remote device then generates metadata associated with the selected portion of the content. The metadata includes information pertaining to the content source and the content. The remote device communicates with the bookmark server, which can access the content associated with the content source. The remote device sends the metadata to the bookmark server along with a request message to the bookmark server to create the bookmark based on the metadata. | 05-06-2010 |
| 20100115597 | COMPUTER READABLE MEDIUM, IMAGE PROCESSING SYSTEM, AND IMAGE PROCESSING DEVICE - The present invention is intended to optimize reference data to be used in biometric authentication, and to reduce the incidence of false authentication in actual biometric authentication compared to conventional biometric authentication. In order to achieve this, a computer readable medium on which a program causing said computer to operate as a system is stored comprising: a biometric information acquisition part | 05-06-2010 |
| 20100125897 | METHODS AND APPARATUS FOR ESTABLISHING A DYNAMIC VIRTUAL PRIVATE NETWORK CONNECTION - Methods and apparatus for managing a dynamic virtual private network (VPN) connection of an endpoint device using locally-stored encrypted VPN profiles. The endpoint device comprises a VPN client configured to establish a secure connection with a computer via a network, an encrypted datastore for storing the encrypted VPN profiles, and a security agent for monitoring a security compliance status of the endpoint device with a security policy stored on the endpoint device. In response to detecting a change in the security compliance status of the endpoint device, the security agent copies VPN profiles from the encrypted datastore to a storage location accessible to the VPN client. The VPN client is configured to use the copied VPN profiles to securely connect to the computer. Periodic update requests from the security agent to an administrative server enable updated VPN profiles or security policies to be downloaded and stored in the encrypted datastore. | 05-20-2010 |
| 20100125898 | USE OF AUTHENTICATION INFORMATION TO MAKE ROUTING DECISIONS - Methods and systems for utilizing authentication attributes to determine how to direct traffic flows are provided. According to one embodiment, a program storage device readable by a network device associated with a service provider is provided. The program storage device tangibly embodies a program of instructions executable by a processor of the network device to perform method steps for authenticating users and establishing appropriate service sessions. An end user from whom a connection request is received is caused to be prompted for login credentials. The received login credentials are then caused to be authenticated by an authentication server. Responsive to successful authentication, a service session is established for the end user and customer separation is maintained among the multiple customers by creating a routing entry, according to which subsequent packets associated with the service session are routed, based on authentication attributes returned by the authentication server. | 05-20-2010 |
| 20100132020 | Presentation Management System and Method - An online presentation authoring method includes allowing a primary author to perform a primary set of tasks concerning at least a primary portion of an online presentation, and requesting that a guest author perform a secondary set of tasks concerning a secondary portion of the online presentation. | 05-27-2010 |
| 20100132021 | INTEGRATION AUTHENTICATION METHOD AND INTEGRATION AUTHENTICATION SERVER - Provided are an integrated authentication method and an integrated authentication server. The integrated authentication method using the integrated authentication server includes receiving integrated authentication request information and a company code for password authentication by the integrated authentication server, requesting a serial number of a predetermined authentication device and determining whether the received company code is identical to a provider company code in response to the received serial number, if the received company code is identical to the provider company code, requesting generation of a test password and determining whether a received test password is identical to a reference password, and if the test password is identical to the reference password, approving password authentication using the authentication device at a provider company corresponding to the provider company code. The integrated authentication method and the integrated authentication server enable all types of financial trades and e-commerce using a single authentication device authenticated by the integrated authentication server and allow the authentication device to avoid the risk of hacking. Moreover, companies commonly bear an authentication fee for the authentication device, thereby promoting the spread and utilization of the authentication device. | 05-27-2010 |
| 20100132022 | Systems and Methods for Information Backup - A system for granting or denying access to nodes on a network, includes a first node including a list of nodes that can be granted or denied access to the first node, and at least one other node. The first node and the at least one other node are connected across the network. When the at least one other node attempts to gain access to the first node, the first node reviews the list of nodes to determine whether access should be granted or denied to the at least one other node. | 05-27-2010 |
| 20100132023 | Machine, Program Product, And Computer-Implemented Method For File Management, Storage, And Display In Albums Utilizing A Questionnaire - A database stores a plurality of files assigned by a user to a plurality of categories representing notable events in a life of the user. The user is prompted to fill out a questionnaire associated with a file. The questionnaire data includes album data, a journal entry, event information, and display information, including a relative picture size so that an album page can include a large number of relatively small pictures, and a small number of relatively larger pictures. Then a display device displays an album of files in pre-selected formats responsive to the questionnaire data. Individual journal entries can also be aggregated into one master journal, and the display device can display a portion of the master journal responsive to user criteria so that a user can view journal entries for a category, a particular date range, or files in an album. | 05-27-2010 |
| 20100138904 | METHOD AND SYSTEM FOR NOTARISING ELECTRONIC TRANSACTIONS - The invention relates to a system comprising: a first computerised system, or emitter, connected to a communication network; a second computerised system, or receiver, connected to said network; and a server connected to said network. Said server operates as a trusted third party for electronic transactions, is adapted in such a way as to offer a custody service and to vouch for the existence and content of an electronic document sent by the emitter, and communicates with a timestamping entity. | 06-03-2010 |
| 20100138905 | Token-Based Client To Server Authentication Of A Secondary Communication Channel By Way Of Primary Authenticated Communication Channels - The disclosure relates to authenticating a secondary communication channel between a client application and a server application when an authenticated primary communication channel has already been established between the client application and a resource application, on which the server application can store a generated authentication token that only privileged users including the client application user can read-access and send back to the server application by way of the secondary communication channel. | 06-03-2010 |
| 20100138906 | COMMUNICATION DEVICE SUITABLE FOR SETTING IP ADDRESS OF SERVER CONNECTED TO NETWORK, NETWORK PARAMETER SETTING METHOD AND NETWORK PARAMETER SETTTING PROGRAM PRODUCT - In order to easily set IP addresses required for communicating with apparatuses connected to a network, an MFP includes a port scan unit for acquiring, by port scanning, an IP address of a server having a predetermined port open from one of the servers connected to the network, and a network environment storage part for storing a set of acquired IP address and a port number of the predetermined port. | 06-03-2010 |
| 20100146605 | METHOD AND SYSTEM FOR PROVIDING SECURE ONLINE AUTHENTICATION - Methods and systems for authenticating website users without exposing passwords or other sensitive information to potential theft are provided. When the user's computer connects to a website server all communications are routed through a secure authentication device. When the authentication device identifies the need for user information to be submitted to the website server, the application retrieves the required information from memory and inserts the information into the appropriate location in the website forms. Since the secure connection to the website server is established in the secure boundary of the authentication device, the information is protected from being obtained by any malware that may reside in the user's computer. | 06-10-2010 |
| 20100146606 | AUTHENTICATION METHOD AND SYSTEM - An authentication method and system. A computing system generates an authentication table associated with a user. The computing system receives first authentication data and second authentication data differing from the first authentication data. The first authentication data and the second authentication data are placed in the authentication table. The authentication table comprising the first authentication data and the second authentication data is stored in the computing system. The computing system generates an action table. The computing system receives first action data and second action data and places the first action data and the second action data in the action table. The action table comprising the first action data and the second action data is stored in the computing system. | 06-10-2010 |
| 20100146607 | System and Method for Managing Multiple Sub Accounts Within A Subcriber Main Account In A Data Distribution System - A computer readable storage medium is disclosed having a computer program stored therein, which in a particular embodiment, the computer program includes but is not limited to machine readable instructions that when executed by a computer manage a plurality of sub accounts under a main account in a data distribution system, the computer program including but not limited to instructions to assign the plurality of sub accounts under the main account in a main account data structure at a server in the data distribution system; instructions to assign a plurality of end user devices to each one of the plurality of sub accounts; and instructions to receive end user device attribute data from at least one of the end user devices to the main account data structure after the attribute data is created at the at least one end user device. | 06-10-2010 |
| 20100146608 | Multi-Level Secure Collaborative Computing Environment - In some embodiments, a collaborative computing environment includes a federated identity manager coupled to a multi-level secure computing network and a client having a biometric reading device. The multi-level secure computing network includes multiple data repositories that store information according to a ranked classification system comprising multiple security levels. The federated identity manager has a storage device that is operable store a plurality of identity tokens each associated with a corresponding one of a plurality of users. In operation, the federated identity manager receives, from the biometric reading device, a biometric signature associated with a particular one of the users, initiates a login session with the client according to the received biometric signature associated with the particular user, and restricts access to the information stored in the data repositories according to one or more security levels associated with the particular user as specified by the identity token associated with the particular user. | 06-10-2010 |
| 20100146609 | METHOD AND SYSTEM OF SECURING ACCOUNTS - A method and system of securing account is provided. When a client computer requests access to an account accessible via a server, the server determinates a mac address associated with the client computer and compares it to a mac address associated with the account. If the mac address of the client computer is not the same as the mac address associated with the account, the server initially denies access to the client computer, but may allow access after verification of the client computer by the user associated with the account. | 06-10-2010 |
| 20100146610 | NODE AUTHENTICATION AND NODE OPERATION METHODS WITHIN SERVICE AND ACCESS NETWORKS IN NGN ENVIRONMENT - Provided are node authentication and node operation methods within service and access networks for bundle authentication between the service and access networks in a next generation network (NGN). A method of authentication processing of a node (S-CSC-FE/I-CSC-FE (Serving Call Session Control Functional Entity/Interrogating Call Session Control Functional Entity)) within a service network for bundle authentication between service and access networks, the method including: receiving first authentication information about access authentication of a terminal from a first node within the service networks; requesting to receive second authentication information from a second node within the service network based on the first authentication information; and comparing the first authentication information with the second authentication information to authenticate the terminal. | 06-10-2010 |
| 20100154042 | DESIGN OF VIRTUAL MACHINE - The present invention is directed to various systems and/or methods relating to a software platform that provides for authentication of a requestor. Preferably, this authentication happens before there is an opportunity for any resource intensive request to harm operation of the system. Preferably, a reliability level is based on authentication so that the amount and/or type of resource access is controlled based, at least in part, on the authentication information. Preferably, heap usage is controlled by this reliability level. Preferably, the software platform is a virtual machine, preferably the Java Virtual Machine. | 06-17-2010 |
| 20100154043 | User Impersonation and Authentication - Methods, systems, and computer program products for modifying a resource by an authenticated user impersonating another user. In one embodiment of the invention, a lock may be acquired on the resource to be modified, storing the identity of the authenticated user and the identity of the impersonated user inside the lock object, and generating a message indicating that the lock was acquired successfully by the authenticated user impersonating another user. | 06-17-2010 |
| 20100154044 | MULTI-TRANSPORT MODE DEVICES HAVING IMPROVED DATA THROUGHPUT - A method for transmitting data between a client and a server is provided. The method comprising the following steps. The data is segmented into a plurality of data packets, which are scheduled to be transmitted via different ones of a plurality of access points. Each of the plurality of access points is configured to communicate with the client using a different protocol and communicate with the server using a different network path. Each of the plurality of data packets is transmitted between the client and the server via the scheduled access point. A client device and proxy server configured to implement the method are also provided, as is a computer readable medium having stored thereon instructions for implementing the method. | 06-17-2010 |
| 20100162374 | COST EFFECTIVE UPDATING OF MOBILE COMPUTING DEVICES AND COMMUNICATING WITH MOBILE COMPUTING DEVICES - A system and a method for updating mobile computing devices with an update package and for exchanging information on an exclusive channel between the mobile computing device provider and the mobile computing device user. The method comprises publishing a first update package available for the first group, updating the first group, then publishing a second update package available message for the second group and updating the second group. The method also comprises establishing a private channel between the mobile computing device and the mobile computing device provider, and exchanging information on the private channel. | 06-24-2010 |
| 20100162375 | MULTIMEDIA AGGREGATION IN AN ONLINE SOCIAL NETWORK - Multimedia content is featured on user pages of an online social network using embed codes that are generated using a configuration file associated with the source ID for the multimedia content and a content ID for the multimedia content. The configuration file, the source ID and the content ID are stored locally by the online social network so that any changes to the embed codes can be made by changing the configuration file associated with the source and regenerating the embed codes. By managing multimedia content in this manner, greater control can be exercised by the online social network over the multimedia content that are featured on its user pages. | 06-24-2010 |
| 20100169959 | System and Method for Providing Secure Access to Password-Protected Resources - A method of a wireless communication device for accessing secure resources of a resource provider or the device itself. A password associated with the wireless communication device is identified. A password identifier is assigned to the password and a non-password identifier is assigned to a non-password different from the password. The password identifier has a non-sequential association with the non-password identifier. The password identifier, the password, the non-password identifier, and the non-password are provided at a user interface of the wireless communication device. Access to a secure resource is granted in response to determining that the password identifier has been detected at the user interface. | 07-01-2010 |
| 20100169960 | Job Search and Coaching System & Process - A system and process for organizing and advancing a job search of a user wherein the user provides information on one or more of contacts, documents, activities and/or status and either requests or is automatically presented with coaching to maintain and advance the search. The coaching may include creating and monitoring follow-up activities for the user. To accomplish the coaching, the system may include a rules engine for determining applicable coaching scenarios. Each scenario may be defined as a record in a database table such that each record in that table may define a unique scenario. In addition, the system may comprise a plurality of other tables defining additional records. Tables within the system may be related in a variety of ways, including one-to-one, one-to-many and/or many-to-many. | 07-01-2010 |
| 20100186072 | Distributed secure telework - The invention provides a method and system for providing distributed secure telework by a plurality of teleworkers. The method includes using non-biometric information to authenticate the plurality of teleworkers, establishing a virtual private network for displaying non-privileged data, providing biometric recognition for displaying privileged data to one or more of a plurality of teleworkers, providing real-time identity validation for the plurality of teleworkers, and facilitating interaction and providing telework capability between an information source and the one or more of the plurality of teleworkers. | 07-22-2010 |
| 20100186073 | Multi-media remote data access terminals and system - In a public internet access terminal, the combination comprising an access station, and computer apparatus at the station and including a user keyboard and data display means, and a user credit card reader at the station, and the computer apparatus including circuit means operatively connected to the card reader to be responsive to reading of user credit card data to enable user access to the internet via the computer apparatus at the access station. | 07-22-2010 |
| 20100186074 | Authentication Using Graphical Passwords - An authenticator may include graphical passwords. An authenticator may include a password image, which may include one or more clickable areas, and/or a key image, which may include click point data. An authenticator may include a mobile computing resource, a terminal computing resource and/or a challenger, which may be configured to communicate with each other. A mobile computing resource may be configured to receive and/or display a key image, such that click point data may be presented, determined, and/or input to a password image. A challenger may be configured to compare input click point data and a key image. | 07-22-2010 |
| 20100186075 | METHOD AND SYSTEM FOR ACCESSING DEVICES IN A SECURE MANNER - The present disclosure is concerned with a secure and trustable way of accessing devices in an embedded device environment with no network connectivity to outside service. This type of access to access-critical embedded devices by a user or service technician is controlled by way of a mobile memory or access-ticket storage i.e., such as a physical token. The token can, for example, be a smartcard or USB stick with appropriate memory for storing a user credential(s) or user identification such as a password or fingerprint. In an exemplary embodiment, a user can acquire an electronic access ticket with a suitable expiration period from a centralized ticket or access authorization server before travelling to the access-critical device, or to a location communicatively connected to the latter. The access ticket can contain access rights of the user with respect to one or several access-critical devices, and can be stored on the mobile memory. The access rights can be evaluated by the access-critical devices upon authentication of the identity of the user, based on the user credential(s), by an authenticating device to which the mobile memory can be coupled. | 07-22-2010 |
| 20100192209 | PASSIVE SECURITY ENFORCEMENT - Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels. | 07-29-2010 |
| 20100192210 | METHOD AND SYSTEM FOR VERIFYING ENTITLEMENT TO ACCESS CONTENT BY URL VALIDATION - Aspects include a mechanism of entitling users to transacted-for digital content access, indicating download authorization with discrete authentication URLs, and validating download attempts using each such URL. The authentication mechanism comprises producing an encrypted string included in a URL provided to a user. The encrypted string comprises transaction identifier information, and information about the transacted-for entitlement. When a user wishes to exercise the transacted-for entitlement, the user activates the URL, which is resolved to a location that has/can obtain access to the key(s) used in producing the encrypted string, decrypt the string, and use the information in it to validate the URL and the entitlement. The validation can use data retrieved from a database, using the transaction identifier as a key. The entitlement information included in the now-decrypted string can be compared with the prior download information. A byte range of requested by a browser using the URL can be used in validation, as well as how a particular authorization/validation should count for entitlement fulfillment. | 07-29-2010 |
| 20100192211 | Revocable Object Access - Techniques are described to provide revocable object access. In an implementation, a user may provide content and an object (e.g., a picture) to be published with the content. The object is uploaded to a storage location, and a uniform resource locator (URL) that includes a token is generated for the object. The token is registered in an access control list (ACL), and token permission settings in the ACL are utilized to control access to the object. The URL may be embedded in the content. When a viewer requests the content, the object may be retrieved from the storage location using the URL. The user may revoke access to the object by changing the token permission settings in the ACL. | 07-29-2010 |
| 20100192212 | Automated device provisioning and activation - Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a communications device stores a set of device credentials for activating the communications device for a service on a network; and sends an access request to the network, the access request including the set of device credentials. | 07-29-2010 |
| 20100192213 | SYSTEM AND METHOD FOR DYNAMIC BANDWIDTH PROVISIONING - Embodiments disclosed herein provide a control device and a method executing thereon for allocating network bandwidth to users accessing a controlled network. In response to a user connecting to the control device using a user device, the control device obtains a user bandwidth allocation profile for that user based on user credentials. The user bandwidth allocation profile may be stored local or remote to the control device. A provisioning module running on the control device can map attributes in the user bandwidth allocation profile to a traffic control rule and associate the traffic control rule with the user based on the user credentials and considering information identifying the user device used by the user to connect to the control device. A traffic conditioning module running on the control device can regulate the network bandwidth usage by the user utilizing the traffic control rule associated with the user. | 07-29-2010 |
| 20100199338 | ACCOUNT HIJACKING COUNTER-MEASURES - A method for providing an additional layer of authentication prior to accessing a user's account even though the user's credentials have previously been verified. User accounts are often accessed via a sign-in page that verifies the user's credentials. Upon detecting a device accessing the sign-in page, an identifier associated with the device is obtained. One such type of identifier is the IP address assigned to the device. Based on the identifier, it is determined whether the device is trusted or not. Even thought the user's credentials are verified via the sign-in page, if the device is not trusted, a second authentication page is presented to the user prior to proceeding to the account. The second authentication page presents at least one security question. The security question is based on information contained in the user's account (e.g., contact information, event information, electronic messages, etc.). The user is required to correctly answer the security question in order to access the account. | 08-05-2010 |
| 20100199339 | MOBILE TERMINAL DEVICE, WIRELESS COMMUNICATION UNIT, WIRELESS COMMUNICATION SYSTEM, AND WIRELESS COMMUNICATION METHOD - A mobile terminal device, a wireless communication unit, a wireless communication system, and a wireless communication method by which 1:N communication can be realized at low power consumption and a CH occupation time can be shortened. After each terminal transmits an authorization request, it performs a carrier sense with the pattern corresponding to the transmission timing and waits for authorization response from a key unit ( | 08-05-2010 |
| 20100205662 | SYSTEM AND METHOD TO SUPPORT IDENTITY THEFT PROTECTION AS PART OF A DISTRIBUTED SERVICE ORIENTED ECOSYSTEM - A system and method to support identity theft protection and, in particular, to a system and method for supporting identity theft protection as part of a distributed service oriented ecosystem in information management systems (IMS) and non-IMS networks. The system includes an identity session initiation protocol (SIP) application server configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP enabled device to attach to a telecommunications service provider network. A user may accept or reject an authorization request using the SIP enabled device or non-SIP enabled device. | 08-12-2010 |
| 20100205663 | SYSTEMS AND METHODS FOR CONSUMER-GENERATED MEDIA REPUTATION MANAGEMENT - TruCast is a method for management, by way of gathering, storing, analyzing, tracking, sorting, determining the relevance of, visualizing, and responding to all available consumer generated media. Some examples of consumer generated media include web logs or “blogs”, mobile phone blogs or “mo-blogs”, forums, electronic discussion messages, Usenet, message boards, BBS emulating services, product review and discussion web sites, online retail sites that support customer comments, social networks, media repositories, and digital libraries. Any web hosted system for the persistent public storage of human commentary is a potential target for this method. The system is comprised of a coordinated software and hardware system designed to perform management, collection, storage, analysis, workflow, visualization, and response tasks upon this media. This system permits a unified interface to manage, target, and accelerate interactions within this space, facilitating public relations, marketing, advertising, consumer outreach, political debate, and other modes of directed discourse. | 08-12-2010 |
| 20100205664 | Management of Organizational Boundaries in Unified Communications Systems - In general, this disclosure describes techniques of controlling communications occurring in a unified communications system. As described herein, a directory is established at a server system that hosts the unified communications system. The directory includes a plurality of hierarchically-organized categories. Each category specifies a set of users. One or more conferences may be associated with each of the categories. All communications occurring in the unified communications system occur within the context of one of the conferences. A user can only communicate within a conference if the conference is associated with the category that specifies a set of users that includes the user. By appropriately structuring the categories in the directory and the sets of users specified by the categories, the techniques of this disclosure may serve to prevent a user from using the unified communications system to communicate with certain other individuals. | 08-12-2010 |
| 20100212001 | SYSTEM AND METHOD FOR USER LOGIN TO A MULTIMEDIA SYSTEM USING A REMOTE CONTROL - Embodiments include systems and methods for user login to a multimedia system. In one embodiment, a method of logging in one or more user profiles on a multimedia system includes associating one or more actuation sequences of one or more buttons on a remote control device each with a user profile, each user profile having one or more characteristics for outputting multimedia content, the characteristics affecting multimedia content provided by a multimedia system to personalize the user's multimedia experience, communicating a first signal corresponding to one of the one or more actuation sequences from the remote control device to a multimedia system to identify a first user profile for login, logging in the first user profile as an active user profile on the multimedia system based on the first signal, and controlling multimedia content provided to an output system of the multimedia system based on the active user profile. | 08-19-2010 |
| 20100212002 | CONSTRAINING A LOGIN TO A SUBSET OF ACCESS RIGHTS - This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead. | 08-19-2010 |
| 20100218243 | METHODS AND SYSTEMS FOR SECURE GATE FILE DEPLOYMENT ASSOCIATED WITH PROVISIONING - A software provisioning server can be configured to communicate with a certificate authority to evaluate security credential requests received from one or more target machines prior to a software installation. The certificate authority can issue certificates to the one or more target machines and notify an administrator and the software provisioning server of the issued certificates. The software provisioning server can manage the software installation to the one or more target machines based on the issued certificates and other specifications. | 08-26-2010 |
| 20100218244 | GENERALIZED METHOD FOR AUTHENTICATING SUBSCRIBERS OF A SERVICE VIA A GRAPHICAL USER INTERFACE OR TELEPHONE USING THE SAME USER NAME AND PASSWORD - A method and system for authenticating a subscriber of a user using a graphical user interface or telephone using the same user name and password is provided. As a result, subscribers need to memorize only one user name and/or password, saving precious time and energy to the subscriber because of the low risk of forgetting the user name and/or password. In addition, with the advent of cross-category products such as web phones (Web user interface integrated in a telephone) and soft phone (software on a personal computer reproducing the function of a telephone), it can become confusing for subscribers to remember which passwords and user name to use for which device. Having one password and one user name to remember makes the situation simpler. | 08-26-2010 |
| 20100223663 | AUTHENTICATING SERVER DEVICE, TERMINAL DEVICE, AUTHENTICATING SYSTEM AND AUTHENTICATING METHOD - It is an object to identify, for example, a subject who generates a certain event in addition to certifying a time and/or a location of the event. A terminal device | 09-02-2010 |
| 20100229229 | METHOD, SYSTEM AND APPARATUS FOR INDIRECT ACCESS BY COMMUNICATION DEVICE - A system that allows indirect access of a network by TE, comprising TE device information; a personal network (PN) server; a master UE of a personal network; a TE of a personal network; and a UE B connected to a WAN which forwards data to and from TEs. Using the master UE the user sets configuration details which is the TE device information and stored at the PN Server. The TE device information contains data which is used to allow and control access of TE to the network, when the TE uses other UEs to access the network. When the TE tries to access the network through another UE B, the PN Server uses the TE device information to authenticate and control access of TE. UE B acts as a forwarding device in this sequence between TE and the PN server. | 09-09-2010 |
| 20100229230 | SYSTEM AND METHOD FOR SECURING COMPUTER SYSTEM AGAINST UNAUTHORIZED ACCESS - The present invention described secures a computer account against unauthorized access caused as a result of identity-theft, and insider-espionage using artificial intelligence and behavioral modeling methods. The present invention has the ability to detect intruders or impersonators by observing “suspicious” activity under a computer account. When it sees such suspicious behavior, it uses artificial intelligence to authenticate the suspect by interrogation. The present invention asks the suspect questions that only the legitimate computer account owner can verify correctly. If the suspect fails the interrogation, that proves that he/she is an impersonator and therefore further access to the computer account is denied immediately. On the other hand if the suspect passes, access to the computer account is restored. The present invention uses a Programmable Artificial Intelligence Engine (PAIE) to interact with computer users in human natural language. The PAIE can also be programmed to suit other applications where natural language interaction with humans is helpful. | 09-09-2010 |
| 20100229231 | LICENSE MANAGEMENT SYSTEM, LICENSE MANAGEMENT METHOD AND LICENSE MANAGEMENT PROGRAM - A license management system is connected to an authentication database holding information about license and user and manages a plurality of licenses. The system comprises a data receiving section, a data reading section and a license confirmation section. The data receiving section receives a user ID which is a code to identify a user. The data reading section reads out from the authentication database a user-type ID which is associated with the received user ID and is a code to identify the type of the user, and reads out from the authentication database a license ID which is associated with the user-type ID and is a code to identify the license. The license confirmation section confirms the content of a license which is associated with the read-out license ID and whether the license is correct on the basis of the confirmed content, and allows login by the user only when the license is correct. | 09-09-2010 |
| 20100235894 | Accessing Materials Via Voice and a Menu - A computer implemented method for accessing materials for a meeting may include receiving a call from a meeting participant by a system, wherein the meeting participant calls a prearranged teleconference number to participate in the meeting. The method may also include validating participation of the meeting participant in the meeting by the system. The method may further include providing access to an appropriate set of materials to the meeting participant based on a predetermined attribute associated with the meeting participant. | 09-16-2010 |
| 20100235895 | CAPTIVE NETWORK NEGOTIATION INTERFACE AND AUTOMATION - A method and apparatus of to negotiate access with a captive network is described. In an exemplary method, a mobile client detects, with a network interface, a network. The mobile client associates with the network, where associating allows the mobile client to communicate with the network. In addition, the mobile client probes the network by requesting a web page, where the web page is independent of the network. In response to the web page request, the mobile client receives a capture web page. The mobile client determines the type of authentication used for the network based on the received capture web page. | 09-16-2010 |
| 20100235896 | Instrument access control system - A system for centrally managing a set of network-connected laboratory instruments is disclosed. For example, the system includes a centralized database that includes information about the instruments in the system and about the authorized users of the system. In particular, the centralized database indicates which users are authorized to use each of the instruments in the system. The database may also include information about the operations that each user is authorized to perform using the instruments and information indicating whether tests performed by each instrument must be signed using one or more electronic signatures. The system may recognize a number of “roles,” each of which is associated with a particular set of rights, and may assign one or more roles to each user. Instruments and other elements of the system may access the centralized database over a network to enforce the user rights represented by the information in the database. | 09-16-2010 |
| 20100235897 | PASSWORD MANAGEMENT - A method for recording a password for providing access to secure resources in a computer network, including a user establishing a session via the computer network in which the user is in communication with a password authority via the session; the user identifying themselves to the password authority via the session and requesting a password via the session; the password authority sending a code to the user otherwise than via the session; the user receiving the code and providing the code to the password authority via the session; the user providing a proposed password value to the password authority via the session; the password authority receiving and checking the validity of the code provided by the user and, if the code entered is valid, recording the proposed password value entered by user; in which the code is only valid if provided via the session via which the password is requested. | 09-16-2010 |
| 20100235898 | INFORMATION PROCESSING SYSTEM AND PROCESSING METHOD THEREOF - When a plurality of information processing apparatuses having an authentication function executes a cooperative job, user authentication information is transmitted from a cooperative information source processing apparatus to a destination cooperative information processing apparatus that executes the cooperative job. It is determined whether or not a user account with authentication information that is the same as the transmitted authentication information exists in the destination cooperative information processing apparatus. The determined result is then notified to the cooperative information source processing apparatus. In this case, when the cooperative information source processing apparatus is notified that a user account with the same authentication information does not exist, the cooperative information source processing apparatus creates a user account based on the authentication information. Authentication is performed using the created user account, and the cooperative job is executed by the cooperative information source processing apparatus and the destination cooperative information processing apparatus. | 09-16-2010 |
| 20100242102 | Biometric credential verification framework - Use of a biometric identification device in a client computer system to subsequently access an authentication system includes receiving biometric sample data which is digitally signed and combining the data with a user ID and PIN. This package of data is then securely transmitted to a biometric matching server to validate the user and the biometric sample. Once validated, the biometric matching server return the data package plus a temporary certificate and a public/private key pair to the client computer. The client computer may then use this information to access an authentication system to subsequently gain access to a secure resource. | 09-23-2010 |
| 20100242103 | Identifying Hand-Over Targets - In general, a method performed on a portable access terminal operating in an active mode includes detecting a presence of a personal base station. An encoded identification message transmitted from the personal base station is received, and the encoded identification message includes a unique identifier associated with the personal base station. The encoded identification message is decoded to extract the unique identifier, and the unique identifier is transmitted to a source network entity. | 09-23-2010 |
| 20100251348 | GENERATION OF SELF-CERTIFIED IDENTITY FOR EFFICIENT ACCESS CONTROL LIST MANAGEMENT - In a first embodiment of the present invention, a method for registering a new device to a control point in a home network is provided, the method comprising: generating a first self-certified identification at the control point, the generation using a pseudo-random generated number and using an identification of the control point; and sending a secure message to the new device containing the first self-certified identification. | 09-30-2010 |
| 20100251349 | Mobile ESN for XM Radio Receivers - A system and method for enabling authorized satellite radio access allows users with multiple vehicles to move their radio subscription from one authorized vehicle to another without having to hold two separate subscriptions. In an embodiment of the invention, an XM receiver includes a portable media input, and the XM receiver is programmed to read for the presence of a USB device, SD card, or other peripheral media device containing an authorization code linked to the electronic serial numbers (ESNs) of the XM receivers in the user's vehicles. In addition to having an authorized and subscribed ESN, the XM receiver in each vehicle requires the presence of the portable media device for the receiver to play XM content. The portable media device can also be used to transfer the subscription to a home stereo system, computer, or aftermarket device to allow. | 09-30-2010 |
| 20100251350 | DISTRIBUTED CONTROL METHOD AND APPARATUS USING URL - Provided is a distributed control method of data by a client connected to a first server and a network and a distributed control apparatus. The distributed control method includes: registering at least one piece of characteristic information of the client in the first server; generating a uniform resource locator (URL) address in a URL format based on the registered at least one piece of characteristic information; and acquiring data stored on the second server, wherein the acquired data is mirrored from data stored on the first server by using the generated URL address. | 09-30-2010 |
| 20100251351 | INFORMATION AND COMMUNICATION SYSTEM, AN ORGANIZATION APPARATUS AND A USER APPARATUS - An information and communication system or the like which handles an attribute, at the same time enables the attribute not being made a public information, is efficient, and does not require a database should be provided. | 09-30-2010 |
| 20100263031 | COMMUNICATION DEVICE AND COMMUNICATION SYSTEM - A communication device enabling a user to perform authentication by simple action with the use of physical information and to perform communication via user's body. An authentication device ( | 10-14-2010 |
| 20100263032 | Web to IMS Registration and Authentication for an Unmanaged IP Client Device - Systems and methods are for registering and authenticating an unmanaged IP device to an IP multimedia subsystem (IMS). An exemplary method includes implementing a system from which an unmanaged IP device retrieves IMS credentials needed to register and authenticate to the IMS. The system is remote to the unmanaged IP device and is accessible to the unmanaged IP device through an IP access network. The method further includes permitting the unmanaged IP device to register and authenticate to the IMS with the IMS credentials received from the system. | 10-14-2010 |
| 20100263033 | METHOD FOR AUTHENTICATING A USER ACCESSING A REMOTE SERVER FROM A COMPUTER - The invention relates to a method for authenticating a user accessing a remote server from a computer. The method comprises connecting to the remote server from the computer; logging into the remote server using a user-specific identifier; authenticating the remote server in the computer; sending an unpredictable message from the remote server to the computer; establishing communication between the remote server and a terminal belonging to the user; authenticating the remote server in the terminal; authenticating the terminal in the remote server; inviting the user to enter the unpredictable message in the terminal; using the terminal to send the message entered by the user in the terminal to the remote server; and if the message entered by the user in the terminal matches the unpredictable message, authenticating the user in the remote server. | 10-14-2010 |
| 20100263034 | METHOD FOR AUTHORISING A COMMUNICATION WITH A PORTABLE ELECTRONIC DEVICE, SUCH AS ACCESS TO A MEMORY ZONE, CORRESPONDING ELECTRONIC DEVICE AND SYSTEM - The invention relates to a method for authorizing a communication with a portable electronic device, such as access to at least one memory area. The portable electronic device has a display for presenting an item of information visible to the outside and an interface for communication with the outside of the portable electronic device. The item of information is at least in part taken into account by the portable electronic device in order to authorize the communication. The method includes a step of optical reading of the item of information outside the portable electronic device. The method is distinguished in that it also includes a step of varying the item of information, the step of varying causing the item of information, termed the variable item of information, to vary at least in part. The invention also relates to the portable electronic device, and the system comprising the portable electronic device and an electronic communication or reading device. | 10-14-2010 |
| 20100263035 | METHOD AND SYSTEM FOR PROVIDING SECURE ACCESS TO PRIVATE NETWORKS - Improved approaches for providing secure access to resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to at least portions of a private network through a common access point. The solution provided by the invention is not only easily set up and managed, but also able to support many remote users in a cost-effective manner. | 10-14-2010 |
| 20100269164 | ONLINE SERVICE DATA MANAGEMENT - The claimed subject matter relates to an architecture that can facilitate automatic backup and versioning of online content. Appreciably, the architecture can relate to a network-accessible, online data archival service with a central backup data store for archiving online content published to disparate online services for clients of the archival service who are also clients of the disparate online service(s). The architecture can maintain rich content versioning, and can further provide additional services with respect to archived data such as restoration (to the original site, a disparate site, or a user device); synchronization between various online sites or between one or more sites and the backup data store; and conversion. The conversion can be employed in connection with backup, restore, or synch procedures and can apply to either a file format of the content or to a scope of the source of the content versus the scope of the destination. | 10-21-2010 |
| 20100269165 | INTERACTING WITH INTERNET SERVERS WITHOUT KEYBOARD - A system and method which may allow users to interact with Internet servers with graphical mouse movements. The invention is especially useful to enhance online transaction security. A user may use a mouse to draw a pattern and store the pattern as his password to an online account, and draw the pattern with a mouse to log in the online account. The password may include a drawing, one or more letters, one or more numbers, or one or more characters. | 10-21-2010 |
| 20100269166 | Method and Apparatus for Secure and Reliable Computing - In one embodiment, the invention is a method and apparatus for secure and reliable computing. One embodiment of an end-to-end security system for protecting a computing system includes a processor interface coupled to at least one of an application processor and an accelerator of the computing system, for receiving requests from the at least one of the application processor and the accelerator, a security processor integrating at least one embedded storage unit and connected to the processor interface with a tightly coupled memory unit for performing at least one of: authenticating, managing, monitoring, and processing the requests, and a data interface for communicating with a display, a network, and at least one embedded storage unit for securely holding at least one of data and programs used by the at least one of the application processor and the accelerator. | 10-21-2010 |
| 20100269167 | VIRTUAL MACHINE EXECUTION PROGRAM AND INFORMATION PROCESSING DEVICE - A program for causing an information processing device to execute a process is recorded on a computer-readable storage medium. The process includes: obtaining an identification of a logged-in account; referencing information that associates an identification of an account with a virtual machine to be permitted to make a communication; recognizing a first virtual machine corresponding to the obtained identification by using the referenced information; executing one or a plurality of virtual machines on the information processing device that is a physical machine; determining whether or not a second virtual machine from which data is transmitted toward a network is the first virtual machine; allowing the data to pass through and transmitting the data toward the network if the second virtual machine is determined to be the first virtual machine; and discarding the data if the second virtual machine is determined not to be the first virtual machine. | 10-21-2010 |
| 20100275252 | Software management apparatus and method, and user terminal controlled by the apparatus and management method for the same - A software management apparatus and method are disclosed. A software installation attempt made in one of multiple user terminals connected through a corporate network is detected, and a management operation is performed to permit software installation, to block the use of the user terminal, or to provide a popup notification according to the rights assigned to the user terminal. In addition, unlike existing approaches to prevention of unauthorized software installation that may not handle already installed software, the software management apparatus and method enable the system manager to handle and remove software that is already installed in a user terminal before installation of the apparatus and method. As a result, unauthorized installation of software in corporate computers can be effectively prevented. | 10-28-2010 |
| 20100281526 | Methods and Devices for Pattern-Based User Authentication - Methods, devices, and systems are presented that facilitate pattern-based user authentication. In a first embodiment, a user may request registration from an authentication server. The authentication server may provide at least one image to the user, wherein the image may comprise a matrix of cells. The user may choose a sequence of cells in the matrix as his or her secret, and may provide a userid and this secret to the authentication server. The authentication server may then validate and store the userid and/or secret. After this registration step, the user may request authentication from the authentication server. The authentication server may provide another image of a matrix of cells to the user. The user may then enter a sequence of symbols associated the sequence of cells that comprise his or her secret. The authentication server may compare the entered sequence of cells to the sequence of cells represented by the stored secret. If the two sequences match, then the user may be authenticated. | 11-04-2010 |
| 20100281527 | MONITORING NETWORK TRAFFIC BY USING A MONITOR DEVICE - A solution is provided for associating network traffic traversing on a networked environment according to a selected category item, such as a user name or other network entity identity-related information, by using a monitor device. The solution includes: obtaining user information from the directory service by obtaining at least one set of user object attributes from the directory service; identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a user ID and a network address from the authentication exchange packet; filtering or selecting packets traversing on the network environment that each have a network address equivalent to the extracted network address; and associating packets that were selected with user information having a name attribute equivalent to the extracted user ID. | 11-04-2010 |
| 20100281528 | METHODS AND SYSTEMS FOR GENERATING AND DELIVERING AN INTERACTIVE APPLICATION DELIVERY STORE - A system for updating and delivering an interactive application delivery store, where the system includes a client computer, a server and an application delivery store executing on the server, the client computer communicating with the server over a communicative connection. A user accesses the application delivery store using the client computer, and subscribes to an application not included in a user profile of the user using the application delivery store. In response to subscribing to the application, the application delivery store verifies user permissions of the user and determines whether the user is permitted to subscribe to the application. Upon determining the user can subscribe to the application, the application delivery store updates the user profile with the application and transmits a stub application to the client computer. The stub application represents the application subscribed to by the user in that the stub application includes a portion of the application. | 11-04-2010 |
| 20100281529 | SYSTEMS AND METHODS FOR PROVIDING CHANGE OF ADDRESS SERVICES OVER A NETWORK - This disclosure describes systems and methods for collecting and processing change of address data and providing change of address services to a customer using a computer network. The address data can include a physical address, an electronic address, or both. The systems and methods may also provide additional services to the customer to assist in changing addresses. | 11-04-2010 |
| 20100287605 | METHOD AND APPARATUS OF PROVIDING PERSONALIZED VIRTUAL ENVIRONMENT - An approach is provided for providing a personalized virtual environment for a visitor of a service community. A comparison is made of identification information of the visitor with contact entries of a plurality of registered users of a service community. Additionally, an identification is made of content of one or more of the plurality of registered users having a contact entry that matches the identification information of the visitor to provide a personalized virtual environment of the visitor in the service community. | 11-11-2010 |
| 20100287606 | METHOD AND SYSTEM FOR AUTHENTICATING A USER OF A MOBILE DEVICE - A method and system for authenticating a user of a mobile device is provided. A first message is received from a mobile device, the message including a mobile device identifier identifying said mobile device. An association between the mobile device identifier in the first message and a registered user is confirmed. A second message is generated and transmitted to the mobile device. The second message includes a user identifier identifying the registered user. A request for a service is received, the request including the user identifier. | 11-11-2010 |
| 20100287607 | Digital Content Distribution System and Method - A digital content distribution system and method is disclosed. The system includes a media server ( | 11-11-2010 |
| 20100299735 | Uniform Resource Locator Redirection - Uniform resource locator (URL) redirection techniques are described. In an implementation, a web browser is redirected from a URL that is blocked to a URL for a web page configured to request authorization to access the URL that is blocked. Selection is accepted of how to request authorization to access the URL that is blocked. | 11-25-2010 |
| 20100299736 | AUTOMATED SESSION ADMISSION - The present invention allows a first communication client, which is initiating a communication session, to include admission information in a session request used to establish the communication session in a regular call or conference scenario. The session request is intended to trigger a communication session between the first communication client and another communication client, which is associated with a telephony endpoint or a conferencing system having a communication client. The receiving communication client will use the admission information provided in the session request to determine whether the session is authorized. If authorized, the receiving communication client will either establish the communication session or allow the communication session to be established, as the situation dictates. | 11-25-2010 |
| 20100299737 | IMAGE FORMING APPARATUS, METHOD OF CONTROLLING THE APPARATUS, AND CONTROL PROGRAM STORED MEDIUM - An image forming apparatus communicates with an authenticating server having a storing unit which stores user information and first authentication information included in storage media in correspondence to each other. The image forming apparatus receives, from the authenticating server, the first authentication information which was made to correspond to user information input to the image forming apparatus, specifies the first authentication information which does not coincide with second authentication information obtained by reading a storage medium owned by the user and used for user authentication, and transmits a deleting request including the specified first authentication information to the authenticating server. The authenticating server transmits the first authentication information corresponding to the transmitted user information to the image forming apparatus, receives the deleting request including the first authentication information from the image forming apparatus, and deletes, from the storing unit, the first authentication information included in the received deleting request. | 11-25-2010 |
| 20100306834 | SYSTEMS AND METHODS FOR MANAGING SECURITY AND/OR PRIVACY SETTINGS - Systems and methods for managing security and/or privacy settings are described. In one embodiment, the method may include communicably coupling a first client to a second client. The method may further include propagating a portion of a plurality of security and/or privacy settings for the first client from the first client to the second client. The method may also include, upon receiving at the second client the portion of the plurality of security and/or privacy settings for the first client, incorporating the received portion of the plurality of security and/or privacy settings for the first client into a plurality of security and/or privacy settings for the second client. | 12-02-2010 |
| 20100306835 | COMMUNICATING SECURITY CREDENTIALS BETWEEN CICS REGIONS - Various embodiments include at least one of systems, methods, software, and data structures for communicating security credentials between CICS regions in a container of a Customer Information Control System (CICS) channel data structure. Some embodiments include receiving a dataset from a first CICS application executing within a first CICS region, the dataset received from the first CICS application for transmission to a second CICS application in a second CICS region. When the dataset includes a channel, populating a container of the channel with credential data to authenticate the dataset within the second CICS region and forwarding the dataset to a CICS transformer process of the first CICS region to transform and communicate the dataset to the second application in the second CICS region. | 12-02-2010 |
| 20100306836 | Control and Management of Electronic Messaging - A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine ifs desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee. | 12-02-2010 |
| 20100306837 | COMMUNICATION APPARATUS, MOBILE TERMINAL, COMMUNICATION SYSTEM, NON-CONTACT COMMUNICATION DEVICE, NETWORK CONNECTION METHOD, AND PROGRAM - A communication apparatus includes: a wireless communication unit connecting to a network via another apparatus by wireless communication; a settlement processing unit executing settlement processing of connection fees to the network by controlling a non-contact communication unit capable of reading out information stored in a non-contact communication device via non-contact communication, and writing information to the non-contact communication device via non-contact communication so as to update monetary information stored in the non-contact communication device; an authentication information recording unit controlling the non-contact communication unit to write authentication information, provided from the other apparatus when settlement processing by the settlement processing device is completed, to the non-contact communication device; and an authentication processing unit controlling the non-contact communication unit to read the authentication information from the non-contact communication device, and executing authentication processing as to the other apparatus using the authentication information, thereby establishing network connection by the wireless communication unit. | 12-02-2010 |
| 20100313252 | System, method and apparatus for creating and using a virtual layer within a web browsing environment - A system and a method for configuring a user-editable layer within a network are disclosed. The system includes a client computing system including a web browser. The web browser further includes a loaded webpage configured to obtain web content from a universal network server through a web address. The system further includes an application object model to collect objects from the client computing system and the universal network server. The system for configuring the user-editable layer within the network further includes a plug-in unit coupled to a layer definition server and an authenticating server for authenticating user credential information. The user-editable layer may include at least one of a virtual layer, an emulating layer, an upgradable layer and the like. | 12-09-2010 |
| 20100319059 | SIP DIGEST AUTHENTICATION HANDLE CREDENTIAL MANAGEMENT - Methods, devices, and systems for controlling access to a password protected resource are provided. More specifically, different communication profiles can be mapped to a single user and that user can utilize a single password to gain access to the password protected resource using any one of his/her communication profiles. Each communication profile may have a unique authentication value associated therewith, but each unique authentication value may be determined based on the single password, thereby eliminating the need for a user to remember multiple passwords for each of his/her communication profiles. | 12-16-2010 |
| 20100319060 | PROCESS AND SYSTEM FOR COMPREHENSIVE IT DISCOVERY WITHOUT CREDENTIALS - A method and system for discovering dependencies, configurations and utilizations among IT resources are disclosed. A discovery team writes a prediscovery script without requesting credentials and sends it to a system administrator (SA) who already has necessary credentials to execute the prediscovery script. Then, the SA reviews the prediscovery script and executes the prediscovery script on a target server. While or after executing the prediscovery script, the target server generates a result of an execution of the prediscovery script and provides the result to an analysis system. The analysis system analyzes and parses the result and generates a user-friendly data (e.g., graph or spreadsheet) that represents the result. Then, the analysis system provides the user-friendly data to the discovery team. The analysis system does not require credentials and does not directly communicate with the target server except receiving the result of the executed prediscovery script from the target server. | 12-16-2010 |
| 20100319061 | PERSONAL INFORMATION MANAGING DEVICE, SERVICE PROVIDING DEVICE, PROGRAM, PERSONAL INFORMATION MANAGING METHOD, CHECKING METHOD AND PERSONAL INFORMATION CHECKING SYSTEM FOR FALSIFICATION PREVENTION OF PERSONAL INFORMATION AND NON REPUDIATION OF PERSONAL INFORMATION CIRCULATION - A personal information managing device issues a personal information registration certificate corresponding to personal information one to one and sends the issued personal information registration certificate to a service providing device through a user terminal. The user terminal checks the personal information registration certificate, so that the user terminal confirms that the personal information managing device has not falsified the personal information. Further, when personal information is transmitted/received, the user terminal and the service providing device check the relationship between the personal information registration certificate and the personal information, so that the service providing device confirms that the personal information managing device has not falsified personal information. Moreover, when sending personal information, the personal information managing device attaches its signature, so that the personal information managing device confirms that the service providing device has not falsified the personal information. | 12-16-2010 |
| 20100319062 | INVITATION SERVICE FOR MULTI-DEVICE APPLICATION SESSIONS - A multi-device invitation system and method are provided herein. | 12-16-2010 |
| 20100325709 | Method to store and distribute digital entertainment media data on a portable non-volatile solid-state storage device with a customer pre-selected security indentifier and content management system - A new method for storing and distributing Digital Entertainment Media Data like movies, (or indeed, other media content such as games, software, electronic books, audio books, documents, educational material and other formats of binary or source code), on a portable non-volatile solid-state storage device in a permanent or non-permanent state. | 12-23-2010 |
| 20100325710 | Network Access Protection - A system or method for network access protection executes steps for receiving, at a server, an access request for access to at least one network resource from a client machine, the access request including account authentication information comprising an account identifier and password, obtaining a client machine identifier from the client machine in response to receiving the request for access, and controlling access to the network resource in response to the access request by authorizing access to the network resource for the access request if the client machine identifier matches a registered machine identifier that is registered for use with the account authentication information and the account authentication information matches registered information for a valid account, but denying access to the network resource if the client machine identifier does not match a registered client machine identifier that is registered for use with the account authentication information. | 12-23-2010 |
| 20100325711 | System and Method for Content Delivery - A system for content delivery operates as a static network device for delivering content to a mobile node. The system includes a transceiver adapted to receive a device identifier over a public network from the mobile node, the device identifier based on a combination of user-configurable and non-user-configurable parameters of the mobile node, a processor operatively coupled to the transceiver and to memory storing executable code. Executed, the code enables the processor to access a database of authorized device identifiers corresponding to known mobile nodes, establish, in response to the received device identifier matching one of the authorized device identifiers, a secure private network (SPN) with the mobile node, the established SPN tunneling across a segment of the public network, obtain the content for the mobile node, and send the content to the mobile node via the SPN. | 12-23-2010 |
| 20100325712 | INFORMATION PROCESSING APPARATUS, SECURITY METHOD, AND STORAGE MEDIUM STORING SECURITY PROGRAM - An information processing apparatus includes a key information table memory for storing, in a key information table, key information including first identification information identifying a first nearby device communicating with the information processing apparatus, a communication unit for communicating with a second nearby device present at a location where the second nearby device is communicable with the information processing apparatus, a nearby device information retrieval unit for retrieving nearby device information including second identification information identifying the second nearby device, a movement halt detector for detecting a movement status of the information processing apparatus, a functional limitation determiner for determining, based on the key information, the nearby device information, and/or the movement status, whether to limit execution of a process of a function of the information processing apparatus and a functional limitation executer for controlling the execution of the process based on the determination results. | 12-23-2010 |
| 20100325713 | MOBILE TERMINAL, DATA COMMUNICATION METHOD, AND COMPUTER PROGRAM - A mobile terminal includes a near-field communication device capable of performing near-field wireless communication with an external device, and a controller configured to instruct the external device or the near-field communication device to execute a command. The near-field communication device has a storage unit, a first mutual authentication unit for authenticating the controller and for requesting the controller to authenticate the near-field communication device, a first communication key setting unit for setting a first communication key, a second mutual authentication unit for authenticating the external device and for requesting the external device to authenticate the near-field communication device, and a second communication key setting unit for setting a second communication key. The controller and the near-field communication device perform secure communication using the first communication key, and the near-field communication device and the external device perform secure communication using the second communication key. | 12-23-2010 |
| 20110004926 | Automatically Handling Proxy Server and Web Server Authentication - A mechanism is provided for automatically handling server authentication. Responsive to receiving a response to a synthetic transaction from a server, a determination is made as to whether the response contains an authentication challenge. If the response contains the authentication challenge, the response is parsed to identify one or more attributes associated with the authentication challenge. A determination is made as to whether one or more attributes associated with each realm in a set of realms stored in a realm list matches the one or more attributes associated with the authentication challenge. If there is a match, an authentication response to the authentication challenge is generated for the matched realm. The authentication response is then sent automatically to the server in order to authenticate the synthetic transaction. | 01-06-2011 |
| 20110004927 | SYSTEM, METHOD AND PROGRAM PRODUCT FOR MEMBERSHIP BASED INFORMATION/FUNCTIONS ACCESS OVER A NETWORK - A system, method and computer program product for membership based access over a network includes an external electronic community having a plurality of registered members. The external electronic community maintains a database of identities of the plurality of registered members. An electronic community has established at least one private area for registered members of the external electronic community and a connection with the external electronic community. Registered users of the electronic community request information access to the private area by supplying at least one unique identifier associated with a membership for membership verification and storage of the membership verification. The electronic community uses the connection to verify the unique identifier with the external electronic community. The registered users log into the electronic community. The electronic community uses information obtained during the logging to stored membership verification to enable information access to the private area. | 01-06-2011 |
| 20110004928 | PASSWORD INPUT SYSTEM USING ALPHANUMERIC MATRICES AND PASSWORD INPUT METHOD USING THE SAME - The present invention relates to a password input algorithm, more particularly to a password input system and method using alphanumeric matrices. An aspect of the invention can provide a password input system and method using alphanumeric matrices that can defend against keylogging attacks and shoulder surfing attacks by including a movable second alphanumeric matrix and a fixed first alphanumeric matrix and enabling a user to input a password by moving the password letters of the second alphanumeric matrix to the user-defined value of the first alphanumeric matrix. Another aspect of the invention can provide a password input system and method using alphanumeric matrices that can defend against shoulder surfing attacks by enabling a user to input a password by dividing the password by every two digits and moving the cross-points for the two digits, respectively, to the user-defined value of the first alphanumeric matrix. | 01-06-2011 |
| 20110010764 | ONE-PASS AUTHENTICATION MECHANISM AND SYSTEM FOR HETEROGENEOUS NETWORKS - A one-pass authentication mechanism and system for heterogeneous networks are provided. The mechanism comprises authenticating a user based on an authentication key and an authentication algorithm in response to a request of the user to register a first network, wherein the authentication key and the authentication algorithm are associated with a first user identity for the first network and a second user identity for a second network; and if the authentication is successful, then comparing the first user identity retrieved from an authentication database through the second user identity provided by the user to the first user identity provided by the user in the authentication, in response to a request of the user to register the second network, and setting up security associations between the user and the second network if the retrieved first user identity matches the first user identity provided by the user. | 01-13-2011 |
| 20110016516 | Management of an instant message session - Maintaining an Instant Message (IM) session includes sending a login request to a first login server from a client; establishing the IM session and transferring Instant Messages between the client and the first login server; detecting an interruption in the transfer of the Instant Messages; obtaining an address of a second login server from a login allocation server; sending a reconnection request from the client to the second login server; and in the event that the reconnection request is accepted by the second login server, exchanging Instant Messages between the client and the second login server. | 01-20-2011 |
| 20110016517 | INFORMATION PROCESSING METHOD AND INFORMATION PROCESSING SYSTEM - A first server in a system includes confirmation requesting unit | 01-20-2011 |
| 20110023101 | SINGLE LOGIN PROCEDURE FOR ACCESSING SOCIAL NETWORK INFORMATION ACROSS MULTIPLE EXTERNAL SYSTEMS - A social networking system contains information describing users of the social network and various connections among the users. A user can access multiple external systems that communicate with the social networking system to access information about the users of the social networking system. Login status of the user account on the social networking system is maintained. If the login status of the user account on the social networking system indicates that the user is not logged in, the user is required to provide authentication information. If the login status of the user account indicates that the user is logged in, social network information is provided to the user via an external system, subject to the privacy settings of users of the social networking system. If the user logs out from an external system, the user is also logged out from the social networking system. | 01-27-2011 |
| 20110023102 | Image forming apparatus, image processing apparatus and image delivery system - An image forming apparatus connected to plural authentication servers includes an acquiring unit configured to acquire user identifying information identifying a user and a password; a selecting unit configured to select server identifying information identifying two or more of the plural authentication servers; an authentication process unit configured to transmit the user identifying information and the password to the two or more authentication servers, identified by the selected server identifying information, and acquire an authentication result from the two or more authentication servers. The authentication process unit determines that authentication is successful upon reception of the authentication result indicating successful authentication by at least one of the two or more authentication servers. The image forming apparatus further includes a process unit configured to process image data upon determination of successful authentication by the authentication process unit. | 01-27-2011 |
| 20110030042 | LDAPI COMMUNICATION ACROSS OS INSTANCES - Methods and apparatus for connecting a client on a first operating system to a server on a second operating system using LDAPI communication includes establishing privacy between the first and second operating systems, identifying the client to the server, identifying the server to the client to establish a trust by the client of the server, and sending LDAPI messages between the client and the server. | 02-03-2011 |
| 20110030043 | DEVOLVED AUTHENTICATION - A method of authenticating a user to a service provider by means of an authentication provision unit, the method comprising: in a first stage of the method: receiving credentials from a user; determining whether the credentials received from the user represent a valid logon; and if that determination is positive: generating at least one network address comprising a domain address and at least one instance parameter, the instance parameter uniquely identifying the user and the instance of generation of the network address; and providing the network address to the user; and in a second stage of the method: receiving a parameter from a service provider; determining whether the received parameter indicates a valid attempt to log on to the service provider by checking that the received parameter matches an instance parameter that has previously been issued to a user and that has not previously been received from a service provider; and if that determination is positive: signalling to the service provider over a secure channel a message indicating that the received parameter represents a valid logon attempt, the message including credentials of the user to whom the instance parameter that matches the received parameter had been issued. | 02-03-2011 |
| 20110041168 | SYSTEMS AND METHODS FOR TARGETING ONLINE ADVERTISEMENTS USING DATA DERIVED FROM SOCIAL NETWORKS - Systems and methods for targeting online advertisements using data derived from social networks are provided. In accordance with some embodiments, the method comprises: presenting a user at a user computer with a publicly accessible website that includes user-generated social networking content over the Internet, wherein the user is authorized to access features and the user-generated social networking content associated with the publicly accessible website upon inputting user information; in response to receiving user information from the user, displaying a webpage associated with the user; displaying at least one advertisement on the webpage, wherein the at least one advertisement embeds an object in the user computer and wherein the object is used to obtain a unique identifier associated with the user; using the object to construct a micronetwork of the members associated with the user, wherein the object obtains the unique identifier from each member that visits the webpage and the unique identifier from each member that establishes a relationship with the user; using the object to monitor information relating to the user, wherein the information includes actions executed by the user; retargeting advertisements for transmission to the user and the micronetwork based on information monitored by the object; and transmitting at least one retargeted advertisement to the user and the micronetwork associated with the user, wherein the at least one retargeted advertisement is transmitted using the unique identifier associated with the user and the unique identifier associated with each member of the micronetwork. | 02-17-2011 |
| 20110041169 | LIVE ACTION ICONS FOR THE INTERNET - Liver action icons for the Internet which allow “functionality” and “actions” to occur wherever the user might intuitively think there is an “action” to be had or done. It may enable users to interact with various websites with a set of live action icons, each of which may be used to perform a certain function. One of the live action icons may be used to display the login interface of a website. Another live action icon may be used for online shopping. The live action icons may speed up the interaction between users and websites, saving users time for looking up a function button on a webpage or repeatedly inputting user information. | 02-17-2011 |
| 20110041170 | METHODS AND SYSTEMS FOR USER AUTHENTICATION - According to some embodiments, a registration request is received from a user, the user providing information identifying an account. A transaction database is queried using the information identifying an account, and a set of transactions conducted using the account are identified, each of the transactions having at least one transaction detail field. The set of transactions is presented to said user with at least one of the transaction detail fields being redacted. The user is prompted to provide the at least one of the redacted transaction detail fields, and a determination is made whether to authenticate the user based on a response of the user. | 02-17-2011 |
| 20110041171 | TECHNIQUES FOR VIRTUAL REPRESENTATIONAL STATE TRANSFER (REST) INTERFACES - Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network. | 02-17-2011 |
| 20110041172 | System and method for enhanced protection and control over the use of identity - A method of protecting use of an entity's identity is provided. The method comprises setting a status of the identity to a first state, the first state defining a scope of permitted use of the identity, changing, in advance of an intended use of the identity, the status to a second state defining a scope of permitted use of the identity that is different from the first state, requesting use of the identity after the changing; and returning, after the requesting, the state back to the first state. | 02-17-2011 |
| 20110041173 | METHOD AND APPARATUS FOR EXPERT VERIFICATION - In exemplary embodiments, an apparatus and method for verifying experts on a consultation system is provided. Identity and credential information is received at a web server from a potential expert. A selection of a category that the potential expert wants to be admitted is also received. The identity information and at least a portion of the credential information may be verified. The potential expert is accepted as an expert based in part on a result of the verifying of the identity and credential information. Once accepted, an account associated with the potential expert is activated to allow the potential expert to become an expert and to allow the expert to provide answers on the consultation system when the potential expert is accepted. | 02-17-2011 |
| 20110041174 | CONTENT DISPLAY DEVICE - A content display device includes a content setting storage means | 02-17-2011 |
| 20110047605 | System And Method For Authenticating A User To A Computer System - A system and method for verifying the identity of a user to a secure website. The user provides a server associated with the secure website with an account identifier, a biometric authentication element comprising a voice print and secret pass phrase, and contact information for a user communication device during the enrollment process. Upon subsequent attempts to access the secure website the user is prompted to provide an account identifier. Upon receipt of the account identifier, the server transmits a request for voice print and pass phrase samples to the user's communication device. The server receives the samples, compares them to the user's stored voice print and pass phrase and authenticates the user to the secure website if the sample voice print and sample pass phrase match the stored voice print and pass phrase sample. The server request may comprise a sponsored message. Additionally, the server may request the user speak a pass phrase comprising an advertiser's slogan, product name, or company name. | 02-24-2011 |
| 20110047606 | Method And System For Storing And Using A Plurality Of Passwords - A system and method for managing a plurality of a user's authentication elements. In a preferred embodiment a user initiates a webpage browser session at a user website access device and activates a password manager program. The user's identity is authenticated to an authentication server and allowed to access a secure database comprising a plurality of website authentication elements. Thereafter, the user accesses a first secure website and the program determines the presence of a user authentication data field. When a user authentication data field is present the program instructs the authentication server to automatically transmit at least one of the authentication elements specific to the authentication data field of the first secure website to authenticate the user to the first website. | 02-24-2011 |
| 20110047607 | User verification using voice based password - Verifying a user includes: receiving a service request; generating a text based first dynamic password upon receiving the service request; converting the first dynamic password into sound information; transmitting the sound information to a user terminal over a communication network; receiving over the Internet a second dynamic password entered by the user based on the sound information, the second dynamic password being a text based password; comparing the first and second dynamic passwords for consistency; and indicating that verification is successful if the first and the second dynamic passwords are consistent. | 02-24-2011 |
| 20110047608 | DYNAMIC USER AUTHENTICATION FOR ACCESS TO ONLINE SERVICES - A dynamic authentication system that makes authentication stronger, while reducing the cost to business and the burden to users. The system includes a service that provides centralized, non-federated, proxied authentication. The system uses a two-pass authentication process that first receives a supposed identity of the user and then determines one or more authentication criteria for proving that supposed identity. When the user attempts to use an online service that relies on the dynamic authentication system for authentication, the service requests the user's identity. The system dynamically determines authentication criteria for the user to prove the provided identity belongs to the user. In the second pass, the service receives a response from the user containing additional authentication information, and forwards the received response to the system for verification. If verification succeeds, the service allows the user to access the requested resources. | 02-24-2011 |
| 20110047609 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, MOBILE COMMUNICATION DEVICE, AND METHOD FOR MANAGING USER INFORMATION USED FOR THEM - An information processing system is provided that guarantees personal authentication only while a mobile communication device is connected to allow user information, stored in the mobile communication device, to be used while using a PC on which a guest account is used. In the information processing system, the mobile communication device is used as art authentication key when a user logs into an information processing device, and information on a personal setting environment stored in the information processing device and information on application software used in the information processing device are acquired and saved into the mobile communication device, which is used as the authentication key, as personal account information. | 02-24-2011 |
| 20110055911 | BUSINESS VALIDATION BASED SOCIAL WEBSITE ACCOUNT AUTHENTICATION - Methods of the present inventions allow for verifying the authenticity of social website accounts. An example embodiment of a business validation based social website account authentication method may comprise the steps of receiving a request (that may include a business name and a business email address) to verify the authenticity of a social website account, validating the business name and business email address, and determining whether the domain name is registered to and under control of the business. If the business name and business email address are both validated, and the domain name is registered to and under control of the business, the social website account's authenticity may be certified. | 03-03-2011 |
| 20110061096 | CONTROLLING ACCESS TO DIGITAL CONTENT - Method for utilizing digital content is provided. The method includes controlling a throughput rate for utilizing the digital content by an accessing system, where the throughput rate is associated with information related to the digital content and is stored as a file. The throughput rate is controlled by a storage system that is operationally coupled to the accessing system. | 03-10-2011 |
| 20110061097 | METHOD AND SYSTEM FOR MANAGING ACCESS TO PROTECTED COMPUTER RESOURCES PROVIDED VIA AN INTERNET PROTOCOL NETWORK - A method and system for controlling access, by an authentication server, to protected computer resources provided via an Internet Protocol network that includes storing (i) a digital identification associated with at least one client computer device, and (ii) data associated with the protected computer resources in at least one database associated with the authentication server; authenticating, by the authentication server, the digital identification forwarded by at least one access server; authorizing, by the authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device, based on the stored data associated with the requested protected computer resources; and permitting access, by the authentication server, to the at least the portion of the protected computer resources upon successfully authenticating the digital identification and upon successfully authorizing the at least once client computer device. | 03-10-2011 |
| 20110067093 | USAGE PERIOD MANAGEMENT SYSTEM FOR APPLICATIONS - A method of managing downloading contents in a network system including a terminal device, a management server and a downloading site includes three phases of procedures. In a first phase procedure, the management server receives a request for downloading contents from the terminal device and performs a predetermined registration operation. In a second phase procedure, the management server transmits attribution data corresponding to the contents to be downloaded by the terminal device, the attribution data including information of the downloading site. In a third phase procedure, the terminal device accessed the downloading site in accordance with the information included in the attribution data and downloads the contents. | 03-17-2011 |
| 20110067094 | Methods and Systems for Authentication - Disclosed are systems and methods of authenticating a user on a network, including, based on identity information received from the user, accessing at least one data source to retrieve data associated with the user, comparing the retrieved data against a listing of possible questions associated with the retrieved data to determine associations between the retrieved data and the listing of possible questions, based on a ranking of the listing of possible questions, formulating at least one question set using questions within the listing of possible questions for which retrieved data is available, where each of the at least one question set includes at least two different questions, causing at least some of the questions from the at least one question set to be presented to the user, and, based on responses to the questions from the user, determining whether the user is authenticated. | 03-17-2011 |
| 20110072500 | Client Identification System Using Video Conferencing Technology - A system and process for identifying a client, comprising a client device having a video camera and a voice transmitting and receiving device capable of transmitting a client's image and voice via a communication carrier system and a communications network to a user terminal, whereby the user terminal permits an authentication of the client's image and voice in real time. Another aspect of the present invention includes a method of identifying a fraudster, comprising the steps of using a client device having a video camera and voice transmitting and receiving device to initiate an authentication of a client's identity, transmitting the fraudster's image and voice over a communication carrier system and a communications network to a user terminal, comparing the fraudster's image and voice to client data, and storing the fraudster data. | 03-24-2011 |
| 20110078778 | MULTI-VARIABLE CHALLENGE AND RESPONSE FOR CONTENT SECURITY - Embodiments of the present invention provide a method, system and computer program product for multi-variable challenge-response. In an embodiment of the invention, a method for multi-variable challenge-response can include receiving a request to access content from an end user computing device from over a computer communications network. The method also can include selecting different objects for inclusion in an object set and applying a different characteristic to each of the different objects in the object set. A question and answer can be generated based upon each of the different characteristics. Further, a challenge-response prompt can be transmitted to the end user computing device such that the prompt includes the different objects with different characteristics applied, and also the generated question. A response to the challenge-response prompt can be received and compared the response to the computed answer. Finally, access to the content can be granted if the response and computed answer match, but otherwise access to the content can be denied. | 03-31-2011 |
| 20110083173 | Secure Transaction Systems and Methods - A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data, which is received from the user. The web browser plug-in then communicates a transaction confirmation to the server. | 04-07-2011 |
| 20110088085 | PROTECTING PASSWORD FROM ATTACK - A password may be provided along with a validation code, which can help prevent the password from being sent to the wrong recipient. When a password is created, a validation code may be created based on (a) the password, and (b) the identity of the target of authentication (TA) to which the password is intended to be sent. When a user is requested to provide a password, validation component intercepts the request and asks the user to enter both the password and validation code. The validation component then re-calculates the validation code based on the entered password and on the TA that is requesting the password. If the re-calculated validation code matches the validation code entered by the user, then the password is released to the user agent that the user uses to communicate with the TA, and the user agent sends the password to the requesting TA. | 04-14-2011 |
| 20110088086 | LOCKING AND UNLOCKING OF AN ELECTRONIC DEVICE USING A SLOPED LOCK TRACK - Systems, apparatuses, and methods that can facilitate securing an electronic device and associated information are presented. A security component facilitates display and operation of a lock track comprising a locked portion having a positive slope and an unlocked portion, including a chasm, that is adjacent to a high point of the positive-sloped unlocked portion of the lock track. A lock facilitator component (LFC) can be moved along the track between a low point of the locked portion and the unlocked portion. The LFC can be moved in response to received input, and if the input is not sufficient to move the LFC from the locked region to the unlocked region, the LFC can be moved back down the positive-sloped lock track to the low point. The security component can control information to be displayed in an overlay display region in accordance with security level(s) of the device or application. | 04-14-2011 |
| 20110088087 | METHOD FOR AUTHENTICATION - A method for authentication of a first party, A, to a second party, B, by a trusted third party, C, is disclosed. A is registered at C, and the method comprises the steps of receiving a identification data of A from A; determining, based on the identification data, if A has the right to request a random private key, RPK; and generating a temporary RPK. Further, C combines the RPK and a random open key, ROK, to form a single use temporary master authentication code; transmits the RPK to A; and, upon receipt of the RPK and the ROK from B, determines if the received RPK and ROK matches a valid single use temporary master authentication code; and authenticates, in case of match, A to B. The first party, A, may be any handheld device, such as a mobile phone, or a PDA, or a stationary device, such as a stationary computer or an ATM. The communication between the parties may be wired or wireless. A corresponding system is also disclosed. | 04-14-2011 |
| 20110093938 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION - An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device | 04-21-2011 |
| 20110093939 | RESOURCE ACCESS BASED ON MULTIPLE CREDENTIALS - A collection of multiple user credentials each associated with one of multiple different users is obtained at a device, and one or more of the multiple user credentials are verified. The collection of multiple user credentials is also compared to a threshold combination of user credentials to be satisfied to access the resource, and a determination is made, based on the comparing and the verifying, as to whether access to the resource is permitted. An indication of whether access to the resource by a requesting user is permitted is returned or provided to another device. | 04-21-2011 |
| 20110093940 | SYSTEM AND METHOD FOR PROVISIONING UNIVERSAL STATELESS DIGITAL AND COMPUTING SERVICES - A service provisioning system and method for providing remote access to digital services over a communications network, comprising a plurality of client devices connected to the communications network for requesting digital services from a plurality of service centers and presenting output from the digital services. The network operation center connected to the communications network authenticates client devices and users, manages sessions, and processes requests for digital services. A connector associated with each service center establishes a session with a client device specified by the network operation center and encapsulates the native protocols of the digital services within a remote interactive protocol. The remote interactive protocol includes information for generating a human-perceptible presentation on the client device, to provide a remote access to the digital services without modifying the hardware and software infrastructure of the service centers. | 04-21-2011 |
| 20110093941 | PRE-CONFIGURATION OF A CLOUD-BASED COMPUTER - Various example embodiments are disclosed herein. According to an example embodiment, a method may include receiving by a second computer a customization application, the customization application including a control panel to establish user preferences for a user account of the cloud-based service and/or system settings for the first computer; receiving by the second computer an input to the customization application to establish one or more user preferences for the user account and/or one or more system settings for the first computer; and transmitting from the second computer to a server associated with the cloud-based service the one or more user preferences and a username for the user account and/or the system settings for the first computer. | 04-21-2011 |
| 20110093942 | IMPROVED BIOMETRIC AUTHENTICATION AND IDENTIFICATION - Authentication of a user to an electronic device in a communication network is described. The method comprises obtaining a biometric characteristic of the user, transmitting, to a social networking service, information that specifies at least one primary user ofthe device, receiving, from the social networking service, information that specifies a group of persons who have a social relationship with the at least one primary user, obtaining information that specifies a result from a biometric matching operation with the biometric characteristic of the user and biometric characteristics of persons in the specified group of persons, the result indicating whether or not the user is authenticated to the electronic device. By narrowingdown the size of the searching space-needed during a matching operation by utilizing information regarding a group of persons in a social network, the false acceptance rate is reduced and biometric authentication of a user to an electronic device is thereby facilitated, e.g. to accessdesired functionality of the device or access a desired service. | 04-21-2011 |
| 20110099616 | Authenticating Using Cloud Authentication - An authentication mechanism in a local area network may use a cloud authentication mechanism to allow or deny authentication requests. A user may gain access within a local area network by entering a cloud identification and password, which may be verified by a cloud authentication mechanism. If the authentication is successful from the cloud authentication mechanism, the user identification and password are stored locally for subsequent authentication requests. In some embodiments, the cloud password may be periodically flushed so that subsequent requests may be passed to the cloud authentication mechanism. The authentication mechanism may be used in both domain and workgroup local area networks, and may operate in parallel with other users who may have local area network or client credentials which may not be authenticated from the cloud. | 04-28-2011 |
| 20110099617 | METHOD AND SYSTEM FOR VALIDATING AUTHENTICITY OF IDENTITY CLAIMS - A method for validating authenticity of identity claims of one or more communicating entities in an online transaction over a network is disclosed. The method includes extracting identity information of the first communicating entity by the second communicating entity during online transaction and prompting a client to provide a unique resource name of the first entity. Further, the method includes validating the identity information extracted from the first entity by checking identity information already registered in a registry. Later the method includes authenticating the identity claims of the first entity based on the validation results. The method also includes steps for registering identity information of the first entity within the registry. | 04-28-2011 |
| 20110107408 | METHOD AND DEVICE FOR SECURING DATA TRANSFERS - The method for securing data transfers comprises: A transmission of a document from a document sender to a least one document recipient, by implementing at least one step of processing of said document, by implementing at least one step of processing of said document, for at least one said step of processing of the document, a step of measuring a probative value of said processing step, a step of aggregating the probative values of the steps of processing of said transmission to provide a measure of the overall probative value of said document transmission, and a step of association of said overall probative value with said transmission of said document. | 05-05-2011 |
| 20110113477 | INFORMATION PROCESSING APPARATUS, INFORMATION PROVIDING SERVER, PROGRAM, COMMUNICATION SYSTEM, AND LOGIN INFORMATION PROVIDING SERVER - In one example embodiment, the communication system disclosed herein includes an information processing apparatus that acquires address information from a memory device having a free area including the address information and a secure area including account information. The information processing apparatus connects to a resource of a server using the acquired address information. The information processing apparatus causes a security server to acquire the account information from the memory device and transmit the acquired account information to the server such that the server enables a user to access the resource of the server using the account information. | 05-12-2011 |
| 20110113478 | METHOD OF SECURING FRANKING VIA A TELECOMMUNICATIONS NETWORK - A method of securing franking, said method comprising the following operations:
| 05-12-2011 |
| 20110119745 | NETWORK AUTHENTICATION - There is provided a Security Manager Device for allowing the secure establishment of network connections between devices, the Security Manager Device comprising a memory for storing network authentication information for a network and a transmitter for wirelessly transmitting the stored network authentication information to a device to be connected to a second device. | 05-19-2011 |
| 20110119746 | Identity Verification Method and Network Device for Implementing the Same - An identity verification method includes the steps of: i) in response to a login request from a user end, generating and providing a query to the user end; and ii) in response to an answer from the user end, verifying identity of the user end. The query includes indices of a verification table corresponding to the user end that are arranged in a random order in a ring formation, and requires the user end to provide an answer containing code contents of the table corresponding to a user-end selected set of adjacent ones of the indices in the ring formation. Identity of the user end is verified by determining whether the code contents in the answer are found in the table and whether the indices corresponding to the code contents in the answer are adjacent to each other with reference to the ring formation in the query. | 05-19-2011 |
| 20110126273 | SYSTEM AND METHOD FOR ENHANCED DATA SECURITY - A method for protecting data stored in a data repository. The method includes verifying authenticity of a user at each of a plurality of levels. Furthermore, the method includes directing the user to one of a first path or a second path based on the verification of the authenticity of the user at each of the plurality of levels. Systems and computer-readable medium that afford functionality of the type defined by this method are also contemplated. | 05-26-2011 |
| 20110126274 | SYSTEMS AND PROCESSES FOR SECURING SENSITIVE INFORMATION - Securing sensitive information [ | 05-26-2011 |
| 20110131640 | Secure transfer of data - A method of secure transfer of data between entities, which comprises: establishing a first secure channel ( | 06-02-2011 |
| 20110131641 | System and Method for Monitoring Usage of a User Device - A server includes a limitation database, a monitor module, and a notification module. The limitations database is configured to store control limits for a user device. The monitor module is in communication with the limitations database. The monitor module is configured to monitor usage of the user device and to determine that one of the control limits for the user device has been exceeded. The notification module is in communication with the monitor module. The notification module is configured to notify a master device that the one of the control limits for the user device has been exceeded, to receive a request to disable the user device, and to disable the user device in response to the request. | 06-02-2011 |
| 20110138449 | PURE OFFLINE SOFTWARE APPLIANCE CONFIGURATION - One or more online configuration settings are received prior to deployment and execution of a software appliance. Once the configuration settings have been received, the online configuration settings can be utilized to configure a software appliance image prior to executing the image at a host computer. Once the application of the configuration settings to the image has been completed, the image may executed at a host computer. | 06-09-2011 |
| 20110138450 | Secure Transaction Systems and Methods using User Authenticating Biometric Information - A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data from a user using a biometric device and related security protocols. The web browser plug-in then communicates a transaction confirmation to the server. | 06-09-2011 |
| 20110138451 | METHOD AND SYSTEM FOR AN INTERCEPT CHAIN OF CUSTODY PROTOCOL - Techniques for establishing a chain of custody for intercepted electronic information are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method, comprising securely negotiating a data collection interval time and protocol support for electronic data collection between network equipment associated with a data collecting party and network equipment associated with a data receiving party, receiving a nonce at a network equipment associated with the data collecting party from network equipment associated with the data receiving party, utilizing the nonce to compute, at least in part, a hash value at network equipment associated with the data collecting party, collecting electronic data at an intercept access device at network equipment associated with the data collecting party, utilizing the nonce and the hash value to transmit the collected electronic data to network equipment associated with the data receiving party, and utilizing the hash value to establish a chain of custody between the data collecting party and the data receiving party. | 06-09-2011 |
| 20110145899 | Single Action Authentication via Mobile Devices - A method for authenticating a user includes receiving a user identification, confirming the user identification, sending a request to the user to perform a single action on a communication device, creating a session to receive the single action from the communication device, receiving an identifier from the communication device, using the identifier to verify that the user has the communication device, and authenticating the user based on the confirmed user information and the verification that the user has the communication device. The identification can include a username and a password or can be a one time password. | 06-16-2011 |
| 20110145900 | DELEGATING AUTHENTICATION USING A CHALLENGE/RESPONSE PROTOCOL - A method for delegating authentication using a challenge/response protocol is provided. The method may initiate with a challenge/response sequence between a client application and a server application to authenticate the client application. Then the server application authenticates to a second server application using the credentials associated with the client application by acting as a conduit between the client application and the second server application. | 06-16-2011 |
| 20110145901 | SYSTEMS AND METHODS FOR AUTHENTICATING A SERVER BY COMBINING IMAGE RECOGNITION WITH CODES - A system and method is provided for authenticating a first device to a second device. This involves providing images to the second device, receiving an indication of selected ones of the images as authenticating images, and identifying an authenticating code associated with the second device. This also involves receiving a transaction request from the second device, the first device providing a display page to the second device, the display page including the authenticating images at locations identified by the authenticating code. | 06-16-2011 |
| 20110145902 | SYSTEM AND METHOD FOR PROVIDING SEAMLESS ON-DEMAND APPLICATION SERVICE USING DPI IN COMMUNICATION NETWORKS - Provided is a system and method of providing a seamless on-demand service using a Deep Packet Inspection (DPI) function. A system for providing an on-demand service may include: a switch to recognize a signature of media, and to convert a resolution of media based on information associated with a resolution of media included in the recognized signature, a terminal resolution of a terminal held by a user, and a user requirement; an authentication management server to perform a terminal authentication or a user authentication; and a policy control server to set a path based on a terminal function, a media characteristic, and the user requirement. | 06-16-2011 |
| 20110145903 | UNIFIED USER LOGIN FOR CO-LOCATION FACILITIES - A logical customer organization model is applied to group the individual agreements into separate logical customer organizations, wherein the groupings can be region based groupings, organization groupings and departmental groupings. Unified login identification (ID) model is applied to enable a first user to login to a portal using a first login ID to access a first asset in a first asset group according to a first logical customer organization. The unified login ID model enables the first user to use the same first login ID to access a second asset in the first asset group according to the first logical customer organization. The unified login ID model also enables the first user to login to the portal using a second login ID to access one or more assets in a second asset group according to a second logical customer organization. Each of the first and second logical customer organization may be associated with one or more asset groups and one or more user groups. | 06-16-2011 |
| 20110145904 | ENTERPRISE BIOMETRIC AUTHENTICATION SYSTEM FOR A WINDOWS BIOMETRIC FRAMEWORK - An enterprise biometric authentication system for use with a network of client computing devices, each client computing device executing Windows® 7 operating system with Windows® Biometric Framework components including a client biometric service and a client engine adapter, comprises a client engine wrapper and a server subsystem further including a server database, a server storage adapter, a server engine adapter, and a server component. The client engine wrapper resides on a client computing device and is operable to intercept requests from the client biometric service to the client engine adapter and to transmit the requests. The server storage adapter may store and retrieve biometric templates from the server database. The server engine adapter may generate and compare biometric templates. The server component may receive the requests from the client engine wrapper, forward the requests to the server engine adapter, and transmit results of the requests to the client engine wrapper. | 06-16-2011 |
| 20110145905 | APPARATUS AND METHOD FOR MANAGING WEB BASED SERVICE ACCOUNT - Provided is a method and apparatus for managing a web based service account. The web based service account management apparatus may select, from among web based service accounts, an account undesired to be exposed to others, and may display an account set with a hiding indication only when a user authenticated through a user authentication process desires to read the account. | 06-16-2011 |
| 20110145906 | INFORMATION PROCESSING APPARATUS CAPABLE OF OPERATING IN ADMINISTRATOR MODE, CONTROL METHOD THEREOF AND RECORDING MEDIUM - An information processing apparatus includes an executing unit executing information processing, a control unit controlling an operation of the executing unit, a storage unit for storing specific information for executing an administrator mode and a communication unit for communicating with a smart card. When information matching the PIN code stored in the smart card and information matching the information stored in said storage unit are received, the control unit executes the administrator mode. | 06-16-2011 |
| 20110145907 | E-MAIL BASED USER AUTHENTICATION - E-mail based user authentication is described herein. A user can access resources of a service provider by submitting only an e-mail address to which the user has access. The service provider generates an authentication ticket corresponding to the user's login request, and transmits the authentication ticket to the e-mail service provider indicated by the submitted e-mail address. The e-mail service provider processes the authentication ticket, and enables either approval or denial of the authentication ticket, whether by explicit user action or by automated processing. | 06-16-2011 |
| 20110145908 | System and Method for Data and Request Filtering - Data and data requests of users of applications are filtered using a client-resident agent. A user profile may contain data pertaining to restrictions on content the user is permitted to view or types of requests the user is permitted to make. within one or more applications. Data in the user profile may be used to grant or deny access to applications, filter particular content from the user's view, or filter particular data requests made by the user. | 06-16-2011 |
| 20110154460 | METHOD AND SYSTEM FOR USER AUTHENTICATION - Method and system for user authentication using one or more unique ID's associated with one or more electronic devices connected in a communication network, more specifically in short range radio communication network. the method comprising the steps of polling and detection of a short range wireless electronic device within a short range radio communication network, establishing a connection between such short range wireless electronic device with a centralized server, authenticating the short range wireless device ID, requesting further the user to feed a pre-determined authentication code, verifying the fed authentication code with corresponding entries in the database of the central server, establishing an encrypted channel if authentication code found in such database, receiving a user authentication certificate from the wireless electronic device. | 06-23-2011 |
| 20110154461 | SYSTEMS AND METHODS FOR MANAGEMENT OF COMMON APPLICATION FIREWALL SESSION DATA IN A MULTIPLE CORE SYSTEM - The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string. The device uses the copy of the received string stored in the allocation arena in place of the string in the web page of the session of the user to process the web page. | 06-23-2011 |
| 20110154462 | METHOD FOR MANAGING AN ACCESS FROM A REMOTE DEVICE TO DATA ACCESSIBLE FROM A LOCAL DEVICE AND CORRESPONDING SYSTEM - The invention relates to a method for managing an access from a remote device to data and/or at least one resource accessible from a local device. The local device includes a browser. The remote device hosts a server, as a remote server. During a remote server connecting step, the browser sends to the remote server a request for loading data. According to the invention, the remote server sends, through the browser, to a local server a request for connecting a local server, as response to the request for loading data, and the local server sends data to the remote server, the local server being connected from the remote server to a data storage devices and/or at least one resource accessible from the local device. The invention relates also to a corresponding system having a token and a terminal coupled with the token. | 06-23-2011 |
| 20110154463 | PROCESSING DATA TRANSFER METHOD IN SHEET PROCESSING APPARATUS - This invention is to prevent a MAC of a correct answer from being calculated by use of an IC card even if count data in the database of a PC is falsified since the MAC calculated by the IC card is made invisible from the exterior of the IC card. Thus, falsification of data by enciphering the number (total sum) of cut sheets in a sheet checking equipment. | 06-23-2011 |
| 20110162055 | Business Process Enablement For Identity Management - A method, system and computer program for business process automation facilitates transforming a user's identity/credentials as part of the enablement of transaction fulfillment, e.g., within a SOA environment. In one embodiment, identity and attribute information is added to one or more business process models that each represents a sub-transaction within an overall transaction fulfillment business process flow. As the business model is mapped to an execution environment, the identity and attribute information in the model is used to configure appropriate tooling to define the identity/attribute transformation required to complete the particular portion of the transaction represented by the model. In a representative implementation, the business process models conform to BPEL4WS, and one or more of these models are extended with identity mapping information such that, during transaction fulfillment, local identity mapping transformations provide the identity/credential propagation required to support the business process. | 06-30-2011 |
| 20110162056 | CONTENT DELIVERY SYSTEM - This system | 06-30-2011 |
| 20110167486 | CLIENT-SIDE AD CACHING FOR LOWER AD SERVING LATENCY - Advertisements are served over the Internet to clients on demand. A client module executing on a client device fetches advertisements over the Internet from an advertisement server. The client module stores these advertisements in a cache on the client device. When an application executing on the client device needs to display an advertisement, instead of contacting the advertisement server directly, the application makes a call to the client module. The client module, instead of contacting the advertisement server immediately, determines whether the cache on the client device contains any advertisements that satisfy criteria specified by the application. If the cache does contain advertisements that satisfy the criteria, then the client module provides those advertisements to the application. Otherwise, then the client module requests criteria-satisfying advertisements from the advertisement server at that time, and provides at least one of those to the application. | 07-07-2011 |
| 20110167487 | METHOD, SYSTEM AND DEVICE FOR ENABLING USER SIDE TERMINAL TO OBTAIN PASSWORD - In the field of communication technologies, a method, a system and a device for enabling a user terminal to obtain a password are provided. The method includes: receiving, by a user terminal, a notification message delivered from an Optical Line Terminal (OLT), in which the notification message comprises password information delivered from the OLT; obtaining the password information in the notification message, and returning a response message to the OLT; and accomplishing an authentication and registration process with the OLT according to the password information. The system includes an OLT and a user terminal. The device includes a user terminal and an OLT. The present disclosure is capable of realizing the change of a password of an Optical Network Unit (ONU)/Optical Network Terminal (ONT) just by a delivery operation at an OLT side when the password of the ONU/ONT needs to be changed, so that the efficiency of the change work is improved, the workload of the change is reduced, the manpower cost for home service of maintenance personnel is saved, and the maintenance cost of the operator is greatly reduced. | 07-07-2011 |
| 20110173687 | Methods and Arrangements for an Internet Multimedia Subsystem (IMS) - The present invention relates to provisioning of IMS parameters in an automated fashion. This is according to the present invention achieved by introducing a provisioning server providing an application, to be used on a user terminal, IMS parameters such that the application on the user terminal can utilize IMS services even if the user terminal is non-IMS capable or if the operator of the user has not deployed IMS. The provisioning of the IMS parameters may be triggered by a downloading of said application on the user terminal. Further, the application on the user terminal is configured with an address to the provisioning server in order to be able to send the request to the provisioning server. | 07-14-2011 |
| 20110185409 | Authentication Method and System of At Least One Client Device with Limited Computational Capability - An authentication method of a server device and at least one client device with limited computational capability includes randomly generating an initial codeword using the client device. The initial codeword is generated from a linear combination of at least one base. The base is assigned to the client device and selected from a generator matrix that is stored in the server device and that corresponds to a linear code. | 07-28-2011 |
| 20110185410 | METHOD FOR PERSONALIZED MEETING AND RELATIONSHIP ESTABLISHING - A method for personal online/offline meeting comprising the steps of an initiator developing a profile/account with a central organization; the central organization providing the initiator with a number of cards on which are printed at least a website designation and a code; the initiator giving a card to at least one recipient; the recipient going to the website designated on the card; the recipient entering the code at the designated website; the recipient being given access to the initiator's profile with the central organization; and the recipient sending the initiator a message through the designated website. | 07-28-2011 |
| 20110185411 | METHOD OF OBTAINING A NETWORK ADDRESS - The present invention comprises a method of and apparatus for simplifying the process of access to a network for a roaming computer user, divides the responsibility of servicing a given user wanting to access the network between multiple parties and minimizes the possibility of improper dissemination of email header data as well as improper use of network resources (including server systems) by non-clients. | 07-28-2011 |
| 20110185412 | Providing Selective Access To A Web Site - A restricted web site has features that are selectively exposed to clients. A screening web site interacts with clients and collects data about the clients using passive and/or active techniques. The screening site generates a token for the client, and includes data in the token identifying the token and describing the client. The token is encoded in a cookie and saved in the client's web browser. The client subsequently provides the token to the restricted site. The restricted site validates the token to ensure that it is legitimate, has not expired, and has not been used before. The restricted site selects one or more features to provide to the client based on the data about the client in the token and/or on other information. If the client does not present a token or the token is invalid, the restricted site does not expose any features to the client. | 07-28-2011 |
| 20110185413 | SYSTEM, APPARATUS, AND PROGRAM FOR BIOMETRIC AUTHENTICATION - A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication. | 07-28-2011 |
| 20110191838 | Authentication Using Transient Event Data - Some embodiments provide a method for authenticating a user to access computing resources that uses transient event data regarding previous interactions of the user with the computing resources. The method receives a notification that a user is unable to provide a correct user identifier and password. The method generates authentication questions for the remote user using the transient event data. The authentication questions are presented to the user. The method authenticates the user based on answers to the password recovery questions. The user may be a remote user and the computing resources are a set of application servers to which the user has forgotten a password. The computing resources may be a portable device that the user wishes to access remotely in order to delete data from the portable device. | 08-04-2011 |
| 20110191839 | Image forming apparatus, input control method, input control program, and storage medium - Inputs from multiple input devices including an internal input device | 08-04-2011 |
| 20110191840 | BIOMETRIC AUTHENTICATION UTILIZING UNIQUE BIOMETRIC SIGNATURES AND PORTABLE ELECTRONIC DEVICES - A method and system for the authentication of a user at a point of entry. Biometric data can be provided after preliminary identification of the user based on identification information wirelessly provided from a portable electronic device carried with the user when the user is located near a point of entry, such as, for example, a border crossing or access point to a secure facility. Such a method and system can incorporate RFD tags, cellular wireless communications data and links, and/or Bluetooth communications link, etc. | 08-04-2011 |
| 20110197270 | Biometric Pressure Grip - According to one embodiment, a method of authenticating a user includes receiving login credentials identifying a user. A plurality of pressure readings are received from a plurality of pressure sensors coupled to a biometric grip device. The plurality of pressure readings comprise a first biometric pressure reading from a first pressure sensor coupled to the biometric grip device and a second biometric pressure reading from a second pressure sensor coupled the biometric grip device. The first and second biometric pressure readings measure a first pressure exerted at the first pressure sensor and a second pressure exerted at the second pressure sensor. A neurological number is generated from the plurality of pressure readings. The user is authenticated by comparing the neurological number with a registered neurological number. If the neurological number matches the registered neurological number, the user is authorized to access a computer system coupled to the biometric grip device. | 08-11-2011 |
| 20110202982 | Methods And Systems For Management Of Image-Based Password Accounts - The invention provides methods and systems for management of image-based password accounts. A password management account may be accessed by a user undergoing image-based authentication. The invention may allow a user to manage parameters relating to image-based authentication. The invention may also allow a user to manage authentication at one or more web site. | 08-18-2011 |
| 20110202983 | REMOTE FUNCTIONALITY SELECTION - A network interface device providing a set of functions in hardware and being operable in first and second modes: in a first mode, the network interface device being configured to operate with a selected configuration of the set of functions; and in a second mode, the network interface device being operable to select a particular configuration of the set of functions in accordance with configuration instructions received at the network interface device; the network interface device being configured to, on receiving a network message having one or more predetermined characteristics and comprising an authentication key and one or more configuration instructions defining a particular configuration of the set of functions: verify the authentication key; and if the authentication key is successfully verified, select the particular configuration of the set of functions defined in the configuration instructions of the network message. | 08-18-2011 |
| 20110202984 | METHOD AND SYSTEM FOR MULTIPLE PASSCODE GENERATION - This invention relates to a method and a system for generating user passcodes for each of a plurality of transaction providers from a mobile user device. A method and system for activating a plurality of passcode generators on a user device configured with a passcode application installed on the user device is provided. Each of the passcode generators may correspond to a different user account or transaction provider, such that each passcode generator provides a user passcode configured for the corresponding account or transaction provider. One or more of the passcode generators may include a passcode generating algorithm and a passcode key. Access to one or more of the passcode generators may require providing a PIN or a challenge. | 08-18-2011 |
| 20110202985 | AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, AND SUB-AUTHENTICATION SERVER - An authentication server transmits authentication information used to authenticate the transmission origin of an authentication request, to a sub-authentication server, when receiving the authentication request. The authentication server transmits identification information to identify the sub-authentication server to which the authentication information is transmitted, to a terminal. The terminal includes a transmission destination storage unit that stores identification information to identify the transmission destination of the authentication request and transmits the authentication request to the transmission destination identified with the identification information stored by the transmission destination storage unit. The terminal updates the identification information using the identification information, when receiving the identification information. The sub-authentication server includes an authentication information storage unit that stores the authentication information transmitted from the authentication server to the sub-authentication server, and authenticates the transmission origin of the authentication request using the stored authentication information, when receiving the authentication request. | 08-18-2011 |
| 20110202986 | IDENTITY MANAGEMENT SYSTEM - A system comprising an IMS network ( | 08-18-2011 |
| 20110202987 | SERVICE ACCESS CONTROL - An arrangement for providing users with access to services is described. Access requests received from users are monitored by a gateway and, where appropriate, user credentials for a service that is being accessed are inserted by the gateway. The gateway monitors packets of data in order to check user credentials. The gateway is also able to modify packets of data to insert user credentials, if necessary. | 08-18-2011 |
| 20110209206 | ACCESS RESTRICTION FOR COMPUTING CONTENT - Access restriction for computing content is provided by operating a computing device with a first profile, recognizing an attempt to log off of the first profile, and requesting a user to supply a log off credential. If the log off credential is not correct, the computing device continues to operate with the first profile, and if the log off credential is correct, the computing device operates without the first profile. | 08-25-2011 |
| 20110209207 | SYSTEM AND METHOD FOR GENERATING A THREAT ASSESSMENT - A method and system for quantifying a threat associated with a sender of a message. A threat assessment module receives a message from a sender directed toward a recipient. The threat assessment module accesses a behavioral data source to obtain an activity record identifying an activity of the sender. The activity record is analyzed to determine if the content of the activity record contains non-preferred content. A threat assessment quantifier is generated based on the analysis and sent toward the recipient. | 08-25-2011 |
| 20110209208 | SECURITY DEVICE PROVISIONING - The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a client computer system. A security token object provisioning request may be received from the client computer system. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource. | 08-25-2011 |
| 20110214167 | IMAGE PROCESSING APPARATUS, IMAGE PROCESSING SYSTEM, AND DISPLAY SCREEN CONTROLLING METHOD - An image processing apparatus comprises: a display part on which various information is displayed; an authentication information inputting part for receiving entry of authentication information made by a user; a setting information inputting part for receiving an operation to set made by the user, and inputting setting information; an authentication processing part for starting authentication processing to execute user authentication based on the authentication information in response to the entry of the authentication information; and a display controlling part for displaying an initial operation screen operable for the user to make setting on the display part in parallel with the authentication processing executed by the authentication processing part, and for reflecting the setting information received by the setting information inputting part before obtaining a result of the authentication processing to the initial operation screen. So, a waiting time of the user after the entry of the authentication information is reduced. Also, the user is allowed to start making operation relatively-early, and convenience of the image processing apparatus is enhanced. | 09-01-2011 |
| 20110214168 | PAIRING OF WIRELESS DEVICES USING A WIRED MEDIUM - Techniques that facilitate pairing of wireless devices with other wireless devices are disclosed. According to one aspect, a pair of wireless devices can be paired for wireless data exchange using an available wired link. Advantageously, the wired link can be used to transport a pin code from one of the wireless devices to the other. Consequently, pairing of the wireless devices can be completed without necessitating user entry of a pin code so long as the wired link is available. | 09-01-2011 |
| 20110214169 | Secure Authentication Systems and Methods - Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid. | 09-01-2011 |
| 20110214170 | METHOD AND SYSTEM OF SERVING SUBSCRIBED CONTENTS FROM MULTIPLE SOURCES VIA A GLOBAL COMMUNICATIONS NETWORK - A computer implemented method and system for, via a global communications network, serving subscribed contents from various subscribed content sources to end users without the need of end users subscribing and signing in at each individual subscribed content source. An embodiment system of present invention may use pre-stored access credentials specific to the embodiment system for fetching the requested subscribed contents from various subscribed content sources. The embodiment system may remove the aforementioned access credentials when forwarding the fetched subscribed contents to corresponding requesting end users. The end users may be served according to their viewing credits and other permissions. The viewing credits of end users may be adjusted according to the served subscribed contents. Before being forwarded to end users, the fetched subscribed contents may be amended according to the present invention to facilitate end users for requesting further subscribed contents to be served by the embodiment system. | 09-01-2011 |
| 20110214171 | Multi-Mode Credential Authentication - A method for authenticating an identity involves a computing device receiving a first credential over a first communications channel, and determining a second communications channel from a comparison between the first received credential and a first reference credential provisionally associated with the first credential. The computing device opens the second communications channel and receives second credential over the second communications channel, and the identity is authenticated based on a verification of the second credential. The computing device authenticates the identity by generating a first identity proof score from a correlation between the first received credential and the first reference credential, generating a second identity proof score from a correlation between the second received credential and a second reference credential, and generating an ultimate identity proof score from the first identity proof score and the second identity proof score. | 09-01-2011 |
| 20110214172 | Authentication Over a Network Using One-Way Tokens - A method for authenticating an entity at a first data resource, the method comprising the steps of: sending a first request token from the entity ( | 09-01-2011 |
| 20110225636 | Method For Automating Onboarding Application Developers To Sales Distribution Channel - A method for automating an onboarding process for a developer onto a service delivery hub operated by a network operator includes providing the developer with information relating to use of the service delivery hub, receiving data relating to the developer, approving the developer, certifying an application provided by the developer, and configuring the application for use. A method for synchronization with the service delivery hub is also provided. | 09-15-2011 |
| 20110225637 | AUTHENTICATION AND AUTHORIZATION OF USER AND ACCESS TO NETWORK RESOURCES USING OPENID - A method includes receiving by an OpenID network device a user log in; logging in, by the OpenID network device, the user to an OpenID account; receiving, by the OpenID network device and from a third party service provider network device, a request to authenticate the user and a request to receive user data associated with the user; providing, by the OpenID network device, a user interface to an end device to allow the user to confirm his/her sign-in to the third party service provider network device and release of the user data; receiving, by the OpenID network device, a confirmation with regard to the user's sign-in to the third party service provider network device and release of the user data; and sending, by the OpenID network device and to the third party service provider network device, a message indicating that the user is authenticated and the user data. | 09-15-2011 |
| 20110225638 | SECURE RANDOMIZED INPUT - A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user. | 09-15-2011 |
| 20110225639 | METHOD, SYSTEM AND DEVICE FOR FORKING AUTHENTICATION - An authentication method and an authentication system based on forking, and a forking authentication device are provided by the present invention. The method comprises: setting authentication credentials on the receiving devices and the original device respectively; a forking network element forking a calling request after receiving the calling request from the original device, and transmitting the forked calling request to the corresponding receiving devices; the forking network element receiving challenging values from a plurality of receiving devices, and forwarding a plurality of challenging values to the original device; the forking network element receiving the calling request which is retransmitted by the original device, wherein the retransmitted calling request carries relevant authentication credentials; and the forking network element forking the retransmitted calling request, and transmitting the forked calling request to the corresponding receiving devices, such that the receiving devices authenticate the original device according to the authentication credentials. The technical solution can realize authentication performed by a receiving device on an original device, in the cases where forking is performed based on SIP signaling. | 09-15-2011 |
| 20110231911 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to a workstation when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match. | 09-22-2011 |
| 20110231912 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR AUTHENTICATING A MOBILE DEVICE USING AN ACCESS TOKEN - In accordance with embodiments, there are provided mechanisms and methods for authenticating a mobile device using an access token. These mechanisms and methods for authenticating a mobile device using an access token can provide authentication in an automated manner. The ability to provide authentication in an automated manner can enable repeated access to data by a user without requiring an associated repetitive manual authentication by the user. | 09-22-2011 |
| 20110231913 | SYSTEM AND METHODS OF DETERMINING COMPUTATIONAL PUZZLE DIFFICULTY FOR CHALLENGE-RESPONSE AUTHENTICATION - Computational puzzles are parameterized by a difficulty variable which may be assigned based on at least one component from the group of components: time component, location component, reputation component, usage component, content component, and social networking component. For example, in one embodiment, the proof-of-work puzzle comprises a location component directed by the geographic location of the client that can be applied to any web transaction or application. One such application involves online ticket sales including those that employ purchasing robots. Another application involves accessing and using webmail. | 09-22-2011 |
| 20110231914 | SYSTEM AND METHOD FOR VALIDATING A USER OF AN ACCOUNT USING A WIRELESS DEVICE - The disclosure provides a system and method of authenticating a user to a network. For the method, if a request for a resource initiated by the device is related to a restricted resource, then the method: redirects the request to the authentication server; initiates an authentication process at the server to request a user account and a password from the device to authenticate the device if it has not been authenticated; automatically provides the device with access to the restricted resource if the device previously had been authenticated to access the restricted resource; and provides a signal to the device indicating whether it has been authenticated to allow the device to update its graphical user interface to indicate an access status for the restricted resource. If the request relates to a non-restricted resource, then the method automatically provides the device with access to the non-restricted resource. | 09-22-2011 |
| 20110231915 | SYSTEMS AND METHODS OF CONTROLLING NETWORK ACCESS - A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device. | 09-22-2011 |
| 20110231916 | SYSTEMS AND METHODS OF CONTROLLING NETWORK ACCESS - A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device. | 09-22-2011 |
| 20110239285 | AUTHENTICATION BYPASS METHOD - A method for reactivating a telematics device configured to make a data call via a roaming partner of a service provider is disclosed. The service provider has an authentication bypass feature which uses an authentication bypass key common to the telematics device and the service provider to allow the telematics device to make a data call without authentication. The method comprises setting the authentication bypass key on a server of the service provider equal to a previous authentication bypass key, wherein the previous authentication bypass key was used by the authentication bypass feature prior to deactivation of the telematics device. The method includes setting the authentication bypass key on the telematics device equal to the previous authentication bypass key. The method further comprises commencing the data call through the roaming partner by sending the authentication bypass key to the service provider from the telematics device via the roaming partner. | 09-29-2011 |
| 20110239286 | MOBILE COMMUNICATIONS TERMINAL AUTHENTICATION AND SETTLEMENT SYSTEM AND METHOD - To authenticate fingerprint information detected by a mobile communications terminal at a fingerprint registration depot provided on the Internet, to thereby perform appropriate and reliable electronic authentication and electronic settlement, in a mobile communications terminal authentication and settlement system in which a mobile communications terminal accesses various websites on the Internet to perform electronic authentication and electronic settlement, the mobile communications terminal includes an operation panel that can be used in common for a fingerprint sensor mode and a touch panel mode. On the Internet, there is provided a fingerprint registration depot, to which the mobile communications terminal is connected and at which detected fingerprint information is compared with fingerprint authentication information registered in advance, to thereby perform fingerprint authentication. The mobile communications terminal is authorized to access the various websites via the Internet when authentication is successfully performed at the fingerprint registration depot. | 09-29-2011 |
| 20110247064 | METHOD AND APPARATUS FOR PROTECTING INFORMATION IN USER TERMINAL - A terminal includes: an input unit receiving setting data including time data and position data; a storage unit storing the received setting data; a position information generating unit generating position information of the terminal; a determination unit comparing the position data with the generated position information to determine whether to limit functions of the terminal or not, at a time corresponding to the time data; and a controller controlling to limit at least one function of the terminal according to the determination outcome. | 10-06-2011 |
| 20110252462 | Authenticating a Remote Host to a Firewall - A computer implemented method, system, and computer program product for authenticating a remote host to a firewall. The illustrative embodiments allow a requesting host separated from a target host by a firewall to determine, based on exception handling code, that an original request sent to the target host has been intercepted and blocked by the firewall. The illustrative embodiments also allow the requesting host to automatically provide credentials that authenticate the requesting host to the firewall. The illustrative embodiments are particularly applicable in situations when requests are invoked without any user interaction, such as when a timer expires. In such a case, there is no user to provide the needed credentials to authenticate the requesting host. The illustrative embodiments enable a requesting host to access a target host without requiring user intervention. | 10-13-2011 |
| 20110252463 | METHOD AND SYSTEM FOR PROVIDING ENTERPRISE PROCUREMENT NETWORK - According to an embodiment, the present invention provides a computer system. The computer system includes one or more processors and a computer-readable medium in communication with the one or more processors. The computer system also includes an enterprise social network system, implemented by an enterprise application stored on the computer-readable storage medium, for retrieving and providing procurement information from a plurality of social network entities associated with the enterprise social network system, the enterprise social network system comprising a set of instructions executable by the one or more processors to perform one or more operations. The set of instructions includes instructions for providing, at a computer system, a user interface for receiving input from a user. The set of instructions includes instructions for providing a user profile for a user, the user profile being stored at the enterprise social network system, the user being associated with a plurality of network entities, the user profile including a first plurality of user attributes. | 10-13-2011 |
| 20110252464 | AUTHENTICATING A MOBILE DEVICE BASED ON GEOLOCATION AND USER CREDENTIAL - Mobile devices provide security based on geographic location. With such a technique, a mobile device may automatically check its current location against geographic information as to the location(s) in which it is permitted to operate. When the user attempts access to the device, the mobile device will prompt the user for his/her credential only if the geographic location matches an allowed location. The user gains access then by inputting information corresponding to the credential, e.g. username and password, of a valid user. In the examples, if the geographic location does not match an allowed location, the mobile device provides a warning to the user, and the user is not allowed to enter any credential information. Optionally, the mobile device may send an alert message about the device being taken outside a specified boundary, e.g. to report the situation to other personnel. | 10-13-2011 |
| 20110258688 | RESOURCE MONITORING USING A JMX MESSAGE BRIDGE - A system, method, and computer program product for monitoring managed resources by subscribing to broadcast notifications relayed by a Java Management Extensions (JMX) message bridge between JMX managed beans (JMX MBeans) and a client application with user interface (UI) components. In an embodiment, ADOBE™ FLEX™ user UI components subscribe to JMX broadcast notifications. The method generates messages destined for UI components using a JMX broadcaster. JMX MBeans are created in a JMX server and are subscribed to JMX broadcasts. The JMX MBeans are created with filter values identifying destination UI components. A JMX managed object name is passed to the UI during the creation of the UI components. The UI components become consumers of a message topic. A JMX message adapter dedicated to the communication with the JMX MBeans receives JMX broadcast notifications. Messages generated by the JMX broadcaster are relayed to the destination UI components through the JMX MBeans. | 10-20-2011 |
| 20110258689 | Device pairing via device to device contact - A system may include and/or involve a first device, a second device, and logic to effect pairing of the first and second devices upon detection of physical contact between the devices. | 10-20-2011 |
| 20110265162 | HOLISTIC RISK-BASED IDENTITY ESTABLISHMENT FOR ELIGIBILITY DETERMINATIONS IN CONTEXT OF AN APPLICATION - A set of Service Oriented Architecture (SOA) services can be utilized by applications executing in protected application environments external to a SOA environment. The SOA services can include an identity service, a eligibility service, and a security risk assessment service, each of which generates a percentage of risk when run. SOA services can be dependent on specific applications and application cases, each being a specific context of an application, so that results vary by application case. The SOA environment can store data, which is constantly being updated about people, which is used by the SOA services. In one embodiment, sensitive or confidential data can be maintained in the protected application environment and can be isolated from the SOA environment. Rules, criteria, factors, and the like used by the SOA services can be customized at an arbitrary level of complexity for specific applications and application cases. | 10-27-2011 |
| 20110265163 | METHODS AND SYSTEMS FOR USER INTEGRATION - Methods and systems for user integration are described. In an example embodiment, a method for user integration comprises accessing a network identifier of a user and user job data of the user from a user database, accessing credential data of the user from a credential database, using the network identifier to access an administrative network identifier associated with the user, a status of a user administrative account associated with the user, an administrative user name associated with the user, and a security template identifier associated with the user, transmitting user information to a collaboration site, the user information including the network identifier of the user, the user job data of the user, the administrative network identifier associated with the user, and the security template identifier, populating a roster on the collaboration site. | 10-27-2011 |
| 20110265164 | CLOUD PLATFORM ARCHITECTURE - A cloud computing environment provides the ability to deploy a web application that has been developed using one of a plurality of application frameworks and is configured to execute within one of a plurality of runtime environments. The cloud computing environment receives the web application in a package compatible with the runtime environment (e.g., a WAR file to be launched in an application server, for example) and dynamically binds available services by appropriately inserting service provisioning data (e.g., service network address, login credentials, etc.) into the package. The cloud computing environment then packages an instance of the runtime environment, a start script and the package into a web application deployment package, which is then transmitted to an application (e.g., container virtual machine, etc.). The application container unpacks the web application deployment package, installs the runtime environment, loads the web application package into the runtime environment and starts the start script, thereby deploying the web application in the application container. | 10-27-2011 |
| 20110265165 | Automated User Authentication Identification for Customized Converged Services - Systems and methods are disclosed for providing automated user authentication utilizing available authentication data associated with a computing device. By utilizing a mobile identification number verified during an authentication, authorization, and accounting (AAA) process performed when a mobile computing device is powered on, access to a privileged content or service may be granted, allowing a user to bypass manual entry of user authentication information (user ID and password). Utilizing a verified mobile identification number, service features and functionalities may be communicated between billing systems of a service provider, which may provide for further converged, customized services. | 10-27-2011 |
| 20110265166 | INTEGRATED AUTHENTICATION - Authentication to a network resource of a user associated with a mobile communication device is disclosed. A message is received from a device. The message includes a hardware identifier of the device, and identifies a network resource as the destination of the message. A user identity is associated with the hardware identifier, and is sufficient to obtain session credentials from an authentication resource. Session credentials are obtained from the authentication resource. The session credentials are used to authenticate the associated user identity to the network resource. | 10-27-2011 |
| 20110265167 | MULTIFUNCTION APPARATUS, AUTHENTICATION SERVER, AND MULTIFUNCTION APPARATUS CONTROL SYSTEM - A multifunction apparatus | 10-27-2011 |
| 20110265168 | POLICY ENGINE FOR CLOUD PLATFORM - A policy engine is situated between the communications path of a cloud computing environment and a user of the cloud computing environment to comply with an organization's policies for deploying web applications in the cloud computing environment. The policy engine intercepts communications packets to the cloud computing environment from a user, such as a web application developer, for example, in preparation for deploying a web application in the cloud computing environment. The policy engine identifies commands corresponding to the communications packets and directs the communications packets to appropriate rules engines corresponding to such commands in order to execute rules to comply with an organization's policies. Upon completion of execution of the rules, the communications packets are forwarded to the cloud computing environment if they comply with the policies. | 10-27-2011 |
| 20110265169 | USER-DEPENDENT CONTENT DELIVERY - A gateway is provided between an application and a server. The gateway is used to modify content sent from the server to the application via the gateway. The modification may include adding, removing or modifying content. The modification process is user-dependent and an identity management system is used for identifying the user. | 10-27-2011 |
| 20110265170 | METHOD AND APPARATUS FOR ENABLING AUTHENTICATION OF ON-LINE COMMUNICATIONS - Method and apparatus for enabling authentication of on-line communications. In some embodiments, a message code is embedded in an e-mail, where the message code can be used by the recipient to verify the authenticity of the e-mail or of a Web site. In some embodiments, this code can be created for a particular e-mail message; in other embodiments, the code is created as a watermark for use by a customer or other a specific user or recipient. The message code is associated with both the e-mail message and the recipient. In the case of a message-specific code, a recipient can verify the e-mail message by inputting the code via a Web server to be looked up in the database. Provision is also made for including stenographic information in graphical or other codes as further authentication when accessing a Web site. | 10-27-2011 |
| 20110265171 | METHODS AND SYSTEMS FOR PROVIDING WEBSITE HOSTING SECURITY - A method for registering user identification data in an application service provider data repository is provided, where the application service provider provides web services for a plurality of customers, each customer having a plurality of users with respective user identification data. The method includes receiving user identification data from one of the users through a website associated with one of the plurality of customers, retrieving customer identification data based on a uniform resource locator assigned to the website, concatenating the user identification data and customer identification data to create a user key, and registering a user account within the data repository based on the created user key. | 10-27-2011 |
| 20110271332 | Participant Authentication via a Conference User Interface - Various embodiments of systems, methods, and computer programs are disclosed for authenticating a participant in an online conference via a graphical user interface. One such method comprises: determining a conference event requesting authentication of a participant by a conferencing system hosting a conference via a communication network; in response to the conference event, presenting a signature capture area to the participant in a conference interface via a graphical user interface; monitoring location coordinates of an input device in the signature capture area; converting the location coordinates into a participant electronic signature; determining that the participant electronic signature matches a stored electronic signature associated with the participant; and in response to determining the match, authenticating the participant for the conference event. | 11-03-2011 |
| 20110271333 | ADMISSION OF A NODE TO THE NETWORK - In at least one implementation a method includes receiving an identifier associated with a device, entering the identifier into a network controller device, inviting the device associated with the identifier to join a network, admitting the device associated with the identifier to the network, sending the device associated with the identifier a name of the network, and confirming that the device has joined the network as a device recognized by the network controller device. | 11-03-2011 |
| 20110271334 | METHOD, SYSTEM, AND DEVICE FOR IMPLEMENTING DEVICE ADDITION IN WI-FI DEVICE TO DEVICE NETWORK - A method, a system, and a device for implementing device addition in a Wireless Fidelity (Wi-Fi) Device to Device (D2D) network are provided, which belong to the field of communication. The method includes: receiving, by a first D2D client device, a first add request message forwarded by a D2D master device, in which the first add request message carries an identifier of a new device to be added to the D2D network; receiving a first Personal Identification Number (PIN) code of the new device; and forwarding the received first PIN code to the D2D master device, in which the first PIN code of the new device is used for implementing that the D2D master device performs Wi-Fi Protected Setup (WPS) security configuration of the new device according to the first PIN code. Therefore, in the Wi-Fi D2D network, when a new device is to be added, a PIN code of the new device inputted by a user is received by the D2D client device, and the PIN code is forwarded to the D2D master device, so that the addition of the new device through the recommendation of the D2D client device is implemented, and the work continuity of the user using the D2D master device is ensured. | 11-03-2011 |
| 20110271335 | SYSTEM AND METHOD FOR BINDING A SUBSCRIPTION-BASED COMPUTING SYSTEM TO AN INTERNET SERVICE - A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer. | 11-03-2011 |
| 20110271336 | Computer and Access Control Method in a Computer | 11-03-2011 |
| 20110271337 | SYSTEMS, METHODS AND COMPUTER-READABLE MEDIA FOR REGULATING REMOTE ACCESS TO A DATA NETWORK - A system, which comprises an authorization controller operable for regulating establishment of user sessions over a data network; a processing subsystem operable for monitoring the user sessions and applying a walled garden policy, wherein application of the walled garden policy respectively associates each user in a certain subset of users with a respective walled garden selected from a common plurality of walled gardens; and a database for storing, in association with each said user in the certain subset of users, a respective identifier corresponding to the respectively associated walled garden. The authorization controller is further operable for responding to receipt of an access request identifying a particular user in the certain subset of users and received from a communication endpoint by (I) consulting the database to identify the walled garden respectively associated with said particular user and (II) directing the communication endpoint to said walled garden respectively associated with said particular user. | 11-03-2011 |
| 20110277022 | Apparatus and Method for Establishing a Peer-to-Peer Communication Session with a Host Device - The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the host device is received from a server via a wide area network, routing information of the client device is provided to the server, and authentication information is provided to the host device via the wide area network. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device. | 11-10-2011 |
| 20110277023 | Audible authentication for wireless network enrollment - Described herein are one or more techniques for using an audible authentication of a wireless device for enrollment onto a secure wireless network. With one or more described techniques, an unauthorized wireless device audibly emits a uniquely identifying secret code (e.g., a personal identification number (PIN)). In some implementations, the audible code is heard by the user and manually entered via a network-enrollment user interface. In other implementations, a network-authorizing device automatically picks up the audible code and verifies the code. If verified, the wireless device is enrolled onto the wireless network. | 11-10-2011 |
| 20110277024 | LOCALLY STORED PHISHING COUNTERMEASURE - A system and method for authenticating a resource such as a website or webpage is provided. In response to a script provided with a resource, a verification file is initially generated and stored at a client device. The verification file may be selected or generated with user input. On a subsequent occasion when a resource is accessed by the client device, a script is executed to attempt to retrieve the verification file and display the file at the client device. If the verification file is successfully retrieved and displayed and recognized as the correct verification file, the resource is authenticated. | 11-10-2011 |
| 20110283346 | OVERLAY HUMAN INTERACTIVE PROOF SYSTEM AND TECHNIQUES - The overlay human interactive proof system (“OHIPS”) and techniques described herein operate in conjunction with any known or later developed computer-based applications or services to provide secure access to resources by reliably differentiating between human and non-human users. Humans have a generally superior ability to differentiate misaligned characters or objects from correctly aligned ones. As such, the OHIP splits an image including one or more visual objects into two or more partial images to form a HIP. The partial images may also be further split into groups of sub-partial images, and/or the partial images (or the sub-partial images) may be moved, so that at any given alignment position, a user can recognize only some visual objects. A user is instructed to reassemble the partial images at one or more predetermined alignment positions using a GUI, and the user is asked to identify information regarding one or more visible objects. | 11-17-2011 |
| 20110289570 | SYSTEM AND METHOD FOR INTEGRATING REMOTELY ACCESSED DATA - A system for integrating remotely accessed data includes a source end for providing data; a conversion device for converting the data from the source end into at least a preset format; a remote storage device for storing the data in the at least a preset format; a server connected to the remote storage device, and a user device connected to the server. A user end logs in to the server through the user device via a user account and/or password to remotely access the data in the at least a preset format stored in the remote storage device, and the remote storage device provides the data in the at least a preset format to the user device through the server, thereby integrating data of various formats into preset formats and providing preferred formats of data to various user devices so as to save costs for system configuration, increase usage efficiency of the system and increase data readability in the user devices. | 11-24-2011 |
| 20110289571 | INFORMATION PROCESSING APPARATUS, USER AUTHENTICATION METHOD, AND STORAGE MEDIUM - When a first MFP that manages first and second conversion values of user authentication information accesses a second MFP, the first MFP queries about which conversion value is used by the second MFP to execute user authentication processing. The first MFP transmits information based on a conversion value in accordance with the query result to the second MFP. Then, the second MFP executes user authentication processing using information based on a conversion value in accordance with the query result and a conversion value managed by the second MFP. | 11-24-2011 |
| 20110289572 | System And Method For User Authentication - A computer-implemented authentication method is described. The method includes the steps of (a) receiving an authentication request at an authentication computing system, the request including a resource identifier, (b) identifying one or more authentication pools associated with the resource identifier, each authentication pool including at least one authentication method implementation, (c) executing a pool authentication process for the one or more identified authentication pools, and (d) transmitting a response to the identification authentication request based on the execution of the pool authentication process for the one or more identified authentication pools. | 11-24-2011 |
| 20110289573 | AUTHENTICATION TO AN IDENTITY PROVIDER - An arrangement for authenticating a user at a service provider is described. The arrangement makes use of the fact that a user of a mobile communication device can be readily and securely identified by a telecommunications provider and re-uses that authentication to identify the same user when accessing the service provider from a different client. The client instructs the mobile communication device to contact an identity provider at the telecommunications provider and shared secrets are exchanged between the identity provider, mobile communication device and client to confirm that the same user is at the client and the mobile communication device. | 11-24-2011 |
| 20110289574 | SOCIAL NETWORK WITH MULTIPLE LOGINS - A method, apparatus, and system are directed towards seeding a user's contacts for their online social network. The invention is arranged to automatically recommend to the user a set of seed contacts that the user may employ to invite to join their social network. The set of seed contacts may be harvested from the user's existing portal activities, as well as other sources. In one embodiment, the invention analyzes portal activity, such as email exchanges with the user, and the like, to determine a frequency of contact with the user. Other sources may include but not be limited to emails, names within an address book of the user, names within an address book of another person, a buddy list, an instant messaging list, an activity, a mailing list, an online discussion group, a membership in a category, chat group, and the like. | 11-24-2011 |
| 20110296507 | Providing an Electronic Document Collection - In one implementation, a computer-implemented method includes receiving a request to access an electronic document collection that integrates a plurality of electronic sub-documents that are each of one of a plurality of defined document types. The method also includes retrieving information that is associated with the document collection, wherein the retrieved information identifies a first sub-document of the plurality of sub-documents using a first non-address identifier, and identifying a first software application that is configured to provide access to the first sub-document. The method additionally includes initiating a first connection with a first server that causes execution of the identified first software application and that, using the first non-address identifier, provides access to the first sub-document. The method further includes integrating access to the first sub-document into the document collection through the initiated first connection with the first server that causes execution of the first software application. | 12-01-2011 |
| 20110296508 | DIGITAL HANDSHAKE FOR AUTHENTICATION OF DEVICES - This is directed to a digital handshake for establishing a secure communications path between two electronic devices. Each device can capture an image of the other device using a camera (e.g., a front facing camera or a back facing camera) and extract, from the captured image, a key or seed associated with the other device. For example, each device can display a seed to be identified from an image taken by the other device. Using the extracted keys or seeds, each device can generate, using a same process, an identical digital handshake key. The digital handshake key can then be used to define a secure communications path between the two devices and share information securely. In some embodiments, a digital handshake key can be shared among several devices to create a multi-device secure communications path. Once a communications path has been established, the devices in the path can be identified and authenticated from the digital handshake key to receive access to secured goods, services or information. | 12-01-2011 |
| 20110296509 | SECURING PASSWORDS WITH CAPTCHA BASED HASH WHEN USED OVER THE WEB - A password security system, hosted by a server, sends a web page over a network to a client, that includes a CAPTCHA challenge, a request for a CAPTCHA answer, a graphical user interface for receiving a user identifier and a password, and a security script. The security script is to be executed by the client to generate a client hash value from password data and a CAPTCHA answer that is received from a user. The system receives the client hash value and computes a server hash value for password data for the user and a CAPTCHA answer that is stored in a data store that is coupled to the server. The system determines whether the server hash value matches the client hash value, and grants data access to the user when the values match and denies data access to the user when the values do not match. | 12-01-2011 |
| 20110296510 | PROTECTING USER CREDENTIALS USING AN INTERMEDIARY COMPONENT - An access component sends an access request to an intermediary component, the access request being a request to access a service or resource without credentials of a current user of the intermediary component being revealed to the access component. The intermediary component obtains user credentials, for the current user, that are associated with the service or resource. The access request and the user credentials are sent to the service or resource, and in response session state information is received from the service or resource. The session state information is returned to the access component, which allows the access component and the service or resource to communicate with one another based on the session state information and independently of the first component. | 12-01-2011 |
| 20110296511 | Secure Fax with Passcode and Recipient Notification - A system and a method of processing faxes are disclosed. The method includes receiving page(s) to be transmitted by a first fax device coupled to a fax transmission network. An address of a recipient is encoded in a field of a fax transmission. The fax transmission, including the page(s) and the encoded recipient address, is transmitted to a second fax device. The received page(s) of the fax are stored at the second fax device and a passcode is generated. The fax is not released for printing until the passcode is submitted to the second fax device. | 12-01-2011 |
| 20110302641 | METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE - A system detecting and protecting against identity theft by abusing a computer users ID and password or protecting a user against identity replication through parallel user session via a second authentication level using a second channel, a one-time-passcode and user contextual location information. When accessing networks, computer systems or programs, the said networks, computer systems or programs will validate user ID and password and collect contextual information about the user, the device, the used network etc. Once validated, a message is send by a second means that may be a cell phone SMS network or an instant message, said message containing a real-time session-specific one-time passcode. The session specific code and the collected information provides information enabling the user to detect a compromised identity through a mismatch between presented information and the information representing the user and the passcode protects against fraudulent access. | 12-08-2011 |
| 20110302642 | IMAGE FORMING APPARATUS, CONTROL METHOD THEREOF, AND STORAGE MEDIUM - In an image forming apparatus of the present invention, authentication information necessary for a user to log in to the image forming apparatus and address information of a mobile terminal are stored associated with each other, and upon receiving from a mobile terminal a search request for searching for a device with which to establish wireless communication, and the address information of the mobile terminal, it is determined, based on the address information and the stored information, whether the address information is associated with authentication information of the user that has logged in to the image forming apparatus. As a result, if it has been determined that the address information is associated with the authentication information of the user that has logged in to the image forming apparatus, information indicating that the image forming apparatus has been logged in to is transmitted as a response to the search request. | 12-08-2011 |
| 20110302643 | MECHANISM FOR AUTHENTICATION AND AUTHORIZATION FOR NETWORK AND SERVICE ACCESS - There is proposed a network access authentication and authorization mechanism in which an authentication session in an authentication, authorization and accounting procedure for a user equipment for providing an initial network access is executed. A first identification element related to the user equipment is obtained. Then, a user credential validation procedure is performed wherein a second identification element related to the user equipment or related to a user of the user equipment is obtained. The obtained first and second identification elements are processed for determining whether a match between the first and second identification elements exists. In addition, the authentication session executed for the user equipment is identified on the basis of the result of the processing of the first and second identification elements. Then, a change of an authorization of the user equipment is executed for providing a modified network access. | 12-08-2011 |
| 20110302644 | Multi-Channel Multi-Factor Authentication - Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features and communication channels. These security features can be based, for example, on unique knowledge of the person being authenticated, a unique thing that the person has, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication. | 12-08-2011 |
| 20110302645 | Multi-Channel Multi-Factor Authentication - Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features and communication channels. These security features can be based, for example, on unique knowledge of the person being authenticated, a unique thing that the person has, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication. | 12-08-2011 |
| 20110307946 | Creating and Launching a Web Application with Credentials - Various embodiments provide a mechanism to allow end users to install web applications and websites onto their desktop. In accordance with one or more embodiments, client-side code can be utilized to allow developers associated with a website to define boundaries associated with user interaction, and have those boundaries enforced by a run-time engine. In at least some embodiments, developers can provide, through JavaScript code and/or HTML markup, various configurations for the creation of a start menu shortcut, navigation, and so-called jumplist integration. | 12-15-2011 |
| 20110314528 | TECHNIQUES TO MODIFY AND SHARE BINARY CONTENT WHEN DISCONNECTED FROM A NETWORK - Techniques to modify and share binary objects when disconnected from a network are described. An apparatus may comprise a processor and a memory. The memory may be operative to store a media annotation component and a media publishing component. The media annotation component, when executed by the processor, may be operative to receive a list of related members having a defined relationship with a publishing member from a user account of the publishing member of a media sharing service when in an online mode, and generate metadata for a media object using the list of related members when in an offline mode to form an annotated media object. The media publishing component, when executed by the processor, may be operative to define at least one instruction to distribute the annotated media object to a related member when in the online mode. Other embodiments are described and claimed. | 12-22-2011 |
| 20110314529 | ADAPTIVE POLICIES AND PROTECTIONS FOR SECURING FINANCIAL TRANSACTION DATA AT REST - A system for challenge-response authentication is provided by receiving, from an external terminal over a communication network, a request for access to a service. A plurality of objects is presented to a user via a display. A plurality of codes is received over the communication network, each of the plurality of codes corresponding to one of the plurality of objects. The plurality of codes are matched to a plurality of alphanumeric characters according to a predetermined table. An alphanumeric string is generated from the plurality of alphanumeric characters and the alphanumeric string is compared to a user identifier stored in a database. Based on the comparing, a determination is made as to whether to grant the user access to the service. | 12-22-2011 |
| 20110314530 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO NETWORK SERVICES USING BIOMETRIC AUTHENTICATION - A system, apparatus, or method for controlling access to a network and to the associated network resources or services. The invention may be used to provide a user authentication or authorization process for a computer network, a telecommunications network, or other suitable system, apparatus, device, process, operation, etc. In some embodiments, the present invention uses a combination of device identification data (such as a device identifier or other form of token) and user-specific biometric data (such as a physical characteristic associated with the user or data generated as a result of a signal being altered by a physical characteristic of a user) to identify a user and permit the user to access the network or network resources or services. | 12-22-2011 |
| 20110314531 | METHOD FOR USER TERMINAL AUTHENTICATION OF INTERFACE SERVER AND INTERFACE SERVER AND USER TERMINAL THEREOF - Provided are a method for authenticating a user terminal in an interface server, and an interface server and a user terminal using the same. The method includes receiving authentication request information from an application service providing server in order to request the interface server to authenticate the user terminal receiving an application service provided from the application service providing server, authenticating the user terminal according to the authenticating request information using an authentication method selected by the interface server or a user of the user terminal, and transmitting authentication response information including an authentication result of performing the authentication method to the application service providing server. The interface server provides an interface for a network to the application service providing server. | 12-22-2011 |
| 20110321145 | Method for Ensuring Security of Computers Connected to a Network - A network authentication method is disclosed. A transmission-side client and a reception-side client have the same password. The transmission-side client transmits multiple authentication packets to the reception-side client at a slot interval according to an authentication code generated based on the password. The reception-side client measures a slot interval corresponding to the arrival timings of the respective authentication packets and then generates an authentication code based on the same password. The reception-side client compares the measured slot interval with the generated authentication code. When the two comparison targets are identical, the reception-side client concludes that the authentication is successful and transmits packets that have not been transmitted until such moment to a layer higher than an Internet layer. | 12-29-2011 |
| 20110321146 | System and method for securely sending a network one-time-password utilizing a mobile computing device - An apparatus, method, and computer program for securely sending a network one-time-password (OTP) from a user computer to an authentication server. A Network Client Application in the user computer interfaces with the authentication server, and a Mobile Server Application in the user computer interfaces with a Mobile Client Application in a mobile computing device (MCD) such as a smartphone. When a user enters a User ID and password into the user computer, the Network Client Application sends the User ID to the authentication server to obtain an index value (Index-1) from the authentication server. The Mobile Server Application authenticates the MCD and then sends Index-1 to the MCD to obtain a network OTP second factor from the MCD. The Network Client Application modifies the user password in accordance with the network OTP second factor to create the network OTP, and sends the network OTP to the authentication server. | 12-29-2011 |
| 20120005735 | System for Three Level Authentication of a User - A system and method for three level authentication of a user has been disclosed. The system | 01-05-2012 |
| 20120005736 | BIOMETRIC AUTHENTICATION SYSTEM AND METHOD THEREFOR - In the client, a feature quantity extraction unit extracts a feature quantity from biometric information of a user. A feature quantity conversion unit converts the feature quantity by a one-time parameter. In the first server, a parameter DB stores a parameter in association with the ID. A data generation unit generates data based on the parameter corresponding to the ID transmitted from the client. In the second server, a template DB stores a template to which the feature quantity of the biometric information of the user is converted by the parameter, in association with the ID. A template conversion unit generates a one-time template by converting the template corresponding to the ID transmitted from the first server. Then, a match determination unit compares the converted feature quantity transmitted from the client or the data transmitted from the first server with the one-time template to determine whether they match or not. | 01-05-2012 |
| 20120005737 | SECURE INTERACTIVE DIGITAL SYSTEM FOR DISPLAYING ITEMS TO A USER IDENTIFIED AS HAVING PERMISSION TO ACCESS THE SYSTEM - Methods and apparatus are described which provide secure interactive communication of text and image information between a central server computer and one or more client computers located at remote sites for the purpose of storing and retrieving files describing and identifying unique products, services, or individuals. A feature of the system is the ability to associate an identification image with a plurality of accounts, transactions, or records and identify a user not physically present at the client computer. Textual information and image data from one or more of the remote sites are stored separately at the location of the central server computer, requests for information are entered from remote terminals, the system being able to respond to multiple user requests simultaneously, and the information requested is recalled and downloaded for review to be displayed at the remote site. | 01-05-2012 |
| 20120005738 | WEB APPLICATION PROCESS - A computer network and corresponding method for providing, as part of a web portal session, access for a user to a web application running on a server. The network comprises first and second traffic managers connected via an intermediate web server. The first traffic manager comprises interface means for receiving from the user, as part of the portal session, a request for access to the web application and for passing the request to the intermediate web server; for forwarding to the second traffic manger. The second traffic manager comprises interface means for receiving the request from the first traffic manager via the intermediate web server and for passing the received request to the web application. | 01-05-2012 |
| 20120011576 | METHOD, DEVICE, AND SYSTEM FOR PRE-AUTHENTICATION - The present invention relates to mobile communications technologies, and discloses a method, device, and system for pre-authentication. A pre-authentication device receives a pre-authentication message that carries a pre-authentication option; determines a Mobile Node (MN) to be pre-authenticated according to the pre-authentication message; sends an authentication request message to an Authentication, Authorization and Accounting (AAA) server to request authentication of the MN; receives an authentication response message that is sent by the AAA server, where the authentication response message carries a pre-authentication key used between a Candidate Authenticator (CA) and the MN; and sends the pre-authentication key to the MN. Through implementation of the present invention, the pre-authentication key is obtained before the MN switches to the CA. In this way, security of communication is enhanced, and delay of switching and authentication is shortened. | 01-12-2012 |
| 20120011577 | ACCESS AUTHENTICATION METHOD AND INFORMATION PROCESSING APPARATUS - An account information operation terminal device is registered in advance in a system that performs access authentication based on account information. The system manages the account information operation terminal device registered in the system based on registered terminal information. The system uses the registered terminal information to permit only the account information operation terminal device registered in advance in the system to operate the account information. | 01-12-2012 |
| 20120017268 | ENHANCED MULTI FACTOR AUTHENTICATION - In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel. | 01-19-2012 |
| 20120023562 | SYSTEMS AND METHODS TO ROUTE NETWORK COMMUNICATIONS FOR NETWORK-BASED SERVICES - Example systems and methods to route network communications for network-based services are disclosed. An example method includes receiving network communications; determining if at least one of a source address or a destination address of the received network communications is associated with a customer to receive a network-based service; forwarding the network communications to a policy enforcement point if the at least one of the source address or the destination address is associated with the customer; determining if the forwarded network communications violates a policy selectively associated with the customer; and forwarding the network communications from the policy enforcement point to the destination address if the network communications is not in violation of the policy. | 01-26-2012 |
| 20120023563 | METHOD AND APPARATUS FOR CONSTRUCTING A NETWORKING DATABASE AND SYSTEM PROACTIVELY - A method for creating networking database containing a plurality of records for different individuals in which individuals are connected to one another in the database by mutual recognition of a relationship. This mutual recognition of a relationship is inferred by the possession of the Guest Key of one member by the other member. This paradigm for network expansion allows users to proactively grow their networks both using the site features and using tools they may be more familiar with, such as email, messaging, talking, etc. | 01-26-2012 |
| 20120023564 | ATTACHING A SENSOR TO A WSAN - Methods and arrangements in a WSAN Gateway ( | 01-26-2012 |
| 20120030743 | Fingerprint authentication server, client computer and fingerprint authentication method - A fingerprint authentication server device is disclosed. The fingerprint authentication server device includes a database in which user IDs and the registered fingerprint data of plural users are stored; and a hash value table including user hash values of the user IDs and the registered fingerprint data of the users. The fingerprint authentication server device is configured to receive a hash value of a user ID of a user to be authenticated and a hash value of registered fingerprint data associated with the user ID from a client computer; perform a search in the hash value table to determine whether there are hash values corresponding to the received hash values in the hash value table; and transmit a determination result to the client computer, thereby to cause the client computer to perform a fingerprint authentication process for a user for which correspondence of the hash values has been confirmed. | 02-02-2012 |
| 20120036566 | AUTOMATIC CONFIGURATION AND CONTINUATION OF FEDERATION RELATIONSHIPS - Embodiments are directed to establishing the integrity of a portion of data on at least one level of a plurality of network stack levels and automatically continuing an established federation relationship between at least two federation computer systems. In an embodiment, a first federation computer system receives a digital signature corresponding to a computer system signed by a digital signature which includes the computer system's identity and other federation relationship information configured to establish a trusted federation relationship between a first federation computer system and a second federation computer system. The first federation computer system attempts to validate the received digital signature at a first level of a network stack and determines that the validation at the first network stack layer was unsuccessful. The first federation computer system then validates the received digital signature at a second, different level of the network stack. | 02-09-2012 |
| 20120036567 | METHODS FOR ESTABLISHING A SECURITY SESSION IN A COMMUNICATIONS SYSTEM - A security gateway and an initiating device perform methods for establishing a security session. The methods includes the security gateway: receiving a first message from an initiating device, the first message including a first message authentication code; validating the first message using the message authentication code; and responsive to the validating, sending a second message to the initiating device, the second message including a timestamp and further including a second message authentication code for authenticating of the timestamp by the initiating device, wherein the first and second messages are used to establish the security session, and the authenticated timestamp is used for subsequent replay protection of messages between the security gateway and the initiating device. The method further includes the security gateway validating a dynamically assigned IP address for the initiating device to use in authorizing VPN traffic between the two devices. | 02-09-2012 |
| 20120036568 | PROVISIONING DEVICE - There is provided a provisioning device which provides, in advance, setting information necessary for joining in a wireless network to a first field device which is to newly join the wireless network to exchange data with an existing field device that is installed in a plant. The provisioning device includes: a storage unit that stores a white list which contains unique information of the first field device and the setting information such that the unique information and the setting information are correlated with each other; a device information acquiring unit that acquires the unique information from the first field device by wireless communication; an extracting unit that extracts, from the white list, the setting information that is correlated with the acquired unique information; and a setting unit that sends the extracted setting information to the first field device by wireless communication. | 02-09-2012 |
| 20120036569 | SECURING PORTABLE EXECUTABLE MODULES - An import address table (IAT) and dynamic linked libraries (DLLs) security mender process is configured to store nominal IAT table entries and in-process binary images, from either a priori data and/or from computed values. Particular IAT table entries and in-process binary images are fetched for comparison with expected values. These particular IAT table entries and/or in-process binary images are then overwritten with nominal values for the IAT table entries and in-process binary images. The IAT-DLL security mender runs in parallel with the operating system and has access to its IAT and inline code in system memory. | 02-09-2012 |
| 20120042365 | DISPOSABLE BROWSER FOR COMMERCIAL BANKING - Methods, computer program products, and apparatuses are provided for performing and facilitating secure communication between a client-side computing device and a remote application server through a virtual computing environment provided by an intermediate virtualization server. The virtual computing environment includes a disposable component, allowing all settings to be initialized to a secure state after each user session. | 02-16-2012 |
| 20120042366 | SECURE AND USABLE AUTHENTICATION FOR HEALTH CARE INFORMATION ACCESS - Embodiments of the invention relate to providing a health care provider access to an electronic record of a patient may be provided. A determination is made as to whether the health care provider is logged onto a computer system in a physical area assigned to the patient. Whether the health care provider is logged onto the computer system during working hours of the provider is also ascertained. The health care provider is provided with access to the electronic record of the patient via the computer system if the determining resolves to true and the ascertaining resolves to true. | 02-16-2012 |
| 20120042367 | SYSTEMS, METHODS, AND APPARATUS TO MONITOR MOBILE INTERNET ACTIVITY - Systems, methods, and apparatus to monitor mobile Internet activity are disclosed. An example method comprises determining if an application identified by an identifier of a content request from a client device supports authentication; transmitting content identified by the content request to the client device if the identifier of the content request identifies an application that supports authentication; and storing an identifier of the content requested by the content request in association with the client device. | 02-16-2012 |
| 20120042368 | METHOD FOR ESTABLISHING A PROTECTED SETUP AND WIRELESS REGISTRATION REQUESTING DEVICE IMPLEMENTING THE SAME - A method and apparatus for automatically establishing a wired protected setup between an enrollee requesting registration and a registrar granting registration are provided. The method includes: determining whether a power line communication (PLC) between the enrollee and the registrar is possible; and if it is determined that the PLC with the registrar is possible, receiving a personal identification number (PIN) from the registrar through the power line and transmitting an acknowledgement (ACK) message to the registrar through the power line as a response to the received PIN. | 02-16-2012 |
| 20120042369 | Data Card, Method and System for Identifying Fingerprint with Data Card - A data card, and a method and system for identifying a fingerprint with data card in the field of electronic communications are provided. The data card includes a fingerprint collection module that is configured to collect user's fingerprint information by using a fingerprint scanner on the data card. A fingerprint authentication module is configured to compare the collected fingerprint information with a stored fingerprint template and output a comparison result. A control module is configured to control the data card according to the comparison result output by the fingerprint authentication module. | 02-16-2012 |
| 20120047565 | PROXIMITY-BASED SOCIAL GRAPH CREATION - Systems and methods are disclosed for creating social connections. In general, a current crowd of a first user is monitored to detect if the current crowd matches an active interest of the first user. If the current crowd matches the active interest, a beacon is narrowcast to mobile devices of at least a subset of a number of other users in the current crowd of the first user. In one embodiment, the beacon is narrowcast to mobile devices of all of the other users in the current crowd. In another embodiment, the beacon is narrowcast to the mobile devices of only those other users having user profiles that include interests that match the active interest of the first user. Subsequently, a response to the beacon is received from a mobile device of a second user, and a new social connection is created between the first and second users. | 02-23-2012 |
| 20120047566 | PASSWORD PROTECTED SECURE DEVICE - The invention relates to a password protected secure device associated to a password. The secure device is in a state chosen from a group of states comprising an unlocked state, a first locked state and a second locked state. The state changes from said first locked state to said unlocked state if a user input which matches said password is received, and the state changes from said first locked state to said second locked state if a predetermined number of user inputs which do not match said password are received. The password protected secure device comprises a receiver for receiving biometric sample data, a memory comprising biometric template data, and a processor configured to compare said biometric sample data with said biometric template data. A match between the biometric sample data and the biometric template data causes said secure device to provide information for changing the password protected device from a first state to a second state, wherein one of the first state and the second state is the second locked state. | 02-23-2012 |
| 20120060209 | NETWORK DEVICES AND AUTHENTICATION METHODS THEREOF - The present invention relates to a network device and an authentication method thereof. When one network device is connected with another one, the two network devices may respectively receive and transfer an authentication reporting packet each other. Accordingly, the network devices may compare context of the received authentication reporting packet and a stored authentication type information, a digest information, and an authentication protocol information for determining whether process the following specific protocol packet according to the comparison result. | 03-08-2012 |
| 20120066750 | USER AUTHENTICATION AND PROVISIONING METHOD AND SYSTEM - Disclosed are methods and systems to authenticate and provision new, unknown users into a computer network. A computer program utilizes a card reader to extract user information from a smart card and collect additional user information inputted by the user into a computer terminal. The computer program analyzes the secure electronic certificate extracted from the smart card to authenticate the user's credentials, and transmits the user information securely to a user provisioning application. Moreover, methods and systems consistent with the present invention, utilize secure communication protocols to enable the computer program to pass the user information from an unsecured area outside of a computer network perimeter through a network firewall to a secure provisioning application inside the computer network. | 03-15-2012 |
| 20120066751 | HIGH ASSURANCE AUTHORIZATION DEVICE - Methods and apparatus are provided for securing the transfer of data over the internet from malicious interference. The apparatus comprises a computing device and a data storage device in operable communication with the computing device. The apparatus also includes a set of high assurance security instructions resident on the data storage device and executing within the computing device and at least one input/output interface. The method comprises receiving data via a first communication interface and storing the data in a memory device and initiating an unsecured data indication. The method also provides for receiving an authentication code via the first communication interface and decoding the authentication code and determining the authenticity of the data. If the authentication code fails to indicate authenticity then the data is deleted. If the authentication code indicates authenticity, then the data is transferred to a destination device via a second communication interface. | 03-15-2012 |
| 20120066752 | SINGLE TOKEN AUTHENTICATION - A method that includes storing multiple, separate data sets where each data set is related to an access code that is based on a combination of data related to the user and data related to a service provider is described herein. | 03-15-2012 |
| 20120066753 | AUTHENTICATION METHOD, AUTHENTICATION APPARATUS AND AUTHENTICATION SYSTEM - An authentication method includes: receiving second authentication information sent by an application server when first authentication succeeds; sending the second authentication information to a corresponding terminal through a telecommunication network; receiving an identifier (ID) for identifying the terminal and the second authentication verification information that are returned by the terminal through the telecommunication network; and performing a second authentication according to the ID and the second authentication verification information, or forwarding the ID and the second authentication verification information to the application server, so that the application server performs the second authentication. | 03-15-2012 |
| 20120066754 | SECURE MEDIA PERIPHERAL ASSOCIATION IN A MEDIA EXCHANGE NETWORK - A method for establishing secure access to a media peripheral in a home via a node in a communication network includes acquiring by the node, security data associated with the media peripheral; searching by the node, for a previously acquired security data associated with a location of previous operation of the media peripheral; and communicating between the node and the media peripheral, information associated with the media peripheral, while the media peripheral is located in the home, when the previously acquired security data is not found. The security data is a digital certificate. The security data may be read from the media peripheral. The security data may be transferred to a media exchange server coupled to the communication network. The acquired security data may be authenticated prior to the searching. At least one identifier may be established to facilitate communication of the media peripheral over the communication network. | 03-15-2012 |
| 20120072978 | Desired Font Rendering - An embodiment of the invention provides a method for displaying a message from a first user to a second user, wherein the message from the first user is received in a system of the second user. The message includes text in an intended font and metadata, wherein the metadata includes a link to a font source. It is determined whether the intended font is on the system of the second user; and, if the intended font is not on the system of the second user, rendering instructions are obtained from the font source. The rendering instructions include instructions on how to display the text in the intended font on the system of the second user without downloading the intended font to the system of the second user. The text is displayed in the intended font on the system of the second user using the rendering instructions. | 03-22-2012 |
| 20120072979 | Method And Apparatus For Trusted Federated Identity - A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network. | 03-22-2012 |
| 20120072980 | Method and Apparatus for Authenticating Users of An Emergency Communication Network - An authentication system is configured to weight multiple available network supplied and user supplied authentication factors to determine whether a user should be provided with access to an Emergency Communication Network (ECN). The multiple factors may include the location of the user, MIN, short PIN, token, biometric information, and other information. The level of access to be provided to the user may be tiered based on the authentication level achieved during the weighting process. Authentication information may be shared between groups of individuals, so that the authentication requirements for group members may be reduced as other members of the group supply authentication information to the ECN. Group authentication may be used to enable group services such as conferencing and push-to-talk to be set up automatically for the group. | 03-22-2012 |
| 20120079575 | System Architecture and Method for Secure Web Browsing Using Public Computers - A secure web browsing method and web browsing security system architecture for a mobile device that has initiated an internet communication session via a local area network (LAN) are provided. The architecture establishes a communication link between the mobile device and a computer having an internet browser capable of internet communication via the LAN. A routine is transmitted from the mobile device to the computer via the communication link. The routine synchronizes page content of the mobile device to the computer's internet browser. The architecture (i) detects user-supplied inputs to the page content on the computer's internet browser, (ii) generates a verification request at the mobile device when at least a portion of the user-supplied inputs are so-detected, and (iii) transmits the user-supplied inputs from the mobile device as an internet communication via the LAN only when the verification request is confirmed by the user at the mobile device. The architecture also processes each new page loaded at the mobile device to perform at least one of removal and obfuscation of selected information associated with the new page in order to generate a modified page that is transmitted to the computer using the communication link. The page content of the computer's internet browser is updated to the modified page using the routine previously transmitted to the computer via the communication link. | 03-29-2012 |
| 20120079576 | Authentication Method and Apparatus - An identity authentication method is provided. The method comprises obtaining records information of a valid user, where the records information indicates behaviors having been executed by the valid user; mapping, based on an orthogonal behavior model having multiple mutually orthogonal dimensions, records information to the multiple dimensions, wherein behaviors indicated by records information mapped to different dimensions do not overlap therebetween and have no logical cause and effect relationship; sampling records information mapped to different dimensions, respectively, so as to generate an authentication questionnaire including a plurality of authentication questions; computing, responsive to answers of a client to the authentication questionnaire, a total confidence P for the client being a valid user; outputting a positive authentication result, responsive to the total confidence probability P falling into a confidence interval; and outputting a negative authentication result, responsive to the total confidence probability P failing to fall into a confidence interval. The present invention further provides a corresponding identity authentication apparatus. | 03-29-2012 |
| 20120079577 | VIDEO BROADCASTING TO MOBILE COMMUNICATION DEVICES - A device receives login information and a content stream request from a user device connected to a wireless access network, and authenticates, via a backend server device, the user device based on the login information. The device also provides, when the user device is authenticated, a content link and a license key to the user device, and the user device provides the content link and the license key to a content delivery device. The device further verifies the license key for the content delivery device, and the content delivery device establishes a secure connection with the user device via the wireless access network, retrieves the requested content stream based on the content link, and provides the content stream to the user device via the secure connection. | 03-29-2012 |
| 20120079578 | WEB BROWSER PLAYBACK FOR A VIDEO PROVISIONING SYSTEM - A method, performed by a video provisioning system, may include receiving a request for a first digital rights management (DRM) token, associated with a video asset purchased via the video provisioning system, from a browser application associated with a user device and providing the first DRM token to the browser application. The method may further include receiving a license authorization request to issue a DRM license for the video asset, where the license authorization request is received from a license server, where the DRM license is to be used by the user device to decrypt the video asset, and where the license authorization request includes a second DRM token; determining whether the second DRM token matches the first DRM token; and authorizing the license server to issue the DRM license for the video asset, when the second DRM token matches the first DRM token. | 03-29-2012 |
| 20120079579 | BIOMETRIC AUTHENTICATION SYSTEM, BIOMETRIC AUTHENTICATION SERVER, METHOD AND PROGRAM THEREOF - An authentication system in which a authentication server and a plurality of clients are coupled through a network and configured to process an authentication from a user of a client, is configured to determine as a cache target user another user who is different from the user who requested the authentication; is configured to generate an identifier that indicates the cache target user; and is configured to transmit biometric data of the cache target user and the identifier to the client from which the authentication of the user was requested. A cache availability determiner can determine whether biometric data of any cache target user are available on a client. | 03-29-2012 |
| 20120079580 | SYSTEM AND METHOD FOR FACILITATING PROTECTION AGAINST RUN-AWAY SUBNET MANAGER INSTANCES IN A MIDDLEWARE MACHINE ENVIRONMENT - A system and method can support a middleware machine environment that includes a set of subnet manager instances, which reside on one or more nodes in the middleware machine environment and cooperate to provide a highly available subnet manager service within a subnet, wherein each said subnet manager instance is associated with a different private secure key. The subnet manager instances can negotiate with each other and elect a master subnet manager responsible for configuring and managing the middleware machine environment using the private secure key associated with the master subnet manager. The subnet can be reconfigured to be associated with a different private secure key, when a new subnet manager instance is elected as the master subnet manager. An old master subnet manager can be automatically prevented from resuming normal operations as the master subnet manager, in order to avoid undesired consequence such as a “split brain” scenario. | 03-29-2012 |
| 20120079581 | Method and System Using Universal ID and Biometrics - A universal ID and biometrics systems and methods are disclosed. A method includes receiving an authentication request message originating from a user. The authentication request message includes a first identifier and a second identifier, where the second identifier includes biometric data. The method further includes determining a third identifier based on the first identifier and sending the second and third identifiers to a first server computer to determine if the second and third identifiers have a predetermined correlation. The method further includes receiving confirmation of user authentication if the identification system determines that the second and third identifiers have the predetermined correlation. | 03-29-2012 |
| 20120079582 | AUTHENTICATING AN AUXILIARY DEVICE FROM A PORTABLE ELECTRONIC DEVICE - This document discusses, among other things, a method for authenticating a browser executing on an auxiliary device with a web service executing on a portable electronic device. The method includes receiving a request for a resource from the browser, determining whether the request identifies a protected resource, and selectively authenticating the request based on whether the request identifies a protected resource. | 03-29-2012 |
| 20120084847 | Secure Provisioning of Resources in Cloud Infrastructure - Provisioning resources in public cloud infrastructure to perform at least part of electronic design automation (EDA) tasks on the public cloud infrastructure. The provisioning of resources is handled by a cloud provisioning system that is generally operated and maintained by an EDA tool developer using a provisioning credential. After the resources are provisioned, the cloud provisioning system places user key on the provisioned resources. Once the user key is placed on the provisioned resources, the cloud provisioning system has only limited access or no access to the provisioned resources. Instead, a user client device takes over the control of the provisioned resources by using a user's access credential. The provisioning credential is retained by the EDA tool developer and is not released to the user. Similarly, the access credential is retained by the user and not released to the EDA tool developer. In this way, the EDA tool developer can retain control of the resources deployed for the EDA tasks while ensuring that the user's information associated with the EDA tasks is secure. | 04-05-2012 |
| 20120084848 | SERVER AND SERVICE PROVIDING METHOD THEREOF - A service providing method of a server is provided. The method includes registering a service hub according to a service request; setting a service hub program corresponding to the service hub; receiving a request for the service hub program from a user terminal device belonging to an organization associated with the service hub; providing the service hub program to the user terminal device; and providing an application program corresponding to the user terminal device and the service hub program to the user terminal device. | 04-05-2012 |
| 20120084849 | DEVICE AND METHOD FOR SECURE ACCESS TO A REMOTE SERVER - The device and method described herein relates to the field of computer security and, specifically, to the field of protecting confidential personal information which enables encrypted access to the remote server. A device and a method for securing confidential user information and secure exchanges of such information with the servers that host the services is provided. The device and method are based on personalising a smartcard containing the information. The chip card, connected to the user terminal, has a connection enabling the terminal to appear as a standalone host of the user's local network. An encrypted connection is then established directly between the chip card and the server hosting the service for the transmission of confidential data. The data, stored on the chip card, are then exchanged with the server via the encrypted connection. The data are never accessible in plain text on the user terminal. | 04-05-2012 |
| 20120096527 | POWERSHELL CMDLETS CODE GENERATING TOOL FOR COMMUNICATING TO THE WEB SERVICES - An objected oriented shell code generating tool receives data that identifies a Web service hosted by a server. The tool creates proxy code to generate a Web service client proxy to identify a plurality of methods for the Web service. For each method, the tool automatically creates object driven shell commands code that defines a class implementing parameters of the Web service method, wherein the object driven shell commands code is to be executed in an object driven shell platform to communicate with the Web service method via the client proxy. The tool generates invocation infrastructure code for communicating to the Web service method via the client proxy and deploys the proxy code, the invocation infrastructure code, and the object driven shell commands code in the object driven shell platform on the client to call a Web service method via the invocation infrastructure and the client proxy. | 04-19-2012 |
| 20120096528 | IMAGE FORMING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - To provide an authentication method of enabling a user to use a multifunction machine in which user information of the user is not registered on an authentication table thereof, without deteriorating a maintenance capability of the authentication table, the method is characterized to include steps of obtaining user information from the user, determining whether or not the obtained user information is included on a user information table, and transmitting, when the obtained user information is not included on the user information table, the user information to an image forming apparatus registered in a redirect destination list. The method is further characterized to cause the transmission-destination image forming apparatus to authenticate the transmitted user information, and permit use of the image forming apparatus by the user according to an authentication result of the transmission-destination image forming apparatus. | 04-19-2012 |
| 20120096529 | Method and Device for Managing Authentication of a User - A method and apparatus are provided for managing authentication of a user of a telecommunications network of an operator. The method includes the following steps: on receipt of a request for access to a service provided by the operator of this network by the user, issuing a request for identification of an authentication server destined for an authentication location server, the request including at least one identifier of the user; and on receipt of a response comprising an identifier of an authentication server associated with the identifier of the user, issuing a request for authentication of the user at the server identified for the requested service. | 04-19-2012 |
| 20120096530 | INFORMATION PROCESSING APPARATUS THAT PERFORMS AUTHENTICATION OF LOGIN FROM EXTERNAL APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - An information processing apparatus that, even when a user forgets a user ID or the like in remotely logging in to the information processing apparatus from an external apparatus, permits login from the external apparatus insofar as another authentication means satisfies predetermined conditions. Authentication information input by the user when logging in is transmitted to a management server connected to a network, and a login authentication result for the user is received from the management server. Whether or not to permit login by the user from an external apparatus connected to the network is determined based on identification information on the external apparatus. Login by the user from the external apparatus is permitted when the received login authentication result is indicative of successful authentication, and the identification information on the external apparatus is included in the authentication result. | 04-19-2012 |
| 20120096531 | Multimedia Aggregation in an Online Social Network - Multimedia content is featured on user pages of an online social network using embed codes that are generated using a configuration file associated with the source ID for the multimedia content and a content ID for the multimedia content. The configuration file, the source ID and the content ID are stored locally by the online social network so that any changes to the embed codes can be made by changing the configuration file associated with the source and regenerating the embed codes. By managing multimedia content in this manner, greater control can be exercised by the online social network over the multimedia content that are featured on its user pages. | 04-19-2012 |
| 20120096532 | Multimedia Aggregation in an Online Social Network - Multimedia content is featured on user pages of an online social network using embed codes that are generated using a configuration file associated with the source ID for the multimedia content and a content ID for the multimedia content. The configuration file, the source ID and the content ID are stored locally by the online social network so that any changes to the embed codes can be made by changing the configuration file associated with the source and regenerating the embed codes. By managing multimedia content in this manner, greater control can be exercised by the online social network over the multimedia content that are featured on its user pages. | 04-19-2012 |
| 20120102556 | Method and System for Smart Card Migration - Methods and systems are disclosed for transitioning an existing in-use phone number between an first smart card and a second smart card. | 04-26-2012 |
| 20120102557 | Security provision for a subject image displayed in a non-secure domain - A data processing device is provided with a processor core | 04-26-2012 |
| 20120102558 | SYSTEM, SERVER DEVICE, METHOD, PROGRAM, AND RECORDING MEDIUM THAT ENABLE FACILITATION OF USER AUTHENTICATION - A terminal device acquires item property information from a medium, and transmits, to a server device, terminal identification information of the terminal device, which is assigned by the server device in advance and stored in storage means and item property information acquired from the medium. The server device stores the terminal identification information and the item property information received from the terminal device, and transmits, to a device, information generated based on the terminal identification information and the item property information received from the terminal device. The server device performs authentication of a user of the terminal device based on the terminal identification information. Because this terminal identification information is assigned by the server device, transmission of the information does not entail a risk of leakage of personal information, unlike a case in which personal information such as a telephone number is used for authentication. | 04-26-2012 |
| 20120102559 | INFORMATION PROCESSING SYSTEM, TERMINAL DEVICE, AND SERVER - With a terminal apparatus that includes an authentication method deciding unit that selects one of two or more authentication methods according to acquired position information, an authentication screen output unit that outputs a screen corresponding to the one authentication method, an accepting unit that accepts authentication information that is input on that screen, an authentication information sending unit that sends an authentication method identifier that identifies an authentication method and the authentication information to a server, an output information receiving unit that receives, from the server, one or more pieces of output information corresponding to the authentication method identification information in the case of success of authentication, and an output information output unit that outputs output information, information necessary for medical practice can be acquired while appropriately securing the privacy of a patient. | 04-26-2012 |
| 20120110652 | DYNAMIC QUERY SERVICES AND METHODS - A system has a network and a data source communicatively coupled to the network. Further, the system has logic configured to discover the data source available on the network and store metadata indicative of the discovered data source in memory, the logic further configured to generate a release parcel, in response to a user input, for performing operations on the data source, the logic further configured to deploy the release parcel to a dynamic query service computing device wherein operations on the data source can be performed through the release parcel. | 05-03-2012 |
| 20120110653 | MEASUREMENT DEVICE AND METHOD FOR LOGGING USE OF THE MEASUREMENT DEVICE - In a method for managing use information of a measurement device, an operating interface of the device is locked before the device is operated. When a user starts to use the device, the method provides a login interface to verify whether the user is authorized to login the operating interface. If the user is authorized to login the operating interface, the operating interface is unlocked and the method records first information of starting to operate the device. After finishing the operation or when an elapsed time of the device not in use is greater than a predetermined time, the method controls the user to log out the operating interface, records second information of finishing the operation, and the operating interface is locked. The first information and the second information are saved in a text file. | 05-03-2012 |
| 20120117632 | METHOD AND SYSTEM FOR AUTHENTICATING A DATA STREAM - A method and apparatus for obtaining digital content. A credential is extracted from a first data stream that corresponds to a media item. The credential is provided to a content provider. If the credential is authenticated, the content provider sends a second data stream that corresponds to the media item. | 05-10-2012 |
| 20120117633 | Enhanced Security For Pervasive Devices Using A Weighting System - An approach is provided where one or more biometric inputs are received at a biometric receiver accessible by a mobile pervasive computing device. The biometric inputs are from a current user of the mobile pervasive computing device. One or more sets of expected biometric data are retrieved with the sets of expected biometric data corresponding to one or more authorized users of the mobile pervasive computing device. The received biometric inputs are compared with the retrieved sets of expected biometric data. Themobile pervasive computing device is secured using one or more security actions if the comparison reveals a mismatch between the biometric inputs and the retrieved sets of expected biometric data. | 05-10-2012 |
| 20120117634 | SYSTEMS AND METHODS FOR FACILITATING DISTRIBUTED AUTHENTICATION - A method for facilitating distributed authentication includes the step of requesting, by a user of a client machine residing in a first domain, access to a resource residing in a second domain. The client machine authenticates the user to an intermediate machine. The intermediate machine impersonates the client machine. The intermediate machine impersonating the client machine requests access to the second domain from a domain controller residing in the second domain. The domain controller authorizes the requested access, responsive to a determination that the impersonated client machine is trusted for delegation. The domain controller transmits to an application server residing in the second domain, authentication data associated with the impersonated client machine. The application server transmits, to the intermediate machine, a launch ticket uniquely identifying a logon token. The client machine provides, to the application server, the launch ticket to access the resource residing in the second domain. | 05-10-2012 |
| 20120124654 | System and method for a secure user interface - In accordance with embodiments, there are provided mechanisms for methods and systems for inputting information, such as authentication and verification information, which are meant to thwart keylogging and phishing, while also assisting in a user's recall of the required input information. In at least one embodiment, a secure virtual keyboard is generated that has less buttons or entry keys than choices for input entry. | 05-17-2012 |
| 20120124655 | Apparatus for connecting a human key identification to objects and content or identification, tracking, delivery, advertising, and marketing - An apparatus for connecting a human key identification to objects and content or identification, tracking, delivery, advertising, and marketing. An Independent Clearing House Agent (ICHA) server is connected to a human key server. The human key server is connected to a translation server and universal virtual world (UVW) server for the management of a plurality of methods and mechanism integrally working as one system. A virtual world airport (VWA) server is connected to a Mobile, Handheld, and Independent Device Application Development (MHIDAD) server which in turn communicates with an illumination transformer audio video manager interactive server transmitter (ITAVMIST which communicates with a Virtual Cash Virtual Currency (VCVC) server. The authentication unit also creating identification data; and sending to verification; a match combined with 9 out of 17 positive point evaluations returns, via an Internet connection to the mobile device. | 05-17-2012 |
| 20120131658 | METHODS AND APPARATUS FOR DYNAMIC USER AUTHENTICATION USING CUSTOMIZABLE CONTEXT-DEPENDENT INTERACTION ACROSS MULTIPLE VERIFICATION OBJECTS - An authentication framework is provided which enables dynamic user authentication that combines multiple authentication objects using a shared context and that permits customizable interaction design to suit varying user preferences and transaction/application requirements. For example, an automated technique for user authentication comprises the following steps/operations. First, user input is obtained. At least a portion of the user input is associated with two or more verification objects. Then, the user is verified based on the two or more verification objects in accordance with at least one verification policy operating on a context shared across the two or more verification objects. The user authentication technique of the invention may preferably be implemented in a flexible, distributed architecture comprising at least one client device coupled to at least one verification server. The client device and the verification server may operate together to perform the user authentication techniques of the invention. | 05-24-2012 |
| 20120131659 | COMMUNICATIONS SYSTEM INCLUDING PROTOCOL INTERFACE DEVICE FOR USE WITH MULTIPLE OPERATING PROTOCOLS AND RELATED METHODS - A communications system may include a plurality of data storage devices each using at least one of a plurality of operating protocols. The system may also include a plurality of mobile wireless communications devices for accessing the data storage devices, and each may use at least one of the plurality of operating protocols. Furthermore, the system may also include a protocol interface device including a front-end proxy module for communicating with the plurality of mobile wireless communications devices using respective operating protocols, and a protocol engine module for communicating with the plurality of data storage devices using respective operating protocols. More particularly, the front-end proxy module and the protocol engine module may communicate using a common interface protocol able to represent a desired number of protocol-supported elements for a desired operating protocol. | 05-24-2012 |
| 20120137352 | METHOD AND SYSTEM FOR ABSTRACTED AND RANDOMIZED ONE-TIME USE PASSWORDS FOR TRANSACTIONAL AUTHENTICATION - A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed. | 05-31-2012 |
| 20120137353 | METHOD AND SYSTEM FOR ABSTRACTED AND RANDOMIZED ONE-TIME USE PASSWORDS FOR TRANSACTIONAL AUTHENTICATION - A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed. | 05-31-2012 |
| 20120144467 | Network Selection from a Menu - Methods and systems for connecting to a network, such as a wired or wireless network, are provided. A method may include displaying a menu with one or more menu options in response to a user indication. Each menu option may indicate an available network and the status of the available network. Upon receiving a user menu selection indicating a selected available network, an authentication input field may be provided with the corresponding menu option in the displayed menu. The user may enter authentication information in the authentication input field in order to be connected to the selected available network. The corresponding menu option may display further status information upon successful connection to the selected available network. | 06-07-2012 |
| 20120144468 | Systems, Methods, and Computer Program Products for User Authentication - Responsive to receiving an authentication request from a device, an authentication server determines a confidence level for the authentication request, generates a confidence-weighted challenge to the authentication request. The confidence-weighted challenge being weighted based upon a confidence level. The authentication server, responsive to receiving a challenge response to the confidence-weighted challenge from the device, determines whether to authenticate the user based upon the challenge response. If the authentication server determines that the challenge response satisfies an expected response known to the authentication server, the authentication server permits authentication of the user to access the device. If the authentication server determines the challenge response does not satisfy the expected response known to the authentication server, the authentication server denies authentication of the user to access the device. | 06-07-2012 |
| 20120144469 | Network Selection From A Menu - Methods and systems for connecting to a network, such as a wired or wireless network, are provided. A method may include displaying a menu with one or more menu options in response to a user indication. Each menu option may indicate an available network and the status of the available network. Upon receiving a user menu selection indicating a selected available network, an authentication input field may be provided with the corresponding menu option in the displayed menu. The user may enter authentication information in the authentication input field in order to be connected to the selected available network. The corresponding menu option may display further status information upon successful connection to the selected available network. | 06-07-2012 |
| 20120144470 | USER AUTHENTICATION METHOD USING LOCATION INFORMATION - A user authentication method includes transmitting a number of the mobile communication terminal, a user identifier (ID), and a unique number (PW); at the web server, storing the number of the mobile communication terminal, the user identifier (ID), and the unique number (PW); at a mobile communication terminal registered in the web server, transmitting location information of the mobile communication terminal; at the web server, storing a table in which the location information is mapped together with the number of the mobile communication terminal, the user identifier (ID), and the unique number (PW); and when the web server receives an access request from the mobile communication terminal registered in the web server, at the web server, confirming location information of the mobile communication terminal and comparing the location information of the mobile communication terminal with the table. | 06-07-2012 |
| 20120144471 | UPDATING STORED PASSWORDS - A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client in accordance with an authentication protocol, and authenticate the client based on a comparison of the first form to a value derived from a second form of the password stored in a password database. The comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client over the secure connection, authenticate the client by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client when the authentication server receives the first form. | 06-07-2012 |
| 20120144472 | Fraud Detection - In some embodiments, techniques for information security include receiving information related to an authentication credential, wherein the information is related to a failed authentication attempt; determining whether the authentication credential is related to a valid account; and performing a security measure related to the valid account, if it is determined that the authentication credential is related to the valid account. | 06-07-2012 |
| 20120144473 | PAIRING OF WIRELESS DEVICES USING A WIRED MEDIUM - Techniques that facilitate pairing of wireless devices with other wireless devices are disclosed. According to one aspect, a pair of wireless devices can be paired for wireless data exchange using an available wired link. Advantageously, the wired link can be used to transport a pin code from one of the wireless devices to the other. Consequently, pairing of the wireless devices can be completed without necessitating user entry of a pin code so long as the wired link is available. | 06-07-2012 |
| 20120151564 | System and method for associating a universal user indentification and a domain specific user identification - There is presented a system and method for associating a domain transcendent identification (ID) of a user and a domain specific ID of the user, the system comprising an ID association server accessible by a plurality of secure domains over a network. The system also includes an ID associator application that when executed by ID association server is configured to receive a domain specific ID that associates the user to the secure domain, enter the domain specific ID in a domain transcendent ID record created for the user, generate a unique data associated with the domain transcendent ID record and identify a network location for submission of the unique data, send the unique data and the network location to the user, and associate the domain transcendent ID and the domain specific ID. | 06-14-2012 |
| 20120151565 | SYSTEM, APPARATUS AND METHOD FOR IDENTIFYING AND BLOCKING ANOMALOUS OR IMPROPER USE OF IDENTITY INFORMATION ON COMPUTER NETWORKS - A system, apparatus and method is described for a security platform and/or identity platform for identifying, notifying, reporting and blocking pass-the-hash attacks and the anomalous or improper use of identity information on computer networks. The system, apparatus or method follows a policy of zero-trust, and does not rely on any client or server information to verify or confirm identity. Instead, the system, apparatus or method of the invention monitors communications between network devices, and when a first device transmits a communication of interest to a second device, the system, apparatus or method of the invention queries the first device directly to determine whether the transmission is authorized. | 06-14-2012 |
| 20120151566 | METHOD AND DEVICE FOR VERIFYING DYNAMIC PASSWORD - The examples of the present invention provide a method and device for verifying a dynamic password. In the method and device, some algorithm parameters can be exchanged in public by using a DH algorithm, and thus a same key is shared safely between two entities, so as to implement the verification of the dynamic password and further improve the security of identity verification. Moreover, the method and device can be easy to use. Further, by the above technical solution, no message exchange is needed between a mobile device and a verification server, and a user does not need to pay for additional flux, so as to decrease the burden of the user and verification costs. | 06-14-2012 |
| 20120151567 | Reusable Authentication Experience Tool - A reusable authentication component may be integrated into a web page to communicate with an authentication server and authenticate a user to the web page. The reusable authentication component may implement a complex authentication process, including multiple user interfaces to receive multiple assurances of user identity and user confirmation of previously stored mutual authentication data. The authentication process may be performed by the authentication component without refreshing or redirecting the parent web page until completion of a successful user authentication, after which the parent web page may receive authentication data and refresh to provide user specific and/or secure user data on the web page. | 06-14-2012 |
| 20120159590 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATING AN IDENTITY OF A USER BY GENERATING A CONFIDENCE INDICATOR OF THE IDENTITY OF THE USER BASED ON A COMBINATION OF MULTIPLE AUTHENTICATION TECHNIQUES - A user's identity is authenticated by evaluating the identity of the user using a plurality of authentication techniques, the plurality of authentication techniques generating a plurality of numerical confidence indicators, respectively, of the identity of the user, associating a plurality of authentication technique weights with the plurality of numerical confidence indicators, respectively, and calculating a weighted combination of the respective numerical confidence indicators using the plurality of authentication technique weights to generate a composite numerical confidence indicator of the identity of the user. | 06-21-2012 |
| 20120159591 | User Authentication Via Mobile Communication Device With Imaging System - A graphical authentication identifier is used to facilitate automatic authentication of a user. A graphical identifier authentication system receives a request from an authenticating entity for a onetime use graphical authentication identifier. In response to the received request, a onetime use graphical authentication identifier to be displayed by the authenticating entity is generated. A request for user authentication information by the authenticating entity is encoded in the graphical authentication identifier, which is transmitted to the authenticating entity for display (e.g., on a login screen). The onetime use graphical authentication identifier being displayed by the authenticating entity is captured by a registered user operated computing device. In response, the requested user authentication information is transmitted to the authenticating entity, such that the user is automatically authenticated to the authenticating entity, without the user manually entering the requested user authentication information. | 06-21-2012 |
| 20120159592 | MULTI-LAYERED COLOR-SENSITIVE PASSWORDS - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and at least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image and selection of a color for a portion of the display that matches a pre-selected color. | 06-21-2012 |
| 20120159593 | MULTI-LAYER ORIENTATION-CHANGING PASSWORD - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and at least one of the modified base image and modified overlay image is moved by the user. In addition to the moving, a change in orientation of at least one of the modified base image and the modified overlay image is required. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image and the change in orientation matching a pre-selected orientation criterion. | 06-21-2012 |
| 20120159594 | ADJUSTING THE POSITION OF AN ENDPOINT REFERENCE FOR INCREASING SECURITY DURING DEVICE LOG-ON - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and with each execution of the method, at least one of a position of a pre-selected base image reference point on the modified base image and a position of a pre-selected overlay image reference point on the modified overlay image is varied. Positive authentication is indicated in response to an input resulting in the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image. | 06-21-2012 |
| 20120159595 | THIRD PARTY INITIATION OF COMMUNICATIONS BETWEEN REMOTE PARTIES - A data transfer system is described herein that allows data to be sent directly between two computing devices at the request of a third party client computer. The system allows a third party to initiate data transfers between computers in a network file system. This results in a significant speed increase because little to no data travels over the third party's potentially slower connection. The data transfer system provides a mechanism to determine if the direct transfer would be more efficient than two separate read and write operations, based on measurements of bandwidth and latency between each computing device. The data transfer system provides support for the source server to compress the data and the destination server to decompress the data at the direction of a third party client to further save network bandwidth. | 06-21-2012 |
| 20120159596 | BROWSER-BASED BACK-END MANAGEMENT SYSTEM FOR A CONCENTRATED PHOTOVOLTAIC (CPV) SYSTEM - Each of the CPV arrays at a solar site is coupled with a different system control point (SCP) to be communicatively connected to a central backend management system associated with that solar site. The management system is configured to present a plurality of user interfaces via the Internet to a browser of a user's client device to enable the user to navigate to and then 1) view information for various components and 2) send a command to perform an action for various components for the various components associated with the CPV arrays. The plurality of user interfaces presented to the user based on the management system having authenticated the user as being allowed to view the information related to the CPV array. | 06-21-2012 |
| 20120159597 | METHODS FOR REMOTE MONITORING AND CONTROL OF SECURITY DEVICES OVER A COMPUTER NETWORK - Methods are provided to access devices over the Internet and to control and/or set states of devices over the Internet. One method includes providing, at a server connected to the Internet, code for enabling access to networked devices at a remote location using a networked computing device. The method can enable receiving a status request to view status of one or more of the networked devices. The method can also enable receiving a control request at the server, via the networked computing device, to operate one or more utility controls at a remote location. The utility controls can be used for any of a variety of purposes. The method is operable for any computing device that has access to the Internet, including wireless hand-held networked devices. | 06-21-2012 |
| 20120159598 | USER AUTHENTICATION SYSTEM AND METHOD USING PERSONAL IDENTIFICATION NUMBER - A user authentication system using a personal identification number, includes a user terminal device for requesting issuance of a personal identification number from an authentication server, storing and displaying a personal identification number, and registering reference information used to permit verification of validity of the personal identification number on the authentication server. Further, the user authentication system includes an inquiry device for requesting verification of validity of the personal identification number from the authentication server, and receiving and displaying results of the verification. Furthermore, the user authentication system includes an authentication server for storing issuance information while issuing the personal identification number, determining whether to permit the verification of the validity of the personal identification number, if the inquiry device requests the verification of the validity, and replying with results of the verification, if it is determined that the verification of the validity is to be permitted. | 06-21-2012 |
| 20120159599 | Personalized Multifunctional Access Device Possessing an Individualized Form of Authenticating and Controlling Data Exchange - A personalized multifunctional access device that possesses an individualized form of authenticating and controlling data exchange following a unique authentication of a user by the access device, wherein the access is further disposed to create a secure exchange environment for a user through pairing with a corresponding medium and subsequent authentication. | 06-21-2012 |
| 20120159600 | METHOD OF CONTROLLING BIOMETRIC AUTHENTICATION SYSTEM, NON-TRANSITORY, COMPUTER READABLE STORAGE MEDIUM AND BIOMETRIC AUTHENTICATION SYSTEM - A control method for controlling a biometric authentication system including a server that stores reference biometric data, and a client that acquires biometric authentication data of the user, has saving in the server a table in which identification information identifying the user and a previous authentication result of the user are associated with each other, transmitting the identification information to the server, referring to the identification information and acquiring a previous authentication result of the user corresponding to the identification information from the table, calculating, an authentication success rate of the user from the acquired previous authentication result, transmitting the reference biometric data to the client when the authentication success rate is less than or equal to a certain value, calculating, a degree of matching between the biometric authentication data and the reference biometric data, and determining, whether or not the authentication of the user has succeeded. | 06-21-2012 |
| 20120167187 | METHOD, APPARATUS AND SYSTEM FOR CONTROLLING ACCESS TO COMPUTER PLATFORM RESOURCES - A manageability engine, and/or operations thereof, for controlling access to one or more resources of a computer device. In an embodiment, the manageability engine executes an authentication agent to perform authentication of a local user of a computer platform which includes the manageability engine. In another embodiment, the manageability engine includes a device driver to control an input/output device for the local user to exchange an authentication factor via a trusted path between the input/output device and the manageability engine. | 06-28-2012 |
| 20120167188 | USER IDENTITY ATTESTATION IN MOBILE COMMERCE - A method, apparatus, system, and computer program product for user identity attestation in mobile commerce. The method may include obtaining a photograph of a user of a mobile device via a camera integrated with the mobile device; identifying a first set of fiducial points from the photograph; causing the first set of fiducial points from the photograph to be compared to a second set of fiducial points associated with an authorized user of the mobile device; and determining that the user is the authorized user if the first set of fiducial points matches the second set of fiducial points. | 06-28-2012 |
| 20120167189 | PSEUDONYMIZED AUTHENTICATION - An OT or Oblivious Transfer protocol is used to output pseudonym tokens from a list of pseudonym tokens to user entities such that it is possible to obtain pseudonymized authentication by a preceding verification of proof of identity of the respective user entities and marking pseudonym tokens as used as soon as the same are used for authentication by means of the OT protocol after the output. | 06-28-2012 |
| 20120167190 | ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY - An entity authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message | 06-28-2012 |
| 20120167191 | Communication Card for Mobile Network Devices and Authentication Method for Users of Mobile Network Devices - A removable communication card for mobile network devices, and respectively a corresponding authentication method applied therewith. The removable communication card includes an identification module for storing identification data for users, a measurement device for capturing a first biometric feature and a second biometric feature of a user, and an analysis module with a processor unit for comparison of the first and the second biometric features with the stored identification data for the user. | 06-28-2012 |
| 20120167192 | AUTHENTICATION OF DEVICES IN A WIRELESS NETWORK - Various aspects are discussed, for example, a method is decsribed for authentication of devices in a wireless network involving NFC (Near Field Communication), wherein
| 06-28-2012 |
| 20120174203 | IDENTIFYING A USER ACCOUNT IN A SOCIAL NETWORKING SYSTEM - Locating social networking system accounts for user of the social networking system permits the users to locate and access their accounts even if they cannot provide a user login ID or a login email address associated with their social networking system account. The social networking system locates a user account by receiving a user name associated with the user and a friend name of a friend connected to the user in the social networking system and identifying a user account wherein the identified user account has a user name matching the received user name and the identified user account is connected with another user in the social networking system who has a user name matching the received friend name. | 07-05-2012 |
| 20120174204 | MONETIZED ONLINE CONTENT SYSTEMS AND METHODS AND COMPUTER-READABLE MEDIA FOR PROCESSING REQUESTS FOR THE SAME - One aspect of the invention provides a computer system having processing and memory means operable to provide a monetized online content system. The computer system is coupled to one or more resource modules each having data in the memory means and includes: an interceptor module configured to receive a request from a client for one or more resources available from one or more resource modules, refer the request to one or more of the resource modules configured to fulfill the request, receive one or more responses from one or more of the resource modules, at least one of said one or more responses having one or more events associated therewith, and transform the one or more responses by removing the one or more events associated with the one or more responses prior to presentation of the one or more responses to the client. | 07-05-2012 |
| 20120174205 | USER PROFILE AND USAGE PATTERN BASED USER IDENTIFICATION PREDICTION - Embodiments of the present invention provide method, system and computer program product for user profile and usage pattern based user ID prediction. In accordance with an embodiment of the invention, a user can request a user ID to access a portion of a computing system. One or more characteristics of the user, such as a role or location can be determined and correlated to one or more different additional user ID options. In this regard, the additional user ID options can be a suggested alternative user ID for use by the user commensurate with the role or location of the user, or with past patterns of other users considered similar to the user based upon the characteristics of the user. In this way, the predictive nature of the foregoing methodology can assist the user in requesting a most appropriate user ID based upon the characteristics of the user and also in requesting a user ID which may be required in the future by the user based upon predictive patterns of system usage of other like users so as to save time and improve work efficiency. | 07-05-2012 |
| 20120180115 | METHOD AND SYSTEM FOR VERIFYING A USER FOR AN ONLINE SERVICE - A system and method for verifying a user of an online or web service. According to an embodiment, a web page is provided to user for capturing an image of the user together with an embedded verification code. The captured image is provided to a verifier agent and the embedded verification code is compared to an original verification code associated with the user. If there is a match, the user is verified and an account can be created for the user. If there is no match, then the user can be rejected or the verification can be escalated to review by a supervisory agent. According to an embodiment, the embedded verification code comprises a visual representation of the code on a substrate that has been mechanically manipulated. | 07-12-2012 |
| 20120180116 | SYSTEMS AND METHODS FOR PROVIDING SECURE ELECTRONIC DOCUMENT STORAGE, RETRIEVAL AND USE WITH ELECTRONIC USER IDENTITY VERIFICATION - Systems and methods for efficient and timely electronic new user authentication in a digital mailbox system using a sliding scale approach to include one or more identity authentication systems as appropriate for system security needs are provided. The system first obtains new user name and address data. Because the address is an important data point, the system first verifies the address before expending the resources of an identity data search. If the address is valid, the system calls an identity verification system and provides an identity quiz to the user based upon additional identity verification data. If the user passes the quiz, then a new account is setup and any other systems users having an account at that address are notified. | 07-12-2012 |
| 20120180117 | Method for Realizing End-to-End Call, End-to-End Call Terminal and System - A method for implementing an end-to-end call, an end-to-end call terminal and a system are provided in the present invention, wherein, the end-to-end call service server is not involved, and the end-to-end communication is employed between users, therefore the reliability risk of single-point failure in the registration server in the existing system is avoided. An end-to-end service is initiated without servers so that trade secrets will not be leaked by the operator, and thus the present invention effectively avoids number stealing in end-to-end calls, and has high reliability and security. In addition, after a terminal logs in the new network and initiates the end-to-end call function, the terminal can directly use the end-to-end call service with no need of entering a username and a password to log in the end-to-end call system, and thus it is more convenient to use. | 07-12-2012 |
| 20120180118 | Method and System for Transmitting Authentication Context Information - A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider. | 07-12-2012 |
| 20120185925 | Systems and Methods for Generating and Validating Configuration Files for Computing Devices - Systems and methods are provided for real-time automated generating and validating configuration files for provisioning computing devices. For example, method for provisioning a computing device includes receiving a user request to configure a computing device to access a service, generating a device configuration file to enable access to the service, validating the configuration file before deploying the configuration file to the computing device by testing configuration settings of the configuration file against the service for which the configuration file is generated to access, and deploying the configuration file to the computing device when the configuration file is deemed valid. | 07-19-2012 |
| 20120185926 | Directory Driven Mailbox Migrations - An example method for migrating communication data from a source server to a target server includes obtaining, using a computing device, a set of credentials to access the source server, and accessing the source server using the set of credentials. The method also includes requesting, automatically by the computing device, a directory structure associated with communication data from the source server, populating, by the computing device, the target server using the directory structure, requesting the communication data from the source server, and populating the target server with the communication data. | 07-19-2012 |
| 20120192256 | DISCONNECTED CREDENTIAL VALIDATION USING PRE-FETCHED SERVICE TICKETS - One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible. | 07-26-2012 |
| 20120192257 | IMAGE PROCESSING APPARATUS, ACCESS CONTROL METHOD, AND STORAGE MEDIUM - An image processing apparatus includes a request determining unit receiving an operation event indicating a request to use an image processing function and determining whether the request is from a guest user based on the received operation event; a guest login processing unit generating guest login information including a guest user identifier and access right information of the guest user if the request is from the guest user and sending a login request to request a login process for the guest user based on the guest login information; an access control unit disabling access control on the image processing function in response to the login request based on the access right information in the guest login information; and a usage history recording unit recording a usage history of the image processing function in association with the guest user based on the guest user identifier in the guest login information. | 07-26-2012 |
| 20120192258 | HOTSPOT NETWORK ACCESS SYSTEM AND METHOD - A system and method are disclosed for providing wireless network access to a user of a remote device at a hotspot. In general, wireless communication is established by the system with the remote device to enable wireless transmission therefrom of social networking credentials associated with a social network profile maintained by a third party social network service provider. Using these credentials, the user is authenticated with the third party social network service provider, and, upon authentication, is provided wireless access to the network. | 07-26-2012 |
| 20120192259 | METHOD, DEVICE AND SYSTEM FOR INFORMATION DOWNLOAD PROCESSING AND INFORMATION DOWNLOAD INDICATION - The present invention provides a method, device and system for information download processing and information download indication. In the present invention, because an imaging device has been registered with paid web sites successfully when leaving the factory, a user can access the paid web sites only by installing drivers. According to a protocol, the user can access the paid web sites and acquire data by means of the imaging device, and correspondingly, manufacturer of the imaging device pays a fee to the paid web sites. Thereby, after purchasing the imaging device, the user can access the paid web sites to acquire the free data as long as the imaging device is connected to a computer capable of being connected with the Internet and the driver of the imaging device is installed on the computer. The present invention eliminates need for the user to register and pay to obtain paid data. | 07-26-2012 |
| 20120198531 | MULTI-DEVICE SESSION PAIRING USING A VISUAL TAG - One or more techniques and/or systems are disclosed for joining two or more devices in a multi-device communication session. A request is received from a first device, such as at a session hosting service on a remote server, to initiate a multi-device communication session, such on the session hosting service. A visual tag is sent to the first device, such as from the session service, where the visual tag comprises device-session pairing information, such as session service identification and session authorization. A multi-device communication session joining request is received from a second device, where the request from the second device comprises the device-session pairing information retrieved from the visual tag displayed by the first device, and captured by the second device. | 08-02-2012 |
| 20120198532 | User Authentication for Social Networks - Systems and methods are provided for social networks that can verify that enrolled users are not misrepresenting facts about themselves such as age and gender. Verification can be performed, for example, by reference to biometric templates stored during the user enrollment process. The biometric templates can also be used to authenticate users logging into the social network to prevent user impersonation. The ability of some users to communicate to other users of the social network can be limited to only certified users, and even to those certified users that match a criterion, such as gender or age. | 08-02-2012 |
| 20120198533 | METHODS FOR REMOTE MONITORING AND CONTROL OF HOME DEVICES OVER A COMPUTER NETWORK - Methods are provided to access of home devices over the Internet and to control and/or set states of devices over the Internet. One method includes providing, at a server connected to the Internet, code for enabling access to networked devices at a remote location using a networked computing device. The method can enable receiving a status request to view status of one or more of the networked devices. The method can also enable receiving a control request at the server, via the networked computing device, to operate one or more utility controls at a remote location. The utility controls can be used for any of a variety of purposes. The method is operable for any computing device that has access to the Internet, including wireless hand-held networked devices. | 08-02-2012 |
| 20120204246 | ESTABLISHING A SECURE CHANNEL WITH A HUMAN USER - A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user's input reflects the fact that the user knows the PIN, then the user is authenticated. | 08-09-2012 |
| 20120204247 | SYSTEM AND METHOD FOR IMPROVING SECURITY OF USER ACCOUNT ACCESS - A system and method for providing access to a user account is provided, and in particular for improving the security to a user when entering access details, for example when logging on to Internet sites, networks, software and web applications. On one form, there is a system for providing access to a user account via an electronic device having a visual display screen, including communication means for issuing at least one security identifier to the user, said security identifier including one or more characters chosen from a predetermined character set; a database for storing said at least one security identifier and said predetermined character set; a processor for providing an access interface on said visual display screen for said user to input said security identifier, wherein said access interface includes a graphical display character set which includes at least the characters comprising the security identifier; and for comparing said security identifier entered by said user on the graphical display character set to the security identifier stored in said database, and for comparing said security identifier entered to a predetermined security identifier stored in said database, and if comparison is successful, providing access to said user account. | 08-09-2012 |
| 20120210409 | NON-TEXTUAL SECURITY USING PORTRAITS - A user is authenticated using portraits of known contacts. During a challenge-response process, a collection of portraits are presented, some known to an authenticated user and some randomly selected. Responsive to correctly identifying the known portraits, the user is granted access to a system. | 08-16-2012 |
| 20120210410 | NETWORK SECURITY MANAGEMENT FOR AMBIGUOUS USER NAMES - A method of managing network security can include receiving a user input comprising a user name and a password, determining whether the input user name potentially corresponds to a plurality of user accounts, determining whether the password is valid, and determining whether each of the user accounts is locked. The method can include selecting a security response to the user input based upon whether the input user name potentially corresponds to the plurality of user accounts, whether the password is valid, whether each of the user accounts is locked, and outputting the security response. | 08-16-2012 |
| 20120210411 | PROCESS FOR AUTHENTICATING AN END USER - A process for authenticating an end user. A first pattern of colored quadrilaterals is generated. A second pattern of multiple colored nodes that include a first subset of nodes is generated. The first and second patterns are sent to the end user. If a transparent credit card is overlaid by the end user on top of the second pattern, then a second subset of nodes in the credit card would match in color and location the first subset of nodes. The authenticity status of the end user is determined by determining whether each node of a third subset of nodes within the second subset of nodes (i) corresponds to a unique node of the multiple colored nodes and (ii) has a color that matches a specific color in one quadrilateral of the colored quadrilaterals. The determined authenticity status is sent to the end user via an output device. | 08-16-2012 |
| 20120210412 | Information Processor, Authentication Control Method, And Storage Medium - An information processor is disclosed that includes an authentication part configured to authenticate a user based on predetermined information; an information obtaining part configured to obtain first information to be used to authenticate the user from an external device; and an authentication control part configured to cause the authentication part to authenticate the user by inputting information based on the first information to the authentication part as the predetermined information. The information obtaining part is configured to obtain the first information using a program module whose correlation with the information obtaining part is recorded in a recording medium. | 08-16-2012 |
| 20120216265 | USING CLOCK DRIFT, CLOCK SLEW, AND NETWORK LATENCY TO ENHANCE MACHINE IDENTIFICATION - Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data. | 08-23-2012 |
| 20120216266 | SYSTEM AND METHOD TO ASSOCIATE A PRIVATE USER IDENTITY WITH A PUBLIC USER IDENTITY - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record. | 08-23-2012 |
| 20120222100 | ADVANCED CAPTCHA USING INTEGRATED IMAGES - An embodiment of the invention is a CAPTCHA program to determine if a user of a computer is a human or a computer program. The program sends to the computer an image and a portion of the image for display. The program receives from the user an indication of where the portion is located within the image. The portion, as displayed, may be altered in various ways. In response to the user properly indicating the location, the program determines that the user of the computer is a human. In response to the user not properly indicating the location, the program determines that the user of the computer is a computer program. In response to determining that the user of the computer is a human, the program grants the user access to information (database, application, program). In response to determining that the user is a computer program, the program denies access. | 08-30-2012 |
| 20120222101 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, SERVER DEVICE, AND METHOD - An information processing system including an information processing device connected to a first communication network, a terminal device connected to the first communication network, and a server device connected to a second communication network. The server device includes a receiving unit, a first request unit, and a providing unit. The receiving unit receives an instruction from the terminal device to provide the information processing device with a predetermined service. The first request unit presents a test to the information processing device to authenticate whether or not the information processing device is being operated by a human. The providing unit provides the information processing device with the service in accordance with the instruction. The terminal device includes an instruction unit and a response unit. The instruction unit sends the instruction to the server device. The response unit makes a response to the test on behalf of the information processing device. | 08-30-2012 |
| 20120222102 | AUTHENTICATION USING MOBILE DEVICES - Technologies are generally described for authentication systems. In an example, an authentication system can be built among devices by sharing an image that is virtually torn into pieces. Each participant in the authentication system receives a piece of the image. The participants are authenticated when the pieces are later joined to form the original image. | 08-30-2012 |
| 20120222103 | ACCESS CONTROL METHOD, AND ASSOCIATED LOCK DEVICE AND ADMINISTRATION SERVER - An access control method is disclosed in which a lock device provides conditional access to a protected environment by short-range wireless communication with a key device having a key device identifier (KD_ID). In the method, the lock device requests the key device to provide a challenge response to a challenge generated by the lock device based on a challenge code kept by the lock device. The lock device receives the challenge response from the key device. The challenge response is generated by a remote administration server and is based on the key device identifier of the key device. The generated response is sent to the key device and forwarded from the key device to the lock device. The lock device then verifies the received challenge response based on the challenge code and on the key device identifier of the key device. | 08-30-2012 |
| 20120227096 | METHOD AND APPARATUS FOR TRANSFERRING DATA - A method and apparatus for transferring data to a mobile device is described. Authentication information associated with a user is received and used to authenticate the user. A one-time-use password is determined and an identity of a mobile device and/or a mobile device operator is verified. Encrypted data is transmitted to the mobile device, where the encryption is based, at least in part, on the one-time-use password. On receipt of the password at the mobile device, the data may be decrypted for use by the mobile device. | 09-06-2012 |
| 20120227097 | Providing Subscriber Consent in an Operator Exchange - A method and system for providing a record of consent in scenarios in which the user and a device may have to perform a function that involves two entities that don't trust each other or are not necessary interested in cooperating. In one such example, a user wants to switch services from an “old” operator to a “new” operator. An operator switch without explicit user consent may have legal or business ramifications for both the “old” and “new” operators. The ramifications are even more severe if the switch is the result of actions of, for example, a hacker maliciously causing this switches in order to cause monetary or other damage to either operators or denial of service to the users. In such cases it is useful for both operators to be on record and have an archive of proof of user consent should future disputes arise. | 09-06-2012 |
| 20120233676 | GROUPING PERSONAL ACCOUNTS TO TAILOR A WEB SERVICE - This document describes grouping personal accounts to tailor a web service. By grouping personal accounts, a service provider may tailor a web service to multiple people based on information about those people. | 09-13-2012 |
| 20120233677 | Communication device, method for providing a data service, communication terminal, and method for requesting a data service - A communication device is described comprising a receiver configured to receive a message from a communication terminal indicating that the communication terminal requests a data service and indicating that a cost of providing the data service is to be associated with a provider of the data service and including security information; a determining circuit configured to determine, based on the security information, whether the communication terminal is authorized to be provided with the requested data service with a cost of providing the data service being associated with a provider of the data service; and a controller, configured to establish a communication connection for providing the data service and to associate a cost of the communication connection with the provider of the data service if the authorization has been successful. | 09-13-2012 |
| 20120233678 | SECURELY AND AUTOMATICALLY CONNECTING VIRTUAL MACHINES IN A PUBLIC CLOUD TO CORPORATE RESOURCE - A method and system for securely and automatically connecting a virtual machine in a public cloud to corporate resources. A cloud computing system is coupled to an enterprise computing system via a network. The enterprise computing system includes a management server, an authentication server and a virtual private network (VPN) server. A cloud engine runs on the management server. The cloud engine starts an exchange with the authentication server that leads to a state in which both parties know a one-time password (OTP) and an identifier (ID) of a virtual machine (VM) hosted by the cloud computing system. The cloud engine sends the OTP and the ID to the VM. The VPN server then receives credentials from the VM. If the credentials are successfully authenticated against the OTP and the ID, a secure connection is established between the enterprise computing system and the VM. | 09-13-2012 |
| 20120233679 | SYSTEMS, METHODS AND ANALYZERS FOR ESTABLISHING A SECURE WIRELESS NETWORK IN POINT OF CARE TESTING - A system and method for initiating and maintaining a secure wireless communication between a wireless analyzer and a target network (e.g., a hospital network connected to a LIS and/or HIS). The present disclosure provides novel processes and systems for securely networking a wireless analyzer with a Wi-Fi network without the need for an operator or user to engage in manual initiation steps on, or through, the wireless analyzer. | 09-13-2012 |
| 20120233680 | IMAGE GENERATING APPARATUS, PROJECTOR, AND METHOD FOR GENERATING AN IMAGE - An image generating apparatus includes a timepiece determining section determining whether or not the setting of an internal clock is normal, a certificate determining section determining whether or not a received electronic certificate from a communication target apparatus is valid based on the setting of the internal clock, a communication section performing communication for authentication with the communication target apparatus if the certificate determining section determines that the received electronic certificate is valid and receiving image information from an image supplying apparatus belonging to a network to which the communication target apparatus belongs or the communication target apparatus, a control section making the communication section perform communication for authentication irrespective of whether or not the received electronic certificate is valid if the timepiece determining section determines that the setting of the internal clock is not normal, and an image generating section generating an image based on the image information. | 09-13-2012 |
| 20120233681 | METHOD AND SYSTEM OF USER AUTHENTICATION USING A PORTABLE AUTHENTICATOR - Systems and methods are provided for facilitating access to an electronic device. Password information is stored on the electronic device, and on a portable authenticator. When a user attempts to access the electronic device, the user is prompted to enter a password at the electronic device. The portable authenticator determines the validity of the entered password. The electronic device receives the results of the validity determination from the portable authenticator, and provides access to the electronic device based on the received validity determination. | 09-13-2012 |
| 20120233682 | SECURE ACCESS TO RESTRICTED RESOURCE - A system may generate an access number, provide the access number to a user via a telephone call, and provide the access number to an authentication server. The system may regulate access by the user to a restricted resource based on the access number provided to the user and the access number provided to the authentication server. | 09-13-2012 |
| 20120233683 | System and Method to Support Identity Theft Protection as Part of a Distributed Service Oriented Ecosystem - A system and method to support identity theft protection and, in particular, to a system and method for supporting identity theft protection as part of a distributed service oriented ecosystem in Internet protocol (IP) multimedia subsystem (IMS) and non-IMS networks. The system includes an identity session initiation protocol (SIP) application server configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP enabled device to attach to a telecommunications service provider network. A user may accept or reject an authorization request using the SIP enabled device or non-SIP enabled device. | 09-13-2012 |
| 20120240207 | APPARATUS, METHOD, AND PROGRAM FOR VALIDATING USER - User validation accuracy is improved without inconveniencing a user. When an authentication request packet is received from a terminal and the authentication is successful based on a user ID and a password, an HTTP header, user-agent information, and access source IP address are extracted from the packet, and user authentication is performed by verifying the IP address and the user-agent information against usage history information where at most two sets of the IP address and the user-agent information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information. | 09-20-2012 |
| 20120240208 | MOBILE TERMINAL APPARATUS - A mobile terminal apparatus checks if a user is a proper user based on the operation of the user and, if the result of authentication is negative, uploads predetermined data, which is part of data stored in a memory, to a predetermined server. After the transmission is completed, the mobile terminal apparatus erases the uploaded data from the memory. It is also possible to instruct the mobile terminal apparatus to upload and erase data from an external source using an electronic mail or a telephone tone signal sequence. This may protect data contained in mobile terminal apparatus that has been lost, from a person who improperly attempts to access the data. | 09-20-2012 |
| 20120240209 | SECURE INFORMATION DISTRIBUTION BETWEEN NODES (NETWORK DEVICES) - In an embodiment, a method of secure information distribution between nodes, includes: performing a handshake process with an adjacent node to determine membership in a secure group; and distributing secure information to the adjacent node, if the adjacent node is a member of the secure group. In another embodiment, an apparatus for secure information distribution between nodes, includes: a node configured to performing a handshake process with an adjacent node to determine membership in a secure group, and distribute secure information to the adjacent node, if the adjacent node is a member of the secure group. | 09-20-2012 |
| 20120246707 | METHOD FOR INDICATING ABNORMAL DATA-INPUTTING BEHAVIOR - A method for indicating abnormal data-inputting behavior includes inducting and connecting an identification end with a control system. The control system receives a procedure selecting command to allow input of registration data or a log-in data. The control system generates identification information based on the registration data when the procedure selecting command is the input of registration data. The identification information is stored in the identification end and includes the registration data, a template of keystroke, and an identification code. The control system generates a keystroke dynamic based on the long-in data when the procedure selecting command is the input of log-in data. The control system compares the keystroke dynamic of the log-in data with the template of keystroke of the identification information. The control system sends out a warning message when the keystroke dynamic of the log-in data does not match the template of keystroke of the identification information. | 09-27-2012 |
| 20120246708 | PREVENTING INADVERTENT LOCK-OUT DURING PASSWORD ENTRY DIALOG - One embodiment provides a computer-implemented method for providing controlled access to electronic content. A password is associated with electronic content, such as by password-protecting an electronic file that contains the electronic content. At least one password attempt is received in an effort to access the electronic content. Each password attempt is compared to the password at a selected subset of “trap” character positions. Up to a threshold number of password entries is allowed that have incorrect characters at any of the trap character positions. A greater number or even an unlimited number of incorrect password entries are allowed having incorrect characters at non-trap character positions. Access to the electronic content is allowed only if one of the password entries exactly matches the password. | 09-27-2012 |
| 20120254960 | Connecting mobile devices, internet-connected vehicles, and cloud services - A three-way trust relationship is established between a mobile device, Internet-connected vehicle system, and a cloud-based service. Access rights are granted to the mobile device from the vehicle system, such that the mobile device can securely connect to, and obtain status information and/or control the Internet-connected vehicle system, through the cloud-based service. | 10-04-2012 |
| 20120254961 | Method of Distributing Information Regarding One or More Electrical Devices and System for the Same - Some embodiments concern a method of distributing information regarding one or more electrical devices using a first server. Each of the one or more electrical devices can have unique identification information, an internal IP address, and an external IP address. The method can include: receiving in the first server a first request to register a first electrical device of the one or more electrical devices, the first request to register comprises the unique identification information, the internal IP address, and the external IP address of the first electrical device of the one or more electrical devices; storing in the first server the unique identification information, the internal IP address, and the external IP address of the first electrical device of the one or more electrical devices using the first server; receiving in the first server from a first client computer a first request for information regarding the first electrical device of the one or more electrical devices; using the first server to determine the external IP address of the first electrical device of the one or more electrical devices; redirecting the first request for the information to a first gateway device if an external IP address of the first client computer is identical to the external IP address of the first electrical device of the one or more electrical devices; and returning the external IP address of the first electrical device of the one or more electrical devices if the external IP address of the first client computer is different from the external IP address of the first electrical device of the one or more electrical devices. Other embodiments are disclosed. | 10-04-2012 |
| 20120254962 | MANAGEMENT SYSTEM, A MANAGEMENT PROCESS, AND A QUICK ACCESS METHOD OF INFORMATION CONTENT FOR A DIGITAL NETWORKING DEVICE - The present invention discloses a method of information content quick access for a digital networking device. The method comprises the steps of: inputting an executing code in a terminal quick access system assembled at the digital networking device and opening an information content corresponding to the executing code by the terminal quick access system. The method further comprises the steps of: connecting the terminal quick access system to a cloud server system, acquiring an information content access website address corresponding to the executing code, connecting to the website address, and downloading an information content. The present invention further discloses an information content management system for executing the method of in formation content quick access. The information content management system comprises a cloud server system and at least one terminal quick access system. | 10-04-2012 |
| 20120254963 | DYNAMIC PIN DUAL FACTOR AUTHENTICATION USING MOBILE DEVICE - The present invention provides cost efficient two way authentication method in which the authentication module can be provided as a Plug and Play (PnP) architecture enabling dual layer security with reduced cost where the actions are initiated by a server and user input is received through an audio session for added security. The second level authentication can be carried out with mobile as client device making it cost efficient. The invention can be hosted as an independent service or can be integrated with existing authentication mechanisms, making it elegant for usage. | 10-04-2012 |
| 20120254964 | METHOD AND SYSTEM FOR GENERATING A TOUCH CAPTCHA - The present invention provides a method and system for automated test for human presence at a client device capable of receiving touch sensitive response. At a server, the method includes receiving and storing user profile information. Receiving request from client device to access a resource on a server. Generating a query based on the user profile information and the query requiring user to generate a touch sensitive response. Receiving the user generated response and authenticating the user if the touch sensitive response matches a predefined response for the query stored on the server. | 10-04-2012 |
| 20120254965 | METHOD AND SYSTEM FOR SECURED DISTRIBUTED COMPUTING USING DEVICES - A method for secured distributed computing is disclosed. The method includes identifying a computing task for processing, authenticating user and device with a distributed computing network, receiving a unique security code having an end-of-session expiration, requesting that the computing task be executed over the distributed computing network, receiving a one-time task code, selecting a device to process the computing project from among a plurality of devices based upon device location and at least one associated operating state of the device, sending the identified computing task and the one-time task code to the selected device over the distributed computing network for processing and authentication, and receiving results of computing task from the selected device. | 10-04-2012 |
| 20120254966 | APPARATUS FOR SECURED DISTRIBUTED COMPUTING - An apparatus for distributed computing is disclosed. The apparatus includes a semiconductor memory, a biometric device for receiving biometric data, a connector for establishing communication between the apparatus and the host device, and a processor for performing distributed computing methods. The distributed computing method includes identifying a computing task for processing, authenticating user and device with a distributed computing network, receiving a unique security code having an end-of-session expiration, requesting that the computing task be executed over the distributed computing network, receiving a one-time task code, selecting a device to process the computing project from among a plurality of devices based upon device location and at least one associated operating state of the device, sending the identified computing task and the one-time task code to the selected device over the distributed computing network for processing and authentication, and receiving results of computing task from the selected device. | 10-04-2012 |
| 20120254967 | EXTERNAL DEVICE HAVING AT LEAST ONE MEMORY - The invention relates to an external device ( | 10-04-2012 |
| 20120260326 | IMAGE MAPS FOR CREDENTIAL-BASED SECURITY - An input handler may receive a request, from a user of a client computer, for credential-based access to a server-based resource. An image map generator may determine a mapping between elements of an image map and secure transmission codes. A code generator may provide, to a user interface of the client computer, the mapping together with rendering code for rendering the image map. A mapping module may receive a sequence of the transmission codes from the user interface after a rendering of the image map by the user interface using the rendering code, based on a selection of image map elements by the user. The selected image map elements may represent the user credentials, and the sequence may correspond by way of the mapping to the selected image map elements and thus to the credentials. | 10-11-2012 |
| 20120266222 | PROVISIONING USING A GENERIC CONFIGURATION - An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that are authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED. | 10-18-2012 |
| 20120266223 | METHOD AND APPARATUS FOR PROVIDING MACHINE-TO-MACHINE SERVICE - A method and an apparatus for providing service are provided. A method of providing service by a Machine-to-Machine (M2M) device includes transmitting a request for a first authentication to a Network Security Capability (NSEC), the request for the first authentication including an identifier of the M2M device, performing an Extensible Authentication Protocol (EAP) authentication with the NSEC, and generating, if the first authentication is successful, a secret key using at least one of a Master Session Key (MSK) and the identifier of the M2M device. | 10-18-2012 |
| 20120266224 | METHOD AND SYSTEM FOR USER AUTHENTICATION - A method for user authentication for accessing from a client to a server over a packet based network using an one-time password, wherein the client includes a first secret, and the server includes a database for storing a second secret and a chosen username associated with the second secret, wherein the method includes providing the second secret associated with the first secret by the client to the server and storing the second secret and the chosen username in the database; transmitting a challenge from the server to the client; computing the one-time password by the client using the second secret and the random data decoded from the challenge; submitting the one-time password and the chosen username on the client to access the server; validating the one time password received from the client with the one-time password. | 10-18-2012 |
| 20120266225 | NETWORK SYSTEM OF PROJECTOR - A network system of a projector is provided in which a network connection is established between a plurality of information terminal apparatus and the projector, and an image data file owned by an information terminal apparatus can be commonly used. A network system of a projector is arranged by an information terminal apparatus and a projector connectable to the information terminal apparatus via a network. The information terminal apparatus is arranged by a personal computer which supplies image data to the projector, and personal computers which are connected to this personal computer by a wireless manner When the network connection is established between the personal computer and the projector, and when the network connection between the personal computer and the personal computers is established, the image data is commonly used among these personal computers. | 10-18-2012 |
| 20120266226 | SECURE AUTHENTICATION SYSTEMS AND METHODS - Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid. | 10-18-2012 |
| 20120266227 | VERIFICATION AND AUTHENTICATION SYSTEMS AND METHODS - Embodiments of the present invention provide verification and/or authentication service engines that provide a customizable solution that can be “dialed” based on the risk level assigned to individual or grouped applications. The systems can also incorporate internal and external sources of data used to verify information provided by the user. It is dynamic and can pull information from a myriad of sources during the verification process, enabling credit reporting agencies (e.g., Equifax and others), FSPs, and other service providers to facilitate real-time approval and access to products and services. | 10-18-2012 |
| 20120278870 | MULTIPLE INDEPENDENT AUTHENTICATIONS FOR ENHANCED SECURITY - A system and associated method for providing enhanced site access security by use of multiple authentications from independent sources. A security enhanced user service system has components of a user authentication process, a service application, a multi-authentication module and an authentication database. A user attempting to use the service application accesses through a client system that is coupled to the security enhanced user service system. The user authentication process receives login information from the user, checks for validity, and sends to the multi-authentication module to further verify the login information. The multi-authentication module generates a grant or denial by use of predefined logical condition to satisfy for the grant response, data stored in the authentication database, another security enhanced user service system etc., pursuant to a specific configuration. | 11-01-2012 |
| 20120278871 | USER IDENTIFICATION METHOD APPLICABLE TO NETWORK TRANSACTION AND SYSTEM THEREOF - A user identification method and a system thereof. A user device delivers a certificate packet with a unique serial number to a certificate server, and receives a reply packet with a password from a password server. The user device then uses the password and the unique serial number to produce a user terminal identification code, and then delivers an identification packet with the user terminal identification code to the certificate server. After receiving the certificate packet, the certificate server delivers an inquiry packet with the unique serial number to the password server, and then the password server inquires about password and expiration time thereof according to the unique serial number. After receiving the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine if the user is admitted to proceed to the subsequent transaction. | 11-01-2012 |
| 20120278872 | SYSTEM AND METHOD OF FEDERATED AUTHENTICATION WITH REVERSE PROXY - A Security Assertion Markup Language (SAML) conversation is intercepted in an enhanced Reverse Proxy server computer located in the path between a user and a server computer that provide cloud application services to the user. During authentication, the SAML assertion signature is modified in the enhanced Reverse Proxy such that the enhanced Reverse Proxy and the user can share an encryption key. The modified assertion signature permits a common session key to be shared by the enhanced Reverse Proxy and a targeted application in the server, thus enabling the user to be authenticated, and subsequently to communicate via the enhanced Reverse Proxy in a secure session with an application in the server. | 11-01-2012 |
| 20120278873 | TECHNIQUES FOR RESOURCE OPERATION BASED ON USAGE, SHARING, AND RECOMMENDATIONS WITH MODULAR AUTHENTICATION - Techniques for resource operation based on usage, sharing, and recommendations with modular authentication are provided. A resource space is associated with a principal. The resource space comprises resources local to a device of the principal and remote from the device. The resources presented in a merged view within a local file system and operating system of the device. In an embodiment, the device negotiates authentication with an intermediary for access to a legacy service where authentication is performed by the intermediary on behalf of the device, and the intermediary establishes an authentication session between the principal and the legacy service. | 11-01-2012 |
| 20120278874 | METHOD AND SYSTEM FOR ACCESSING NETWORK THROUGH PUBLIC EQUIPMENT - A method and system for accessing to a network through public equipment are provided in the invention. The method includes: after an access service node (ASN) receives a network access request message from a. User on public equipment, the ASN sending the network access request message to an authentication center (AC), wherein, the network access request message comprises at least the user's account and password; the AC verifying validity of the account and the password, if the verification is passed, sending the user's access identifier (AID) to the ASN; and after the ASN receives said user's AID, the ASN sending the user's AID to the public equipment, the public equipment taking the user's AID as a virtual AID and using the virtual AID to send and receive user's messages. By the present invention, users who access to the network through the public equipment can be tracked and traced effectively. | 11-01-2012 |
| 20120278875 | MEDIA CONTENT SELECTION AND PRESENTATION CONTROL - An identifier is received from each participant mobile device of a plurality of participant mobile devices within a participation region of a wireless network via a wireless access point. One or more attributes for each participant mobile device are retrieved based upon the identifier received from that participant mobile device. The one or more attributes indicate one or more media content items stored at that participant mobile device or previously accessed via that participant mobile device. An indication of the one or more attributes for each participant mobile device is output. Media content is selected based on the one or more attributes indicated for each participant mobile device. The media content is presented, for example, within the participation region. | 11-01-2012 |
| 20120284785 | METHOD FOR FACILITATING ACCESS TO A FIRST ACCESS NEWORK OF A WIRELESS COMMUNICATION SYSTEM, WIRELESS COMMUNICATION DEVICE, AND WIRELESS COMMUNICATION SYSTEM - A method for facilitating access to a first access network ( | 11-08-2012 |
| 20120284786 | SYSTEM AND METHOD FOR PROVIDING ACCESS CREDENTIALS - Embodiments of the invention are concerned with providing access credentials associated with a user of a service to a server hosting the service, e.g. enabling single sign on by the user to a number of servers. | 11-08-2012 |
| 20120284787 | Personal Secured Access Devices - Secure access to a protected resource of a personal security device (PSD), using a user-associated PIN code, includes: providing a user-controlled local unit having an intermediate module for PIN entry, and authentication of the PSD by an escrow module. After positive PSD authentication, the intermediate module requests entry of the PIN, and the escrow module provides at least one secure session key (SSK) to the intermediate module. To generate an SSK the intermediate module sends the escrow module a single-use proof of knowledge of the PIN, where the proof is different from the PIN. If the proof is recognized, an SSK is generated by at least the escrow module based on secret information associated with the PSD. Each SSK is sent to the intermediate module, and a secured version of the PIN code is sent to the PSD via the intermediate module by means of each SSK. | 11-08-2012 |
| 20120284788 | Methods and Apparatus for Sending Data Packets to and from Mobile Nodes in a Data Network - Methods for transmitting packets using a Mobile IP protocol between a mobile node and a first node in a data network after the mobile node has transmitted data packets to the first node via a first router from a first CoA or CCoA address and by a first security association with the first node. One method includes the mobile node, sending to the first node via a second router using a second CoA or CCoA address, data packets that include an identifier of the mobile node that enables the first node to identify the mobile node as the sender of the data packets during an initial time period after transmission of the data packets via the second router has started, and during the initial time period, the mobile node authenticates the data packets it transmits to the first node using the first security association with the first node. | 11-08-2012 |
| 20120291110 | PRESENTING MESSAGES ASSOCIATED WITH LOCATIONS - A user may express an interest in a set of individuals represented in a set of individual stores (e.g., friends in a social network and colleagues in an academic directory). Such individuals may send to the individual stores messages that are associated with a location, and the user may request, from respective individual stores, a presentation of the locations. According to the techniques presented herein, the messages from the individual stores may be aggregated, and the locations associated with the aggregated messages may be presented in a map, thereby presenting to the user the locations of the messages of the individuals irrespective of from which individual store each message was received. Additionally, the map may present the messages to the user, and upon receiving form the user a reply to a message, may send the message to the individual store from which the message was received. | 11-15-2012 |
| 20120291111 | BIOMETRIC AUTHENTICATION SYSTEM AND BIOMETRIC AUTHENTICATION METHOD - A biometric authentication method is executed by a biometric authentication system comprising a server device to store biometric data of a plurality of users in a registering unit; and a client device to retain the biometric data sampled from the user and authenticated by the server device in a retaining unit together with user information. The method comprises verifying the biometric data sampled from the user with the cache biometric data retained in the retaining unit when in authentication; acquiring synthesized information of the cache biometric data of which the verification gets successful and the biometric data sampled from the user; and authenticating the synthesized information by use of the biometric data specified by the user information of the biometric data of which the verification gets successful in plural sets of biometric data registered in the registering unit. | 11-15-2012 |
| 20120291112 | AUTOMATIC ACCESS TO NETWORK DEVICES USING VARIOUS AUTHENTICATION SCHEMES - An access discovery method and system discovers and stores the proper access protocol for each device on a network. The discovery process includes progressively sequencing through state transitions until a successful access protocol sequence is determined, and an access script corresponding to this sequence is stored for subsequent access to the device. Preferably, the protocol-discovery algorithm is modeled as a state table that includes a start state and two possible terminal states: success and failure. A state machine executes the state table until a terminal state is reached; if the terminal state is a failure, the system backtracks to attempt an alternative sequence. The process continues until the success state is reached or until all possible sequences are executed without success. An exemplary state model is provided that has been shown to be effective for modeling network devices from a variety of vendor devices. | 11-15-2012 |
| 20120291113 | System and Method for Authentication of Users in a Secure Computer System - A system and method for authenticating a user in a secure computer system. A client computer transmits a request for a sign-on page, the secure computer system responds by transmitting a prompt for a first user identifier, and the client computer transmits a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. A server module authenticates the first and second user identifiers, and compares the transmitted plurality of request header attributes with request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if a predetermined number of transmitted request header attributes match stored request header attributes, the server software module transmits a success message, and the user is allowed to access the secure computer system. | 11-15-2012 |
| 20120297466 | METHOD, DEVICE, AND SYSTEM TO SHARE INFORMATION BETWEEN MOBILE COMPUTING DEVICES - A mobile computing device comprising a first application adapted to provide information to a server. The information is adapted to be shared by the server with at least one additional mobile computing device when the at least one additional mobile computing device is located within a specified range of the mobile computing device. Additionally, a password entered through a second application located on the additional mobile computing device may be required to correspond to a password received from the mobile computing device in order to share the information. Furthermore, the additional mobile computing device may be required to access the information within a specified time period. | 11-22-2012 |
| 20120297467 | AUTHENTICATION PLATFORM AND RELATED METHOD OF OPERATION - An authentication platform comprises an authentication unit configured to authenticate the user based on received input data, and a control unit configured to enable communication between a client device and an authentication host as a consequence of successful authentication of the user by the authentication unit. | 11-22-2012 |
| 20120297468 | TECHNIQUES FOR ACCESSING A BACKUP SYSTEM - A technique accesses a backup system. The technique involves receiving a logon command to logon a user to a website of the backup system. The backup system includes (i) a backup server and (ii) a web server which hosts the website to enable the user to control settings of the backup server. The technique further involves, sending, in response to receiving the logon command, a token request to the backup server through a pre-established secure data pathway to the backup server. Data is periodically backed up to the backup server through the pre-established secure data pathway. The technique further involves acquiring, in response to sending the token request, a logon token from the backup server through the pre-established secure data pathway. When the website receives the logon token during a logon operation, the website communicates with the backup server to determine whether the logon token is authentic. | 11-22-2012 |
| 20120297469 | Security Indicator Using Timing to Establish Authenticity - The subject disclosure is directed towards authentic timing indicators, comprising data (e.g., an animation) that are output to a user to convey security-related information to the user, using timing to call attention to the authentic timing indicators. For example, a browser program may select and output a particular authentic timing indicator based upon whether a connection to a site is unsecure, secure, or secure and the site has an extended validation certificate; an email program may use authentic timing indicators to highlight signed versus unsigned messages. The authentic timing indicator appears before the content is allowed to control the content pane, increasing the difficulty of spoofing a site, or email message. | 11-22-2012 |
| 20120297470 | ACCESS AUTHENTICATION METHOD FOR MULTIPLE DEVICES AND PLATFORMS - An access authentication method for multiple devices and platforms. Upon receipt of a multiple access request, a source device that has initially registered a user account to a subscribed site requests an authentication key for a target device to a server of the subscribed site, the target device receives an access authentication request together with an authentication key from the source device, when the source device receives the authentication key from an account authentication system, the authentication key being generated in response to an authentication key request from the subscribed site server by the account authentication system, the subscribed site server determines whether there is the registered user account and performs access authentication with the account authentication system, upon receipt of the authentication key from the target device, and the target device receives an access authentication completion notification from the subscribed site server, when the access authentication is completed. | 11-22-2012 |
| 20120297471 | APPROACH FOR SECURELY PROCESSING AN ELECTRONIC DOCUMENT - A method and apparatus for processing an electronic document in a secure manner is provided. A scanner may verify that the configuration state of a file server has not changed since a prior configuration state by issuing a request to a security server. The security server may process the request to determine whether the configuration state of the file server has changed since the file server was registered with the security server. The security server may also verify that the scanner issued a request to store an electronic document using a file server or that the file server received the request. A storage medium of a file server may be protected against unauthorized removal of the storage medium by storing, separate from the storage medium, a password required to access the storage medium, and when the file server is powered on, the password is provided to the storage medium. | 11-22-2012 |
| 20120304265 | Browser with Integrated Privacy Controls and Dashboard for Social Network Data - Particular embodiments comprise a method, by one or more computer systems, for accessing a structured document from an external website, wherein the structured document includes markup language containing instructions identifying social network data elements of a social networking system, processing the markup language in the structured document to locate the social network data elements, rendering the structured document based on the markup language, wherein the displayable web page includes one or more of the located social network data elements of the social networking system, and displaying one or more of the located social network data elements of the social networking system proximal to the rendered web page on a display. | 11-29-2012 |
| 20120304266 | METHOD AND SYSTEM FOR AUTHENTICATING COMMUNICATION - Embodiments of the present disclosure provide a method and system for authenticating communication between a plurality of accessory devices or services and one or more media devices by using a single authentication processor. The method includes the steps of establishing a communication of a media device attached to an accessory device with an authentication processor through an authentication processor manager, authenticating the accessory device by the media device based on a digital certificate and a digital signature; and authenticating the media device by the accessory device based on verification of the digital certificate and the digital signature. | 11-29-2012 |
| 20120304267 | BIOMETRIC AUTHENTICATION DEVICE AND BIOMETRIC AUTHENTICATION METHOD - A biometric authentication device includes: a matching data generating unit which generates matching data from at least one biometric image representing a plurality of pieces of biometric information of a user; a mutual biometric information feature amount extraction unit which extracts a mutual biometric information feature amount representing the degree of similarity between two pieces of biometric information of the plurality of pieces of biometric information; a selection unit, which, for each of the first predetermined number of the registered users, computes a first selecting score based on the mutual biometric information feature amounts of the user and the registered users and selects the second predetermined number of registered users in order of decreasing the level of similarity based on the first selecting score of each registered users; and a matching unit which matches the matching data of the selected registered users with the matching data of the user. | 11-29-2012 |
| 20120304268 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND INFORMATION PROCESSING SYSTEM - An information processing apparatus includes a communication unit for communicating with another information processing apparatus and a determination unit for determining whether or not to authenticate the other information processing apparatus on the basis of an operation pattern reported to a user and an analysis result of the user's operation corresponding to the operation pattern. | 11-29-2012 |
| 20120304269 | VISUAL AUTHENTICATION AND AUTHORIZATION FOR MOBILE DEVICES - A system and method is provided for visual authentication and authorization of a user for mobile touch devices, the system having: a login display on a mobile touch device displaying a visual pattern; a data collection engine whereby touch attributes are obtained from a plurality of user touch events to the mobile touch device with reference to the visual pattern, the touch attributes comprise measured touch attributes and derived touch attributes calculated from the measured touch attributes; an authentication engine whereby the touch attributes are compared to projected user touch attributes derived from user touch attribute values obtained during prior successful logins. | 11-29-2012 |
| 20120304270 | AUTHENTICATION SYSTEM FOR ENHANCING NETWORK SECURITY - A network-based biometric authentication system includes a client computer ( | 11-29-2012 |
| 20120304271 | DERIVING A USERNAME BASED ON A DIGITAL CERTIFICATE - One embodiment of a method for determining a username comprises obtaining a digital certificate from a first computer application requesting a service; authenticating the digital certificate of the first computer application; and retrieving the username from the digital certificate that is recognized by a second computer application performing the service as a user of the second computer application. Other methods and systems are also provided. | 11-29-2012 |
| 20120311685 | DISTRIBUTED NETWORK NAME - Aspects of the subject matter described herein relate to a distributed network name. In aspects, computers of a cluster have components of a distributed network name service. The network name service has a leader and clones that are hosted on the computers of the cluster. The leader is responsible for updating a name server with network names and addresses of the computers. The leader is also responsible for configuring a security server that allows clients to securely access the computers. The network name service provides credentials to local security authorities of the computers so that a client that attempts to access a service of the computers can be authenticated. | 12-06-2012 |
| 20120311686 | SYSTEM AND METHOD FOR SECURE IDENTITY SERVICE - A system and method for securely processing identity information. For example, in one embodiment of the invention, a first user is registered on an identity service with one or more identification (ID) codes and a token. In response to a query from a second user to connect with the first user, a query signature is generated using the one or more ID codes and token of the first and second users, and a timestamp. The query signature is usable by network services to authenticate communication between the first and second users on the network over a specified period of time. In another embodiment, user ID codes and tokens are cached on mobile devices and/or a system cache to improve performance. The validity of the cached data is determined by calculating a fingerprint which, in one embodiment, is a hash of the ID code, token and a timestamp. | 12-06-2012 |
| 20120311687 | System, Method And Computer Program Product For Authenticating A Client - A system, method and computer program product are provided for authenticating a user. The method includes receiving, such as from an authenticator, a set of at least one label identifying at least one element of an authentication matrix. The authentication matrix includes a plurality of elements, each element capable of being identified by a label. Then, a passcode is formulated, such as by the client, based upon the element(s) identified by the received set of label(s). Thereafter, the client is authenticated based upon the formulated passcode, such as by the authenticator. The set of label(s) can be received, the passcode can be formulated, and the client can be authenticated a plurality of times. In such instances, to permit the passcode to dynamically change, each set of label(s) received can differ from each previously received set of label(s). | 12-06-2012 |
| 20120317630 | REMOTE LOGIN ARRANGEMENT FOR HETEROGENEOUS SYSTEMS USING CENTRALIZED AUTHENTICATION - Methods and systems for authenticating a remote user across heterogeneous authentication systems are disclosed. One method includes receiving domain user credentials at a first heterogeneous authentication system, and transmitting the domain user credentials from the first heterogeneous authentication system to an authentication interface associated with a second heterogeneous authentication system. The method also includes transmitting the domain user credentials from the second heterogeneous authentication system to a centralized authentication system, and receiving at the authentication interface a validation message from the centralized authentication system, thereby authenticating the user. The method further includes determining a local username at the authentication interface based on the domain user credentials. The method includes using the local username to authenticate the user within the first heterogeneous authentication system. | 12-13-2012 |
| 20120317631 | SYSTEM AND METHOD FOR AUTHENTICATING A USER - Provided are a system and method to authenticate user identities. The method includes gathering metadata from at least one discussion involving at least one pre-defined user identity on a first social network. The method evaluates the metadata of at least one third party response related to a posting by the at least one pre-defined user identity. The at least one pre-defined user identity is authenticated based on the evaluated third party response. And an indication of authentication for the at least one pre-defined user identity is provided. The system and method may also permit bridging of the established authentication between different social networks. | 12-13-2012 |
| 20120324556 | PASSPORTING CREDENTIALS BETWEEN A MOBILE APP AND A WEB BROWSER - Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session. Embodiments may operate by authenticating a device session from a native app executing on a client device producing a device session token; passing the device session token from a native app to an embedded browser to authenticate a user when entering a web flow; and entering the web flow, according to the session token, on an embedded browser driven by the native app so that the user encounters a single shared session (device session and web session) running at least two parallel secure communication interactions with an infrastructure. | 12-20-2012 |
| 20120324557 | SYSTEM AND METHOD FOR REMOTE INTEGRITY VERIFICATION - Systems and methods are disclosed herein for verifying the integrity of a remote computing device. The system includes a challenge processor in communication with a communication device. The challenge processor selects a challenge from a plurality of challenges for determining the integrity of a computer program on a remote computing device. The challenge is selected in a manner which is substantially unpredictable by the remote computing device. The communication device transmits the challenge to the remote computing device and receives an output of the challenge. The challenge processor is also configured to determine from the output of the challenge whether the integrity of the computer program on the remote computing device has been compromised. | 12-20-2012 |
| 20120331536 | SEAMLESS SIGN-ON COMBINED WITH AN IDENTITY CONFIRMATION PROCEDURE - A method executable by a server system confirms the identity of a user of a client device. The method receives an activation request from the client device and maintains information corresponding to a destination resource requested by the client device. In response to receiving the activation request, the server system sends a code to a registered device of the user. After sending the code, the server system receives a verification request from the client device. The verification request includes a user-entered representation of the code. In response to receiving the verification request the client device is activated as a new registered device for the user, and the server system seamlessly provides the destination resource to the client device using the maintained information. | 12-27-2012 |
| 20120331537 | NETWORK-AGNOSTIC CONTENT MANAGEMENT - System(s) and method(s) are provided for content management, e.g., exchange and manipulation, across devices provisioned through disparate network platforms. Devices can be mobile or stationary, and connect to provisioning network platforms through various network bearers. Through various secure protocols, a client component within a device secures access to content and provides secure delivery thereof. Directives for content manipulation are also delivered securely. Delivery of contents and directives are performed from device to device, routed via gateway nodes within a network platform that provisions the device. In addition, or alternatively, content management can be implemented through an intermediary component, which can also validate devices and secure delivery of content or directives. Alarm signaling among devices provisioned through disparate network platforms also can be securely conveyed. Intermediary component also can be exploited for content management among subscribers of disparate network providers. | 12-27-2012 |
| 20120331538 | METHOD AND COMMUNICATION DEVICE FOR ACCESSING TO DEVICES IN SECURITY - A method for a communication device for securely accessing a device includes obtaining accessing authentication information via an out-band channel, the accessing authentication information being used for accessing authentication between a service request device and a service providing device, the service request device and the service providing device sharing the same management device, and forming the out-band channel with the management device respectively ( | 12-27-2012 |
| 20130007860 | STREAMING VIDEO TO CELLULAR PHONES - A method, system, and computer program product for deploying data to a web server for streaming video to a mobile device. The method can include receiving a request for streaming video from a mobile device upon the resolving of the request by a DNS. The method can further include simultaneously sending both a request to a database for the video requested and a playlist for the video to the mobile device. The method can then include receiving the video from the database. The video received is sent as a sequence of blocks, where each block can further be comprised of a sequence of chunks. The method can even further include decompressing each block and storing each chunk on a web server. The method can further include an exchange of a security credential. | 01-03-2013 |
| 20130007861 | METHODS FOR AUTHENTICATING A USER WITHOUT PERSONAL INFORMATION AND DEVICES THEREOF - A method, non-transitory computer readable medium, and apparatus that authenticates a user without personal information includes obtaining at a secure authentication computing apparatus a context identifier, a registration identifier of one of a plurality of string generator modules assigned to a client computing device requesting access, and a client string generated by the client computing device requesting access from an agent computing device associated with the client computing device requesting access. An authentication string is generated with the secure authentication computing apparatus based on the obtained context identifier and a corresponding one of the plurality of string generator modules provided to the client computing device requesting access based on the registration identifier. The requested access by the client computing device is granted with the secure authentication computing apparatus when the client string matches the authentication string. | 01-03-2013 |
| 20130007862 | METHOD AND SYSTEM FOR NETWORK AVAILABILITY ALERT - In accordance with embodiments, there are provided mechanisms and methods for providing a network availability alert to a user in an on-demand service. These mechanisms and methods for providing a network availability alert to a user in an on-demand service may enable embodiments to provide a user with the knowledge that the connectivity problem is not the fault of the on-demand service. In this way the user may be provided with information that best allows the user to obtain connectivity. | 01-03-2013 |
| 20130007863 | STREAMING VIDEO TO CELLULAR PHONES - A method, system, and computer program product for deploying data to a web server for streaming video to a mobile device. The method can include receiving a request for streaming video from a mobile device upon the resolving of the request by a DNS. The method can further include simultaneously sending both a request to a database for the video requested and a playlist for the video to the mobile device. The method can then include receiving the video from the database. The video received is sent as a sequence of blocks, where each block can further be comprised of a sequence of chunks. The method can even further include decompressing each block and storing each chunk on a web server. The method can further include an exchange of a security credential. | 01-03-2013 |
| 20130007864 | SYSTEM AND METHOD FOR LOCATION-AWARE SOCIAL NETWORKING AUTHENTICATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for performing authentication via social networking data. A system configured to perform the example method first receives a request for a security token from a requestor. The system identifies, for the request, an executor and a trustee from social network contacts of the requestor. The system generates a challenge question based on location history information common to the requestor, the executor, and the trustee. The system presents the challenge question to the executor and to the trustee. The system receives an executor response from the executor and a trustee response from the trustee, and when the executor response and the trustee response match, transmits the security token to the requestor. | 01-03-2013 |
| 20130007865 | System and Method for Tracking Network Traffic of users in a Research Panel - A system, computer-readable storage medium storing at least one program, and a computer-implemented method for tracking network traffic of users in a research panel are presented. A packet for a network device coupled to the network access device is received. An indicia corresponding to a presumptive user of the network device is obtained, where the presumptive user includes a member of a set of known users. One or more logging rules is applied to the network device, where the one or more applied logging rules correspond to the obtained indicia. Information relating to the packet is stored when the packet satisfies at least one of the logging rules applied to the network device. | 01-03-2013 |
| 20130007866 | MIGRATION ACROSS AUTHENTICATION SYSTEMS - A system, method, program product and a method for deploying a system for providing migration across authentication systems are disclosed. A system is provided that includes a login system that collects information from a user during a login process, a migration list check system that compares the information to a migration list to determine if the user is selected for migration, and a migration logic system that migrates the user from the existing authentication system to the new authentication system during the login process if the user is selected. | 01-03-2013 |
| 20130014239 | Authenticating a rich client from within an existing browser session - A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like. | 01-10-2013 |
| 20130014240 | IMAGE FORMING APPARATUS COMMUNICATING WITH EXTERNAL DEVICE THROUGH NETWORK, NETWORK SYSTEM, METHOD OF CONTROLLING IMAGE FORMING APPARATUS, PROGRAM, AND STORAGE MEDIUM - An image forming apparatus configured to communicate with an authentication apparatus through a network, the image forming apparatus including: an acquisition unit configured to acquire a user ID through the network; a transmission unit configured, when the user ID is acquired by the acquisition unit, to transmit an authentication request including a user ID to the authentication apparatus through the network; and a control unit configured to allow the user to log in to the image forming apparatus according to an authentication result in response to the transmitted authentication request. | 01-10-2013 |
| 20130014241 | Providing Selective Access To A Web Site - A restricted web site has features that are selectively exposed to clients. A screening web site interacts with clients and collects data about the clients using passive and/or active techniques. The screening site generates a token for the client, and includes data in the token identifying the token and describing the client. The token is encoded in a cookie and saved in the client's web browser. The client subsequently provides the token to the restricted site. The restricted site validates the token to ensure that it is legitimate, has not expired, and has not been used before. The restricted site selects one or more features to provide to the client based on the data about the client in the token and/or on other information. If the client does not present a token or the token is invalid, the restricted site does not expose any features to the client. | 01-10-2013 |
| 20130014242 | COMMUNICATIONS SYSTEM INCLUDING VALIDATION BASED UPON A UNIQUE IDENTIFICATION CHANGE AND RELATED METHODS - A communications system may include a mobile wireless communications device having a unique identification (UID) associated therewith and configured to send and receive emails. The communications system may also include an email server configured to withhold sending queued email to the mobile wireless communications device based upon a change in the UID associated with the mobile wireless communications device. The email server may also cooperate with the mobile wireless communications device to prompt for entry of at least one user email access credential, and responsive to validation of the at least one user email access credential, send the queued email to the mobile wireless communications device. | 01-10-2013 |
| 20130019292 | Devices, Systems and Methods for Security Using Magnetic Field Based IdentificationAANM Varshavsky; AlexanderAACI East HanoverAAST NJAACO USAAGP Varshavsky; Alexander East Hanover NJ USAANM Li; Kevin AnsiaAACI ChathamAAST NJAACO USAAGP Li; Kevin Ansia Chatham NJ US - Devices, systems and methods are disclosed for determining an electromagnetic signature for authenticating a device, a user, and/or a location. In exemplary embodiments, a magnetometer captures an electromagnetic signature which is then compared with one or more authorized electromagnetic signatures. If the electromagnetic signature matches an authorized electromagnetic signature, then access is granted. The magnetometer is integrated into a communication device having a processor and a logic. The magnetometer captures an electromagnetic signature of a surrounding environment and detects motion of the communication device through the captured electromagnetic signature. The logic on the communication device locks or unlocks features of the device based upon the captured electromagnetic signature. In further embodiments of the subject disclosure, the magnetometer is in communication with a server which authenticates a user or communication device to provide access to a remote location. | 01-17-2013 |
| 20130019293 | Enabling Access to Electronic Content Based on Possession of Physical ContentAANM Puppin; DiegoAACI ArlingtonAAST MAAACO USAAGP Puppin; Diego Arlington MA US - A user may desire to access an electronic version of content the user possesses in physical form. To enable access to electronic content, a request to access identified electronic content is received from a client. A challenge requesting information about physical content corresponding to the identified electronic content is sent to the client. A response to the challenge is received from the user of the client and authenticated. The client is provided with access to the electronic content responsive to authenticating the response. | 01-17-2013 |
| 20130019294 | DATA SHARING SYSTEM WITH A DIGITAL KEYAANM Yu; Hong-ChiAACI Kaohsiung CityAACO TWAAGP Yu; Hong-Chi Kaohsiung City TWAANM Chang; Mao-TingAACI Kaohsiung CityAACO TWAAGP Chang; Mao-Ting Kaohsiung City TW - The present invention provides a data sharing system with a digital key in order to deliver data sharing via Internet or a local area network by means of either at least one data storage device electrically connected to a digital box or a storage space inside a memory unit of the digital box which links a server. At the moment, a computer user could use one digital key only to link a server and further complete read-out, write-in, modification, deletion or addition of data/files in the data storage device or the storage space with the digital key's peer identification code and the digital box's peer authentication code belonging to the same group validated by the server. | 01-17-2013 |
| 20130019295 | METHOD AND SYSTEM FOR OPEN AUTHENTICATIONAANM PARK; Sung-JinAACI Yongin-siAACO KRAAGP PARK; Sung-Jin Yongin-si KRAANM Woo; Hong-UkAACI SeoulAACO KRAAGP Woo; Hong-Uk Seoul KRAANM Kim; Kwan-LaeAACI Suwon-siAACO KRAAGP Kim; Kwan-Lae Suwon-si KRAANM Kwon; Soon-HwanAACI Seongnam-siAACO KRAAGP Kwon; Soon-Hwan Seongnam-si KR - Methods and apparatus for authentication are provided. A token request is received at a Web server from a third-party Web server. The third-party Web server is authenticated at the Web server. A token is issued to the third-party Web server. A user is authenticated based on the token issued to the third-party Web server. A token approval request is sent to a resource owner. A token approval or non-approval is received from the resource owner through a predefined channel. | 01-17-2013 |
| 20130019296 | METHODS AND SYSTEMS FOR PROCESSING AD SERVER TRANSACTIONS FOR INTERNET ADVERTISING - Computer systems and methods for processing ad server transactions are provided. In some embodiments, the computer systems and methods may comprise determining an application to execute on an Internet-connectable device in response to a user interaction with an advertisement displayed on the Internet-connectable device; causing the Internet-connectable device to execute the application; receiving a security token, wherein the security token indicates successful authentication of the user by a transaction server associated with the application; after receiving the security token, initiating at least one transaction with the transaction server on behalf of the application in response to a user action within the application; and communicating results of the at least one transaction to the user. | 01-17-2013 |
| 20130019297 | System and Method for Communicating with a Client Application - A system and method for communicating with a client application that can include at a communication platform, receiving an authorization token of a first client application; verifying at least one permission associated with the authorization token; at a first server of the communication platform, accepting an incoming communication request; retrieving communication instructions from a server according to the incoming communication request; identifying an instruction to communicate with a communication destination of the first client application; and establishing communication with the first client application. | 01-17-2013 |
| 20130019298 | METHOD AND SYSTEM FOR AUTHENTICATING A POINT OF ACCESSAANM Jover Segura; XavierAACI LondonAACO GBAAGP Jover Segura; Xavier London GBAANM El-Moussa; FadiAACI LondonAACO GBAAGP El-Moussa; Fadi London GB - Rogue or malicious access points pose a threat to wireless networks ( | 01-17-2013 |
| 20130024924 | Aggregation of Emailed Product Order and Shipping Information - Product order and shipping information received via email messages is automatically aggregated for ready user review. Once the user is authenticated, authorization to access their email mailbox is obtained and the email message headers of their mails are analyzed to identify those messages of interest. The bodies of the email messages of interest are parsed to extract the product order and shipping information which is stored and presented for display to the user typically grouped by individual product thus greatly simplifying user review of orders. | 01-24-2013 |
| 20130024925 | LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL (LDAP) PROXY - Two factor LDAP authentication systems and methods are presented. In one embodiment, implementation of a method for authenticating a user through a two factor process includes: at an LDAP proxy server, receiving a BIND request from a client, wherein the BIND request is for authenticating a user associated with a username to an LDAP server, and wherein the BIND request comprises a password comprising a first factor security code and a second factor security code; stripping the second factor security code from the password; reconfiguring the BIND request with the password that is stripped of the second factor security code; forwarding the reconfigured BIND request to the LDAP server for authentication of the username using the first factor security code; performing authentication of the second factor security code; and positively authenticating the username to the LDAP server when the first factor security code and the second factor security code are authenticated in connection with the username. | 01-24-2013 |
| 20130024926 | AUTHENTICATION APPARATUS, SERVICE PROVIDING SYSTEM, AND COMPUTER READABLE MEDIUM - An authentication apparatus includes following components. In an authentication table, first authentication information, login information, and second authentication information are associated. A communication unit communicates with another apparatus. A first login processing unit compares identification information with the first authentication information, and rewrites the login information to a logged in state and notifies the other apparatus of successful authentication when the identification information matches the first authentication information. The logout processing unit compares identification information with the first authentication information, and rewrites the login information to a logged out state when the identification information matches the first authentication information. The second login processing unit compares the identification information with the second authentication information, and notifies the other apparatus of successful authentication when the identification information matches the second authentication information and the corresponding login information indicates the logged in state. | 01-24-2013 |
| 20130031617 | SYSTEM AND METHODS FOR USE IN COMMUNICATING WITH AN ENERGY MANAGEMENT DEVICE IN AN ENERGY DEVICE NETWORK - System, method, and computer-readable instructions for use in communicating with an energy management device in a network that comprises one or more energy devices. First search results are created by searching for devices associated with a first energy management device identifier using a first discovery protocol. Second search results are created by searching for devices associated with a second energy management device identifier using a second discovery protocol. The first and second search results are combined to create a collection of candidate devices, and at least one candidate device of the candidate devices is validated to determine whether the candidate device is an energy management device. | 01-31-2013 |
| 20130031618 | Reverse Seamless Integration Between Local and Remote Computing Environments - Methods and systems for transparent user interface integration between remote (“published”) applications and their local counterparts are described, providing a seamless, unified user experience, and allowing integration of a start menu, dock, taskbar, desktop shortcuts, windows, window and application switching, system tray elements, client-to-host and host-to-client file type association, URL redirection, browser cookie redirection, token redirection, status message interception and redirection, and other elements. These methods and systems further enhance theme-integration between a client and remote desktop or virtual machine by remoting all UI elements to a recipient for generation, including text controls, buttons, progress bars, radio buttons, list boxes, or other elements; presenting them with the receiver's product and OS-specific UI; and returning status back to the sender. This may achieve a more unified and transparent UI integration. Furthermore, storage resources, printer resources, and identity-based resources may be integrated using a reverse seamless user interface. | 01-31-2013 |
| 20130042310 | METHOD AND SYSTEM FOR AUTOMATIC AUTHENTICATION - A system and method for automatic authentication includes automatically calculating a security code on a computer running a security program. The security program resides on the same computer as a web browser. In response to a user signing into a web based account on a web site accessed by the web browser, automatically verifying that the security program is registered with the web based account. In response to a second factor security code entry request on the web based account, automatically entering the security code into the web based account. The security code is transmitted to the web site transparently to the user for login. | 02-14-2013 |
| 20130042311 | MULTI-STEP CAPTCHA WITH SERIAL TIME-CONSUMING DECRYPTION OF PUZZLES - A system and method for implementing a multi-step challenge and response test includes steps or acts of: using an input/output subsystem for presenting a series of challenges to a user that require said user to correctly solve each challenge before a next challenge is revealed to the user; receiving the user's response to each challenge; and submitting a last response in the series of challenges to a server for validation. The method further includes: using a processor device configured to perform for each challenge in the series of challenges: internally validating the response by comparing the user's response to a correct response; and using the user's response, decrypting the next challenge to reveal the next challenge; wherein the next challenge remains obfuscated until a previous challenge is correctly solved. | 02-14-2013 |
| 20130042312 | AUTHENTICATION IN A SMART THIN CLIENT SERVER - In a first embodiment of the present invention, a method for starting a session between a user and a smart thin client server is provided, wherein the smart thin client server permits users to create, manage, and deploy enterprise applications, the method comprising: receiving a request to initiate a session from a user, wherein the request does not include log-in credentials; selecting an anonymous account from a pool of anonymous accounts; obtaining credentials from the anonymous account; and establishing a session for the user using the credentials from the anonymous account. | 02-14-2013 |
| 20130042313 | KEY DERIVATIVE FUNCTION FOR NETWORK COMMUNICATIONS - Systems, methods, and other embodiments associated with deriving group keys used to securely communicate in a wireless mesh network are described. According to one embodiment, a controller, for calculating group keys used to secure communications to a plurality of remote devices in a network, includes a key logic configured to calculate a group key by using a group master key and unique information about a remote device of the plurality of remote devices. The plurality of remote devices are configured in a mesh topology. The group key is for securing communications with the remote device. The controller also includes a communication logic configured to secure a communication by using the group key. The communication is to be transmitted to the remote device. | 02-14-2013 |
| 20130047227 | METHOD AND SYSTEM FOR AUTOMATED USER AUTHENTICATION FOR A PRIORITY COMMUNICATION SESSION - An approach is provided for automated user authentication for a priority communication session. An authentication platform receives a session request for establishing a priority communication session over a data network between a user device and a service platform. The authentication platform determines network information and device information associated with the session request and the user device, respectively. The authentication platform further determines user history information regarding one or more prior communication sessions of a user of the user device. The authentication platform authenticates the user based on the network information, the device information, and the user history information for establishing the priority communication session. | 02-21-2013 |
| 20130047228 | METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE AGGREGATION - According to one embodiment, an apparatus may store a plurality of tokens. The apparatus may receive a subject token indicating an attempt to authenticate a user. The apparatus may determine at least one token-based rule based at least in part upon a token in the plurality of tokens and the subject token. The at least one token-based rule may indicate a plurality of attributes required to access a resource. The apparatus may determine a second plurality of attributes represented by the plurality of tokens and the subject token. The apparatus may determine at least one missing attribute, which may be in the plurality of attributes but not in the second plurality of attributes. The apparatus may then request the at least one missing attribute, and in response, receive at least one token representing the at least one missing attribute. | 02-21-2013 |
| 20130047229 | PLAY TIME DISPENSER FOR ELECTRONIC APPLICATIONS - Systems, methods, devices, and computer program products are described for controlling access to electronic applications by a user. A request may be received (e.g., from a user) to access an electronic application. The availability of points, credits, or time for the particular user may be determined, and access to the electronic application granted or denied based on the determination. User identity may be verified through biometric data, with such verification repeated at periodic or random intervals. Access may be restricted based on a permission level of a particular authority that has responsibility for all or a portion of the user's activities during a particular time period. Access may also be restricted based on the location of the user at the time of the access request. | 02-21-2013 |
| 20130047230 | BUILDING DATA SECURITY IN A NETWORKED COMPUTING ENVIRONMENT - In general, embodiments of the present invention provide an approach for providing a multi-tenant/customer partition group separator and securer in a shared cloud infrastructure (e.g., as an extension to DB2®, Label-Based Access Control (LBAC), and/or an independent tool). Among other things, embodiments of the present invention provide cloud administrators with an easy to use customizable, configurable security constraint builder/tool with a built-in multi-tenant/customer enabled security model. Moreover, embodiments of the present invention enable cloud administrators to set up, configure, and manage tenants/customers and their private shards with their own security constraints. The output of this tool greatly eases the time to create an invisible (e.g., software) wall of separation for multiple tenants/customers in a shared cloud infrastructure. | 02-21-2013 |
| 20130047231 | METHOD AND APPARATUS USING A CAPTCHA HAVING VISUAL INFORMATION RELATED TO THE CAPTCHA'S SOURCE - Disclosed is a method for visual verification a Captcha's source. In the method, a Captcha is served to a user. The Captcha includes visual information related to a characteristic of a source of the Captcha and related to a puzzle question of the Captcha. The visual information is for visual verification by the user of the Captcha's source. A response is received from the user based on the served Captcha. A determination is made as to whether the received response is a solution of the puzzle question of the served Captcha. | 02-21-2013 |
| 20130047232 | MULTIPLE AUTHENTICATION MECHANISMS FOR ACCESSING SERVICE CENTER SUPPORTING A VARIETY OF PRODUCTS - A service center receives first media data from a mobile device over a network, the first media data including at least one of an image and a voice stream presenting an identity of a user associated with the mobile device. The first media data was captured via at least one of a camera and a voice recorder of the mobile device. The user is authenticated by matching the first media data against second media data stored in the service center. The second media data has been previously registered with the service center, where the service center provides support services for a plurality of products on behalf of a plurality of product providers. Upon having successfully authenticated the user, support services are provided to the user for a product that has been registered with the service center by the user on behalf of a vendor. | 02-21-2013 |
| 20130047233 | DATA MANAGEMENT WITH A NETWORKED MOBILE DEVICE - A tool for establishing a wireless connection from a mobile device to another device in proximity to the mobile device. The mobile device receives requests for data, such as a user profile, medical records, etc. from the device. The mobile device has the ability to register/preapprove the requesting device allowing the device to access the requested data. The mobile device also has the ability to give varying devices different authorization levels. The mobile device has the ability to store the data on another system, and in response to the request, validate the requesting device and the device's authorization level, request the data from the other system through a network, and return the data to the requesting device. | 02-21-2013 |
| 20130047234 | METHOD AND DEVICE FOR PROPAGATING SESSION MANAGEMENT EVENTS - A method for propagating session management events between a plurality of machines forming a machine cluster includes generating, with a session management user interface, a session management event on a first machine of the machine cluster; detecting, with an installment of the interface, the generated event; sending, from the installment to a first security service related to the first machine, a set of specific information that is related to the detected event; determining, with the first security service, a set of target machines; sending the specific information from the first security service to target security services that are related to the target machines; and processing the specific information at each target security service of the target machines so as to execute, on each target machine that has received the specific information, the session management event generated on the first machine. | 02-21-2013 |
| 20130047235 | Authenticating a rich client from within an existing browser session - A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like. | 02-21-2013 |
| 20130047236 | AUTHENTICATION SYSTEM AND METHOD THEREOF - The invention relates to a system and method for authentication of subscribers of a system ( | 02-21-2013 |
| 20130047237 | PASSWORD SECURITY INPUT SYSTEM USING SHIFT VALUE OF PASSWORD KEY AND PASSWORD SECURITY INPUT METHOD THEREOF - The present invention relates to a password security input system which performs authentication through input of a security password key which is obtained by applying a shift value to an actual password key, and a password security input method thereof. According to the present invention, a password security input system is configured with a user terminal comprising: a password setting module for receiving and storing an actual password which is inputted during the initial setting by a user; an input window generating module for generating an input window in which key buttons are randomly disposed in every instance where a password is inputted; a password input module for receiving keys of a security password which are position-changed by applying the same shift distance to the key positions of the actual password in the input window displayed on a screen; and a password authentication module for comparing a key shift value of the pre-stored actual password with a key shift value of a security password inputted by a user on the basis of the input window, and determining that password authentication is in success when the two key shift values are the same. According to the present invention, even if a security password is exposed to a third person, the user can maintain the actual password with a sound mind. | 02-21-2013 |
| 20130047238 | METHOD FOR PROVIDING ACTIVE SECURITY AUTHENTICATION, AND TERMINAL AND SYSTEM SUPPORTING SAME - Disclosed herein are a method for providing active security authentication, and a terminal and system for supporting the same. The terminal includes a storage unit, a display unit, an input unit and a control unit. The control unit arranges a plurality of keys through an arrangement of random numbers when a security execution condition is satisfied, outputs, to the display unit, a security authentication screen based on a random-number matrix in which at least some keys in key regions adjacent to an item key among the plurality of keys arranged by the arrangement of the random numbers are set to exception keys that a user must not press, and decide that the terminal is used for an illegal use when the exception keys are included in an input information generated through the input unit. | 02-21-2013 |
| 20130055368 | Multi-Factor Authentication - According to some embodiments, a method provides a designated link in a notification to an intended recipient of the message. The designated link includes a unique identifier associated with the message. Upon receiving a request to access the message, the method authenticates the request. Authentication includes verifying whether the request corresponds to the designated link provided in the notification. If the request passes authentication, the method communicates the message. | 02-28-2013 |
| 20130055369 | SYSTEM AND METHOD FOR DAY-ZERO AUTHENTICATION OF ACTIVEX CONTROLS - A system and method in one embodiment includes modules for verifying a digital signature of a Microsoft® ActiveX® control, identifying an executable file of the ActiveX control, authorizing the executable file as an updater configured to enable trust propagation, if the digital signature is from an authorized issuer, and installing the ActiveX control. More specific embodiments include hooking an exported function in the executable file and marking a thread calling the exported function as an updater. Hooking the exported function includes patching the executable function so that when the exported function is called during execution of the executable file, a second function is executed before the exported function is executed. Other embodiments include extracting a cabinet file wrapping the ActiveX control, parsing an information file in the cabinet file, and downloading additional components for installing the ActiveX control. | 02-28-2013 |
| 20130055370 | SECURITY FOR FUTURE LOG-ON LOCATION - A system includes a location look-up module that determines a current location for a user log-on to the network, and determines a next location of the user log-on to the network. An analyzer module analyzes at least one portion of the network for potential future location information for authenticating with the determined next location by an authorization module. The authorization module authenticates the next log-on to the network based on a comparison with the potential future location information. | 02-28-2013 |
| 20130055371 | STORAGE CONTROL METHOD AND INFORMATION PROCESSING APPARATUS - Upon receipt of a first key and first data, a control unit exercises control to store second data indicating a second key in association with the first key in a first node and to store the first data in association with the second key in a second node. Upon receipt of an access request that specifies the first key, the control unit detects that data stored in association with the first key is the second data, and accesses the first data stored in the second node on the basis of the second key indicated by the second data. | 02-28-2013 |
| 20130055372 | DYNAMICALLY PROVIDING ALGORITHM-BASED PASSWORD/CHALLENGE AUTHENTICATION - Provided are a computer program product, method and system for dynamically providing algorithm-based password/challenge authentication. A page is provided to authenticate a presenter of a username including a string and a field for entry of a password. An entered password entered into the page is received. An algorithm associated with the username is applied to the string included in the page to generate a generated password. A determination is made as to whether the entered password matches the generated password. The username is successfully authenticated in response to determining that the entered password matches the generated password. | 02-28-2013 |
| 20130061304 | PRE-CONFIGURED CHALLENGE ACTIONS FOR AUTHENTICATION OF DATA OR DEVICES - An authentication system is enhanced by prompting an individual to perform a challenge action. For example, the individual may be requested to move the device in a particular motion, after entering a username/password combination. The challenge action is known only by the individual, such that an imposter, even with authentication information, does not know the challenge action. The challenge action improves security by preventing attackers from spoofing an individual's authentication information. The enhanced authentication system may be used on mobile devices, such as mobile phones and laptop computers, to provide access to secure data, such as bank account information. | 03-07-2013 |
| 20130061305 | RANDOM CHALLENGE ACTION FOR AUTHENTICATION OF DATA OR DEVICES - An authentication system is enhanced by prompting an individual to perform a randomly-selected challenge action. For example, the individual may be requested to move the device in a particular motion, after entering a username/password combination. The randomly-selected challenge action verifies the individual is located at the device, which prevents automated attacks to steal the individual's identity. The challenge action improves security by preventing attackers from spoofing an individual's authentication information. The enhanced authentication system may be used on mobile devices, such as mobile phones and laptop computers, to provide access to secure data, such as bank account information. | 03-07-2013 |
| 20130061306 | HYBRID CLOUD IDENTITY MAPPING INFRASTRUCTURE - In various exemplary embodiments, a system and associated method for providing a hybrid cloud computing environment are disclosed. For example, a system may authorize an enterprise user based on an enterprise identity. Once authenticated, embodiments may use mapping data and a cloud role to determine an identity to use when the enterprise user accesses a cloud. | 03-07-2013 |
| 20130061307 | Method and Apparatus for Accessing Corporate Data from a Mobile Device - A computer-implemented communication method performed by a computerized device and a computerized communication apparatus, the method comprising: receiving by a buffer server a first communication request and a device key from a mobile device; verifying the device key and a buffer server key; sending a request with details associated with the device key and the buffer server key, to a corporate server; receiving a response from the corporate server; removing data from the response, and sending a reduced response to the mobile device; receiving a user identification and a second communication request from the mobile device, for the data that has been removed; and sending the data that has been removed to the mobile device, upon verifying the user identification. | 03-07-2013 |
| 20130067546 | TRANSACTION AUTHENTICATION MANAGEMENT SYSTEM WITH MULTIPLE AUTHENTICATION LEVELS - An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine the user's type and invokes a user personal profile and application profile information that pertains to the transaction. The security tool may use the user personal profile and application profile information during user authentications. The security tool determines an initial authentication level and may modify that authentication level during user-to-user transaction operations. The security tool may perform substantially continuous user authentication during transaction operations by employing learned behavior, historical knowledge, and other information that the security tool maintains in a security information store. | 03-14-2013 |
| 20130067547 | TRANSACTION AUTHENTICATION MANAGEMENT INCLUDING AUTHENTICATION CONFIDENCE TESTING - An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine a relationship between the users and, in response, invoke a user personal profile and application profile information that pertains to the users and the transaction. The security tool determines an initial observed confidence level that indicates a degree of certainty with respect to the accuracy of user authentication. The security tool may continuously determine observed confidence levels from current user actions, learned behavior, and other information within a security information store. The security tool may compare a currently observed confidence level to a predetermined confidence threshold. The tool may halt the transaction if the observed confidence level does not exceed the predetermined confidence threshold thus indicating a breach in security confidence. | 03-14-2013 |
| 20130067548 | Database Access Using A Common Web Interface - Methods and systems for accessing databases using a common web interface are provided. A method for transmitting data retrieved from an endpoint device to a client device using a common web interface includes providing the common web interface to the client device. The common web interface allows access to a plurality of endpoint devices, each endpoint device comprising a unique endpoint address. The method further includes receiving, by a computer, identification data from the client device, retrieving an endpoint address for one of the plurality of endpoint devices based on the identification data, connecting to the endpoint device corresponding to the endpoint address, retrieving data from the endpoint device, and transmitting the retrieved data to the client device. | 03-14-2013 |
| 20130067549 | Cloud-Based Broker Service for Digital Assistants - A cloud-based broker service may be provided for computing devices in a distributed computing environment. The broker service may aggregate user accounts and user account credentials utilized for accessing online services by the computing devices. The broker service may monitor a context of the computing devices associated with the user accounts. The broker service may then utilize the context, data associated with the user accounts and data associated with the user account credentials to automate tasks and/or provide alerts associated with the data. | 03-14-2013 |
| 20130067550 | PRIVATE CLOUD SERVER AND CLIENT ARCHITECTURE WITHOUT UTILIZING A ROUTING SERVER - A method and system for use with a public cloud network is disclosed, wherein the public cloud network includes at least one private cloud server and at least one smart client device in communication therewith. The method and system comprise setting up the at least one private cloud server and the at least one smart client device in a client server relationship. The at least one private cloud server includes a message box associated therewith. The first message box is located in the public network. The at least one smart client includes a second message box associated therewith. The second message box is located on the public network. The method includes passing session based message information between the at least one private cloud server and the at least one smart client device via the first message box and the second message box in a secure manner. The session base information is authenticated by the private cloud server and the at least one smart client device. The smart client device and the private cloud server can then communicate with each other after the session based information is authenticated. | 03-14-2013 |
| 20130067551 | Multilevel Authentication - In an exemplary embodiment, a system includes a memory operable to store a user account identifier associated with a user account and a mobile device identifier associated with a mobile device. The memory is also operable to store a first user credential and a second user credential, the second user credential, wherein the second user credential comprises user input data captured by a sensor. The system includes a network interface operable to receive a request to authenticate a requesting user. The system also includes a processor operable to determine information included in the request to facilitate authentication of the requesting user and whether the information included in the request matches the information associated with the user account. The processor is further operable to authenticate the requesting user if the request is associated with the user account and information included in the request matches the information associated with the user account. | 03-14-2013 |
| 20130067552 | AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS - A particular method includes storing, at a mobile device, at least one security credential that is specific to the mobile device. The method also includes transmitting the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier. | 03-14-2013 |
| 20130067553 | CONTROL APPARATUS AND METHOD FOR EXECUTING APPLICATION - A mobile terminal to execute an operation of an application includes an application framework to determine a reliability level of the application, to assign a first secure key value to the operation, and to pack a second secure key value to an event packet generated by the application; and a modem layer to extract the second secure key value from the event packet, to determine whether the second secure key value corresponds to the first secure key value of the operation, and to determine whether to execute the operation. A method for executing an operation of an application includes assigning a first secure key value to the operation; receiving an event packet corresponding to the operation; extracting a second secure key value from the event packet; comparing the second secure key value with the first secure key value; and determining whether to execute the operation. | 03-14-2013 |
| 20130067554 | METHODS, DEVICES AND COMPUTER PROGRAM SUPPORTS FOR PASSWORD GENERATION AND VERIFICATION - During log-on of a user to an entity protected by a password, the password is verified by iteratively receiving a password character; and verifying that the received character complies with a predefined property (α) that sets at least one requirement for allowable passwords. If this is not the case, then this can indicate a brute force attack and appropriate action may be taken. The property α may be dependent on the user. Also provided are a corresponding device and a computer program product. | 03-14-2013 |
| 20130074168 | STREAMING VIDEO AUTHENTICATION - One or more devices transmit, to a user device, an application for secure mobile streaming, and receive, from the user device, a registration request for the application. The registration request includes a user ID and a unique device identifier (UDID) for the user device. The one or more devices initiate a validation procedure for the user ID or UDID. When the user ID or UDID is validated, the one or more devices generate a device-token for the user device. The device-token includes a hash value based on information in the registration request and an expiration date for the device-token. The one or more devices send the device-token to the user device via a private network. The device-token is required to permit the user device to receive a secure content stream via a public network. | 03-21-2013 |
| 20130074169 | Restrictive Access of a Digital Object Based on Location - The present disclosure involves a method including: receiving a request to access an object from a user; prompting the user to go to a target location; receiving feedback from the user with respect to the user's location; determining, electronically by a processor, whether the user has reached the target location; granting access of the object to the user in response to the determining. The present disclosure involves a system including: a storage storing an electronic item; an electronic communications interface that: detects a request to access the item from an entity and prompts the entity to go to a target location in response to the request; a computer processor that: analyzes feedback from the entity with respect to the entity's location, determines whether the entity's location is sufficiently close to the target location, and grants or denies access of the item to the entity based on the determination. | 03-21-2013 |
| 20130074170 | AUTHENTICATING A USER OF A SYSTEM USING NEAR FIELD COMMUNICATION - A system and machine-implemented method for providing a username and password to a system using a device, via establishing a near field communication link with the system; retrieving a username and password from storage on the device; and transmitting the username and password to the system via the near field communication link, wherein the username and password are configured to be used by the system to authenticate the user on the system. | 03-21-2013 |
| 20130074171 | AUTOMATED LOGIN INITIALIZATION ON DETECTION OF IDENTIFYING INFORMATION - A system for automating a data device login procedure having a network, a system backend communicable with the network having a backend processor configured to control a simplified login procedure and a database of login information accessible by the backend processor, a data reader communicable with the system backend configured to receive a credential data from an identification device, and a fungible portable data device communicable with the backend configured to receive a login information from the system backend for completing a login procedure. The data reader is configured to initiate the login procedure upon receipt of the credential data from the identification device and communicate the credential data to the backend. The backend is configured to determine the login information associated with the credential data comprising personalization information for the fungible portable data device and the system backend completes the login procedure to the fungible portable data device. | 03-21-2013 |
| 20130081119 | MOBILE DEVICE-BASED AUTHENTICATION - Mobile device-based authentication is disclosed. A first biometric input corresponding to a first biometric feature of the user is captured on the mobile device. A first set of biometric data is derived from the captured first biometric input. The first set of biometric data is transmitted to a remote authentication server. Thereafter, a secondary authentication instruction is transmitted to the site resource in response. Access to the site resource is permitted based upon a validation of the first set of biometric data, and a second biometric input that is captured on the site resource in response to the secondary authentication instruction received thereon. The first set of biometric data and the second set of biometric data are validated by remote authentication server substantially contemporaneously. | 03-28-2013 |
| 20130081120 | INCREASED SECURITY FOR COMPUTER USERID INPUT FIELDS - A computer determines whether current location information of the computer indicates that the computer is at a home location. The computer determines a minimum number of characters to be entered by a user into a userID field to cause the computer to automatically display previously entered userIDs based on whether the computer is located at a home location. If fewer than the minimum characters are entered, previously entered userIDs are not displayed. Location information can be based on one or more of: wi-fi signal strengths, cell tower signal strengths and signal arrival timing information, whether the network connection is wireless or Ethernet cable, the wireless protocol, whether a wi-fi connection is secured or public, whether the computer is a mobile device, and satellite navigation system location. | 03-28-2013 |
| 20130081121 | CONNECTION OF PERIPHERAL DEVICES TO WIRELESS NETWORKS - Methods and an apparatus to connect a peripheral device to a wireless network access point are provided herein. A host device associated with a wireless network access point stores and obtains a set of wireless credentials related to a wireless network formed by the wireless network access point. The host device opens a connection between the host device and the peripheral device to transmit the set of wireless credentials from the host device to the peripheral device. The host device identifies the peripheral device over the wireless network access point. | 03-28-2013 |
| 20130081122 | A Method, Device and System for Secure Transactions - A method for operating a security device comprises receiving a request for a transaction from a programmable device executing an application obtained from an application controlling institute, and verifying a validity of the transaction. A user is alerted, in which the user indicates an acceptance of the request. A one-time identifier is generated. The one-time identifier comprises a security device identification, a transaction number, a date and a time. The one-time identifier is communicated to the programmable device, in which the application verifies a validity of the security device identification and instructs the programmable device to communicate the one-time identifier and transaction to the application controlling institute for processing. The application controlling institute verifies validity of the one-time identifier and processes the transaction, wherein said security device, application programmable device and application controlling institute securely processes the transaction. | 03-28-2013 |
| 20130081123 | IP Multimedia Subsystem User Identity Handling Method and Apparatus - A method of enabling users of a third party Internet service, who are not necessarily subscribers of an IP Multimedia Subsystem, IMS, network, to access services provided by the IMS network. The method comprises registering a user with said third party Internet service via the Internet using an Internet service identity of the user, and sending to the user, from said third party Internet service and via the Internet, IMS network access information. The access information is then used to register the user with the IMS network, wherein, following IMS registration, the user is able to access IMS network services. | 03-28-2013 |
| 20130081124 | TRUSTING AN UNVERIFIED CODE IMAGE IN A COMPUTING DEVICE - A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key. | 03-28-2013 |
| 20130086661 | TECHNIQUES FOR CLIENT CONTRUCTED SESSIONS - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use. | 04-04-2013 |
| 20130086662 | PARAMETER BASED KEY DERIVATION - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use. | 04-04-2013 |
| 20130086663 | KEY DERIVATION TECHNIQUES - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use. | 04-04-2013 |
| 20130086664 | SYSTEM AND METHOD FOR AUTHENTICATING A REQUEST FOR ACCESS TO A SECURED DEVICE - A method for authenticating a request for access comprises monitoring one or more ambient transmissions present in a local environment, analyzing the one or more ambient transmissions to create a characterization thereof, and transmitting information configured to instruct a security token regarding characteristics of an adapted transmission protocol based on the characterization. The adapted transmission protocol is configured for decreasing a likelihood of interference by the one or more ambient transmissions with reception of an authentication transmission from the security token. An authentication transmission comprising authentication information is received from the security token, and the security token is authenticated based on the authentication information. In response to a request for access, a signal is transmitted to a controller indicating the request is authentic. A system for authenticating a request for access comprises a secured device configured for use with a security token and for monitoring one or more ambient transmissions. | 04-04-2013 |
| 20130086665 | SYSTEM AND METHOD FOR CLONING A Wi-Fi ACCESS POINT - Systems and methods for cloning a Wi-Fi access point. A determination is made by a network monitoring device to transition communications between a Wi-Fi device and a first access point (AP) to a second AP. The SSID and the security configuration information, and, optionally, network address translation (NAT) information of the first access point are acquired and provided to a second AP. The second AP instantiates the SSID and the security configuration information and, optionally, the NAT information. The networking monitoring device directs the first AP to cease using the SSID and the security configuration information and, optionally, the NAT information in response to receipt of confirmation that the second AP has instantiated the SSID and the security configuration information and, optionally, the NAT information of the first AP. | 04-04-2013 |
| 20130086666 | METHOD AND COMPUTER SYSTEM FOR PROVIDING TIME RATIO-BASED PASSWORD/CHALLENGE AUTHENTICATION - Providing registration for password/challenge authentication includes receiving an access code or pattern inputted by a user, recording a time message associated with each component of the access code or pattern via a processor, generating a data record in combining each component of the access code or pattern with the associated time message, and storing the data record. | 04-04-2013 |
| 20130086667 | METHOD AND SYSTEM FOR PROVIDING LOGIN AS A SERVICE - Systems and methods are provided for providing login as a service. A system receives, via a customer server, a request from a user computer to login to a customer application provided by the customer server. The system outputs a login form to the user computer, receives a modified login form from the user computer, and determines whether the modified login form enables the user computer to login to the customer application. If the modified login form enables the user computer to login to the customer application, the system notifies the customer server that the modified login form enables the user computer to login to the customer application. | 04-04-2013 |
| 20130086668 | GROUP SECURITY IN MACHINE-TYPE COMMUNICATION - If the related secure communication method is applied to the system which includes a plurality of the MTC devices, traffic in a network would increase in proportion to the number of MTC devices. A disclosed communication apparatus is connected to a network and a plurality of communication terminals, and includes: a group information sending unit for sending group information, which is received from the network; an access control unit for 1) receiving a reply from the communication terminal(s) which responded to the group information and 2) sending the reply to the network; and a temporary identifier and group key sending unit for sending a temporary identifier and a group key to the communication terminal which responded to the group information, when the communication apparatus received the temporary identifier and the group key from the network. | 04-04-2013 |
| 20130091558 | METHOD AND SYSTEM FOR SHARING MULTIMEDIA CONTENTS BETWEEN DEVICES IN CLOUD NETWORK - A method and system for sharing contents between devices registered in a cloud system. A cloud server in the cloud system includes a web server for controlling access of a first device to the cloud server; a cloud control unit for controlling networking between devices registered in the cloud server and a content server having access to the cloud server; a device management unit for managing information regarding the first device and the registered devices; and a context recognition management unit for managing context information of the first device and the registered devices. | 04-11-2013 |
| 20130097682 | Authentication Techniques Utilizing a Computing Device - A pre-registration procedure is utilized to create a user profile for a user of a multi-factor authentication (“MFA”) service. A client application installation procedure is utilized to install a client application on a computing device that is to be utilized as an authentication factor for the MFA service. A computing device enrollment procedure is utilized to enroll the computing device on which the client application was installed for the MFA service. A voice enrollment procedure is utilized to create a voice print for the user of the computing device that is to be utilized as an authentication factor for the MFA service. An authentication procedure is utilized to provide multi-factor authenticated access to a service, such as an online service that provides access to sensitive account information. | 04-18-2013 |
| 20130097683 | Trust verification schema based transaction authorization - A computationally implemented method includes, but is not limited to: for determining one or more behavioral fingerprints associated with one or more network accessible users; relationally mapping the one or more behavioral fingerprints to generate a trust verification schema associated with the one or more network accessible users; and determining whether to authenticate one or more transactions via the trust verification schema. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 04-18-2013 |
| 20130097684 | APPARATUS AND METHOD FOR AUTHENTICATING A COMBINATION CODE USING A QUICK RESPONSE CODE - An apparatus and a method are provided for authenticating a combination code using a Quick Response (QR) code. The apparatus includes a QR code receiver that receives an image frame including a QR code; a QR code recognizer that recognizes the QR code within the image frame; a combination code generator that generates a combination code including the QR code; and a combination code transmitter that transmits the combination code to an authentication server. | 04-18-2013 |
| 20130104208 | TRIPLE AUTHENTICATION: MOBILE HARDWARE, MOBILE USER, AND USER ACCOUNT - Enhanced network security is provided by requiring three types of information to be authenticated: user information identifying a user, security information that the user has entered into a network data communication device, and device information identifying the network data communication device. Systems and databases are described for processing and authenticating this information. | 04-25-2013 |
| 20130104209 | AUTHENTICATION SYSTEM - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. | 04-25-2013 |
| 20130104210 | AUTHENTICATION SYSTEM AND RELATED METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a key string adapted to provide a basis for authenticating the identity of the requester; a means for receiving an authentication credential associated with the request for access; and a means for evaluating the authentication credential to authenticate the identity of the requester. | 04-25-2013 |
| 20130104211 | AUTHENTICATION METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. | 04-25-2013 |
| 20130104212 | AUTHENTICATION METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client a request for access to a secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. The secured resource has a common identifier by which it may be generally identified outside of the authentication system, but the request for access lacks sufficient information content for the service client to be able to determine the common identifier. | 04-25-2013 |
| 20130104213 | AUTHENTICATION METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client (such as a retail store, service station, on-line service provider or merchandiser, healthcare provider, medical insurer, information consumer or the like) a request for access to a secured resource, where the request for access was previously submitted to the service client by a requester purporting to be an authorized user of said secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. | 04-25-2013 |
| 20130104214 | TOKEN BASED TWO FACTOR AUTHENTICATION AND VIRTUAL PRIVATE NETWORKING SYSTEM FOR NETWORK MANAGEMENT AND SECURITY AND ONLINE THIRD PARTY MULTIPLE NETWORK MANAGEMENT METHOD - A two-factor network authentication system uses “something you know” in the form of a password/Pin and “something you have” in the form of a key token. The password is encrypted in a secure area of the USB device and is protected from brute force attacks. The key token includes authentication credentials. Users cannot authenticate without the key token. Four distinct authentication elements that the must be present. The first element is a global unique identifier that is unique to each key. The second is a private credential generated from the online service provider that is stored in a secure area of the USB device. The third element is a connection profile that is generated from the online service provider. The fourth element is a credential that is securely stored with the online service provider. The first two elements create a unique user identity. The second two elements create mutual authentication. | 04-25-2013 |
| 20130104215 | SYSTEM AND METHOD FOR MANAGING NETWORK DEVICES - A system and a method for managing network devices are provided. The method includes the following steps. A central server is connected to a plurality of authenticated network devices via a network interface. The MAC (Media Access Control) address and the corresponding Internet Protocol (IP) address are stored in a database of the central server. The central server uses the MAC address to identify each authenticated network device. The central server periodically detects whether the IP address of each authenticated network device is changed. If the IP address of one or more of the authenticated network devices is changed, the central server updates the IP address corresponding to the MAC address stored in the database according to the changed IP address. | 04-25-2013 |
| 20130104216 | SYSTEM AND METHOD FOR ENHANCED PROTECTION AND CONTROL OVER THE USE OF IDENTITY - A method of protecting use of an entity's identity is provided. The method comprises setting a status of the identity to a first state, the first state defining a scope of permitted use of the identity, changing, in advance of an intended use of the identity, the status to a second state defining a scope of permitted use of the identity that is different from the first state, requesting use of the identity after the changing; and returning, after the requesting, the state back to the first state. | 04-25-2013 |
| 20130104217 | MASK BASED CHALLENGE RESPONSE TEST - Providing a challenge response test associated with a computer resource includes generating a challenge response test image including providing a first substantially well-formed image, including a first masked image having a visible portion entirely composed of portions of a first well-formed image, and a first plurality of image elements; and providing at least one ill-formed image, each at least one ill-formed image including a second masked image having at least one first ill-formed portion. | 04-25-2013 |
| 20130104218 | METHOD AND SYSTEM FOR SECURELY ACCESSING TO PROTECTED RESOURCE - The invention provides a method for securely accessing to protected resource and a system thereof, which belongs to information security field. A first terminal sends a request for accessing to the protected resource to a second terminal, and sends a user name and first data to the second terminal; the second terminal generates second data, and searches for a secret on a third terminal; the second terminal processes the first data, the second data, and the secret, so as to obtain a first characteristic value; the third terminal processes the first data, the second data, and the secret so as to obtain a second characteristic value, and upon receiving a confirmation message, processes the first data, the second data, and a secret pre-stored at/on the third terminal so as to obtain a third characteristic value; the first terminal sends the third characteristic value to the second terminal; the second terminal processes the first data, the second data, and the secret to generate a fourth characteristic value, and determines whether the fourth characteristic value is identical to the third characteristic value by comparison, if they are identical, accessing is permitted; otherwise, accessing is refused. | 04-25-2013 |
| 20130111572 | IP PUSH PLATFORM AND CONNECTION PROTOCOL IN A PUSH NOTIFICATION FRAMEWORK | 05-02-2013 |
| 20130117832 | Identity Verification and Authentication - In one embodiment, receiving, at a first computing device associated with a social-networking system and from a second computing device, a first request to verify an identity of a user of the social-networking system; sending, by the first computing device and to a mobile device associated with the user, a second request for information about the user; receiving, at the first computing device and from the mobile device, the information about the user; determining, by the first computing device, a confidence score indicating a probability that the identity of the user is true based on the information about the user received from the mobile device and information available to the social-networking system; and sending, by the first computing device and to the second computing device, the confidence score. | 05-09-2013 |
| 20130117833 | AUTHENTICATION DEVICE AND AUTHENTICATION SYSTEM - A biological information authentication device is provided with a biological information memory means, a user group information confirmation means, a biological information registering means and an authentication unit. The user group information is the information representing a trust relationship among a plurality of users; the biological information memory unit associates each biological information extracted from a plurality of users with the user group information and stores them. The user group information confirmation unit receives a determination as to whether or not a trust relationship exists among a plurality of users from whom the biological information is extracted and confirms the relationship between users. The biological information registering unit matches the user group information and stores each biological information extracted from each user in association with the biological information memory means. | 05-09-2013 |
| 20130117834 | COMMUNICATION CONTROL SYSTEM AND METHOD, AND COMMUNICATION DEVICE AND METHOD - A communication control system pairs a first communication device with a second communication device, the first communication device includes a first image editing unit that edits an input image in accordance with a predetermined rule to generate a first authentication image, and a first transmission unit that transmits first authentication data representing the first authentication image and a first identifier for identifying the first communication device to a server device, the second communication device includes a second transmission unit that transmits second authentication data representing the second authentication image and a second identifier for identifying the second communication device to the server device, and the server device includes a pairing unit that pairs the first communication device with the second communication device in the case where it is determined that the first authentication data matches the second authentication data. | 05-09-2013 |
| 20130125224 | DEVICE ASSOCIATION VIA VIDEO HANDSHAKE - A method of pairing a first device with a second device is disclosed. Accordingly, an image that include encoded data is generated by the first device. The encoded data includes a unique identifier for identifying the first device and an arbitrary security code. The first device displays the image on a display. The second device captures the image using an image sensing device. The encoded data is decoded to generate a decoded data. The second device sends the decoded data to a server that is communicatively connected to the first device and the second device. Upon receiving the decoded data and using the unique identifier, the server communicates with the first device to verify the arbitrary security code. | 05-16-2013 |
| 20130125225 | Network-Based Revocation, Compliance and Keying of Copy Protection Systems - A method of authenticating a device involves establishing a local connection between a local target device and a local source device; at the source device, obtaining credentials of the target device via the local connection; at the source device, sending the credentials to a cloud authentication server via a secure communication channel; at the cloud authentication server, checking the credentials of the target device against a database of known good devices; at the source device, receiving a message from the cloud authentication server via the secure communication channel, said message indicating that the target device is authenticated; and delivering content from the source device to the target device on the condition that the target device is authenticated. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract. | 05-16-2013 |
| 20130125226 | SSO FRAMEWORK FOR MULTIPLE SSO TECHNOLOGIES - Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On (SSO) identity management (IdM) concept may be a means by which a user may be provided with such ease of use, while enabling user-assisted and network-assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used. | 05-16-2013 |
| 20130125227 | METHOD FOR ACCESSING A STORAGE SERVER OF AN IM SERVICE SYSTEM, AND AN IM SERVICE SYSTEM - The present invention discloses a method for accessing a storage server of an IM service system and an IM service system. The method comprises: IM client sending registration request message to IM service system using first user identifier; after receiving registration request message, IM service system obtaining other user identifiers associated with the first user identifier, sending registration success response message comprising other user identifiers associated with the first user identifier to IM client; IM storage client sending login request comprising any one of multiple user identifiers to storage server; storage server receiving login request and obtaining other user identifiers associated with the user identifier in login request; the storage server passing identity verification of multiple user identifiers. The problem of repeat login of a user with multiple identifiers is effectively solved when accessing a storage server, the system access efficiency is improved and the user experience is enhanced. | 05-16-2013 |
| 20130133051 | AUTHENTICATED HOME DIRECTORY - Methods and systems for home directory management are described. In one embodiment, a computing system receives a user login request, and in response, bind mounts a temporary directory on a local file system of the computing system. The temporary directory does not require authentication. The computing system prompts the user for user credentials and authenticate the user using the user credentials. In response to a successful authentication, the computing system mounts a non-native directory in the temporary directory. | 05-23-2013 |
| 20130133052 | Behavioral fingerprint device identification - A computationally implemented method includes, but is not limited to: determining a behavioral fingerprint associated with a network accessible user of one or more devices, the behavioral fingerprint providing a current status of the network-accessible user; and identifying a current device of the one or more devices as being currently used by the network-accessible user as a function of the determined behavioral fingerprint. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 05-23-2013 |
| 20130133053 | METHODS FOR ENHANCING PASSWORD AUTHENTICATION AND DEVICES THEREOF - This technology includes identifying verification password characters and a location of each of the verification password characters in one of a plurality of rows and one of a plurality of columns of a password matrix in response to received login identifier characters and received password characters from a client computing device. A determination is made whether each of the received password characters and the location of each of the received password characters in the password matrix matches each of the identified verification password characters and the location of each of the identified verification password characters in the password matrix. Access to the client computing device is granted when each of the received password characters and the location of each of the received password characters in the password matrix is determined to match each of the identified verification password characters and the location of each of the identified verification password characters. | 05-23-2013 |
| 20130133054 | Relationship Based Trust Verification Schema - A computationally-implemented method, in accordance with certain example embodiments, may include, but is not limited to: receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other aspects are presented in the claims, drawings, and written description forming a part of the present disclosure. | 05-23-2013 |
| 20130133055 | METHOD AND APPARATUS TO PROVIDE CONTINUOUS AUTHENTICATION BASED ON DYNAMIC PERSONAL INFORMATION - An authentication method, system and device are provided to continuously collect dynamic personal identification data (DPID) samples through a user device by using one or more sensors to continuously collect biometric and location data samples associated with the user and then securely transfer the DPID samples to a central authentication server where attributes of the DPID samples may be captured and incorporated as part of a challenge-response pair which requests an arbitrarily generated N-tuple of the DPID samples from a predetermined time interval from the user device that is unique to the user and dynamic based on the sensed data and the time-interval of collection. | 05-23-2013 |
| 20130139233 | SYSTEM AND METHOD FOR CONTROLLING USER ACCESS TO A SERVICE PROCESSOR - According to one aspect, a system for managing user access to a service processor is disclosed. In one embodiment, the system includes a computer-executable management access module for performing functions to authenticate a user. A management computer that is communicatively coupled to the service processor is operative to perform management functions for at least one target computer. User authentication functions include receiving a first set of login data from a user of the management computer and verifying whether the received login data corresponds to an approved user. If the first set of login data corresponds to an approved user, a code is generated and then displayed on the management computer. When recognized by the personal computing device, data from the code is used for providing a second set of login information to the user, for permitting the user to access the service processor via the management computer. | 05-30-2013 |
| 20130139234 | SYSTEM AND METHOD FOR REMOTE MANAGEMENT OF A PLURALITY OF TARGET COMPUTERS FROM A COMMON GRAPHICAL INTERFACE - A computer system. In one embodiment, the computer system includes a remote management computer with a user input means and a display means, a plurality of target computers communicatively connected to the remote management computer over a communications link, and a computer-executable remote management application. The remote management application is configured to cause the remote management computer to perform functions that include receiving user authentication data for a user to remotely access particular target computers over the communications link, sending a request for remote management data to each of the particular target computers, receiving remote management data from each of the particular target computers in response to the request, and causing the display means to simultaneously display the graphical user console for each one of the particular target computers in a common graphical interface. | 05-30-2013 |
| 20130139235 | APPLICATION-BASED CREDENTIAL MANAGEMENT FOR MULTIFACTOR AUTHENTICATION - A device receives a request to authenticate an end user of a user device to use an application, based on an application identifier and a user identifier included the request, and determines whether the application is authenticated based on the application identifier. The device also determines whether the user device is authenticated based on the user identifier and utilizing a generic bootstrapping architecture (GBA) authentication procedure, and determines whether the end user is authenticated based on a personal identification number (PIN) associated with the end user. The device further provides, to an application server device hosting the application, results of the authentications of the application, the user device, and the end user. | 05-30-2013 |
| 20130139236 | IMPOSTER ACCOUNT REPORT MANAGEMENT IN A SOCIAL NETWORKING SYSTEM - Imposter account reports received by a social networking system are put into a report management process that routes the reports into other handling processes based upon the comparison of the probability of fraud in an alleged imposter account versus the probability of fraud in an alleged authentic account. The account determined to be most probably fraudulent is enrolled in an account verification process. In the account verification process, the account-holder is asked to verify their identity through automatic means. If the automatic means fail to verify the identity of the account-holder, a manual process for verification is initiated. | 05-30-2013 |
| 20130139237 | Method for digital identity authentication - In a preferred embodiment of the invention, an authenticating device ( | 05-30-2013 |
| 20130139238 | Method and System For Authenticating User Access To A Restricted Resource Across A Computer Network - A method of authenticating user access to a restricted resource across a computer network, the method characterised by: communicating client device configuration data to a server and assigning a risk analysis score based on the client device configuration data; and generating an alert at a client device in response to the risk analysis score. | 05-30-2013 |
| 20130139239 | DUAL CODE AUTHENTICATION SYSTEM - A verification method and system are disclosed that verify a user. The user is provided a verification code via, for example, a website, to be communicated to a provided electronic contact via a secondary mode of communication, such as through an SMS-enabled device. If the correct verification code is communicated by the user, the user receives a return message (e.g., a return SMS message) containing a second verification code, which the user submits to a website or on-line form or to another verification system for authentication. | 05-30-2013 |
| 20130145448 | LOCK SCREENS TO ACCESS WORK ENVIRONMENTS ON A PERSONAL MOBILE DEVICE - One or more embodiments of the invention provide access to a work environment in a mobile device from a lock screen presented by a personal environment of the mobile device, wherein the work environment is running in a virtual machine supported by a hypervisor running within the personal environment and wherein the personal environment is a host operating system (OS) of the mobile device. The host OS receives an authentication credential from a user in response to a presentation of the lock screen on a user interface (UI) of the mobile device and then determines whether the authentication credential is valid for the personal environment or the work environment. If the authentication credential is valid for the personal environment, access is enabled only to the personal environment. If the authentication credential is valid for the work environment, access is enabled to both the personal environment and the work environment. | 06-06-2013 |
| 20130145449 | Method and Apparatus for Providing a One-Time Password - In a method for providing a one-time password for a user device belonging to a user, which password is intended to register the user device with a server, the server generates the one-time password using a cryptographic operation on the basis of a unique use identifier and transmits the password to the user device. The method provides a service provider with the possibility of tying additional conditions for registration to the one-time password and thus increases the flexibility of the service provider when configuring the services offered by the latter and increases security against manipulation. | 06-06-2013 |
| 20130152181 | PORTAL BASED CASE STATUS MANAGEMENT - Illustrative embodiments include a method, system, and computer program product for providing a current status of an update to a data record. A computer receives, from a portal in a backend application, a request for status of a previous request to perform the update to the data record. The computer determines a previously reported status from a previously completed processing operation on the data record in a workflow used for processing the previous request. The computer further determines a status of a presently incomplete processing operation on the data record in the workflow used for processing the previous request. The computer adding the previously reported status and the status of the presently incomplete processing operation to a status report, forming the current status. The computer transmits a response including the current status. | 06-13-2013 |
| 20130152182 | SYSTEM AND METHOD FOR ENABLING, VERIFICATION OF ONE OR MORE CREDENTIALS OF ENTITIES AND SHARING RESULT OF VERIFICATION - A system and method for enabling, verification of one or more credentials of entities and sharing result of verification is provided. The system is configured to receive request from an entity to verify a credential, verify the credential of the entity according to a predefined methodology and allow the entity to share at least a part of result of verification. | 06-13-2013 |
| 20130152183 | User Identity Management and Authentication in Network Environments - Systems, devices, and methods for sending, by a first computing device to a second computing device, a set of authentication information; determining, by the second computing device, a globally unique identifier associated with the set of authentication information; determining, by the first computing device, a set of properties associated with the received request based on the determined globally unique identifier; and establishing, by the first computing device, a communication channel to the second computing device, wherein the communication channel is established based on the determined set of properties. | 06-13-2013 |
| 20130152184 | METHOD OF PROVIDING SNS-GROUP INVITING SERVICE AND SNS SERVER THEREFOR - A method of providing a Social Networking Service (SNS) group inviting service via an SNS server, the method including receiving an SNS group invitation request containing second-user identification information, from a first device of a first user, generating first authentication information corresponding to the second-user identification information in response to the SNS group invitation request, receiving an SNS group joining request containing second authentication information, from a second device of a second user, and comparing the first authentication information and the second authentication information with each other and permitting the second device to join the SNS group. | 06-13-2013 |
| 20130160099 | TOKEN BASED SECURITY PROTOCOL FOR MANAGING ACCESS TO WEB SERVICES - Token based techniques for managing client access to individual methods or resources provided by an application or service can be implemented at the application server hosting the application or service. Such techniques include performing client authentication and authorization based on information associated with the client as specified in a security token generated for the client. The security token associated with the client enables a service provider to monitor and control client access to the methods of the service on an individual basis. | 06-20-2013 |
| 20130160100 | METHODS AND SYSTEMS FOR INCREASING THE SECURITY OF NETWORK-BASED TRANSACTIONS - A method for enhancing the security of systems and resources involved in conducting network-based transactions on mobile communications devices includes comparing authentication data requested to be captured from a user as part of an authentication transaction against authentication data anticipated by the user to be captured during the authentication transaction. The method also includes authenticating the requested transaction when the user decides that the requested authentication data agrees with the anticipated authentication data, and conducting a network-based transaction from a mobile communications device, if the user is authorized, after successfully authenticating the identity of the user. | 06-20-2013 |
| 20130160101 | Wireless Communication Systems and Methods - Embodiments of the invention provide methods, devices and computer programs arranged to control provisioning of device-to-device (D2D) communication services in a communication network. One embodiment includes an apparatus including a processing system arranged to cause the apparatus to: assign a credential of a first type to a first D2D device; store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of a D2D communication service; transmit data indicative of the credential of the first type for reception by the first D2D device, said credential being for use in verification of said D2D communication service to be provided by the first D2D device to a second, different, D2D device; and maintain an operative state for the D2D communication in dependence on said association. | 06-20-2013 |
| 20130160102 | Fully Electronic Notebook (ELN) System And Method - A system, for record keeping in scientific, industrial, and commercial applications where records are used to document inventions and discoveries, such as in a research laboratory. Such systems are referred to in the applicable field as Electronic Laboratory Notebooks (ELNs). The system deploys data validation and signature validation modules to ensure data integrity and satisfy legal requirements for signature and witnessing documents in a completely paperless environment. | 06-20-2013 |
| 20130160103 | IMAGE COLLECTION BASED INFORMATION SECURITY METHOD AND SYSTEM - An image collection based information security method and system is disclosed. The method includes a server side receiving a first transaction data sent by a client side and generating a second transaction data with the first data. The server converts the second data into an image, and sends the image to the client. A dynamic token collects the image, pre-processes, and converts the image into a third transaction data, and displays the third data for user's confirmation. The token generates and displays a second dynamic password according to the third data. The client receives the second password input by a user and sends same to the server. The server receives the second password and generates a first dynamic password, determines whether the first password is identical to the second password; if yes, the authentication is successful and the transaction is executed; if no, the transaction is cancelled. | 06-20-2013 |
| 20130160104 | ONLINE ACCOUNT ACCESS CONTROL BY MOBILE DEVICE - Systems and methods for controlling access to an online account are described. An access control message including an action to be performed on an online account can be sent from a mobile device to a server. A user verification query message can be sent to the mobile device. A user verification response message can be received from the mobile device. The user verification response message can include verification information that is different from login information for the online account. The user verification response message can be verified by comparing the verification information to stored information. If the user verification response message is successfully verified, the action indicated in the access control message can be performed on the online account. | 06-20-2013 |
| 20130167211 | RE-AUTHENTICATION - In one example, a method of managing access to a network includes receiving a network access request including one or more credentials via an edge device. The one or more user credentials are authenticated, and a database record for a user associated with the one or more user credentials is identified. A re-authentication duration value is obtained from the database record for the user, wherein the re-authentication duration value is pre-assigned to the user or pre-assigned to a group associated with the user. A response comprising the re-authentication duration value is then sent to the edge device. | 06-27-2013 |
| 20130167212 | SYSTEM AND METHOD FOR PROVIDING SECURE ACCESS TO AN ELECTRONIC DEVICE USING BOTH A SCREEN GESTURE AND FACIAL BIOMETRICS - A system and method for providing secure authorization to an electronic device by combining two or more security features of authentication processed at substantially the same time where at least one of the factors is a “tolerant” factor. By combining two factors such as facial recognition and a screen gesture, these can be analyzed at substantially the same time such that the tolerance match required by the tolerant factors for providing a better user authentication experience without reducing the overall security accuracy. | 06-27-2013 |
| 20130167213 | METHOD AND SYSTEM FOR VERIFYING USER INSTRUCTIONS - A method for verifying instructions communicated from a user to a relying entity is described. A trusted entity receives a request from the relying entity to verify instructions received from the user wherein the request includes verification information corresponding to the instructions communicated to the relying entity from the user. The trusted entity sends a request to the user to provide verification information corresponding to the instructions. The trusted entity receives the verification information from the user and compares it to the verification information received from the relying entity. The trusted entity then verifies the instructions based on the comparing. | 06-27-2013 |
| 20130167214 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND COMPUTER PROGRAM - An information processing apparatus includes a first session managing unit configured to manage a transaction including a request and a response over a network and a second session managing unit configured to manage authentication identification information of an authenticated user. The information processing apparatus also includes a token generating unit configured to acquire authentication identification information of a requesting user and generate a token value to be included in a first response using an internally managed value, in response to a first request, and a token validating unit configured to acquire the authentication identification information of the requesting user in response to a second request and validate correctness of a token value included in the second request by comparing the token value with a token value calculated using the managed value. | 06-27-2013 |
| 20130167215 | USER AUTHENTICATION APPARATUS, METHOD THEREOF AND COMPUTER READABLE RECORDING MEDIUM - A user authentication apparatus, a user authentication method, and a computer readable recording medium are provided. The user authentication apparatus includes: an information collection unit which collects authentication information on a plurality of portable devices of a user through a communication network; and a control unit which identifies whether each of the plurality of portable devices is registered for the user or not based on the collected authentication information, determines whether an amount of information collected from the plurality of portable devices that are identified is greater than a threshold value, and authenticates the user. | 06-27-2013 |
| 20130167216 | CLOUD IDENTIFICATION PROCESSING AND VERIFICATION - A system and method are provided for identification of a user collecting enrollment data from the user including dwell times for each of an enrollment series of login attempts; creating an iterative unified identification score for the user from the dwell times of login attempts; establishing an iterative average of identification score; establishing a standard deviation of the iterative identification score; deleting the dwell times and other data of the enrollment series of login attempts; prompting and collecting login specific dwell times; calculating a login identification score; comparing the login identification score to the iterative unified identification score, and updating the iterative scores and the iterative standard deviations and storing between login attempts only an iterative average dwell time, an iterative average flight time, the unified identification score and iterative standard deviation of the unified identification score. | 06-27-2013 |
| 20130174237 | SYSTEM AND METHOD FOR TRANSFERRING STATES BETWEEN ELECTRONIC DEVICES - In various example embodiments, a system and method for transferring the state of a first device to a second device are disclosed. An instruction to transfer a state of a first device to a second device is received. In response, information related to the state of the first device is packaged into a file. A type of connection to be used to transfer the state of the device is determined based on the connections available to the first device and the second device. The file containing the information of the state of the first device is transferred to the second device using the connection type. The file, when processed by the second device, causes the second device to reproduce the state of the first device. | 07-04-2013 |
| 20130174238 | MECHANISM TO DETERMINE SOURCE DEVICE SERVICE TIER BASED ON THE VERSION OF THE HDCP KEY - A source device and method for authenticating a sink device. The source device and method include detecting when the sink device connects to a communication interface and in response to detecting a connected sink device, activating a sink device authentication protocol which authenticates whether the connected sink device is an approved sink device for connecting via the communication interface. The source device determines a level of authentication of the connected sink device from among a first-level authentication and a second-level authentication based on first and second authentication components, respectively derived from different master keys, which affects the type of content provided to the sink device. Responsive to the level of authentication provided through the connected sink device, modifying the content transmitted to the connected sink device, and preventing transfer of any content from the source device to the sink device in response to the sink device not being authenticated. | 07-04-2013 |
| 20130174239 | REINFORCED AUTHENTICATION SYSTEM AND METHOD USING CONTEXT INFORMATION AT THE TIME OF ACCESS TO MOBILE CLOUD SERVICE - Provided are a reinforced authentication system and method using context information at the time of access to a mobile cloud service. The system comprises a mobile terminal transmitting a context information message, which comprises context information, and authentication information and a context information-based authentication server receiving the context information message and the authentication information, determining an authentication mechanism based on the context information message, and authenticating a user of the mobile terminal. | 07-04-2013 |
| 20130174240 | Computer Implemented System and Method for Providing Challenge-Response Solutions to Authenticate a User - A system and method for providing challenge-response solutions to authenticate a user have been provided. The system includes web server comprising interlinking means adapted to interlink a plurality of images with unique index values such that each of the images has a unique index value. The web server includes registration means adapted to enable users to select at least two interlinked images for the purpose of registration. The web server includes challenge generation means adapted to generate, transmit an authentication challenge of the form of one-time equation. The web server, prior to transmitting the one-time equation, computes the value of the equation based on at least the sequence specified by the user. The web server compares the value calculated by the user with the value calculated prior to transmission and authenticates the user only in the event that said value calculated by the user is equivalent to the stored value. | 07-04-2013 |
| 20130174241 | AUTOMATED NEGOTIATION AND SELECTION OF AUTHENTICATION PROTOCOLS - Wireless telecommunications networks may implement various forms of authentication. There are a variety of different user and device authentication protocols that follow a similar network architecture, involving various network entities such as a user equipment (UE), a service provider (SP), and an authentication endpoint (AEP). To select an acceptable authentication protocol or credential for authenticating a user or UE, authentication protocol negotiations may take place between various network entities. For example, negotiations may take place in networks implementing a single-sign on (SSO) architecture and/or networks implementing a Generic Bootstrapping Architecture (GBA). | 07-04-2013 |
| 20130174242 | Remote Access Manager for Virtual Computing Services - A remote access manager in a virtual computing services environment negotiates a time limited NAT routing rule to establish a connection between a remote device and virtual desktop resource providing user computing services. A series of NAT connection rules are revised in a dynamic manner such that a pool of ports is available to connect a plurality of remote users to local virtual compute resources over one or more public IP addresses. Once a connection is established, an entry is made in a firewall state table such that the firewall state table allows uninterrupted use of the established connection. After an entry has been made in the state table, or the routing rule has timed out, the port associated with the original NAT routing rule is removed and the same port can be re-used to establish another connection without disrupting active connections. | 07-04-2013 |
| 20130174243 | BIOMETRIC AUTHENTICATION SYSTEM, COMMUNICATION TERMINAL DEVICE, BIOMETRIC AUTHENTICATION DEVICE, AND BIOMETRIC AUTHENTICATION METHOD - Provided is a biometric authentication system capable of preventing spoofing attacks even if leakage of key information and a registration conversion template occurs. A communication terminal device ( | 07-04-2013 |
| 20130179953 | Confidential information access via social networking web site - A server computing device for a social networking web site receives from a user, via access of the web site, confidential information regarding the user, including information that the user does not socially share on the web site. The device associates the confidential information with a user identifier that uniquely identifies the user on the web site, and with an export group identifier corresponding to a type of the confidential information. The device associates the export group identifier with a password different from a user password the user employs to access the web site. The device receives, from a third party, a purported user identifier, a purported export group identifier, and a purported password, which the device validates against the user identifier, the export group identifier, and the password. Where validation is successful, the device permits access to the confidential information by the third party. | 07-11-2013 |
| 20130179954 | Computer Implemented System and Method for Providing Users with Secured Access to Application Servers - A computer implemented system and method for providing users with secured access to application servers have been disclosed. The system and method envisaged by the present disclosure are not restricted to providing users with secured access to application servers. The system and the method also ensure that transactions performed by the users through the application servers remain secured and hack-resistant. The present disclosure envisages a system that acts as a secured, trusted gateway between the users and the application servers associated with providers of sensitive services such as banking and financial institutions. In case of the system envisaged by the present disclosure, rather than directly accessing an application server, users are made to contact the system of the disclosure and upon verification of their respective identities, are allowed to access the application servers associated with providers of sensitive services. | 07-11-2013 |
| 20130179955 | Identity Management System And Method Including Architecture For The Same - A computer implemented method for an identity management system, having: on a computer device having one or more processors and a memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for: providing a core gateway system; and providing a data processing engine. Also, a computer system and non-transitory computer-readable storage medium adapted for the same. | 07-11-2013 |
| 20130179956 | Mobile Anti-Phishing - A method for inhibiting phishing can include sending information from a mobile network device to a website server, generating a one time password at the mobile network device from the information, generating a one time password at the website server from the information, sending the one time password generated at the website server to the mobile network device when the mobile network device subsequently accesses the website, and comparing the one time password generated at the website server to the one time password generated at the mobile network device. In this manner, the website can be authenticated such that the occurrence of phishing is substantially mitigated. | 07-11-2013 |
| 20130179957 | PERSONAL IDENTIFICATION SYSTEM AND METHOD - The present invention shortens the time required for watch list verification, and shortens the time required generally for the personal identification processing which includes watch list verification. In a personal identification system, a biometric information watch list comparison function ( | 07-11-2013 |
| 20130179958 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AUTHENTICATION DEVICE, INFORMATION TERMINAL, PROGRAM AND INFORMATION RECORDING MEDIUM - It is determined whether or not a subject operating an information terminal is a human without requiring a character input. A client device displays an authentication screen, sequentially acquires positional information on the authentication screen based on operation information which has been received, records a path which is indicated by the sequentially acquired positional information, and transmits the recorded path to an authentication server. The authentication server determines whether or not an operation indicated by the operation information is an operation performed by a human based on a fluctuation amount of the recorded path with respect to a path as a reference which is defined on the authentication screen. | 07-11-2013 |
| 20130185783 | SYSTEM AND METHOD FOR CONFIRMING IDENTITY AND AUTHORITY BY A PATIENT MEDICAL DEVICE - A system and method for confirming identity and authority by a patient medical device is provided. Master credentials are issued to a requesting device and a receiving device from an authorizing agent. The master credentials include a public key of the authorizing agent and a digital signature of a root certification authority. Device credentials are issued to the requesting device from the authorizing agent. The device credentials include a public key of the requesting device and a digital signature of the authorizing agent. Identification credentials are provided to the receiving device and include the device credentials and a digital signature of the requesting device. The requesting device is authenticated. The digital signature of the authorizing agent in the device credentials is checked using the public key of the authorizing agent in the master credentials of the receiving device. The digital signature of the requesting device in the identification credentials is checked using the public key of the requesting device in the device credentials. | 07-18-2013 |
| 20130191901 | SECURITY ACTIONS BASED ON CLIENT IDENTITY DATABASES - Example embodiments disclosed herein relate to authentication based on Media Access Control (MAC) addresses. A network security device receives one or more client identity databases from one or more edge network devices. The client identity databases include MAC addresses of clients and secondary identification information for each of the clients. The network security device determines that a client device has been connected to one of the edge devices. A security action is performed based on whether the MAC address and respective secondary identification information of one of the clients matches the MAC address and respective secondary identification information of the connected client device. | 07-25-2013 |
| 20130191902 | NETWORK MEDIATED MULTI-DEVICE SHARED AUTHENTICATION - Described in an example embodiment herein is an apparatus, comprising a communication interface and authentication logic coupled with the wireless interface. The authentication logic authenticates with at least one neighboring device forming a trust relationship with the at least one neighboring device. The authentication logic obtains via the communication interface data representative of a user associated with a user device. The authentication logic sends a challenge to the user device, via the communication interface, the challenge requesting data associated with the user associated with the user device. The authentication logic receives a response to the challenge via the user interface and validates the response to the challenge. The authentication logic provides data to the at least one neighboring device indicating that the user associated with the user device has been authenticated, to enable access to the functionality and/or resources of the at least one neighboring device. | 07-25-2013 |
| 20130191903 | DUAL FACTOR AUTHENTICATION WITH A PROGRAMMABLE TERMINAL DEVICE - Systems, devices, methods, and software are described for managing virtual sessions based on dual factor authentication. A central server computer system may authenticate a user of a terminal device based on at least one user authentication credential and a unique device identifier received from the terminal device. The virtual session may be associated with the terminal device based on the received unique device identifier and the at least one user authentication credential. The virtual session may be updated according to at least one rule based on the association of the virtual session of the user with the terminal device | 07-25-2013 |
| 20130191904 | Systems and Methods for Universal Enhanced Log-In, Identity Document Verification and Dedicated Survey Participation - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data, A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server. | 07-25-2013 |
| 20130198827 | SERVICE COMPLIANCE ENFORCEMENT USING USER ACTIVITY MONITORING AND WORK REQUEST VERIFICATION - Auditing system logs of a remote client device is provided. Login session information entered at a workstation device accessing the remote client device to perform an activity associated with a work request is received. An access token is generated based on the login session information and information associated with the work request on the remote client device. The access token is compared with an audit log report of the remote client device that includes the activity associated with the work request performed by the workstation device on the remote client device. It is determined whether information in the access token matches information in the audit log report of the remote client device. In response to determining that the information in the access token does not match the information in the audit log report of the remote client device, an action alert is sent. | 08-01-2013 |
| 20130205377 | METHODS USING BIOMETRIC CHARACTERISTICS TO FACILITATE ACCESS OF WEB SERVICES - Methods for facilitating access of a web service are provided. In an embodiment, a first web device first obtains at least one reference biometric characteristic. Then, the first web device receives at least one parameter for the web service. Next, the first web device associates the at least one reference biometric characteristic with the at least one parameter. Thereafter, a second web device obtains at least one biometric characteristic. Then, the at least one biometric characteristic obtained by the second web device is compared with the at least one reference biometric characteristic. If the at least one biometric characteristic obtained by the second web device matches the at least one reference biometric characteristic, the second web device applies the at least one parameter to the web service. | 08-08-2013 |
| 20130205378 | COMMUNICATION APPARATUS, SERVER APPARATUS, RELAY APPARATUS, CONTROL APPARATUS, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication apparatus is connected to a server apparatus that issues first authentication information used in communication. The communication apparatus includes a receiving unit configured to receive an execution instruction to execute a bootstrap authentication process of issuing the first authentication information. The bootstrap authentication process includes validation of capability information indicating a capability of the communication apparatus. The communication apparatus also includes a first authentication processing unit configured to execute the bootstrap authentication process with the server apparatus based on second authentication information including the capability information, when the receiving unit receives the execution instruction. | 08-08-2013 |
| 20130205379 | AUTHENTICATION METHOD BETWEEN CLIENT AND SERVER, MACHINE-READABLE STORAGE MEDIUM, CLIENT AND SERVER - An authentication method between a server and a client is provided. The authentication method includes transmitting, to the client, an inquiry message including a first modified secret key generated based on a first secret key and a first blinding value, receiving, from the client, a response message including a response value generated based on the first blinding value, a second secret key, and an error value, calculating the error value from the response value, and determining whether authentication of the client has succeeded based on the error value. | 08-08-2013 |
| 20130205380 | IDENTITY VERIFICATION - A method of verifying the identity of a user comprising: initiating ( | 08-08-2013 |
| 20130205381 | Service Protection - A method and system for determining whether user accounts in a client-server architecture are legitimate is described, the method and system including determining a first integer value, hereinafter denoted N, and a second integer value, hereinafter denoted K, such that K| 08-08-2013 | |
| 20130205382 | Resource Access Based on Multiple Credentials - A collection of multiple user credentials each associated with one of multiple different users is obtained at a device, and one or more of the multiple user credentials are verified. A determination is made as to whether access to a resource is permitted, by at least comparing the collection of multiple user credentials to a threshold combination of user credentials to be satisfied to access the resource. An indication of whether access to the resource by a requesting user is permitted is returned or provided to another device. | 08-08-2013 |
| 20130212662 | SECURITY ACCESS IN A COMPUTER-BASED FLOW OF TASKS - Implementing security access includes creating a coordinate system that includes a first axis and a second axis. Points on the first axis and the second axis specify corresponding coordinates. The security access also includes randomly selecting values from a database and populating the coordinate system with the values and selecting a set of the coordinates from the coordinate system. The set of coordinates is indicative of an instruction. The security access further includes generating an image from the coordinate system and the values, the image including labels for the coordinates along respective first axis and second axis, and identifying values corresponding to the set of coordinates. The values correspond to the set of coordinates indicative of an answer to the instruction. The security access also includes transmitting the image and the instruction to a user device, and using the image, the instruction, and the answer as a security access mechanism. | 08-15-2013 |
| 20130212663 | ENABLING SECURE ACCESS TO A DISCOVERED LOCATION SERVER FOR A MOBILE DEVICE - A method for obtaining a secure connection between a first server and a client. The method may comprise establishing a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client. The client may receive a client token, wherein the client token contains data associated with the first server, the second server, the client, and a digital signature. Then, the client may request secure communication access to the first server, wherein the request includes transferring the client token to the first server. Finally, the client may receive a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token. | 08-15-2013 |
| 20130212664 | Player, Mobile Communication Device, Authentication Server, Authentication System and Method - Disclosed is an authentication method, including: acquiring authentication data recorded in an audio-visual product using a player and sending the authentication data to a mobile communication device; sending the authentication data to an authentication server using the mobile communication device; authenticating the authentication data using the authentication server to acquire the authentication result; and sending the authentication result to the player using the mobile communication device. Further provided are a player, a mobile communication device, an authentication server and an authentication system. By way of the above method, the technical solution provided in the present invention can provide reliable copyright protection for audio-visual products. | 08-15-2013 |
| 20130219480 | Online Pseudonym Verification and Identity Validation - Methods, systems, and computer program products for authenticating an online user. Authentication involves sending a code from a server to a user device equipped with a source of illumination and a camera capable of capturing video imagery of the online user. The user device receives the code, modulates the source of illumination in accordance with the code, and captures video imagery of the user while the source of illumination is being modulated according to the code. The captured video imagery of the online user is sent to the server where it is analyzed to detect evidence of changes in illumination that correspond to the code. If good correspondence is found, the user may be authenticated. Similar methods may be applied to other biometric data. Applications of the authentication include identify validation, pseudonym verification, and distinguishing human from non human access attempts. | 08-22-2013 |
| 20130227664 | CENTRAL BIOMETRIC VERIFICATION SERVICE - Based on information on a biometric print of a user of a mobile device and user associated identification, the user is biometrically authenticated over a network for access to an online service. When a request from the user for access to an online service is received, a server checks the identification to determine if the user or mobile device is registered for a biometric based verification service. If registered, a sample biometric print is obtained from the user and compared to a stored template biometric print of the authorized user associated with the mobile device to determine if there is a match. When there is a match, the user is biometrically authenticated and is granted access to the online service. | 08-29-2013 |
| 20130227665 | MULTICHANNEL DEVICE UTILIZING A CENTRALIZED OUT-OF-BAND AUTHENTICATION SYSTEM (COBAS) - A multichannel security system is disclosed, which system is for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker has a peripheral device operative within an authentication channel to communicate with the security system. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker. A biometric analyzer—a voice or fingerprint recognition device—operates upon instructions from the authentication program to analyze the monitored parameter of the individual. In the security computer, a comparator matches the biometric sample with stored data, and, upon obtaining a match, provides authentication. The security computer instructs the host computer to grant access and communicates the same to the access-seeker, whereupon access is initiated over the access channel. | 08-29-2013 |
| 20130227666 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes validating the communications device, capturing biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and granting access to the protected resources when the transmitted and stored one-time pass-phrases match. | 08-29-2013 |
| 20130227667 | METHODS AND APPARATUS FOR PROVIDING APPLICATION CREDENTIALS - Methods and apparatus for providing an application credential for an application running on a device. In one embodiment, a method provides an application credential to an application running on a device, wherein the application credential is used by the application to authenticate to a data server. The method comprises receiving a request to generate the application credential, wherein the request includes an application identifier. The method also comprises generating the application credential using the application identifier and a master credential associated with the device. | 08-29-2013 |
| 20130239191 | BIOMETRIC AUTHENTICATION - This document discusses, among other things, apparatus and methods for providing persistent biometric authentication for a computer system. In an example, a method can include collecting behavioral interaction information associated with a user account on the computer system, comparing the behavioral interaction information with a behavioral model associated with the user account; and adjusting an authentication confidence metric based on the comparison. | 09-12-2013 |
| 20130239192 | METHOD AND APPARATUS FOR SECURING MOBILE APPLICATIONS - A non-transitory processor-readable medium stores code that represents instructions to be executed by a processor. The code includes code to receive an object code of a first application. The first application is defined by an author different from an author of a second application. The code also includes code to dynamically load at least two intercept points into the object code of the first application, using the second application. The code further includes code to, responsive to a read request for data by the first application, intercept the read request by at least one of the two intercept points. The code further includes code to determine, in response to intercepting the read request, whether or not access to read the data is authenticated. The code further includes code to send a signal to provide the data to the first application, based on the determining. | 09-12-2013 |
| 20130239193 | PHASED BUCKET PRE-FETCH IN A NETWORK PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. Each of the lookup engines receives a key request associated with a packet and determines a subset of the rules to match against the packet data. Based on a prefetch status, a selection of the subset of rules are retrieved for rule matching. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. | 09-12-2013 |
| 20130239194 | AUTOMATED DEVICE PROVISIONING AND ACTIVATION - A computer-readable medium, a service controller, and a method for obtaining one or more credentials from a device communicatively coupled to the service controller over a network, the credentials identifying an aspect of the device; determining, using the credentials, that a user of the device has not selected a service plan for the device; identifying one or more candidate service plans, at least one of the plans identified based on the one or more credentials; establishing a secure link between the service controller and a service processor of the device over an ambient services connection enabling the user to select one of the candidate service plans for the device; sending, to the service processor over the secure link, information about the candidate service plans; and obtaining, from the service processor over the secure link, a response identifying a service plan selected by the user. | 09-12-2013 |
| 20130239195 | METHOD AND DEVICE FOR CONFIRMING COMPUTER END-USER IDENTITY - The identity of an end-user operating a computer is confirmed by analyzing user reactions to aberrations in output. More specifically, an aberration is caused in output that the computer provides to an output device, and the end-user's response to the aberration is received. An end-user characteristic is extracted from the response and compared to stored characteristic responses to find a match. A match is indicative of the identity of the computer user. It can also be checked whether, after causing an aberration in output the end-user responded differently to the output than if the output did not have the aberration. The lack of a different response can be interpreted as indicative that the end-user is a bot. | 09-12-2013 |
| 20130247160 | Method and System for User Authentication Over a Communication Network - A system and method for user authentication over a communication network are disclosed. The system includes a first device having a contact application and a second device having a contact application. A second device is authenticated by transmitting a first security key associated with the first device from the second device to the first device. The system and method provide a means for users of a communication network to uniquely identify one another, which allows users to be uniquely identified and authenticated independent of a device, network, and/or application used for communication. | 09-19-2013 |
| 20130247161 | METHOD AND APPARATUS FOR SUBSCRIPTION SHARING - A method, apparatus and computer program product are provided for enabling multiple mobile terminals to access a subscription service. The method may further include causing a client certificate to be issued to the first mobile terminal as a result of the certificate enrollment procedure. In some example embodiments, the client certificate comprises a subscription identifier and a flag indicating whether the client certificate is to be sharable with a second mobile terminal. The method may further include causing a certificate enrollment procedure to be initiated by a second mobile terminal with the first mobile terminal in an instance in which the first mobile terminal possesses one or more credentials that are configured to be shared with another mobile terminal. The method may further include the second mobile terminal receiving at least one credential in the form of a client certificate from the first mobile terminal. | 09-19-2013 |
| 20130247162 | SINGLE AUTHENTICATION CONTEXT FOR NETWORK AND APPLICATION ACCESS - Methods, systems, and computer readable media for a single authentication context for network and application access are described. An embodiment can include a method for using a single authentication context for network and application access. The method can include generating, using one or more processors, an authentication context. The method can also include providing, using the one or more processors, the authentication context to one or more application programs. The method can further include determining an application access level for each of the one or more applications based on the authentication context. | 09-19-2013 |
| 20130247163 | METHOD FOR PROVIDING A USER WITH AN AUTHENTICATED REMOTE ACCESS TO A REMOTE SECURE DEVICE - The invention relates to a method for providing a user with an authenticated remote access to a remote secure device ( | 09-19-2013 |
| 20130254857 | Preventing Unauthorized Account Access Using Compromised Login Credentials - User login information submitted as part of an attempt to log into a computer system is evaluated for unauthorized or illegitimate use based on indicators of suspicious behavior. Example indicators of suspicious behavior include whether the login information is known to have been compromised, whether the login attempt originates from a network source or a physical source that has previously originated an attempt to log in using login information known to have been compromised, and whether multiple login attempts using the login information from multiple users has originated from the source. A suspicion index can be calculated based on the presence of the indicators of suspicious behavior. The system can require enhanced authentication based on the measurement of suspicious behavior. | 09-26-2013 |
| 20130254858 | Encoding an Authentication Session in a QR Code - A system and method is provided for authenticating logins. An authentication server may receive a request for an authentication code from a requesting site, wherein the request is associated with a login session being performed via the requesting site and a first device associated with a user. The authentication server may generate the authentication code, wherein the authentication code comprises a universally unique identifier and an identifier that identifies the authentication server. The authentication server may communicate the generated authentication code to the requesting site. The authentication server may receive the universally unique identifier from a second device associated with the user, wherein the universally unique identifier is retrieved by decoding an optically captured representation of the authentication code at the second device. The authentication server may determine whether the login session is authenticated based on the universally unique identifier. | 09-26-2013 |
| 20130254859 | INFORMATION PROCESSOR, AUTHENTICATION CONTROL METHOD, AND STORAGE MEDIUM - An information processor is disclosed that includes an authentication part configured to authenticate a user based on predetermined information; an information obtaining part configured to obtain first information to be used to authenticate the user from an external device; and an authentication control part configured to cause the authentication part to authenticate the user by inputting information based on the first information to the authentication part as the predetermined information. The information obtaining part is configured to obtain the first information using a program module whose correlation with the information obtaining part is recorded in a recording medium. | 09-26-2013 |
| 20130254860 | SYSTEM AND METHOD FOR CONFIGURING ACCESS TO ELECTRONIC MAILBOXES - A system and method for configuring access to an electronic mailbox based on limited configuration parameters received from a user. A database stores configuration conventions for a mail domain. A mailbox interface module receives configuration information from a user that is limited in the configuration parameters required for accessing the electronic mailbox. The module retrieves configuration conventions for the mail domain from the database and generates sets of potentially valid configuration parameters based on the retrieved configuration conventions and user supplied configuration information for accessing the mailbox. | 09-26-2013 |
| 20130254861 | System and Method for Providing Access to an Information Handling System - An information handling system includes a memory and a detector circuit. The memory is configured to store a first electrocardiogram measurement. The detector circuit is configured to receive a second electrocardiogram measurement in response to a specific combination of keys of a keyboard being pressed for a specific period of time, wherein each key in the specific key combination includes an electrocardiogram sensor on a top surface of the key, to authorize a user and log the user onto the information handling system when the second electrocardiogram measurement matches the first electrocardiogram measurement, and otherwise: to deny access to the information handling system; to increase a counter; to determine whether the counter has exceeded a threshold; and to request that an input window is displayed when the counter has exceeded the threshold. | 09-26-2013 |
| 20130254862 | MOBILE DEVICE-BASED AUTHENTICATION - Mobile device-based authentication is disclosed. A first biometric input corresponding to a first biometric feature of the user is captured on the mobile device. A first set of biometric data is derived from the captured first biometric input. The first set of biometric data is transmitted to a remote authentication server. Thereafter, a secondary authentication instruction is transmitted to the site resource in response. Access to the site resource is permitted based upon a validation of the first set of biometric data, and a second biometric input that is captured on the site resource in response to the secondary authentication instruction received thereon. The first set of biometric data and the second set of biometric data are validated by remote authentication server substantially contemporaneously. | 09-26-2013 |
| 20130254863 | AUTHENTICATION OF AN END USER - A method and system for authenticating access of secure information by a user device. An authentication request for accessing the secure information is received, the authentication request including a user identifier of a user at the user device. A position of a secret quadrilateral within a first pattern of colored quadrilaterals is determined and is identifiable by the user identifier; the secret quadrilateral includes an authenticating color. The first pattern of colored quadrilaterals including the secret quadrilateral is generated. A second pattern including colored nodes that include the authenticating color at positions within a transparent authenticating card assigned to the user. The first pattern and the second pattern are sent to the user. Location information from the user device is received. It is determined that the subset of nodes that include the authenticating color, which allows access to the secure information by the user device. | 09-26-2013 |
| 20130263236 | METHOD AND SYSTEM FOR DATA IMPLANT IN SET UP MESSAGE - A delivery of application data within a predetermined attribute type of protocol message across a communication network is disclosed. The non-specific application data is deployed within one or more attribute types for extraction and use by a protocol's server after establishing authentication of the user device. In one or more preferred implementations, the protocol reflects the principles of an Authentication, Authorization and Accounting (AAA) framework type. | 10-03-2013 |
| 20130263237 | USER AUTHENTICATION AND AUTHORIZATION USING PERSONAS - Systems and methods are disclosed to authenticate and authorize a user for web services using personas. In various embodiments, a selection of a persona symbol of the user from a plurality of stored persona symbols may be received via a user device corresponding to the user. Each persona symbol may comprise at least one symbol and correspond to a respective persona of a plurality of personas. Each persona may indicate a unique identity of the user for one or more web services and comprise one or more attributes populated with at least one portion of user attribute information. The persona corresponding to the persona symbol being selected may be activated. At least one attribute of the one or more attributes of the persona being activated may be transmitted to the one or more web services over a network. | 10-03-2013 |
| 20130263238 | Personalized Biometric Identification and Non-Repudiation System - A system and a method for providing a personalized biometric identification system to facilitate in securing critical transactions have been disclosed. The system includes a server which captures pre-designated biometric prints of a user, personalizes them and registers them on a bio print reader, owned by the user, over a unidirectional non-Internet based channel. The system overcomes the challenges involved in employing biometrics as a part of non-repudiation process for authorizing Internet based critical transactions for multiple entities by assuring the safety of the biometric prints of the users and eliminating additional hardware requirements. | 10-03-2013 |
| 20130263239 | APPARATUS AND METHOD FOR PERFORMING USER AUTHENTICATION BY PROXY IN WIRELESS COMMUNICATION SYSTEM - A method of performing user authentication of a mobile station by proxy in a communication system is provided. The method includes receiving an authentication request, which requests authentication of a user, from an Internet service provider having received information indicating that the mobile station can perform authentication based on only the mobile station's own information, requesting the user to provide security identification information for authentication, receiving the security identification information input by the user, authenticating the user by determining whether the security identification information is valid information, through security-requiring information managed by the mobile station, and transmitting an authentication result to the Internet service provider and receiving an authorized authentication result from the Internet service provider and providing a service according to the authorized authentication result to the user. | 10-03-2013 |
| 20130263240 | METHOD FOR AUTHENTICATION AND VERIFICATION OF USER IDENTITY - The invention is a method for authentication and verification of the identity of a user. The method comprises adding at least one hidden keystroke to the user's textual credentials. A hidden keystroke is an action by a user that does not generate a textual character in a textbox in which a credential is typed but does generate time stamps and a key code. The user may be required to add the hidden keystroke/s at specific location/s in his/her textual credential field. The method of the invention can be used to authenticate and verify users wanting to access addresses, websites, devices, documents, and web pages on a communication network, or a specific application installed on the user's device or to access devices requiring confirmation of the user in order to be activated. The invention is also a document or address on a device or on a communication network or a device that can be accessed or activated only by providing one or more hidden keystrokes in a credential field comprised of a string of keystrokes | 10-03-2013 |
| 20130269013 | SYSTEMS, METHODS AND APPARATUS FOR MULTIVARIATE AUTHENTICATION - Systems, methods, and apparatus are disclosed for user authentication using a plurality of authentication variables, such as biometrics and contextual data. Example contextual data includes the geographical location of the user, a gesture of the user, and the machine identification of the individual's user device. | 10-10-2013 |
| 20130269014 | METHOD AND APPARATUS FOR BROWSER INTERFACE, ACCOUNT MANAGEMENT, AND PROFILE MANAGEMENT - The present system provides a new interface for a user of the internet. The system presents a plurality of frequently visited sites to a user at a single location. When a site is visited by the user, a normalized version of the site is created for presentation to the user. The system allows the user to manage financial accounts from one location, with the user always logged into the user's accounts, and the consolidating and aggregating of information useful to the user. The system also allows for personalization and customization of a user profile. | 10-10-2013 |
| 20130269015 | RELATED INFORMATION SUCCESSIVELY OUTPUTTING METHOD, RELATED INFORMATION SUCCESSIVELY PROVIDING METHOD, RELATED INFORMATION SUCCESSIVELY OUTPUTTING APPARATUS, RELATED INFORMATION SUCCESSIVELY PROVIDING APPARATUS, RELATED INFORMATION SUCCESSIVELY OUTPUTTING PROGRAM AND RELATED INFORMATION SUCCESSIVELY PROVIDING PROGRAM - Related information successively outputting and providing methods and apparatus are disclosed wherein the processing load to a related information successively providing apparatus upon provision of content related information can be reduced significantly. The outputting apparatus selects content identification information set as a successive output object in a list included in page information acquired from the providing apparatus as noticed content information, and acquires content related information coordinated with the selected content identification from the providing apparatus. The outputting apparatus outputs the acquired content related information and detects an end of the outputting. When an end of the outputting is detected, the selection of noticed content information, acquisition and outputting of related information and detection of an end of outputting are successively executed again. As a result, content related information acquired from the providing apparatus are outputted automatically and successively. | 10-10-2013 |
| 20130269016 | METHOD FOR INTEGRATING ACCOUNT MANAGEMENT FUNCTION IN INPUT METHOD SOFTWARE - A method for integrating an account management function in input method software includes the following steps: setting account information of one or more services on a setting interface of an input method; setting a verification manner for reading each piece of account information on the setting interface of the input method, the set verification manner is bound to an original account verification manner; using a service A, starting the input method on a login interface, and selecting an account information item of the service A on a password management interface of the input method; and inputting a verification code, where after verification succeeds, an account name and password of the service A are read and submitted to the login interface of a program of the service A. Through the method, an account password can be safely saved, and the account password can be input conveniently and quickly. | 10-10-2013 |
| 20130276078 | TWO FACTOR AUTHENTICATION USING A ONE-TIME PASSWORD - Methods and systems for online authentication eliminate the common username plus password combination, using instead a novel two-factor authentication that employs a mobile phone number and a one-time, limited life password. The user provides the mobile phone number to a login dialog and receives, from a service provider, the one-time password, e.g., via a text message, at the mobile device to which the phone number belongs. If the user enters the one-time password before it expires, the user is authenticated and logged in. A method for authentication or authorization to a website includes: receiving a phone number from a user via a communication network in response to a login prompt displayed to the user; transmitting a one-time password to the phone number using text messaging; and in response to receiving the one-time password back from the user, authenticating the user for transactions with the website. | 10-17-2013 |
| 20130276079 | Device Association Via Video Handshake - A method of pairing a first device with a second device is disclosed. Accordingly, an image that includes encoded data is generated. The encoded data includes a unique identifier for identifying the first device and an arbitrary security code. The first device displays the image on a display. The second device captures the image using an image sensing device. The encoded data is decoded to generate a decoded data. The second device sends the decoded data to a server that is communicatively connected to the first device and the second device. Upon receiving the decoded data and using the unique identifier, the server communicates with the first device to verify the arbitrary security code. | 10-17-2013 |
| 20130276080 | METHOD OF AUTHENTICATING A USER AT A SERVICE ON A SERVICE SERVER, APPLICATION AND SYSTEM - The present invention relates to a method of authenticating a user of a communication terminal ( | 10-17-2013 |
| 20130276081 | STATELESS ATTESTATION SYSTEM - A method includes assessing a trustworthiness level of a user computer by communication between the user computer and a first server. A record indicating the trustworthiness level is sent from the first server to the user computer, for storage by the user computer. A request is sent from the user computer to a second server, different from the first server, for a service to be provided to the user computer by the second server. The record is provided from the user computer to the second server by communicating between the user computer and the second server. At the second server, the trustworthiness level is extracted from the record, and the requested service is conditionally allowed to be provided to the user computer depending on the extracted trustworthiness level. | 10-17-2013 |
| 20130276082 | METHOD AND SYSTEM FOR SECURING ELECTRONIC TRANSACTIONS - A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided. | 10-17-2013 |
| 20130276083 | FOCUS-BASED CHALLENGE-RESPONSE AUTHENTICATION - A method for authenticating an access attempt includes detecting an access attempt by a user device over a network. A challenge-response authentication is provided over the network to the user device. The challenge-response authentication includes an image having a plurality of image objects. The challenge-response authentication is operable to display the image such that at least one of the plurality of image objects is in focus and at least one of the plurality of image objects is not in focus. In response to providing the challenge-response authentication, an authentication response is received from the user device over the network, and it is determined whether the authentication response includes an indication of the at least one of the plurality of image objects that is in focus to determine whether to authenticate or deny the access attempt. | 10-17-2013 |
| 20130276084 | ANONYMOUS ACCESS TO A SERVICE BY MEANS OF AGGREGATED CERTIFICATES - A method of anonymous access to a service, comprising the allocation, by at least one certifying entity, of a plurality of certificates to a user entity, the certificates being calculated on the basis of at least one attribute associated with the user entity, the calculation, by the user entity, of an aggregated certificate on the basis of a plurality of certificates among the certificates allocated to the user entity, the calculation, by the user entity, of a proof of knowledge of the aggregated certificate and a verification, performed by a verifying entity, of at least one of these certificates by means of said proof of knowledge, the access to the service being provided by the verifying entity to the user entity as a function of the result of this verification. | 10-17-2013 |
| 20130283361 | IDENTITY VERIFICATION - Disclosed are methods and apparatus for providing digital authentication tokens that may be used to verify an identity of a party. A digital authentication token may be determined by iterating a hash function. The input for the first iteration of the hash function may be a function of a password received from a party. Also, a digital authentication token may be determined to be equal to an output of a function composition of a plurality of different hash functions. The argument of the function composition may the function of the password. The function of the password may be performed to increase the entropy of the password. The outputs of the hash functions used may be dependent on (different) salt values. | 10-24-2013 |
| 20130283362 | AUTHENTICATING USER THROUGH WEB EXTENSION USING TOKEN BASED AUTHENTICATION SCHEME - A web extension authenticates a user using a token based authentication scheme. A token is retrieved from a client application to authenticate the user. The web extension transmits the token to a server component to have the server component authenticate the user. The server component validates the token using a validation library. The user is mapped to the token and authenticated upon validating the token. | 10-24-2013 |
| 20130283363 | SECURE DATA TRANSFER OVER AN ARBITRARY PUBLIC OR PRIVATE TRANSPORT - A method, system, and computer program product for transferring data between endpoint devices is provided. The method includes determining a send pattern utilizing account credentials of a user. The send pattern defines a plurality of offset and length pairs. The method further includes creating packets of data according to the send pattern. Each packet of data contains randomly assigned data of different sizes. The method also includes encrypting each packet of data to produce a set of encrypted packets of data and sending the set of encrypted packets of data to a destination endpoint device in an order determined according to the account credentials. | 10-24-2013 |
| 20130291079 | SYSTEM AND METHOD FOR POSTING CONTENT TO NETWORK SITES - A system and method for posting content to network sites are disclosed. A particular embodiment includes providing, by use of a data processor, a user interface at a location-specific kiosk, the user interface enabling a user to capture an image at the location-specific kiosk; applying an overlay to the captured image to produce posting content; receiving a community site selection and community site credentials at the location-specific kiosk; using the community site credentials to authenticate with the selected community site via a data network; and posting the posting content at the authenticated community site via the data network. | 10-31-2013 |
| 20130291080 | SYSTEMS AND METHODS FOR DATA ACCESS PROTECTION - Systems and methods are provided for data access protection. The disclosed computing system can determine a passphrase for controlling access to a file, operate a hash function on the passphrase by a predetermined number of iterations to provide an intermediate passphrase, and send a request for an enhanced passphrase to a server in communication with the apparatus, where the request can include the intermediate passphrase. Subsequently, the disclosed computing system can receive, from the server, the enhanced passphrase based on the intermediate passphrase in response to the request. | 10-31-2013 |
| 20130291081 | SYSTEM AND METHOD FOR COMPUTER AUTHENTICATION USING IMAGE ANALYSIS OF A SHARED SECRET - Client and server computers on a network can be authenticated using a shared secret. During a log-on and authentication process, the server transmits an image to the client. A mobile communication device captures and analyzes the image. If the image contains the shared secret, the mobile device can authenticate the server. The secret in the image can be a geometric relationship between elements of the picture, a mathematical relationship between elements, a particular number or types of elements in the picture, colors of elements, or combinations of the above. A single image may contain multiple shared secrets. The mobile device can readily analyze the image to determine if it contains the shared secret and thereby authenticate the server. | 10-31-2013 |
| 20130291082 | Systems and Methods for Segment Integrity and Authenticity for Adaptive Streaming - System and method embodiments are provided for segment integrity and authenticity for adaptive streaming. In an embodiment, the method includes receiving at a data processing system a segment of a media stream, determining, with the data processing system, a digest or a digital signature for the segment, and comparing, with the data processing system, the digest/digital signature to a correct digest or a correct digital signature to determine whether the segment has been modified. | 10-31-2013 |
| 20130291083 | WIRELESS SMART KEY DEVICE AND SIGNING METHOD THEREOF - The disclosure discloses a wireless smart key device and signing method thereof. The wireless smart key device includes an online device and an offline device; the online device includes a serial communication interface, a first module and a first wireless receiving and sending module; the offline device includes a second module, a power module, a second wireless receiving and sending module, an information inputting module and an information outputting module. The signing method includes that the online device is powered up, receives transaction information message sent by a host computer and communicates with the offline device; the offline device obtains transaction information, outputs the transaction information, waits for receiving user operation information and receives the user operation information; the offline device communicates with the online device; the online device obtains operation result of processing the user operation; the online device sends corresponding operation result to the host computer. | 10-31-2013 |
| 20130298210 | CERTIFICATE BASED CONNECTION TO CLOUD VIRTUAL MACHINE - In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate. | 11-07-2013 |
| 20130298211 | AUTHENTICATION TOKEN - The disclosed invention is a system and method that allows for authentication of a user to a network using a token. The token interacts with a device and authenticates the user to the system. The token may be part of the device or stand alone. The various aspects of the present invention capture a novel design for an authentication token that eliminates the need for user interaction with the token. | 11-07-2013 |
| 20130298212 | USING WINDOWS AUTHENTICATION IN A WORKGROUP TO MANAGE APPLICATION USERS - An system for authenticating users of an application program executing at a front-end computer using the security features built into the operating system of a logon computer is provided. Initially, an administrator establishes user accounts for each user with an operating system executing at the logon computer with access to application resources. When the application program starts executing at the front-end computer, the application program prompts the user for credentials. The application program attempts to access resources managed by the logon computer using the received credentials. When access to a resource is successful, the application program knows that the logon computer has authenticated the user and the user is authorized to access the resource. In this manner, the application program can take advantage of the security features built into the operating system executing at the logon computer to authenticate users of the application program and authorize access to application resources. | 11-07-2013 |
| 20130298213 | Systems and Methods for Using Voiceprints to Generate Passwords on Mobile Devices - Systems for verifying a user's voiceprint and generating a password for use at one or more application servers are disclosed. The systems can reside on a network or on a device. The application servers can be in communication with one or more devices or networks. Several methods for verifying the identity of the user using possession-based, knowledge-based, location-based, and biometric access control are disclosed. | 11-07-2013 |
| 20130298214 | ASSOCIATING COMPUTING DEVICES WITH COMMON CREDENTIALS - Method and computer storage media for sharing resources between a plurality of computing devices associated with a common non-enterprise network. A common set of credentials is stored on at least two or more of a plurality of computing devices that reside behind a routing device and are associated through a common non-enterprise network. Upon storing the common set of credentials, each of the two or more of a plurality of computing devices create a local account that contains, at least, the common set of credentials. The common set of credentials allow for the sharing, among the two or more of the plurality of computing devices, of resource that reside on or are associated with the computing devices. | 11-07-2013 |
| 20130305332 | System and Method for Providing Data Link Layer and Network Layer Mobility Using Leveled Security Keys - The present disclosure discloses a network device and/or method for providing data link layer (L2) and network layer (L3) mobility using level security keys. A first network device acting as a first level security key holder in a first network receives a first level security key holder identifier corresponding to a second network device in a second network. The first level security key holder identifier is originated from a client that roams from the second network to the first network. Moreover, the first network and the second network belong to a single roaming domain. Also, the network device transmits the first level security key holder identifier to the second network device and requests for corresponding first level security key. The network device then derives a second level security key and transmits a second level security key identifier the second level key holder in the first network. | 11-14-2013 |
| 20130305333 | Web Server Bypass of Backend Process on Near Field Communications and Secure Element Chips - A mobile access terminal providing access to data in a secure element of the mobile access terminal is provided. The mobile access terminal comprises the secure element; a web browser; a near field communications system; an over-the-air proxy; an application programming interface layer; and a web server residing on a secure storage area of the mobile access terminal, wherein the web browser is provided with exclusive access to the web server. | 11-14-2013 |
| 20130305334 | SINGLE SIGN-ON FOR DISPARATE SERVERS - A system includes authentication of a user with a first server, reception of a request from the user to authenticate the user with a second server, requesting, from the first server, in response to receiving the request, user credentials to access the second server, reception of the user credentials from the first server, and transmission of the user credentials to the second server. | 11-14-2013 |
| 20130305335 | ELECTRONIC TRANSACTION NOTIFICATION SYSTEM AND METHOD - Systems and method are provided for delivering notifications to user regarding use of their authentication information. The delivery of notifications involves ascertaining a device identifier associated with a request received from a user device to engage in a transaction using the authentication information and comparing this device identifier associated with the request to a plurality of known device identifiers previously associated with the authentication information. Thereafter, a notification for a user associated with the authentication information can be generated and delivered, if the device identifier is not among the plurality of known device identifiers. In the systems and methods, contact information for delivering the notification is based on contact information for at least one previous transaction that meets a selection criteria and that is associated with the authentication information. | 11-14-2013 |
| 20130305336 | USER-BASED IDENTIFICATION SYSTEM FOR SOCIAL NETWORKS - Techniques disclosed herein provide for verifying the identity of a prospective social network member using an authentication process in which one or more existing members of the social network who are knowledgeable of the identity of the prospective member communicate with the prospective member in real time. During the real-time communication, biometric information of the prospective member can be associated with a profile for the prospective member. During or after the real-time communication, the existing member(s) can verify the identity of the prospective member. Once the prospective member's identity has been properly verified, the prospective member can be granted access to the social network. | 11-14-2013 |
| 20130305337 | BIOMETRIC AUTHENTICATION FOR VIDEO COMMUNICATION SESSIONS - Systems and methods for integrating biometric authentication with video conference sessions are described. An individual seeking to participate in a video conference may first be identified with a biometric parameter such as an iris scan based on a comparison of the scanned iris with a database of stored parameters. If authorized, the system may connect the individual to the video session. In addition, the system may generate dynamic tags that allow the participants to identify and locate individuals in the video conference. For example, if one of the participants is speaking and moving within the room, her tag may change color and move with her on the video screen. | 11-14-2013 |
| 20130312073 | METHODS AND SYSTEMS FOR AUTHENTICATION OF MULTIPLE SIGN-IN ACCOUNTS - Provided are systems and methods for authentication multiple sign-in accounts using physical authentication information submitted by user devices to authentication servers for accessing these accounts. A user device may be equipped with or coupled to a reader capable of collecting physical authentication information available on a magnetic strip, near field communication tag, and other devices. This information may be requested by an authentication server or application server. The physical authentication information may be combined with knowledge based information, such as a password, and transmitted to the authentication server for validation. The same authentication information may be used for signing-in to different application servers. The authentication server then validates this information based on user information previously provided to the server and stored in its database. The validation result is provided to the application server, which determines whether to provide access to the user device based on the validation result. | 11-21-2013 |
| 20130312074 | ESTABLISHING VIRTUAL PRIVATE NETWORK SESSION USING ROAMING CREDENTIALS - Providing virtual private network (VPN) sessions or other types of secure or private access to data when a client authorized to access the data travels or otherwise roams from a home network to a partner network is contemplated. The VPN session may be established as part of or as a result of an authentication process undertaken by the client when gaining access to the partner network, such as but not necessarily limited to a home network authentication process undertaken at the partner network to authenticate the client to access partner network services. | 11-21-2013 |
| 20130318580 | SECURITY BASED ON USAGE ACTIVITY ASSOCIATED WITH USER DEVICE - A method includes receiving usage data associated with a user device. The usage data includes information based on at least one usage activity associated with one or more applications on the user device. The method may also include analyzing the usage data based on predetermined criteria and determining a security question and a corresponding answer based on the usage data. The security question and the corresponding answer are stored in an associated database. The method further includes providing the security question and the corresponding answer in response to a request for the security question and the corresponding answer. Access is provided to a system based on an input of the corresponding answer in response to the security question. | 11-28-2013 |
| 20130318581 | MULTI-FACTOR AUTHENTICATION USING A UNIQUE IDENTIFICATION HEADER (UIDH) - A system is configured to receive, from a user device, information associated with a request to receive a service from a server device, the information including a unique identifier, an identifier, associated with a user of the user device, being encoded with a key to obtain the unique identifier. The system may also be configured to extract the unique identifier from the information; retrieve, from a memory, the identifier, associated with the user, that corresponds to the unique identifier; obtain an indication whether the identifier, associated with the user, is trusted; perform one or more additional authentication operations on the user when the identifier, associated with the user, is trusted; and transmit, to the server device, a notification that indicates that the user is authenticated when the one or more additional authentication operations indicate that the user device is authenticated. | 11-28-2013 |
| 20130318582 | INBOXES FOR DOCUMENTS, MUSIC, VIDEOS, AND PHOTOS - A method and system for collecting, aggregating, and displaying type specific content in an inbox like view are described. An inbox manager collects information about data objects that are stored locally and stored remotely. This information may be stored as inbox information on a local computing system. Using the inbox information, the inbox manager creates an inbox view of merged inbox items from the local data objects and the remote data objects. The inbox view is configured to display the inbox items as being merged into a single view regardless of where the respective data objects are stored. | 11-28-2013 |
| 20130318583 | SYSTEM AND METHOD TO ENABLE EXTERNAL PROCESSING DEVICE RUNNING A CLOUD APPLICATION TO CONTROL A MAIL PROCESSING MACHINE - A network connectivity device that when coupled to a mail processing machine enables a cloud application running on a personal computer or other device to interface with and control the mail processing machine without requiring any software to be installed on the personal computer other than a web browser. The network connectivity device plugs into a standard USB port on the mail processing machine to allow wired or wireless connectivity to a network. There is no software or other code required to run on the personal computer other than a standard web browser running a hosted web application. The network connectivity device allows the mail processing machine to be found and addressed by the hosted web application. This allows a user to control operations of the mail processing machine, as well as giving the mail processing machine network connectivity for outside world communication activities. | 11-28-2013 |
| 20130318584 | LEARNING INFORMATION ON USAGE BY A USER, OF ONE OR MORE DEVICE(S), FOR CUMULATIVE INFERENCE OF USER'S SITUATION - After authentication, one or more messages are generated by one or more devices that are operatively coupled via a communications network to a computer. Based on receipt of user input in a module in a device, a message transmitted by each device (in reliance on the authentication) includes information that is normally internal to the device and indicative of interaction of a user with the device. For example, the message may include an identifier of the device and internal information in the form of an identifier of the module (hardware and/or software), with which the user is interacting. Based on one or more such messages, at least one processor in the computer determines and stores in memory, a state of the user indicative of the user's situation. The user's state may be used in any manner, e.g. to trigger a function in an application or to start a new application. | 11-28-2013 |
| 20130318585 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREOF, STORAGE MEDIUM, AND IMAGE PROCESSING APPARATUS - A user credential sharing mechanism which can suitably implement a single sign-on function while preventing illicit accesses by accidental matches of authentication data in a mixed environment of an environment suitable for use of a single sign-on function and an unsuitable environment is provided. To accomplish this, when an information processing apparatus of this invention receives, from a user, an access request instruction to an external apparatus connected to be able to communicate with the information processing apparatus, if an authentication protocol related to user credentials generated at the time of a login operation is that which can limit a security domain, the apparatus accesses the external apparatus using the user credentials, and if that authentication protocol is that which cannot limit a security domain, the apparatus prompts the user to input an account accessible to the external apparatus. | 11-28-2013 |
| 20130318586 | IDENTIFICATION VERIFICATION MECHANISMS FOR A THIRD-PARTY APPLICATION TO ACCESS CONTENT IN A CLOUD-BASED PLATFORM - Techniques are disclosed for using a third-party application to access or edit a file within a cloud-based environment within a cloud-based platform or environment. In one embodiment, a method includes, in response to a request to access the content in the cloud-based environment, providing the third-party application with a login view to verify an identity of a user. The login view is generated from a server hosting the environment. The method further includes, upon the verification of the user's identity, providing the requested content to the third-party application. | 11-28-2013 |
| 20130318587 | AUTHENTICATION METHOD AND WIRELESS CONNECTION DEVICE - A method of authenticating a client device, the method including: (a) sending information to a client device indicating an image group to be displayed by the client device, wherein the image group includes a plurality of images each assigned to a respective one of a plurality of characters; (b) obtaining, from the client device, a plurality of images selected from the image group displayed by the client device and a specified order of the plurality of selected images; (c) creating a set of characters based on the plurality of selected images, the specified order of the plurality of selected images, and the characters assigned to each of the plurality of selected images; and (d) authenticating the client device based on a determination of whether the created set of characters matches information of a permission candidate stored in advance by the wireless connection device. | 11-28-2013 |
| 20130318588 | IDENTITY VERIFICATION SYSTEMS AND METHODS - Systems and methods for authenticating the identity of a user prior to giving access to confidential data at a user interface via a network are described. In an exemplary implementation in an Internet environment, a server hosts an application providing selective access by the user to confidential data related to the user. The user provides initial data to the application as part of a request to access the confidential data. At least one database having the confidential data stored therein is accessed by the server to retrieve confidential data relating to the user located in the database based on the initial data received from the client interface. An authentication function causes the server to transmit to the client interface and present to the user an incomplete portion of the confidential data relating to the user, which is not identical to the initial data, along with at least one other portion of data having a substantially identical format to the incomplete portion of the confidential data. The authentication function requests the user to provide additional data to complete the incomplete portion of the confidential data. The user is granted access to the confidential data subsequent to determination by the application that the user correctly completed the incomplete portion of the confidential data. | 11-28-2013 |
| 20130318589 | COMPUTERIZED METHOD AND SYSTEM FOR MANAGING SECURE CONTENT SHARING IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT - In embodiments of the present invention improved capabilities are described for securely sharing computer data content that allows for the secure un-sharing of the content. The facility to un-share content may be implemented through a secure exchange server, where the content is being shared along with a secure protection feature that when altered results in the un-sharing of the content. This secure un-sharing facility may be used to securely share content beyond the secure protective facilities of an enterprise, out to users in other companies, into the public space, to users not intended to get the content, and the like, where the sender maintains control to access of the content no matter where or to who the content has been distributed. In this way, the secure sharing of content is made to be easy across corporate boundaries at the user level and at the individual document level. | 11-28-2013 |
| 20130326604 | RHYTHM-BASED AUTHENTICATION - Provided herein are systems and methods for using rhythm to provide user authentication. Use of the systems and methods herein include converting rhythm information associated with (e.g., input by) an authorized user to a first vector that includes a representation of the rhythm information. An access attempt is then made on the computing system whereupon additional rhythm information associated with the access attempt is received and converted into to a second vector. The first vector is then compared to the second vector to determine if the access attempt is allowed. | 12-05-2013 |
| 20130326605 | LOGIN INTERFACE SELECTION FOR COMPUTING ENVIRONMENT USER LOGIN - A device may provide a login process to authenticate users prior to admittance to a computing environment. The device may also enable users to adjust various the computing environment, e.g., the language selected for communicating with the user and the user interfaces to be presented to the user, and may store such adjustments in a secured user account. However, if the user account is inaccessible to the device during the login process, the device is unable to adapt the login process to apply the user's adjustments. Instead, the device may be configured to store users' adjustments (including language selection) outside of the user accounts, and to, upon identifying the user during the login process, present login interfaces specified in the user account. Additionally, users may select different login interfaces during login, and the device may retrieve these login interfaces for selection during future login processes for the same user. | 12-05-2013 |
| 20130326606 | AUTHENTICATION AND NOTIFICATION HEURISTICS - Server-side authentication of user accounts by using multiple authentication tokens and transmission of update statement to users for updates to applications installed on their devices. Prompting users that updates are available upon determining that a threshold event has occurred and if requisite network and situational conditions exist. Batching and sending notifications or requests for authentications that are required for each application update that is currently ready for download. | 12-05-2013 |
| 20130326607 | Method, Apparatus and System of Controlling Remote Login - The disclosure provides a multiple location login control method, device, and system. The method may include receiving, by a server, login information recorded for a current login, wherein the login information includes a login ID, a first login time, and a first geographic location of a client for the current login. The login information for the previous login for this login ID is obtained to acquire a second geographic location and second login time of the client at a previous login. The server may calculate a speed of movement based on the two login times and the two geographic locations. When the speed of movement exceeds a preset speed, the server may determine that the current login is an invalid multiple location login. | 12-05-2013 |
| 20130333007 | Enhancing Password Protection - A mechanism is provided for enhancing password protection. A combination password that comprises dynamic text interspersed within a static user password is received from a user. A determination is made as to whether the combination password is to be verified without the dynamic text. Responsive to identifying that the combination password is to be verified without the dynamic text, the dynamic text is filtered from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password. The filtered password is then authenticated using information stored for the user. Responsive to validating the filtered password, access is granted by the user to a secured system. | 12-12-2013 |
| 20130333008 | ENHANCED 2CHK AUTHENTICATION SECURITY WITH QUERY TRANSACTIONS - A security server receives a request of a user to activate a secure communications channel over the network and, in response, transmits an activation code for delivery to the user via another network. The security server receives an activation code from the user network device via the network, compares the received activation code with the transmitted activation code to validate the received activation code, and activates the secure communications channel based on the validation. The security server next receives a query including a question for the user from an enterprise represented on the network, transmits the received enterprise query to the user network device via the secure communications channel, and receives, from the user network device via the secure communications channel, a user answer to the transmitted enterprise query. The security server then transmits the received user answer to the enterprise to further authenticate the user to the enterprise. | 12-12-2013 |
| 20130333009 | DYNAMIC TRUST CONNECTION - A network authentication system authenticates a connection-request based on a manner that the connection-request traverses the network. In client-server terminology, a server authenticates a client request for connection by examining one or more sequences of network entities (or network nodes) that form entity-patterns. The client pseudo-randomly selects entities of the network to be redirectors that redirect a received connection-request to further redirectors and/or the server. The client generates a different connection-request for each of the redirectors, and each redirector does the same for each of the further redirectors. This results in substantially unique connection-requests transmitted by each entity of the network in connection with the user request. Thus, redirector patterns are substantially unique and may be used for authentication. | 12-12-2013 |
| 20130333010 | Enhancing Password Protection - A mechanism is provided for enhancing password protection. a combination password that comprises dynamic text interspersed within a static user password is received from a user. A determination is made as to whether the combination password is to be verified without the dynamic text. Responsive to identifying that the combination password is to be verified without the dynamic text, the dynamic text is filtered from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password. The filtered password is then authenticated using information stored for the user. Responsive to validating the filtered password, access is granted by the user to a secured system. | 12-12-2013 |
| 20130333011 | SOFTWARE PIN ENTRY - A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. | 12-12-2013 |
| 20130333012 | NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key. | 12-12-2013 |
| 20130333013 | SECURITY DEVICE PROVISIONING - The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource. | 12-12-2013 |
| 20130333014 | Open Platform for Mobile Collaboration - A platform is provided which facilitates collaboration among a plurality of users on a project (such as the exploration for oil or natural gas on an oil rig), data set and/or data stream. The platform ( | 12-12-2013 |
| 20130333015 | BIOMETRIC CLOUD COMMUNICATION AND DATA MOVEMENT - An apparatus, method, system, and computer accessible medium are disclosed. In one embodiment the apparatus includes a first computing device having a processor coupled to memory. The apparatus also includes a first biometric reader unit to determine biometric signatures, the biometric reader unit communicatively coupled to the computing device. The memory stores a plurality of data files. The apparatus also includes a bio-packet generation unit to generate a packet comprising a first bio-identifier, the first bio-identifier comprising at least one biometric signature of a user. Finally, the apparatus includes a bio-packet transmission unit to send the generated packet to a remote server. | 12-12-2013 |
| 20130340059 | APPARATUS AND METHODS FOR SELECTING SERVICES OF MOBILE NETWORK OPERATORS - A system that incorporates teachings of the subject disclosure may include, for example, a method for detecting, by a first device including a least one processor and a first Universal Integrated Circuit Card (UICC), a second device having a second UICC, detecting, by the first device, that the second UICC is unprovisioned, selecting, by the first device, one of a plurality of selectable options, where the selection identifies a first network operator selected from a plurality of network operators, receiving, by the first device, first credential information of the first network operator, and transmitting, by the first device, to the second device the first credential information for enabling the second device to facilitate establishment of communication services with network equipment of the first network operator according to the first credential information. Other embodiments are disclosed. | 12-19-2013 |
| 20130340060 | Individual-specific Content Management - A method, system, apparatus, and computer program product are provided for facilitating individual-specific content management. For example, a method is provided that includes receiving information regarding at least one prerequisite condition relating to at least one individual, receiving information regarding the at least one individual, determining whether the at least one prerequisite condition is satisfied, and causing individual-specific content associated with the at least one individual to be transmitted. At least a portion of the individual-specific content comprises protected content configured to be unviewable and/or unmodifiable. The method further includes receiving at least one access credential and causing at least a portion of the protected content to be viewable and/or modifiable. | 12-19-2013 |
| 20130340061 | USER AUTHENTICATION TEMPLATE LEARNING SYSTEM AND USER AUTHENTICATION TEMPLATE LEARNING METHOD - A mobile information terminal includes a sample acquisition unit configured to acquire a sample, a sample transmission unit configured to transmit the sample and a user ID, an other's sample reception unit configured to receive other's samples, a user authentication template learning unit configured to learn a user authentication template and an authentication determination threshold value by using the other's samples and samples of the authentic user, and a template storage unit configured to store the user authentication template and the authentication determination threshold value, and a server includes a sample reception unit configured to receive a sample and a user ID, a clustering unit configured to classify the sample that is received into a feature cluster, a sample storage unit configured to store the sample that is classified, in association with the user ID, a feature cluster extraction unit configured to extract all samples which belong to a feature cluster identical to a feature cluster corresponding to the user ID that is received, and an other's sample transmission unit configured to transmit the samples that are extracted, as other's samples. | 12-19-2013 |
| 20130347087 | Authenticating A User Of A System Via An Authentication Image Mechanism - In an embodiment, the present invention includes a method for receiving a request for user authentication of a system, displaying an authentication image on a display of the system using a set of random coordinates, receiving a plurality of gesture input values from the user, and determining whether to authenticate the user based at least in part on the plurality of gesture input values. Other embodiments are described and claimed. | 12-26-2013 |
| 20130347088 | Remote Direct Memory Access Authentication of a Device - An approach is provided in which a server receives a first request from a client over a command port connection. The server, in turn, sends a first phase authentication token to the client over the command port and receives a second request from the client over a management port connection. In response, the server sends a second phase authentication token to the client over the management port connection, which the server receives back from the client over the command port connection. In turn, the server authenticates the client to utilize the command port connection accordingly. | 12-26-2013 |
| 20130347089 | OUT-OF-BAND REMOTE AUTHENTICATION - In an embodiment a single user authentication event, performed between a trusted path hardware module and a service provider via an out of band communication, can enable a user to transparently access multiple service providers using strong credentials that are specific to each service provider. The authentication event may be based on multifactor authentication that is indicative of a user's actual physical presence. Thus, for example, a user would not need to enter a different retinal scan to gain access to each of the service providers. Other embodiments are described herein. | 12-26-2013 |
| 20130347090 | MORE SECURE IMAGE-BASED "CAPTCHA" TECHNIQUE - A more secure CAPTCHA makes use of a distorted alphanumeric character string or strings that include one or more glyphs, pictures or symbols foreign to a target audience. Adding at least one of a glyph, picture or symbol makes recognition of the distorted string trivial since humans who would know which of the character set to expect, but a very difficult decision for a computer already struggling to decide where a character begins and ends, let alone identifying the character as being valid. | 12-26-2013 |
| 20130347091 | Single-Channel Multi-Factor Authentication - Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features. These security features can be based, for example, on unique knowledge of the person being authenticated, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication. | 12-26-2013 |
| 20140007208 | Interactive Authentication | 01-02-2014 |
| 20140007209 | FACILITATING NETWORK LOGIN | 01-02-2014 |
| 20140007210 | HIGH SECURITY BIOMETRIC AUTHENTICATION SYSTEM | 01-02-2014 |
| 20140007211 | SYSTEM, METHOD AND COMPUTER READABLE RECORDING MEDIUM FOR LINKING TELEVISION AND SMART PHONE USING IMAGE AUTHENTICATION KEY | 01-02-2014 |
| 20140007212 | SYSTEMS AND METHODS FOR SECURE HANDLING OF SECURE ATTENTION SEQUENCES | 01-02-2014 |
| 20140013408 | METHOD FOR INPUTTING A PASSWORD INTO AN ELECTRONIC TERMINAL - The present invention relates to a method for inputting a password into an electronic terminal, wherein the method comprises: a step of saving a password character string inputted by the user through an input unit in a storage unit; a step of randomly placing adjacent characters from within the password character string into adjacent input buttons—defined as any two input buttons connected in a straight line without passing another input button—which are arranged in a two-dimensional field by a control unit, wherein the total number of input buttons is greater than the number of characters included in the password character string; a step in which the control unit places a character not included in the password character string into an input button in which a character included in the password character string has not been placed; a step in which a display unit displays each input button displaying a placed character; a step in which an input unit receives the input character string from the user; and a step in which the control unit completes the user authentication procedure when the password character string and the input character string are the same. | 01-09-2014 |
| 20140020072 | SECURITY ACCESS PROTECTION FOR USER DATA STORED IN A CLOUD COMPUTING FACILITY - In embodiments of the present invention improved capabilities are described for a method and system including storing a plurality of proxy access credentials for a user to securely access each of a plurality of cloud computing facilities; receiving a request from a client device for access to one of the plurality of cloud computing facilities; securing a communication link to the client device, thereby providing a secure link; receiving access credentials from the user through the secure link; verifying an identity of the user with the access credentials; assessing a security state of the client device to determine if the client is in compliance with a security policy; and if the client is in compliance with the security policy, coupling the client to one of the plurality of cloud computing facilities through a second secure link using a corresponding one of the plurality of proxy access credentials for the user. | 01-16-2014 |
| 20140020073 | METHODS AND SYSTEMS FOR USING DERIVED CREDENTIALS TO AUTHENTICATE A DEVICE ACROSS MULTIPLE PLATFORMS - Methods and systems for adapting existing service provider servers to support two-factor authentication by leveraging an authentication server, which may be operated by a third party. Where a user desires to access content or services offered by a service provider server, the user may employ a client agent (for example, a web browser) in order to authenticate with the service provider server. Service provider server can redirect client agent to an authentication server to process at least a second factor or derived credential. | 01-16-2014 |
| 20140020074 | METHODS AND SYSTEMS FOR IMPROVING THE SECURITY OF SECRET AUTHENTICATION DATA DURING AUTHENTICATION TRANSACTIONS - A method for improving the security of secret authentication data during authentication transactions is provided that includes converting the secret authentication data of a user into scrambled secret authentication data by associating a different text-string with each item of information included in the secret authentication data. The method also includes capturing the scrambled secret authentication data with a communications device, and conducting an authentication transaction with the captured authentication data. | 01-16-2014 |
| 20140020075 | CENTRALIZED IDENTITY AUTHENTICATION FOR ELECTRONIC COMMUNICATION NETWORKS - A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user's identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user's identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users. | 01-16-2014 |
| 20140020076 | CENTRALIZED IDENTITY AUTHENTICATION FOR ELECTRONIC COMMUNICATION NETWORKS - A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user's identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user's identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users. | 01-16-2014 |
| 20140026201 | System And Method Of Sharing Content Consumption Information - The disclosure relates to identifying a user consuming content so that the user can share information on a social network communication service. Aspects of the disclosure relate to detecting reactions to the content and transmitting information to a social networking service associated with the user. | 01-23-2014 |
| 20140026202 | AUTHENTICATING A USER OF A SYSTEM USING NEAR FIELD COMMUNICATION - A system and machine-implemented method for providing a username and password to a system using a device, via establishing a near field communication link with the system; retrieving a username and password from storage on the device; and transmitting the username and password to the system via the near field communication link, wherein the username and password are configured to be used by the system to authenticate the user on the system. | 01-23-2014 |
| 20140033286 | ONLINE USER ACCOUNT LOGIN METHOD AND A SERVER SYSTEM IMPLEMENTING THE METHOD - The present invention provides a webpage login method involving two client devices and a server. The server receives an information access request from a first client device. In response to the information access request, the server generates a unique identifier and returns the unique identifier to the first client device. The unique identifier is to be displayed on the first client device. Next, the server receives a first message from a second client device, the first message including user account information at the server system and authentication information. The server determines whether the authentication information corresponds to the unique identifier generated by the server system. If the authentication information corresponds to the unique identifier, the server authenticates the information access request such that the user can access information at the server and associated with the user account information from the first client device. | 01-30-2014 |
| 20140033287 | PRINTING SYSTEM AND METHOD TO REGISTER CARD ID - A printing system includes an image forming apparatus and a management server connected via a network. The image forming apparatus reads a card ID of a user of the image forming apparatus from the ID card, accepts non-card authentication information, transmits an authentication request, including the card ID, to the management server, and, if an unsuccessful authentication result is transmitted from the management server, transmits a card registration request, including the non-card authentication information, to the management server. The management server transmits a successful authentication result or the unsuccessful authentication result to the image forming apparatus according to whether the card ID has been registered in correspondence to the user, registers the non-card authentication information in correspondence to the user, and if the non-card authentication information has been registered in correspondence to the user, registers the card ID in correspondence to the user. | 01-30-2014 |
| 20140033288 | Systems and Methods for Enhanced Engagement - In some embodiments, a method comprises displaying a pre-registration invitation on a first digital device connected to a wireless network, determining one or more wireless network identifiers associated with the wireless network, generating a pre-registration code request, the request including the one or more wireless network identifiers, providing the pre-registration code request to a virtual network server, the server generating a pre-registration code in response to the pre-registration code request, the pre-registration code associated with the one or more wireless network identifiers, receiving the pre-registration code, providing a registration request from a second digital device, the registration request comprising the pre-registration code, and provisioning an account based on the registration request and the wireless network identifiers, the wireless network identifiers identified based on the pre-registration code. | 01-30-2014 |
| 20140033289 | ANTI-IDENTITY THEFT AND INFORMATION SECURITY SYSTEM - The anti-identity theft and information security system process includes storing secure information in association with an electronic device having a communication circuit for sending and receiving data. Biometric information is read with a scanner so that the identity of a user can be authenticating in connection with the supplied biometric information. Once approved, a data communication line is established with a remote device and access to the secure information is unlocked. Thereafter, the secure information may be transmitted between the electronic device and the remote device. | 01-30-2014 |
| 20140033290 | MULTIPLE AUTHENTICATION MECHANISMS FOR ACCESSING SERVICE CENTER SUPPORTING A VARIETY OF PRODUCTS - According to one embodiment, a login page is displayed on a mobile device for logging onto a support center. In response to selecting a first login option, the user is requested to speak a predetermined phrase to a microphone of the mobile device and a first voice stream is captured using a voice recorder of the mobile device. The first voice stream is transmitted to the support center for authentication based on the voice. In response to selecting a second login option, a password is obtained and is transmitted to the support center to for authentication based on the password. Upon having been successfully authenticated by the support center based on at least one of the first and second login options, a communication session is established with a support agent of the support center for support services of a product associated with the user. | 01-30-2014 |
| 20140033291 | METHOD AND SYSTEM FOR VISITING A THIRD PARTY APPLICATION VIA A CLOUD PLATFORM - A system and a method for visiting a third party application through a cloud platform are disclosed. The method includes: receiving a cloud platform account and cloud platform password information inputted by a user; searching a stored binding information mapping table according to a third party application selected by the user to obtain the third party application and obtain access information not comprising cleartext password corresponding to the cloud platform account information, and transmitting the access information to the third party application server; and receiving authentication succeed information returned by the third party application server. According to the present disclosure, complexity of user's operations may be reduced when the user logs on frequently and security level of the user for visiting the third party application may be improved. | 01-30-2014 |
| 20140041001 | ELECTRONIC DEVICE AND METHOD FOR AUTOMATICALLY LOGGING-IN - A method for automatically logging-in of an electronic device without repeatedly inputting user information is provided. The method includes receiving log-in information transmitted by a sensor placed within a predetermined range; verifying whether the log-in information matches user information stored in a storage unit according to a first table recording a relationship of the log-in information and the user information stored in the storage unit; and logging-in of the electronic device according to the user information corresponding to the log-in information when the log-in information matches the user information stored in the storage unit. The electronic device is also provided. | 02-06-2014 |
| 20140041002 | Secure Access Method, Apparatus And System For Cloud Computing - Secure access method, apparatus and system for cloud computing are provided. The method includes: acquiring authentication information input from a client; determining a client identification of the client which is not arbitrarily changeable; if it is determined that the ordinary password corresponding to the user name is correct, determining by a distribution authentication server whether a correspondence between the client identification and the address of the cloud machine exists in a database of the distribution authentication server and whether the dynamic password is correct, and notifying the client of a successful login if the correspondence exists in the database and the dynamic password is correct, and notifying the client of an unsuccessful login if it is determined that the ordinary password corresponding to the user name is incorrect. | 02-06-2014 |
| 20140041003 | METHOD OF AND SYSTEM FOR GAINING SECURE ACCESS TO A SERVICE - In order to gain secure access to a service in a defined trustworthy environment holding at least one network component a password is saved in the network component. Then a user device is introduced into the trustworthy environment, and it contacts the network component device and retrieves the password saved in the network component. The device then communicates the password to the service, which in turn is enabled for the user device if a password stored in the service matches the password that has been communicated by the user device to the service. | 02-06-2014 |
| 20140041004 | Managing Remote Telephony Device Configuration - The remote configuration of a telephony device is managed by transmitting configuration data to the device. The data is transmitted via a data communication network. One of more service credentials are received. The credentials are authenticated. A configuration time period is activated in response to authentication of the credentials. A request for configuration data is received via the network, which includes identification data indicative that the request is from a telephony device associated with the credentials. It is determined how to proceed with processing of the request dependent on whether the request is received during the time period. If so, configuration data is transmitted via the network in response to the request. If the request is received after the time period, transmission of configuration data via the network in response to the request is inhibited. | 02-06-2014 |
| 20140041005 | METHOD AND SYSTEM OF LOGIN AUTHENTICATION - A method and system for login authentication is disclosed. The method comprises the steps of: sending, by a first client, a first login request to a login server and receiving a mapping relationship between original characters and post-mapping characters returned by the login server according to the first login request; and sending, by a second client, a second login request to the login server according to the mapping relationship, with the second login request including post-mapping information corresponding to user information determined according to the mapping relationship. The solution in the present invention is to realize joint login by two clients, such that even if one of the clients is infected with a computer virus, no particular user information can be obtained through the infected client. Thus, the security of login authentication and the security of user information can be improved. | 02-06-2014 |
| 20140041006 | SECURE MESSAGING CENTER - A secure messaging system is disclosed wherein messages are transmitted to a user based on a feature unique to the user, such as an account number. The user authenticates himself, then messages associated with the user can be displayed. | 02-06-2014 |
| 20140041007 | WEB BASED EXTRANET ARCHITECTURE PROVIDING APPLICATIONS TO NON-RELATED SUBSCRIBERS - An extranet includes a network which couples a plurality of non-related participants and a server coupled to the network. The server stores a plurality of applications including workgroup applicants, transaction applications, security applications and transport circuits and equipment. The server is programmed to load particular ones of the plurality of applications onto the network for use by the plurality of participants in response to a request by one of the participants for a particular application. | 02-06-2014 |
| 20140047523 | Browser Session Privacy Lock - Techniques are shown for executing a web browser on a client computing device and requesting access to applications available from a hosting server over a network in communication with the client device. The web browser stores authorization credentials for accessing designated applications available from the hosting server in a lockbox. A message received at the web browser provides instructions to lock all designated applications by rendering at least partially blanked-out or partially obscured visual displays for the designated applications, with no viewing of, access to, or operation on selected data within the designated applications permitted, while the locked designated applications remain logged-in. This Abstract is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. | 02-13-2014 |
| 20140047524 | CODE-BASED AUTHORIZATION OF MOBILE DEVICE - A system and method for authenticating mobile communications devices. The method comprises: generating a code corresponding to a user configured to be rendered on a rendering device to produce a rendered code, the rendered code being readable by a mobile communications device having a code reading device, the rendered code comprising a secret token; storing the secret token along with information identifying the user on a first storage device; providing the code to the user; receiving, at the authentication server, a setup message from the mobile device, the message includes a device identifier and the secret token; comparing the received secret token and the secret token stored on the first storage device; if the received secret token matches the secret token stored on the first storage device, storing, on a second storage device, information identifying the user and a trusted device value corresponding to the device identifier. | 02-13-2014 |
| 20140047525 | METHOD FOR ENTERING A PASSWORD AND COMPUTER PROGRAM (THEREFOR) - A method is provided for entering a password. The method includes: providing a display means which is coupled to a data processing means; displaying a timepiece with a first representation of a timepiece element on the display means, detecting a user input; and assigning an alphanumeric character of the password to the user input and the first representation of the timepiece element or a further representation of the timepiece element. In some instances, the first representation of the timepiece element is time dependent. | 02-13-2014 |
| 20140047526 | ELECTRONIC DEVICE AND METHOD FOR PROVIDING CLOUD COMPUTING SERVICES - In a method for providing cloud computing services using an electronic device, the electronic device connects to a cloud server through a network, and the cloud server connects to a cloud storage system. The electronic device includes a slave operating system (OS), a streamer agent, and a touch screen. The cloud server assigns an IP address and a security code to the electronic device using a hypervisor of the cloud server. The slave OS receives an account and a password inputted from a user operation interface, and verifies whether the account and password are valid according to the security code. The electronic device uploads data to the cloud server by the streamer agent, downloads data from the cloud storage system by the streamer agent, and displays the downloaded data on the touch screen and each display device that is wirelessly connected to the electronic device. | 02-13-2014 |
| 20140047527 | System and Method for Detecting and Preventing Automated Interaction Based on Detected Actions Performed by User to Solve a Proffered Puzzle - A system and method is provided to detect and prevent automated interaction. A server sends a puzzle to a client application of a client device. The puzzle is programmed and configured to enable a user to solve the puzzle with doing one or a series of maneuvers only using an input pointing means and by moving an Actor object displayed in the puzzle along an indicated path to a target location on the path. The server receives from the client application behavior data documenting the user's interactions with the Actor object in the course of trying to solve the puzzle, analyzes the received user behavior data, and decides whether the puzzle is solved and is solved by a human based on the analysis on the behavior data. The server sends to the client application an authentication token when the server decides that the puzzle is solved by a human. | 02-13-2014 |
| 20140047528 | IDENTITY MANAGEMENT ON A WIRELESS DEVICE - A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider. | 02-13-2014 |
| 20140047529 | ENTERPRISE BIOMETRIC AUTHENTICATION SYSTEM - An enterprise biometric authentication system for use with a network of client computing devices, each client computing device executing an operating system with a biometric framework component including a client biometric service, a client engine adapter, a client engine wrapper, and a server subsystem further including a server database, a server storage adapter, a server engine adapter, and a server component. The client engine wrapper resides on a client computing device and is operable to intercept requests from the client biometric service to the client engine adapter and to transmit the requests. The server storage adapter may store and retrieve biometric templates from the server database. The server engine adapter may generate and compare biometric templates. The server component may receive the requests from the client engine wrapper, forward the requests to the server engine adapter, and transmit results of the requests to the client engine wrapper. | 02-13-2014 |
| 20140047530 | SYSTEM, METHOD AND APPARATUS FOR SELECTING CONTENT FROM WEB SOURCES AND POSTING CONTENT TO WEB LOGS - A method, system and apparatus for selecting, displaying, managing, tracking tagging and transferring access to specific content of Internet web pages and other sources, permitting the user or recipient to navigate quickly to a source of a content item in the custom selection, and posting content to web logs. A method and system of assisted content selection provides temporary borders around content items on mouseover; of Dynamic Content Display provides updating of selected content items; of Content Marks allows users to tag specific content items in web pages with a keyword or keywords, store a definition of the content item along with the keyword(s), and then search the stored definitions using search keywords; and a method of Multiple Clip Mode allows users to select specific content items from disparate source web pages and then tag, save, search, retrieve and print the selection. | 02-13-2014 |
| 20140053253 | METHOD OF OBTAINING A NETWORK ADDRESS - The present invention comprises a method of and apparatus for simplifying the process of access to a network for a roaming computer user, divides the responsibility of servicing a given user wanting to access the network between multiple parties and minimizes the possibility of improper dissemination of email header data as well as improper use of network resources (including server systems) by non-clients. | 02-20-2014 |
| 20140053254 | GRAPHICAL AUTHENTICATION SYSTEM AND METHOD FOR ANTI-SHOULDER SURFING ATTACK - The present disclosure relates to a graphical authentication system and the method of the same for anti-shoulder surfing attack, With the system and method, the user is able to select a graph form a graph list, The selected graph is partitioned into M*N pieces of graph blocks, Further, one of the graph blocks is selected to generate a password, when login, the system and method create randomly a login hint to indicate a position, the user therefore scroll a set of horizontal bar and vertical bar to the position according to the login hint and confirm entry, the system and method further proceed a authentication process to verify the entry to determine the validity of the authentication. | 02-20-2014 |
| 20140059665 | FRAUD-PROOF LOCATION IDENTIFICATION SYSTEM - Systems and methods for facilitating check-ins that are resistant to common fraud scenarios while also being relatively inexpensive. One or more embodiments include displaying unique tokens in quick succession on a display positioned at the check-in location (e.g., a store, restaurant, or other business or location). Customers have a short period of time (e.g., a few seconds, five minutes, etc.) to scan a particular check-in token before a new token is displayed on the display. Each token may encode a pre-determined number or identification code that cannot be guessed by the user and that can be verified by the system to validate the check-in. By periodically changing the check-in token displayed to users and limiting each token to a single use within a short timeframe, users are prevented from checking in remotely. | 02-27-2014 |
| 20140068734 | Managing Access to a Shared Resource Using Client Access Credentials - Systems and methods to manage access to shared resources are provided. A particular method may include receiving a request to access a shared resource from a first client of a plurality of clients and determining whether the shared resource is being used. A first window credential associated with the first client may be retrieved. The first window credential may be one of a plurality of window credentials associated with the plurality of clients. The first window credential may be used to access the shared resource. | 03-06-2014 |
| 20140068735 | SYSTEM FOR PROVIDING TRUSTED USER ACCESS OF COMPUTER SYSTEMS - Enables trusted user access of computer systems for example that verifies trusted users and may allow trusted users to bypass challenge-response tests, while limiting access by automated processes and unwanted human challenge-response test solvers. Embodiments may implement an account that may be utilized across websites to enable a valid or trusted user to bypass challenge-response tests. Embodiments of the invention cost time, or cost a nominal fee, or require use of something that may be validated as owned by a user such as a physical address or cell phone, or trusted referral or social graph or any combination thereof, but cost large amounts time or money for spammers using cheap third world labor, thus making it expensive to invoke attacks on sites protected by embodiments of the invention. | 03-06-2014 |
| 20140068736 | MANAGEMENT OF MULTIPLE DEVICES REGISTERED TO A USER - A system and method for managing electronic devices based on user identity information is presented. An authenticating entity authenticates and provides secure user identity data and a first electronic device. The first electronic device includes memory that stores first secure user identity data provisioned to the first electronic device and a communication module that discovers a second electronic device and initiates a wireless connection with the discovered second electronic device, in which the second electronic device is provisioned with second secure user identity data, logic that has the first and second electronic devices exchange and validate their respective first and second secure user identity data, and a discovery list that stores attributes of the second electronic device. Upon determining that the first and second electronic devices are associated with the same user, the logic adds self-property to the stored attributes of the second electronic device. | 03-06-2014 |
| 20140068737 | SYSTEMS AND METHODS FOR CONTENT MANAGEMENT IN AN ON DEMAND ENVIRONMENT - The technology disclosed relates to hosting legacy data sources in a cloud environment. In particular, it relates to providing users with flyweight access to content stored in legacy content repositories from within cloud based applications. It uses full-duplex secure transport tunnels and repository-specific connectors to traverse security layers and access the content repositories. It also creates virtual objects representing the content in the content repositories and embeds them in the cloud based applications. | 03-06-2014 |
| 20140068738 | ADAPTIVE DEVICE AUTHENTICATION - Device attributes corresponding to hardware and system configuration and characteristics of the user of the device are associated with adjustment logic, e.g., according to various types and classes of attributes. A hierarchical authentication process provides highly detailed and accurate authentication of a device, including device identification, device authentication, user authentication, and attribute adjustment. If the device is not properly identified, authentication fails. Otherwise, device authentication is attempted. If device authentication fails, all authentication fails. Otherwise, the user of the device is authenticated. If user authentication fails, authentication of the device fails. Otherwise, adjustment logic is used to adjust attributes for subsequent authentication. | 03-06-2014 |
| 20140068739 | METHOD AND SYSTEM FOR VERIFYING AN ACCESS REQUEST - A system for verifying a request for access to data is provided, the system comprising a first module and a second module. The first module is arranged to generate a password, and the second module is arranged to receive a password associated with a request for data (received at step), validate the received password, and enable access to the requested data. The system is such that the first and second modules share a secret that has been uniquely assigned thereto, the shared secret being for use in generation and validation of a said password. Furthermore, the first module is communicatively disconnected from the second module. | 03-06-2014 |
| 20140068740 | SYSTEM AND METHOD FOR BIOMETRIC AUTHENTICATION IN CONNECTION WITH CAMERA EQUIPPED DEVICES - The present invention relates generally to the use of biometric technology for authentication and identification, and more particularly to non-contact based solutions for authenticating and identifying users, via computers, such as mobile devices, to selectively permit or deny access to various resources. In the present invention authentication and/or identification is performed using an image or a set of images of an individual's palm through a process involving the following key steps: (1) detecting the palm area using local classifiers; (2) extracting features from the region(s) of interest; and (3) computing the matching score against user models stored in a database, which can be augmented dynamically through a learning process. | 03-06-2014 |
| 20140068741 | AUTHENTICATING AN AUXILIARY DEVICE FROM A PORTABLE ELECTRONIC DEVICE - This document discusses, among other things, a method for authenticating a browser executing on an auxiliary device with a web service executing on a portable electronic device. The method includes receiving a request for a resource from the browser, determining whether the request identifies a protected resource, and selectively authenticating the request based on whether the request identifies a protected resource. | 03-06-2014 |
| 20140068742 | PRE-AUTHENTICATED IDENTIFICATION TOKEN - A pre-authenticated token system includes an identification token having a switch, a transmitter and receiver circuit, and a sensor; a docking station having control circuitry, a transmit/receive circuit and an antenna; a personal computer; and an authentication server computer. The personal computer transmits security information to the authentication server, receives authentication information, and transmits an authentication signal to the docking station. The docking station receives the authentication signal, enters an authentication mode, and transmits the authentication signal to the identification token. The sensor of the identification token detects removal of the identification token from the user's body, and the switch then responds by disabling the identification token to prevent transmission of identification data. | 03-06-2014 |
| 20140075526 | METHOD FOR CONTROLLING CONTENT AND DIGITAL DEVICE USING THE SAME - A method and device for controlling content that includes plural display pages in a sequence, the method including: displaying a current page included in the content; receiving a user input to or above a display screen of the display unit for changing from the current page to another page of the content; extracting fingerprint information from the user input; determining whether the content of the another page is or is not accessible based on the extracted fingerprint information; if all of the content of the another page is determined to be accessible based on the extracted fingerprint information, displaying the another page; and if any of the content of the another page is determined not to be accessible based on the extracted fingerprint information, displaying a page following the current page without displaying content of the another page that was determined not to be accessible. | 03-13-2014 |
| 20140075527 | METHOD FOR CONTROLLING CONTENT AND DIGITAL DEVICE USING THE SAME - A method and device for controlling content that includes plural display pages in a sequence, the method including: displaying a current page included in the content; receiving a user input to or above a display screen of the display unit for changing from the current page to another page of the content; extracting fingerprint information from the user input; determining whether the content of the another page is or is not accessible based on the extracted fingerprint information; if all of the content of the another page is determined to be accessible based on the extracted fingerprint information, displaying the another page; and if any of the content of the another page is determined not to be accessible based on the extracted fingerprint information, displaying a page following the current page without displaying content of the another page that was determined not to be accessible. | 03-13-2014 |
| 20140075528 | LOGIN TO A COMPUTING DEVICE BASED ON FACIAL RECOGNITION - A method of logging a first user in to an computing device includes receiving a an image of the first user via a camera operably coupled with the computing device and determining an identity of the first user based on the received image. If the determined identity matches a predetermined identity, then, based at least on the identity of the first user matching the predetermined identity, the first user is logged in to the computing device. | 03-13-2014 |
| 20140075529 | HOME REALM DISCOVERY IN MIXED-MODE FEDERATED REALMS - The authentication of identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication. Requests for service from valid identities in the realm that are to be authenticated by direct authentication are responded to with a direct authentication interface. Requests for service from valid identities in the realm that are to be authenticated by federated authentication are responded to with a federated authentication interface. Requests for service from invalid identities are responded to pseudo-randomly with either the direct authentication interface or the federated authentication interface. | 03-13-2014 |
| 20140075530 | VOICE OVER IP BASED VOICE BIOMETRIC AUTHENTICATION - A request from a party is received by a receiver from a remote system. The request from the party is received when the party attempts to obtain a service using the remote system. A selective determination is made to request, over a network, authentication of the party by a remote biometric system. A request is sent to the remote system for the party to provide a biometric sample responsive to determining to request authentication of the party. The service is provided contingent upon authentication of the party by the remote biometric system. | 03-13-2014 |
| 20140082713 | System and Method for Location-Based Authentication - Systems and methods are provided for enhancing security by providing additional authentication factors. Prior to authentication, a user may enroll a device from which access to a service or application is authorized. During authentication, the authentication system may retrieve the location of the enrolled device and generate one or more questions that only a user in that location can answer. The user may additionally or alternatively enroll a movement signature with an authentication server as an authentication factor. The user may set a pattern for device movement. During authentication, the user moves the device in the pattern. The device then transmits the movement signature for authentication. | 03-20-2014 |
| 20140082714 | METHOD AND SYSTEM OF PROVIDING ACCESS POINT DATA ASSOCIATED WITH A NETWORK ACCESS POINT - A method includes sending a faked authentication request from a client device wherein the faked authentication request includes identification credentials. A faked authentication request indicates that a reply message in response to the faked authentication request is to include data for updating a directory on the client device. A reply message is received at the client device in response to the faked authentication request. The reply message includes data for updating the directory. The directory is updated based, at least in part, on the data for updating the directory. | 03-20-2014 |
| 20140090037 | SINGLE SIGN-ON IN MULTI-TENANT ENVIRONMENTS - The disclosed embodiments provide a system that authenticates a user. During operation, the system identifies a first tenant associated with a first request for a first resource from the user and obtains an authentication policy for the first tenant. Next, the system uses an authentication mechanism associated with the authentication policy to authenticate the user. Upon authenticating the user, the system provides a first security token for enabling access to the first resource by the user. | 03-27-2014 |
| 20140090038 | PRIORITIZING A CONTENT ITEM FOR A USER - The disclosed subject matter relates to methods for prioritizing a content item for a user. In one aspect, a method includes receiving user authentication events corresponding to a user account. A user is associated with the user account. The method further includes determining a time distribution of the received user authentication events. The method further includes constructing, based on the determination, a content prioritization user model corresponding to the user associated with the user account. The method further includes receiving a content item associated with the user. The method further includes associating, based on the content prioritization user model, a content priority value with the content item. The content priority value corresponds to a predicted aspect of the user. | 03-27-2014 |
| 20140090039 | Secure System Access Using Mobile Biometric Devices - Methods and apparatuses for secure system access are disclosed. In one example, a user request to access a secure system is received. A biometric user authentication request is transmitted to a user mobile device, and biometric data is obtained from the user. The user identity is authenticated utilizing the biometric data, and a response is transmitted from the mobile device to the secure system indicating the user identity is authenticated. | 03-27-2014 |
| 20140090040 | SYSTEM AND METHOD FOR REAL TIME SECURE IMAGE BASED KEY GENERATION USING PARTIAL POLYGONS ASSEMBLED INTO A MASTER COMPOSITE IMAGE - A method including: receiving, at a first device, a challenge provided from a second device, wherein the challenge includes an encoding algorithm and a request for credentials from the first device; and outputting, from the first device to the second device, a response to the challenge, wherein the response includes at least one image, the at least one image including an article of evidence arranged according to the encoding algorithm. | 03-27-2014 |
| 20140090041 | METHOD, APPARATUS AND SYSTEM FOR AUTHENTICATING OPEN IDENTIFICATION BASED ON TRUSTED PLATFORM - The disclosure relates to a method, an apparatus and a system for authenticating an open identification (ID) based on a trusted platform to prevent network overload which may occur due to data transmission repeated at every time of open ID authentication. An open ID authentication system includes a web service providing apparatus configured to provide a specific web service and to support a login of a user device in an open ID service procedure according to mutual arrangements with an open ID management apparatus, and the user device configured to have a separate environment formed of a non-security region operating based on an open operating system and a security region operating based on a security operating system. | 03-27-2014 |
| 20140090042 | USER AUTHENTICATED SECURE COMMUNICATION LINK - Systems and methods are provided for establishing a secure communication link between a first client and a second client. One exemplary computer-implemented method for establishing a secure communication link between a first client and a second client includes accessing, from a storage, identification information of a user of the first client. The method further includes receiving a Domain Name Service (DNS) request from the first client requesting a secure network address corresponding to a secure domain name associated with the second client. The method further includes authenticating the user based on the user identification information. The method also includes transmitting the secure computer network address in response to the DNS request based on a determination that the user has been authenticated. A secure communication link between the first client and the second client is established based on the secure computer network address. | 03-27-2014 |
| 20140090043 | Controlled Discovery of SAN-Attached SCSI Devices and Access Control Via Login Authentication - A method for accessing data in a storage area network is provided. The method initiates with receiving a request for a list of targets on the storage area network. All the targets on the storage area network are exposed to the requestor and authentication requiring a password is requested from the requestor to grant access to the targets on the storage are network. Access to the targets is granted if the password is acceptable, and access to the targets is refused if the password is unacceptable. | 03-27-2014 |
| 20140090044 | Method and Apparatus for Trusted Branded Email - A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure. | 03-27-2014 |
| 20140096212 | MULTI-FACTOR AUTHENTICATION PROCESS - Systems and methods may implement a multi-factor authentication process utilizing, among other things, a value known by a user and an item in the user's possession. In one example, the method may include authenticating a user via a first method utilizing input received from the user, authenticating the user via a second method utilizing a device associated with the user, and authenticating the user via a third method utilizing a security token. | 04-03-2014 |
| 20140096213 | METHOD AND SYSTEM FOR DISTRIBUTED CREDENTIAL USAGE FOR ANDROID BASED AND OTHER RESTRICTED ENVIRONMENT DEVICES - A method, system and computer program product configured for providing distributed credential usage for an electronic handheld device or computing device configured with an operating system comprising an iOS based, Android or other operating system with sandboxed or restricted environments. The system comprises one or more applications running an operating system and configured with one or more sandboxed environments, and a credential provider application configured in a sandboxed environment. The credential provider application is configured to transfer data between the applications, for example, utilizing an inter-process communication channel. The credential provider application is configured to perform an operation on a request from one of the applications and utilizes credentials associated with the application. The credential provider application is configured to maintain the integrity of the credentials within the confines of the credential provider application so that the application is not given access to any private or secret credentials. | 04-03-2014 |
| 20140096214 | RADIUS POLICY MULTIPLE AUTHENTICATOR SUPPORT - A method for providing multiple authenticator support when responding to RADIUS Access Request messages is disclosed. The method for providing multiple authenticator support when responding to RADIUS Access Request messages includes receiving a RADIUS Access Request message, retrieving customer authentication information having a first and second authenticator value; attempting authentication against the first authenticator value, and in the event that a failure to authenticate occurs, then attempting authentication against the second authenticator value. Int the event of a successful authentication against either the first or second authenticator value, a RADIUS Access Accept message is provided. Examples of first and second authenticator values include a UserName and a MAC address. The method for providing multiple authenticator support when responding to RADIUS Access Request messages provides advantages over single authenticator value systems known in the art. | 04-03-2014 |
| 20140096215 | METHOD FOR MOBILE SECURITY CONTEXT AUTHENTICATION - The present invention is a system and a method for improving the authentication security across a network from a mobile electronic computing device in the context of one or more users, devices, sites/sessions, servers, locations, proximity, motion and/or behavioral attributes within a defined session lifecycle. The authentication method and system utilizes a strong, elegant, private, definitive and real-time, triangulated verification, which requires mutual authentication between the parties. | 04-03-2014 |
| 20140096216 | METHOD AND APPARATUS FOR SECURE ACCESS PAYMENT AND IDENTIFICATION - According to one aspect, the invention provides a system for authenticating identities of a plurality of users. In one embodiment, the system includes a first handheld device including a wireless transceiver which is configured to transmit authentication information, a second device including a wireless receiver, where the second device is configured to receive the authentication information. | 04-03-2014 |
| 20140096217 | SYSTEM FOR PERSONALIZED TELEMATIC SERVICES - A telematics system can provide authenticated access to telematic services. Upon connection of a mobile communication device to an automotive telematic system, and receipt of a request to access a telematic service, the system can determine by a processing unit of the automotive telematic system whether a personalized key for user authentication is required to access the telematic service and, if it is determined that the personalized key is required, request the personalized key from the mobile communication device. | 04-03-2014 |
| 20140096218 | Information processing apparatus, information providing server, program, communication system, and login information providing server - In one example embodiment, the communication system disclosed herein includes an information processing apparatus that acquires address information from a memory device having a free area including the address information and a secure area including account information. The information processing apparatus connects to a resource of a server using the acquired address information. The information processing apparatus causes a security server to acquire the account information from the memory device and transmit the acquired account information to the server such that the server enables a user to access the resource of the server using the account information. | 04-03-2014 |
| 20140101739 | SEMANTIC CHALLENGE FOR AUDIO HUMAN INTERACTIVE PROOF - In one embodiment, a human interactive proof portal | 04-10-2014 |
| 20140101740 | Methods, Systems, and Products for Authentication of Users - Methods, systems, and products authenticate users for access to devices, applications, and services. Skills of a user are learned over time, such that an electronic model of random subject matter may be generated. The user is prompted to interpret the random subject matter, such as with a drawing, physical arrangement, or performance. The user's interpretation is then compared to the electronic model of the random subject matter. If the user is truly who they purport to be, their interpretation will match the electronic model, thus authenticating the user. If interpretation fails to match the electronic model, authentication may be denied. | 04-10-2014 |
| 20140101741 | METHOD AND SYSTEM FOR MOBILE DEVICE BASED AUTHENTICATIONSERVICES ENVIRONMENT - In this specification, access may be provided to secure systems by authentication using mobile devices. Users may register a mobile device and password with an authentication system. To access a secure system, users may send a request with a registered phone number via SMS, internet or phone. In an embodiment, the authentication server system may send the token and the position of the password via SMS. Users may enter the authentication code comprising of the token and the password at the secure system. The secure system compares the authentication code with the stored authentication code to grant access to the secure system. Secure access may be used in credit card, pre-paid card, debit card or any other card transactions other financial transactions authentication, login authentication for a computer system and security access authentication. | 04-10-2014 |
| 20140101742 | Method, Client and Server of Password Verification, and Password Terminal System - The present disclosure provides techniques for authenticating a password. These techniques may enable a user terminal to retrieve a diagram using a computing device. The diagram is inputted by a user in a terminal and is displayed in form of a diagram in connection to a password. The computing device may then transfer operand points passed through by the diagram to a server terminal for password authentication, and then receive a result of the password authentication from the server terminal. These techniques improve password authentication security. | 04-10-2014 |
| 20140101743 | Method for authenticating a user to a service of a service provider - Methods, devices, and computer programs for an authentication of a user to a service of a service provider are disclosed. Access for the user to the service of the service provider is requested. One or more authentication security profiles are selected by the service provider for specifying an authentication security requirement of the service provider for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider are sent from the service provider to the identity provider for requesting the authentication of the user by the identity provider. The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider is sent to the service provider. | 04-10-2014 |
| 20140101744 | DYNAMIC INTERACTIVE IDENTITY AUTHENTICATION METHOD AND SYSTEM - An identity authentication system includes a storage unit, a display character set generation unit, a display unit and a password authentication unit. An identity authentication method includes the following steps: generating the dynamic display character sets; inputting a dynamic input code; and comparing the dynamic input code with the user password. This invention can improve the security of identity authentication and is convenient to use. | 04-10-2014 |
| 20140109208 | METHOD AND SYSTEM FOR IMAGE-BASED USER AUTHENTICATION - A system and method which authenticates a suspect user of a service by use of images of an authentication object. A registered user provides a trusted image depicting an authentication object, said image being then stored as a master image. Later attempts to access the service then require providing an additional image of the authentication object, the object in the additional image being compared to that in the master image and access being granted if the two images are found to depict the same object. | 04-17-2014 |
| 20140109209 | HOSTED IMS INSTANCE WITH AUTHENTICATION FRAMEWORK FOR NETWORK-BASED APPLICATIONS - A device is configured to receive an authentication credential from a user device, and is configured to authenticate the user device based on the authentication credential. The device is configured to transmit, based on authenticating the user device, a first application for establishing a tunnel that permits the user device to access a second application using an Internet protocol multimedia subsystem (IMS) network architecture. The device is configured to establish, based on the first application, a tunnel for transferring IMS traffic to or from the user device, and is configured to transfer the IMS traffic to or from the user device, using the tunnel, where transferring the IMS traffic permits the user device to access the second application. | 04-17-2014 |
| 20140109210 | Automated Meeting Room - Methods and systems for automatic setup and initiation of meeting resources are described herein. A meeting room, area, or resource may be equipped with a camera or other proximity based sensor to determine when a user enters the meeting area. The camera may perform initial recognition of a user, e.g., based on facial or body recognition. The system may then authenticate the user as the meeting organizer using a second recognition technique, e.g., voice recognition. Based on the user authentication, the system may query the meeting organizer's calendar (or other resource) for meeting information, download an associated meeting presentation from cloud storage, initiate meeting (e.g., screen sharing) software, notify any missing attendees that the meeting has begun, and launch the presentation on a shared screen. The meeting organizer may then control the presentation using video and/or voice. All may be completed without the meeting organizer being required to touch anything. | 04-17-2014 |
| 20140109211 | Authentication System and Authentication Method - An authentication system | 04-17-2014 |
| 20140109212 | AUTHORIZATION OF SERVER OPERATIONS - An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation. | 04-17-2014 |
| 20140109213 | Method and Apparatus for Data Transmission - Embodiments of the present invention relate to communications technologies and disclose a method and a system for establishing a data transmission channel, a SIP server, and a session border controller. A first authentication request message is sent by a first terminal. The first authentication request message includes identifier information of the first terminal and identity information of a second terminal. It is determined that the identifier information of the first terminal matches pre-stored authentication information of the first terminal. According to the identity information of the second terminal, a second authentication request message that carries authentication information of the second terminal is sent to the second terminal. After receiving an authentication success response message from the second terminal, a data transmission channel is established between the first terminal and the second terminal. | 04-17-2014 |
| 20140115679 | AUTHENTICATION METHOD OF ENUMERATED PATTERN OF FIELD POSITIONS BASED CHALLENGE AND ENUMERATED PATTERN OF FIELD POSITIONS BASED RESPONSE THROUGH INTERACTION BETWEEN TWO CREDENTIALS IN RANDOM PARTIAL DIGITIZED PATH RECOGNITION SYSTEM - An interactive method for authentication is based on two shared secrets, both shared secrets in the form of an ordered path on the frame of reference. An instance of the frame of reference comprises a set of characters which is arranged in a random or other irregular pattern. The first step of authentication that a user performs requires the user to remember one or all of the characters in the displayed instance of the frame of reference found in the locations in the random subset of the first ordered path by indicating characters either in these locations, or any other locations having the same characters. The second step of authentication requires that a user enter the position of the second ordered path, which only they know during an authentication session, where the challenge identifying the position of the ordered path is the single or multiple values that matches the value of the digital content of the frame of reference. | 04-24-2014 |
| 20140115680 | SERVER DEVICE - One object is to restrain unauthorized logins without significantly reducing usability. In accordance with one aspect, the server device according to an embodiment includes: an information storage unit for storing information; an information generating unit for generating login authentication information in response to a display request for a login screen sent from a terminal device; a sending unit for sending login screen data for displaying the login screen on the terminal device; a receiving unit for receiving login information from the terminal device; and a determination unit for determining whether a login is permitted based on the received login information. The login screen data includes an instruction for converting the login authentication information. | 04-24-2014 |
| 20140115681 | System and method for alternative distribution of a PIN code - System and method for distribution of a PIN code comprising an application end user in communication with an application server comprising at least one PIN code generating mechanism for authentication of an application end user, and a portable telecommunication device further characterized by that said application server is in communication with a synthetic voice PIN server also in communication with said portable telecommunication device. | 04-24-2014 |
| 20140115682 | User Verification Processing Method, User Equipment, and Server - A user verification processing method, a user equipment, and a server, where the method includes: receiving from a server a notification message that includes an action verification code instruction; obtaining sensor data generated when a user performs an action corresponding to the action verification code instruction; and feeding back verification information to the server according to the sensor data. The user verification processing method, the user equipment, and the server provided in the embodiments of the present invention can increase difficulty of cracking a verification code and improve security of the verification code. | 04-24-2014 |
| 20140123255 | SYSTEM AND METHOD FOR DEVICE AUTHENTICATION WITH BUILT-IN TOLERANCE - A system for building tolerance into authentication of a computing device includes a means for executing, from a computer-readable medium, computer-implementable steps of: (a) receiving and storing a first digital fingerprint of the device during a first boot of an authenticating software on the device, the first digital fingerprint based on a first set of device components, (b) receiving a second digital fingerprint from the device at a subsequent time, (c) comparing the second digital fingerprint with a plurality of stored digital fingerprints of known devices, (d) in response to the comparison indicating a mismatch between the second digital fingerprint and the plurality of stored digital fingerprints, generating a request code comprising instructions for the device to generate a third digital fingerprint using the first set of device components, (e) sending the request code to the remote device, (f) receiving the third digital fingerprint from the remote device in response to the request code, and (g) authenticating the device based on a comparison of the first and third digital fingerprints. | 05-01-2014 |
| 20140123256 | System and Method for Human Identity Validation via a Mobile Device - Method for establishing and maintaining a person's identity starts at the time the person registers with the system using a mobile device to validate the identity of a person in an inherently anonymous computing environment such as the internet or any other distributed network where face to face communication is not possible. The person will provide information required to establish the person's identity with an authenticator. The authenticator then submits that information to the system administration service to be validated by external databases and services. The external service provides a set of challenge/response questions unique to that person to establish positive identification. Upon successful authentication of the person's identity, the person and their device will be associated with each other and recorded in the system. Each authentication service will define a criterion, labeled as a schema, by which authentication events will be governed. | 05-01-2014 |
| 20140123257 | COMMUNICATING STATE INFORMATION TO LEGACY CLIENTS USING LEGACY PROTOCOLS - When a user account is in an alternate (fault) state, communication or sync between an application provider and a device or client application typically is interrupted. When parties do not support rich fault messaging, communication of the reason for the interruption and remediation steps has been impossible. An application server provides rich fault messaging using applications that do not provide explicit error messaging and protocols that do not provide explicit error messaging without changing either the application or the protocol by additional interactions between an identity provider and the application server. The application server uses authentication state information provided by the identity server to generate a notification sync event that appears to the application and the protocol to be a normal sync event. The notification sync event is used to provide the user with information needed to determine what the problem with the account is and how to fix it. | 05-01-2014 |
| 20140123258 | DEVICE AND METHOD FOR AUTHENTICATING A USER - Certain aspects of a device and method for authenticating a user are disclosed. The device may display a first set of images and receive a user input. The received user input may comprise a set of gestures and a selection of a plurality of images from the first set of images in a pre-determined sequence. The selected plurality of images may be modified based on the set of gestures. The device compares the modified selected plurality of images with a second set of pre-stored images. The device may authenticate the user based on the comparison. | 05-01-2014 |
| 20140123259 | System and Method for Providing Access to a Software Application - System and method configured to provide an access management system configuration that provides the benefits of single sign-on while reducing internal hardware and administration maintenance costs. The system is reconfigured to provide an access control module that directs authentication network traffic such that access management agents are not required to be installed on the application server for each protected application. The system provides a redirection of a login request from the application server to an external security gateway that authenticates the user via policy and sends authenticated user credentials on a back channel to the access control module to obtain a session cookie which is redirected back to the user so the user can establish a session with the application. The solution reduces the plethora of agents to be maintained and upgraded in order to remain compatible with the evolving hosting software, reducing both hardware and administration maintenance costs. | 05-01-2014 |
| 20140123260 | TERMINAL EQUIPMENT, SERVER, METHOD OF CONTROLLING TERMINAL EQUIPMENT, AND METHOD OF CONTROLLING SERVER - A terminal, a server, a method of controlling the terminal, and a method of controlling the server are provided. The terminal includes a communication unit which communicates with a server storing a file uploaded by a second terminal, a photographing unit which captures an image of a user of the terminal, and a controller which controls the communication unit to receive client information for client authentication from the server, authenticate a client on the basis of a facial image included in the client information and the image of the user captured by the photographing unit, and receive the uploaded file according to the authentication result when the terminal accesses the server with the same account as the second terminal. | 05-01-2014 |
| 20140123261 | SYSTEM AND METHOD FOR AUTHENTICATION OF COMMUNICATIONS - A method whereby a communication can be readily determined to be from an authorized sender or, conversely, identified as being from an imposter, wherein a digital token is created according to a set of at least two rules known to the creator and intended recipient of the communication, further wherein the digital token comprises a recognizable factor such as an image, word, or audio segment, and a system comprising means for implementing the method of the disclosure; wherein fraudulent messages may readily be identified by recognizing whether or not the digital token associated with the message complies with one or more pre-determined rules, even if the system presenting the message is unaware of the rules or even of the authentication process as a whole. | 05-01-2014 |
| 20140123262 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND METHOD - An information processing system and an information processing apparatus and method for transmitting image data from a portable terminal apparatus, to a different apparatus through a network so that the image data may be managed by the different apparatus. A camcorder image station has a folder for each user of a camcorder and has, in each of the folders, 10 sub folders of album 1 to album 10 to each of which a name is applied in advance. The user of the camcorder transmits images picked up by the user to the camcorder image station so that the images are registered into a predetermined album. The camcorder has an album list of 10 albums of album 1 to album 10 in advance and selects an album of one of the names from within the list to designate an album into which image data should be uploaded. | 05-01-2014 |
| 20140123263 | COMPUTER-IMPLEMENTED METHOD FOR MOBILE AUTHENTICATION AND CORRESPONDING COMPUTER SYSTEM - In one embodiment of the present invention a computerized method includes receiving at a personal-mobile device a first communication, which includes information for requesting user verification for logging into an account of a user, via a computing device. The account is with a service provided by an application server. The method includes starting a personal-authentication application on the personal-mobile device in response to receiving the first communication, and receiving in the personal-authentication application a user verification for confirming logging into the account. The method includes logging into the account via the computing device based on receipt of the user verification. Embodiments of the present invention provide enhanced security for logging into an account that a user may have with a service by providing that a personal-mobile device, such as a mobile telephone, which is personal to a user, is configured as a security token for login to the account. | 05-01-2014 |
| 20140123264 | DOMAIN BASED AUTHENTICATION SCHEME - In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application. | 05-01-2014 |
| 20140130143 | MOBILE TERMINAL AND CONTROL METHOD THEREOF - A mobile terminal for receiving a message and a control method thereof are provided. The mobile terminal includes: a wireless communication unit configured to receive at least one of authentication information and a message from an external electronic device; an authenticating unit configured to perform user authentication by using the authentication information received from the electronic device; and a controller configured to perform a control operation in response to a control command included in the received message when the user authentication is performed, and transmit a message indicating the result of performing the control operation to the electronic device. | 05-08-2014 |
| 20140137221 | IMAGE META DATA DRIVEN DEVICE AUTHENTICATION - Embodiments of the present invention address deficiencies of the art in respect to image based authentication and provide a novel and non-obvious method, system and computer program product for image meta data driven device authentication. In an embodiment of the invention, a method for image meta data driven device authentication is provided. The method includes acquiring an image in a computing device on behalf of an end user and generating a set of keywords describing the image in image recognition logic coupled to the computing device. The method additionally includes comparing the set of keywords describing the image to keywords in a keyword list stored in connection with the end user. Finally, the method includes authenticating the end user if a threshold number of keywords in the set match keywords in the keyword list, but otherwise denying the end user access to the computing device. | 05-15-2014 |
| 20140137222 | EXTENSIBLE DEPLOYMENT SYSTEM - An extensible deployment system is disclosed that provides for flexible deployment and centralized management of a scalable communication system. The scalable communication system may be segmented into multiple groups of services, e.g. multiple solutions, that may be deployed across one or more servers. The groups of services may each access separate databases in a single database instance that may allow for the groups of services to be deployed and upgraded independently. A management interface may be provided that allows for centralized management, and deployment, of all of the groups of services, irrespective of the independent upgrade paths of the groups of services. The management interface may include a local authentication system and may also be interoperable with one or more external authentication systems, such that users may use login credentials of an external authentication system to access the management interface. | 05-15-2014 |
| 20140137223 | METHOD AND APPARATUS FOR AUTHENTICATING USERS OF A HYBRID TERMINAL - The invention relates to a method and an apparatus for the authentication of users of a hybrid terminal comprising generation of a unique registration code, and a profile file, at least one registration step, comprising entry of user identification data, entry and transmitting a personal identification number from the internet-capable terminal to a registration server, transmitting the user identification data of the user from the internet-capable terminal to the registration server, entry of the unique registration code, validation of the user identification data and, in the case that the user identification data correspond to a user reference data record, assignment of the profile file and if the entry of the personal identification number by the user has not taken place, generation and transmission of the personal identification number from the registration server to the user, and an authentication step, comprising checking whether the profile file is present on the hybrid terminal and, if it is present, carrying out an authentication, otherwise carrying out an initial authentication and, if the initial authentication shows that the user is authorised, generation and transfer of the profile file from the authentication server to the hybrid terminal, and after carrying out the initial authentication or the authentication, transfer of a clearance message to at least one of the service providers. | 05-15-2014 |
| 20140137224 | SECURING PASSWORDS WITH HASH VALUE - A password security system, hosted by a server, whose method of operation may include receiving a client hash value from a client where the client hash value is computed by hashing a password to generate a first hash value, and hashing the first hash value combined with a user input of an answer to a challenge to generate the client hash value. A server hash value is computed using password data for the user that is stored in a data store coupled to the server and a server-side answer that is stored in the data store. A determination is made whether the server hash value matches the client hash value and data access is granted to the user in view of a determination that the server hash value matches the client hash value, and data access is denied to the user in view of a determination that the server hash value does not match the client hash value. | 05-15-2014 |
| 20140150077 | System and Method for Selectively Sharing Information - Disclosed is a system and method for selectively sharing information among users of a computer application. Specific utility in healthcare applications is disclosed, but the scope of the invention is not limited to healthcare applications. The method involves selecting specific users, with whom information will be shared, a method for selecting such users' restrictions on the information that can be accessed by such users. Also disclosed is a system and method through which certain users can transmit communications on behalf of other users. | 05-29-2014 |
| 20140157379 | Social Authentication - In one embodiment, a method includes providing for presentation to a user a number of content objects. Some of the content objects are socially relevant to the user and some of the content objects are socially irrelevant to the user. The method also includes receiving input indicating a selection of one of the content objects by the user; determining whether the content object selected by the user is socially relevant to the user; authenticating the user if the content object selected by the user is socially relevant to the user; and declining to authenticate the user if the content object selected by the user is socially irrelevant to the user. | 06-05-2014 |
| 20140157380 | Method And System For Hybrid Software As A Service User Interfaces - A hybrid software as a service (SaaS) delivery model allows an enterprise to control sensitive data while application code and non-sensitive data are downloaded from a software provider. A client computing device of the enterprise downloads the application code, which determines an appearance and a behavior of a user interface of the application. The application code is also configured, such as with a network address of a database, to allow the client computing device to access the sensitive data which is hosted by the enterprise. The client computing device may download a file from the enterprise which accesses the application code. For example, an HTML file may access scripting code. Or, the client computing device downloads the application code directly from the software provider, in which case cross-origin resource sharing allows the client computing device to access the sensitive data hosted by the enterprise. | 06-05-2014 |
| 20140157381 | FRICTIONLESS MULTI-FACTOR AUTHENTICATION SYSTEM AND METHOD - A frictionless multi-factor authentication system and method (“FMFA system”) that facilitates verification of the identity of a website user, registrant or applicant. The FMFA system reduces or removes the burden on the user by eliminating the additional manual second step traditionally required by two-factor authentication methods, and replacing the second step with an automated authentication step based on the location of a mobile device that is associated with the user. The FMFA system may be utilized for authenticating users to access sensitive data on online accounts, applications and websites, download files, perform online transactions, store information through websites or data stores, or the like. The FMFA system allows registration information obtained from a previously-registered user to authenticate the user on subsequent visits or logins to the website. | 06-05-2014 |
| 20140157382 | OBSERVABLE AUTHENTICATION METHODS AND APPARATUS - A system, method, and apparatus for providing observable authentication are disclosed. An example method includes receiving a request from a user to access an account, the request including an identifier associated with the user, determining a secret login rule previously provided to the user, and transmitting observable information to be displayed in a login map by a client device associated with the user. The example method also includes determining a correct answer by analyzing the positioning of the displayed observable information within the login map in conjunction with the secret login rule associated with the user. The example method further includes receiving an answer from the client device and providing the user access to the account responsive to the answer matching the correct answer. | 06-05-2014 |
| 20140157383 | ACCESS MANAGEMENT SYSTEM AND METHOD - An access management method includes steps of prompting user to input an account and associated password based on a login request; comparing whether the input account and associated password is one of the accounts and the associated password stored in the storage unit; acquiring the plurality of objects linking to the input account and password, and the login account and associated password for each acquired object when the input account and associated password is one of the accounts and associated passwords stored in the storage unit; and logging into one of the objects when the object is accessed. | 06-05-2014 |
| 20140157384 | Biometric Authentication - A biometric authentication system is disclosed that provides a trusted third party biometric authentication capability for independent confirmation of identity of parties. A repository of biometric templates for registered parties is disclosed that permit a biometric authenticator to perform independent authentication services for other parties by matching received biometric information against biometric information in the repository, or by providing requested biometric information. | 06-05-2014 |
| 20140157385 | Method for authentication, RF chip document, RF chip reader and computer program products - An authentication method for trusted communication between a first party (A) and a second party (B) is intended to be efficient and secure. | 06-05-2014 |
| 20140157386 | COMMUNICATION DEVICE, COMMUNICATION METHOD AND COMPUTER PROGRAM - According to one embodiment, there is provided a communication device including a first communication layer receiving processor to perform a receiving process on a first communication layer on data received from a first communication device. The first communication layer receiving processor includes a first key identifying unit to identify, a key required to process the data; a first attribute identifying unit to identify, pursuant to key data, first attribute information that is attribute information associated with the key as identified; and a data processor to process the data using the key as identified. The data processed by the data processor and the first attribute information are passed to a second communication layer processor configured to perform a process on a second communication layer. | 06-05-2014 |
| 20140157387 | MANAGEMENT SERVER, DEVICE, AND METHOD OF SYNCHRONIZING APPLICATIONS OF THE SAME - A management and market server, different kinds of devices, and methods to synchronize applications between the different kinds of devices is provided. A method for application synchronization by a management server configured to communicate with a plurality of devices includes receiving, from a first device, a first application list of at least one application installed in the first device at the management server, storing the first application list in the management server, receiving, from a second device, a request for application synchronization with the first device, determining whether the second device supports an application from the first application list, generating a second application list by excluding the application from the first application list in response to the application not being supported by the second device, and including the application in response to the application being supported by the second device, and transmitting the second application list to the second device. | 06-05-2014 |
| 20140157388 | WIRELESS COMMUNICATION SYSTEM AND TERMINAL-DEVICE AUTHENTICATION METHOD IN WIRELESS COMMUNICATION SYSTEM - A wireless communication system includes code transmitters ( | 06-05-2014 |
| 20140157389 | SERVER AND/OR CLIENT DEVICE AUTHENTICATION - Embodiments of systems and methods for client and/or server authentication are provided. In one embodiment, a method includes sending information from a mobile network device to a server, wherein the information comprises a seed that is used by both the mobile network device and the server to compute a series of one time passwords. The method also includes receiving, by the mobile network device, a succession of one time passwords generated by the server throughout a session. And the method further includes comparing the received one time passwords generated by the server throughout the session to corresponding one time passwords generated at the mobile network device. In this manner, the server can be authenticated. In various embodiments, the process may be reversed to facilitate client, e.g., mobile network device, authentication | 06-05-2014 |
| 20140157390 | METHOD FOR FACILITATING QUICK LOGINS FROM A MOBILE DEVICE - A computer-implemented method is provided for facilitating a quick login using a mobile computing device having a space-wise limited virtual keyboard. The method includes detecting a response from a server of a website or from an application native to the computing device that includes a login form displayed on a screen of the mobile computing device for authenticating a user, activating an application on the mobile computing device configured to auto fill the login form, and displaying a quick login keyboard, which includes a plurality of boxes configured to hold credential data of the user, wherein the quick login keyboard further includes a plurality of fill buttons, each of which is associated with one of the credential data boxes. The method further includes detecting a tapping on one of the plurality of fill buttons, and populating the login form with the credential data associated with the tapped fill button. | 06-05-2014 |
| 20140165169 | METHOD AND SYSTEM FOR MANAGING USER LOGIN BEHAVIOR ON AN ELECTRONIC DEVICE FOR ENHANCED SECURITY - Security is enhanced for a user of an electronic device by providing a method for managing user login behavior. When an entered password that is different from a defined password is received, the method includes identifying alternative characters for at least one character of the entered password based on a location of a key corresponding to the character of the entered password on a keyboard used to enter the password. When the alternative characters are identified, a variation of the entered password is generated by replacing a character of the entered password with an alternative character of the character. When information relating to the variation matches information relating to the defined password, the entered password is determined to be valid. | 06-12-2014 |
| 20140165170 | CLIENT SIDE MOBILE AUTHENTICATION - Techniques to facilitate user authentication on a mobile device executed on the client side are provided. An embodiment includes a subscriber identity module device, comprising at least one memory to store computer executable components and user information representing a user identity associated with a device with a subscriber identity module interface with which the subscriber identity module device is configured to be employed. The computer executable components comprise a local server component configured to, as facilitated by a processor of the device communicatively coupled to the at least one memory, at least receive a hypertext transfer protocol request message for the user information from an application of the device over a local area network, and provide the user information to the application over the local area network using the hypertext transfer protocol in response to receipt of the hypertext transfer protocol request message. | 06-12-2014 |
| 20140165171 | METHOD AND APPARATUS OF ACCOUNT LOGIN - The present disclosure discloses a method and an apparatus of account login to solve the problem of low efficiency of account login in existing technologies. A client of the method captures an image of a first credential of a user, recognizes user information of the user that is included in the captured image, includes the recognized user information into a login request, and sends the login request to a server for logging into an account that corresponds to the user information. Through this method, a user does not need to input his/her username when using a client for account login, but perform the account login by directly capturing an image of a first credential using an image capturing device of the client, thus effectively improving the efficiency of account login. | 06-12-2014 |
| 20140165172 | SYSTEM AND METHOD FOR AUTHENTICATION OF DEVICES FOR CONTROLLING NETWORK ACCESS - Described herein are methods and apparatus for providing a way for users to identify themselves to network resources (local and on the internet) in a manner that requires minimal user and IT administrator intervention. In certain embodiments, the disclosed technology provides a way to identify the user of a device, without requiring either an agent, or updating device settings. Thus, the disclosed technology removes the labor involved and makes it much quicker for new devices to be allowed to access network resources, for instance, in a school setting where students may want to bring their own devices, thus rendering it impractical for the school's IT department to update each and every device. In addition, students may not want to install agents or update the settings on their devices. | 06-12-2014 |
| 20140165173 | Mediation Server, Control Method Therefor, Subscription Information Managing Apparatus, Control Method Therefor, Subscription Management Server, and Control Method Therefor - There is provided a mediation server. The mediation server comprises, among other things, a device identity receiving unit configured to receive, from a communication device, a device identity which enables the communication device to connect to a network operated by a network operator associated with the mediation server, a login request sending unit configured to send, to the communication device, a login request for requesting login credentials for one of at least one user identity associated with the device identity, and a login credentials receiving unit configured to receive the login credentials from the communication device. The mediation server also comprises a subscription information relaying unit configured to obtain subscription information for use by the communication device from a selected network, and forward the obtained subscription information to the communication device. | 06-12-2014 |
| 20140165174 | COMPUTER SYSTEM AUTHENTICATION USING SECURITY INDICATOR - A method to authenticate a first computer system over a network to a second computer system is disclosed. A login user interface (UI) is presented to a user of the first computer system while disconnected from the second computer system. The login UI presents at least one input field to receive login input from the user and a security indicator that has been previously selected by the user and that is local to the first computer system. Login input is selectively received from the user based on a determination that the user recognizes the security indicator as having been previously selected by the user. A connection is established between the first computer system and the second computer system over the network. The received user input is transmitted using the established connection to the second computer system for authentication of the first computer system. | 06-12-2014 |
| 20140173707 | Disabling Unauthorized Access To Online Services - The present invention relates to a method that enables a user to easily, quickly, and securely disable access to any or all of the online services they use by means of an application managed by a service provider that communicates with those online services that agree to deny access when they receive such communications. When a user denies access, no one is able to log in to any of the online services even if someone has correctly entered the user's login credentials. An “online service” as used herein encompasses any service, such as banking or credit card websites or mobile apps, connected to the Internet that enables a user to log in to the service, and also includes an online service provided by a business to its employees. | 06-19-2014 |
| 20140173708 | CLOUD BASED PASSWORD MANAGEMENT - The present invention extends to methods, systems, and computer program products for providing a cloud based password manager that automatically logs in users from any computer. The cloud based password manager does not require that the user install a local plug-in or other tool to perform automatic login. In this sense, unlike current password managers, the password manager of the present invention is completely cloud based. By simply using any browser or a dedicated app on any computer, the user can request a website and receive a copy of the website with the user logged in even if the user has never used the computer. | 06-19-2014 |
| 20140173709 | SECURE USER ATTESTATION AND AUTHENTICATION TO A REMOTE SERVER - Secure authentication to a remote application operating on a remote server across a network includes detecting a login associated with the remote application; and in response to the detected login, offloading the login process to an isolated execution environment configured to receive a login request message from the browser application; identify confidential information stored in the secure memory storage and associated with the remote application; populate the login request message with the identified confidential data; transmit the populated login request message to the remote application; receive a login response message from the remote application upon successful login; and transmit the login response message to the browser application, wherein only the isolated execution environment can read and write to the secure memory storage. | 06-19-2014 |
| 20140173710 | METHOD AND APPARATUS FOR INFORMATION VERIFICATION - The present disclosure provides a method and an apparatus for user verification. A terminal device recognizes a sequence of click operations made by the user according to a maneuver prompted on a terminal device. The sequence of click operations carries operation information from which a click pattern characteristic, such as a characteristic code, can be determined. Upon receiving the determined click pattern characteristic, a server verifies the user input by matching the click pattern characteristic with a verification code set or stored by the server. The click pattern characteristic may be based on recognizing clicking or tapping operations performed by the user at a specified time and/or in a designated area. The method enables user verification on devices that lowers the rate of errors in the user input of verification codes. | 06-19-2014 |
| 20140181933 | VERIFYING AN IDENTITY OF A MESSAGE SENDER - A system includes a gateway and a verification server. The gateway is configured to receive a first message from a client over a network; send a request to a verification server to generate a first credential based on the first message; and route the first message toward a remote device. The verification server is configured to receive the request from the gateway; generate the first credential in response to the request; store the first credential; receive a second message from the remote device, the message requesting the verification server to validate a second credential; determine whether the second credential is valid based on the first credential; and send a notification to the remote device indicating whether the second credential is valid. | 06-26-2014 |
| 20140181934 | SUPPORTING MULTIPLE MESSAGING SERVICES ON MOBILE DEVICES IN A SINGLE USER EXPERIENCE - A system is described that contains a device including a memory with a management application installed thereon. The management application contains a manager that generates a plurality of user accounts and associates at least one communication service as a messaging account with each user account, and an interface module that generates a user interface that presents the plurality of user accounts and that modifies the user interface based on the identification of the selected user account to present a selected account display. | 06-26-2014 |
| 20140181935 | SYSTEM AND METHOD FOR IMPORTING AND MERGING CONTENT ITEMS FROM DIFFERENT SOURCES - Systems, methods, and computer-readable storage media for importing and merging photos from different sources are disclosed. The system receives credentials from a user, who has an account with a content management system. The credentials are associated with content item storage entities such as photo repositories. The system accesses the photo repositories, using the plurality of credentials if authorization is required for data access. The system identifies source photo data in each of the photo repositories, and duplicates the source photo data in the content management system account to create consolidated photo data. | 06-26-2014 |
| 20140181936 | AUTOMATED TEST TO TELL COMPUTERS AND HUMANS APART - Example embodiments disclosed herein relate to an automated test to tell computers and humans apart. Building blocks are assembled to generate an image for a test. When the building blocks are configured in at least one orientation, the image includes a line. One or more of the building blocks can be rotated to generate the at least one orientation. The test can be sent to a device. The test is not oriented in the at least one orientation. | 06-26-2014 |
| 20140181937 | INPUT DEVICE, INPUT METHOD AND PROGRAM PRODUCT - According to one embodiment, an input device includes: a communication module configured to communicate with a different device connected to the input device; a detector configured to detect biological information of a user; an authentication module configured to check matching between the detected biological information and biological information which is stored in advance; and a controller configured to notify to the different device information indicating a device performing an operation input, and notify to the different device an input code formed as a predetermined input character string when the matching of the biological information is established. | 06-26-2014 |
| 20140181938 | PACKET PROCESSOR VERIFICATION METHODS AND SYSTEMS - Methods and systems for transmitting and receiving data using audio devices but without being detectable by a human ear are disclosed. For example, a device for transmitting data can include a modulator configured to transform digital data into a modulated signal having a frequency no less than about 20 kHz, and an audio transmitter coupled to an output of the modulator configured to transmit the modulated signal into a sound propagating medium without being detected by a human ear. The methods and systems can be used to perform two-factor authentication for permitting a user to access a remote server or other device. | 06-26-2014 |
| 20140181939 | CLOUD COMPUTING EXCHANGE FOR IDENTITY PROOFING AND VALIDATION - An architecture and method to provide a cloud based credential exchange wherein organizations and users can use the services of a centralized and streamlined credential clearing house. A user can provide credentials or verification from a third party credential provider to the credential exchange. The credential exchange can use the third party credentials to provide access to multiple networks affiliated with the credential exchange. | 06-26-2014 |
| 20140181940 | FILE MANAGEMENT METHOD AND SYSTEM AND STORAGE MEDIUMS - The invention provides a file management method includes the steps of: setting cloud copy buttons in right-click menus of files and/or file folders; acquiring clicking operations on the cloud copy buttons by a user; uploading files and/or file folders selected by the user onto a server in accordance with the clicking operations. With the above method, file management becomes more convenient. Furthermore, a tile management system and storage mediums are provided. | 06-26-2014 |
| 20140181941 | METHOD AND APPARATUS FOR A SECURE PUBLIC IDENTIFICATION TAG - A method and apparatus for a secure public identification tag on a sticker, bracelet or temporary tattoo, or other temporary tag. The tag includes a two-dimensional bar code with embedded public key and a removable or separable security code. The two-dimensional bar code, such as a QR code, a Maxicode, a High Capacity Color Bar Code, an Aztec Code, or any code capable of being scanned may be used. The two-dimensional bar code includes the URL address to a secure website and the public identification. When the bar code is scanned for the first time the user is provided with a registration screen to enter the security code and information that may be publicly viewed, as well as a time limit for expiration of the identification tag. When the identification tag is subsequently scanned only the public information may be viewed unless the security code is entered. | 06-26-2014 |
| 20140181942 | STARTUP METHOD AND APPARATUS, STARTUP-ACCEPTANCE METHOD AND APPARATUS, AND MUTUAL-STARTUP METHOD AND SYSTEM - The present invention provides startup method and apparatus, startup-acceptance method and apparatus, and mutual-startup method and system. The startup method includes steps of: receiving an instruction of a user terminal to start up a second application; obtaining a login-status information of the user terminal in a first application; generating a first startup command for starting up the second application; and starting up the second application through the first startup command, delivering the login-status information of the user terminal in the first application to the second application and thereby automatically logging the user terminal into the second application. | 06-26-2014 |
| 20140181943 | WIRELESS COMMUNICATION SYSTEM PROVIDED WITH WIRELESS COMMUNICATION TERMINAL APPARATUSES WIRELESSLY CONNECTED UNDER AUTHENTIFICATION - A first connection control part of a first wireless communication terminal apparatus compares a second network identification information included in a response frame with a first network identification information stored in a first connection information managing part in response to the response frame, and executes an authentication process with a second wireless communication terminal apparatus by using an authentication information stored in the first connection information managing part when a second network identification information included in the response frame is matched with the first network identification information stored in the first connection information managing part, and this leads to establishment of wireless connection with the second wireless communication terminal apparatus by a second communication system. | 06-26-2014 |
| 20140189834 | METHOD AND APPARATUS FOR SINGLE SIGN-ON COLLABORATON AMONG MOBILE DEVICES - An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices. | 07-03-2014 |
| 20140189835 | SYSTEMS AND METHODS FOR EFFICIENT AUTHENTICATION OF USERS - Systems and methods for efficient user authentication in a client-server system using a tiered, risk-based approach including a no-risk tier are provided. When a user requests access to the system for a no-risk feature, the user is registered without an additional authentication test. When the user later requests a higher risk transaction, the user is provided with the appropriate third-party additional authentication test based upon the risk level and applicable vendor profile. During no-risk access to the system, user data is collected that may be used with the additional authentication test at the appropriate time. | 07-03-2014 |
| 20140189836 | SYSTEM FOR CONTROLLING ACCESS TO AN ACCOUNT - An account management server, a communication device and a service device are provided for managing access to an account. The account management server, for example, includes, but is not limited to, a storage device configured to store identifying information for each of a plurality of service devices and configured to store an account associated with each of the plurality of service devices, and a processor communicatively coupled to the storage device, wherein the processor is configured to: receive identifying information from a communication device; identify at least one service device whose stored identifying information matches the received identifying information; and grant management access to the account associated with the identified at least one service device to the communication device | 07-03-2014 |
| 20140189837 | METHOD TO ENHANCE HIGH AVAILABILITY IN A SECURE TELECOMMUNICATIONS NETWORK, AND TELECOMMUNICATIONS NETWORK COMPRISING A PLURALITY OF REMOTE NODES - A method for enhancing high availability in a secure telecommunications network includes: switching from a first operational mode to a second operational mode based on an exchange of at least a first message and a second message between at least one specific remote node of the plurality of remote nodes and one or a plurality of further network nodes using Dynamic Host Configuration Protocol (DHCP). The first message includes a request from the at least one specific remote node of the plurality of remote nodes and the second message includes an answer to the first message by a network management node. The second message includes a one-time password. | 07-03-2014 |
| 20140189838 | Access method,and system and mobile intelligent access point - An access method is disclosed. The method includes: a mobile intelligent access point accesses a network through at least two wireless technologies; a User Equipment (UE) establishes a connection with the mobile intelligent access point; and the UE acquires access authentication from the network through the mobile intelligent access point. An access system and a mobile intelligent access point are further disclosed. With the disclosure, network authentication can be implemented to facilitate an operator to control the number of access users and to guarantee the network of the operator. Furthermore, a broadband mobile network is taken as a backhaul network, so as to reduce the reliability on a fixed network and improve the utilization of the broadband mobile network. | 07-03-2014 |
| 20140196131 | USER AUTHENTICATION BASED ON A WRIST VEIN PATTERN - Technology is described for authenticating a user based on a wrist vein pattern. A wrist contact sensor device detects a wrist vein pattern. The wrist contact sensor device may be wearable by being positioned by a wearable support structure like a wristband. One or more pattern recognition techniques may be used to identify whether a match exists between a wrist vein pattern being detected by the sensors and data representing a stored wrist vein pattern. A user may be authenticated based on whether a match is identified satisfying matching criteria. | 07-10-2014 |
| 20140196132 | DISCONNECTED CREDENTIAL VALIDATION USING PRE-FETCHED SERVICE TICKETS - One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible. | 07-10-2014 |
| 20140196133 | COGNITIVE-BASED CAPTCHA SYSTEM - Systems and methods for verifying human users through cognitive processes that computers cannot imitate are described herein. Human cognitive language processing techniques may be used to verify human users. Visual patterns and tests may be used to distinguish between humans and computers because computer-based visual recognition is fundamentally different from human visual processing. Persistent plugins and tests may be used to continuously verify human users. | 07-10-2014 |
| 20140196134 | VERIFICATION METHOD FOR VERIFYING VALIDITY OF PROGRAM, AND VERIFICATION SYSTEM - A verification method pertaining to the present invention is executed by a terminal device and is used for determining the validity of a control program used for remotely controlling an appliance via a server. Verification data generated from: a unique identifier which is assigned to a user of the terminal device; a parameter which is generated by the server device and is assigned to the control program; and partial data which is at least a portion of the control program, is compared with comparison data generated from: the ID of the user stored in the server device; the parameter; and a portion of a program corresponding to the partial data of the control program. When a mismatch occurs, the remote control of the appliance will be prohibited. | 07-10-2014 |
| 20140196135 | SECURE AUTHENTICATION SYSTEMS AND METHODS - Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid. | 07-10-2014 |
| 20140196136 | Unlocking Virtual Items for Online Use and in Video Games - There is provided a system and method for providing access to a virtual object corresponding to a real object. There is provided a method comprising authenticating a user account for a networked application, confirming a validity of a user provided code, wherein the code is visible on the real object or on accompanying materials of the real object, and granting the user account access to the virtual object for use in the networked application in response to the confirming of the validity. As a result, users are enabled to enjoy interactions with real objects as well as corresponding virtual objects both in an offline video game context and in an online network application context. | 07-10-2014 |
| 20140201825 | ID USAGE TRACKER - There is provided a method for using a multi-user operating system. A user attempts to access the multi-user operating system. The user is prompted to enter a shared credential associated with the multi-user operating system and an individual credential of the user. The entered shared credential and the entered individual credential are verified. Access is granted to the user if both the entered shared credential and the entered individual credential are verified. Commands entered by the user granted the access are tracked via the entered shared credential while the user is using the multi-user operating system. The tracked commands indicate the entered individual credential. | 07-17-2014 |
| 20140201826 | ID USAGE TRACKER - There is provided a system and computer program product for using a multi-user operating system. A user attempts to access the multi-user operating system. The system prompts the user to enter a shared credential associated with the multi-user operating system and an individual credential of the user. The system verifies the entered shared credential and the entered individual credential. The system grants the access to the user if both the entered shared credential and the entered individual credential are verified. The system tracks commands entered by the user granted the access via the entered shared credential while the user is using the multi-user operating system. The tracked commands indicate the entered individual credential. | 07-17-2014 |
| 20140201827 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD - An information processing apparatus includes, a processor configured to execute a process including, determining whether a relationship between biometric information acquired from a living body and biometric information stored in a storage unit satisfies a predetermined standard, creating first authentication information by detecting predetermined operation when the relationship between the biometric information acquired from the living body and the biometric information stored in the storage unit does not satisfy the predetermined standard, comparing the first authentication information and second authentication information stored in the storage unit, and activating the information processing apparatus when the first authentication information and the second authentication information match. | 07-17-2014 |
| 20140208405 | Simplified and Safe User Authentication - Machines, systems and methods for authenticating against one or more access points, the method comprising: receiving data identifying an electronic device and destination information for forwarding a code to a user, in response to the user providing the destination information to a user interface prompt displayed on the electronic device when attempting to authenticate against an access point accessible via the electronic device; generating the code, in response to receiving the destination information and data identifying the electronic device; associating the code with the data identifying the electronic device; and forwarding the code in a message to a destination associated with the destination information, wherein the code is retrieved from the message when the message is received, receiving the code transmitted by way of the electronic device to an authentication server; and authenticating the user against the access point, in response to determining that the code matches related records. | 07-24-2014 |
| 20140208406 | TWO-FACTOR AUTHENTICATION - Systems and processes for providing two-factor authentication to systems capable of implementing varying levels of access control are disclosed. The system may include an authentication and access control system that selectively grants access to a secured system or network. The authentication and access control system implements a two-factor authentication routine and may configure a firewall gateway to grant or deny access to the secured system or network based on the results of the two-factor authentication. A user may connect to the authentication and access control system via a VPN. By separating the user from the secured system or network, the authentication and access control system can provide two-factor authentication for the secured system regardless of the secured system's own cyber security capabilities. This is particularly useful for legacy systems in infrastructure operating environments that are incapable of implementing a more sophisticated access control protocol, such as two-factor authentication. | 07-24-2014 |
| 20140215591 | SYSTEM AND METHOD FOR PROVIDING DIGITAL CONTENT - A method of providing access to content based upon one or more adequately-credentialed keys being proximate to a certain location. The method includes a first step of acquiring credential information from at least one key tagged with credential information using a credential acquisition device (CAD) at the certain location. The method also includes a second step of confirming that the credential information meets requirements for receiving the content. Further, the method includes a step of providing access to the content after performing the first and second steps. | 07-31-2014 |
| 20140215592 | METHOD, APPARATUS AND SYSTEM FOR USER AUTHENTICATION - A method is provided for user authentication. The method includes receiving an authentication request sent from a business system for authenticating a user, obtaining operation scenario information and operation basic elements, and displaying the operation scenario information and the operation basic elements. The method also includes receiving authentication information and the operation basic elements. Further, the method includes authenticating an identity of the user based on the received authentication information. The method includes obtaining an authentication result and sending the authentication result to the business system. | 07-31-2014 |
| 20140215593 | LOGGING IN A USER MOBILE DEVICE AT A SERVER COMPUTER SYSTEM - The invention provides a computer-based method for logging a user mobile device onto a server computer system including registering a unique identifier of a user mobile device, receiving a first message from the user mobile device, detecting an Internet Protocol address associated with the user mobile device, receiving the unique identifier corresponding to the Internet Protocol address; and transmitting to the user mobile device a second message. | 07-31-2014 |
| 20140215594 | WIRELESS AUTHENTICATION USING BEACON MESSAGES - Systems, methods, and other embodiments associated with wireless authentication using beacon messages are described. According to one embodiment, a controller includes logic configured to control a transmitter to wirelessly transmit a beacon message. The beacon message is configured to announce to a remote device that a wireless device is available to communicate. The beacon message includes a security identifier that identifies a public key for the wireless device. | 07-31-2014 |
| 20140223531 | Smartphone based identification, access control, testing, and evaluation - A suite of testing and evaluation tools that run in conjunction with a smartphone that can be used to both enroll, and for subsequent enrollees, to gain secure access so that the program may measure, track and report on tests, including activities, that may indicate general health and wellness status. Here, the word “smartphone” includes any handheld or mobile device containing at least one processor. The smartphone can be used as the platform for this suite of tools that can include applications that run independently on the smartphone device, but can also include sensors and other data acquisition tools that can be peripheral to the smartphone and connected by wire or wirelessly. | 08-07-2014 |
| 20140223532 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, AND AUTHENTICATION METHOD - An information processing system includes a receiving unit that receives user identification information and organization identification information from an external device, and an authentication unit that performs authentication of the user identification information and the organization identification information received by the receiving unit using a first storage unit storing one or more sets of user identification information in association with organization identification information. When the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are associated with each other in a second storage unit storing the organization identification information in association with information on one or more external services that have established a trust relationship for authentication. | 08-07-2014 |
| 20140223533 | Mobile Credentials for Resources Management in Collaborative Applications - One or more servers may receive a meeting request from a computer. The one or more servers may transmit a meeting invitation a participant. The participant may accept or decline the meeting invitation. If the participant accepts the meeting invitation, the one or more servers may transmit a credential to the mobile device of the participant. | 08-07-2014 |
| 20140237570 | AUTHENTICATION BASED ON SOCIAL GRAPH TRANSACTION HISTORY DATA - Techniques user or user device authentication using data based on social associations and interactions of users or user devices are presented herein. In an aspect, a method includes receiving social graph transaction history data associated with a user identity of a user and contact information associated with the user identity, wherein the social graph transaction history data includes data relating to usage of the contact information for communication between users via respective user devices. The method further includes analyzing the social graph transaction history data, and based on the analyzing, determining a degree of confidence that the user identity is authentic. | 08-21-2014 |
| 20140237571 | SHARED INTERNET STORAGE RESOURCE, USER INTERFACE SYSTEM, AND METHOD - The Shared Internet Storage Resource provides Internet-based file storage, retrieval, access, control, and manipulation for a user. Additionally, an easy-to-use user interface is provided both for a browser or stand-alone application. The entire method provides means by which users can establish, use, and maintain files on the Internet in a manner remote from their local computers yet in a manner that is similar to the file manipulation used on their local computers. A high capacity or other storage system is attached to the Internet via an optional internal network that also serves to generate and direct metadata regarding the stored files. A web server using a CGI, Java®-based, or other interface transmits and retrieves TCP/IP packets or other Internet information through a load balancer/firewall by using XML to wrap the data packets. File instructions may be transmitted over the Internet to the Shared Resource System. The user's account may be password protected so that only the user may access his or her files. On the user's side, a stand-alone client application or JavaScript object interpreted through a browser provide two means by which the XML or other markup language data stream may be received and put to use by the user. Internet-to-Internet file transfers may be effected by directly downloading to the user's account space. | 08-21-2014 |
| 20140237572 | PORTAL AUTHENTICATION METHOD AND ACCESS CONTROLLER - In a portal authentication method, a DHCP request message sent by a terminal is received by an AC. In response to finding that a user of the terminal is an unauthenticated user, a private network IP address is assigned to the terminal. After portal authentication of the terminal is finished, a wireless connection of the terminal is terminated by the AC. When a DHCP request message sent by the terminal again is received, a determination that the user of the terminal passes the authentication is made by the AC, a public network IP address is assigned to the terminal, and an accounting request message is sent to a RADIUS server. After finding that the terminal is offline, an accounting stop message is sent by the AC to the RADIUS server, the wireless connection of the terminal is disconnected, and the public network IP address is released. | 08-21-2014 |
| 20140237573 | METHOD AND SYSTEM USING A CYBER ID TO PROVIDE SECURE TRANSACTIONS - A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU. | 08-21-2014 |
| 20140237574 | Methods, Systems, and Products for Identity Verification - Methods, systems, and products verify identity of a person. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified. | 08-21-2014 |
| 20140237575 | Login Security with Short Messaging - Additional security is provided for on-line account users beyond that which is otherwise conventionally provided by, e.g., longer passwords, passwords that include both characters and numbers, etc., by implementing an on-line server that notifies a pre-registered account holder via a short messaging system (SMS) with a short message login notification when a log-in (or even just a login attempt) occurs. Thus, even entry of the proper user/password information, which would conventionally be presumed to be authorized, will be notified to the registered SM address of the authorized user. | 08-21-2014 |
| 20140237576 | USER AUTHENTICATION METHOD AND APPARATUS BASED ON AUDIO AND VIDEO DATA - A computer-implemented method is performed at a server having one or more processors and memory storing programs executed by the one or more processors for authenticating a user from video and audio data. The method includes: receiving a login request from a mobile device, the login request including video data and audio data; extracting a group of facial features from the video data; extracting a group of audio features from the audio data and recognizing a sequence of words in the audio data; identifying a first user account whose respective facial features match the group of facial features and a second user account whose respective audio features match the group of audio features. If the first user account is the same as the second user account, retrieve the sequence of words associated with the user account and compare the sequences of words for authentication purpose. | 08-21-2014 |
| 20140237577 | Methods, Systems, and Products for Authentication of Users - Methods, systems, and products authenticate users for access to devices, applications, and services. Skills of a user are learned over time, such that an electronic model of random subject matter may be generated. The user is prompted to interpret the random subject matter, such as with a drawing, physical arrangement, or performance. The user's interpretation is then compared to the electronic model of the random subject matter. If the user is truly who they purport to be, their interpretation will match the electronic model, thus authenticating the user. If interpretation fails to match the electronic model, authentication may be denied. | 08-21-2014 |
| 20140237578 | LOCATION BASED AUGMENTED REALITY SYSTEM FOR EXCHANGE OF ITEMS BASED ON LOCATION SENSING METHODS AND DEVICES RELATED THERETO - Location-based augmented reality systems configured exchange of items based on location sensing and associated triggering icons, and methods and devices related thereto. In one exemplary embodiment, a first, provider user identifies a specific physical location; associates a triggering icon representing a value item with the specific physical location; and, transmits the existence of the triggering icon and specific physical location to a second, mobile recipient user computing device. The second, mobile recipient user receives the triggering icon and specific physical location from the first, provider user computing device, then finds the specific physical location, activates the triggering icon and receives the value item. | 08-21-2014 |
| 20140245411 | METHOD AND APPARATUS FOR PROVIDING ACCOUNT-LESS ACCESS VIA AN ACCOUNT CONNECTOR PLATFORM - An approach is provided for account-less access via an account connector platform. The account connector platform determines a request from at least one client for a user login to at least one of a plurality of accounts associated with a user. The plurality of accounts is associated with an account connector platform and the request includes, at least in part, one or more credentials for the least one of the plurality of user accounts. The account connector platform causes, at least in part, an association of an account connector token with the user, the at least one of the plurality of accounts, or a combination thereof based, at least in part, on an authentication of the one or more credentials. The account connector platform then determines to authenticate the at least one client to provide another user login to at least another one of the plurality of accounts is based, at least in part, on the account connector token. | 08-28-2014 |
| 20140245412 | LINKING CREDENTIALS IN A TRUST MECHANISM - A system is described in which a user is able to generate multiple credentials, each of which includes one or more anchor attributes. Since all credentials contain the anchor attribute(s), the user can offer credentials to a relying party even if he has lost his original secret key. In this way, if a user loses a private key used to sign a credential, then he can use a credential signed by a different private key and still have that credential accepted at a relying party that knows the first credential. Furthermore, the invention enables a user to distribute his identity over multiple identity management systems. | 08-28-2014 |
| 20140245413 | IMAGE FORMING SYSTEM, IMAGE FORMING APPARATUS, AND RECORDING MEDIUM - In an image forming apparatus, a section managing unit acquires section information and usage restriction information from the server apparatus after succession of the user authentication on a login user and registers a temporal section based on the acquired section information and the acquired usage restriction information as a section within the image forming apparatus. The UI control unit removes logout prohibition to the login user before completion of a job of the login user performed by the image forming apparatus, and the usage restriction managing unit continues to perform usage restriction management of the temporal section for the job until the job is completed even after the login user performs a logout operation. | 08-28-2014 |
| 20140245414 | DEVICE, INFORMATION PROCESSING SYSTEM AND CONTROL METHOD - A device includes a first obtaining unit configured to obtain first identification information for use in user authentication from an authentication device; a second obtaining unit configured to obtain second identification information entered by a user; an authenticating unit configured to perform authentication to determine whether the user is an authorized user by comparing the first identification information with the second identification information; and a sharing unit configured to permit both an authentication-type application program that performs user authentication and a non-authentication-type application program that does not perform user authentication to access the authentication device when an authentication result obtained by the authenticating unit indicates that the user is an authorized user. | 08-28-2014 |
| 20140245415 | Method and system for implementing directional publishing of information, and computer storage medium - It is described a method for implementing directional publishing of information, which includes: it is selected, for a client device or a browser which supports display of dynamic pictures, release information to be published based on a location of a current verification picture and a page topic associated with the location, current verification information being supposed to be input from the client device or the browser; and it is selected a picture corresponding to the selected release information, the selected picture and the verification picture are processed to obtain a dynamic picture, and the obtained dynamic picture is displayed in an area for verification. Also it is provided a system for implementing directional publishing of information and a computer storage medium. With the described method and system, a verification code can be used to implement directional publishing of information, thereby increasing the utilization rate of the validate code. | 08-28-2014 |
| 20140245416 | System and Method for Associating a Universal User Identification and a Domain Specific User Identification - There is presented a system and method for associating a domain transcendent identification (ID) of a user and a domain specific ID of the user, the system comprising an ID association server accessible by a plurality of secure domains over a network. The system also includes an ID associator application that when executed by ID association server is configured to receive a domain specific ID that associates the user to the secure domain, enter the domain specific ID in a domain transcendent ID record created for the user, generate a unique data associated with the domain transcendent ID record and identify a network location for submission of the unique data, send the unique data and the network location to the user, and associate the domain transcendent ID and the domain specific ID. | 08-28-2014 |
| 20140245417 | CENTRALIZED SECURE MANAGEMENT METHOD OF THIRD-PARTY APPLICATION, SYSTEM AND CORRESPONDING COMMUNICATION SYSTEM - A technique is provided for performing a centralized secure management on a third-party application. The technique includes receiving, by the centralized secure management system, an identity, an authentication credential and an access grant of the third-party application sent by the third-party application in a distinguishable manner. The centralized secure management system forwards the identity and the access grant to an Authorization Server after successfully authenticating the third-party application. The Authorization Server issues an access token for accessing protected resources to the third-party application through the centralized secure management system when the access grant is valid. | 08-28-2014 |
| 20140250513 | AUTOMATIC TRANSFER OF CREDENTIALS BETWEEN WIRELESS ACCESS POINTS - A system and method for transferring configuration information between wireless access points is provided. Configuration information may include SSID and password, but also certain settings such as network and subnetwork settings. A first wireless access point may be a mobile hotspot, and a second wireless access point may be a docking station. The first wireless access point is initially active and operating using certain configuration information. Upon a trigger event such as a docking or undocking event, the configuration information is transferred to the second wireless access point. The first wireless access point ceases using the transferred configuration information, for example by switching off or adjusting its configuration, and the second wireless access point begins using the transferred configuration information. The configuration information may be transferred back upon a second trigger event. | 09-04-2014 |
| 20140250514 | METHODS AND SYSTEMS FOR PROTECTING WEBSITE FORMS FROM AUTOMATED ACCESS - Systems and methods to tell apart computers and humans using image recognition task having a dynamic graphical arrangement of randomly selected images. The images can be arranged as a grid or matrix for presentation on a device display for authentication of a user as human. The kinds of graphical images can be derived from a selected category for the image recognition task. A series of randomly generated access codes corresponding to the images can be displayed with the images. The user may enter the access codes corresponding to images from the selected category. An authentication server can compare the access code entry to an authentication reference code corresponding to the particular arrangement of images. The selection of images, their arrangement and their corresponding access codes, may dynamically change in between verification sessions. | 09-04-2014 |
| 20140250515 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER BASED ON A BIOMETRIC MODEL ASSOCIATED WITH THE USER - Systems and methods as provided herein may create a biometric model associated with a user. The created biometric model may be used to generate challenges that are presented to the user for authentication purposes. A user response to the challenge may be compared to an expected response, and if the user response matches within a predetermined error of the expected response, the user may be authenticated. The systems and methods may further generate challenges that are adaptively designed to address weaknesses or errors in the created model such that the model is more closely associated with a user and the user is more likely to be the only person capable of successfully responding to the generated challenges. | 09-04-2014 |
| 20140250516 | METHOD FOR AUTHENTICATING IDENTITY OF HANDSET USER - A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image. | 09-04-2014 |
| 20140250517 | AUTHENTICATION METHOD AND DEVICE USING A SINGLE-USE PASSWORD INCLUDING BIOMETRIC IMAGE INFORMATION - The present invention relates to an authentication method and device using a single-use password generated from iris image information. The device comprises: a terminal and a server storing, in respective memories thereof, the iris image information for authentication; a camera attached to and installed on the device to capture the iris image information for authentication; the terminal, which generates the single-use password from the iris image information acquired through the camera, and transmits the single-use password to the server; and the server, which has a built-in algorithm for comparing and determining whether or not the single-use password transmitted from the terminal matches single-use password stored in the server. | 09-04-2014 |
| 20140259134 | SINGLE SIGN-ON PROCESSING FOR ASSOCIATED MOBILE APPLICATIONS - Systems, methods and computer-readable media are disclosed for performing single sign-on processing between associated mobile applications. The single sign-on processing may include processing to generate an interaction session between a user and a back-end server associated with a mobile application based at least in part on one or more existing interaction sessions between the user and one or more back-end servers associated with one or more other mobile applications. In order to establish an interaction session with an associated back-end server, a mobile application may leverage existing interaction sessions that have already been established in connection with the launching of other associated mobile applications. | 09-11-2014 |
| 20140259135 | METHOD AND SYSTEM FOR SIMPLIFIED USER REGISTRATION ON A WEBSITE - A method and system for providing secure registration with a target website computer in which a user logs into a trusted partner website computer, which returns a link to the target website computer. The user computer is redirected to the target website computer with a token that identifies the user computer as being registered with and originating from the trusted partner website computer. After verification, the user provides registration information including an email address to the target website computer, which then sends a registration email message including a unique registration code to the email address provided by the user. The user computer displays a popup window that provides the unique registration code for viewing by the user. The user populates the registration code into a form on a registration verification web page which is sent to the target website computer for verification and completion of the user registration process. | 09-11-2014 |
| 20140259136 | Techniques for Authenticating a Device for Wireless Docking - Examples are disclosed for a first device to wirelessly dock to a second device. In some examples, a first device may receive identification from the second device for wirelessly docking. The first device may determine whether the second device is allowed to wirelessly dock and if allowed an authentication process may be implemented. The first device may then wirelessly dock to the second device based on a successful authentication. Other examples are described and claimed. | 09-11-2014 |
| 20140259137 | METHOD OF MANAGING USER LOG-IN TO CLOUD-BASED APPLICATION AND IMAGE FORMING APPARATUS PERFORMING THE METHOD - An image forming apparatus includes a communication interface unit to perform communication with a cloud server that provides an application service; a user interface unit to display a screen and receive a user input; a storage unit to store a database that corresponds to an application that is installed in the image forming apparatus; an image forming operation performing unit to perform an image forming operation; and a control unit that stores user log-in information in the database that corresponds to the application, so as to match the user log-in information with a user account for the image forming apparatus, and manages a log-in to a user account for the application by using the stored user log-in information. | 09-11-2014 |
| 20140259138 | METHOD AND SYSTEM FOR DISTINGUISHING HUMANS FROM MACHINES - A method and an apparatus for distinguishing humans from computers. During user registration, a computer prompts a human user to provide a spoken response to certain authentication information for registration. The computer obtains registration voice data from the spoken response and establishes a registration voiceprint of the human user. During user logon, the computer identifies the user requesting to logon by the user's logon credentials, provides authentication information for logon to the user, and prompts the user to provide a spoken response to the authentication information for logon. The computer obtains logon voice data from the spoken response, and establishes a logon voiceprint of the user. The computer then determines whether the user requesting to logon is human by comparing the logon voiceprint with the registration voiceprint. | 09-11-2014 |
| 20140259139 | System and Method for Tracking Network Traffic of Users in a Research Panel - A network access device directs an electronic device, distinct from the network access device, to display graphical user interface, the graphical user interface comprising a network access self-identification user interface. The network access device obtains a selection of a user identification option, through the self-identification user interface. In accordance with a determination that the selected user identification option corresponds to a registered user (e.g., a registered user in a research panel), of a previously defined set of registered users of the network access device, the network access device enables access to a communications network, in accordance with the application of one or more logging rules corresponding to the selected user. Further, in accordance with a determination that the selected user identification option corresponds to an unregistered, guest user, the network access device enables access to the communications network, without the application of any logging rules. | 09-11-2014 |
| 20140282955 | Controlled Password Modification Method and Apparatus - Apparatus which control modification of passwords by implementing a procedure by which end user designates, in advance, a universe of social media contacts such as friends on social media web sites such as Facebook and LinkedIn. Contacts so identified are used as a set of potential identity verifiers. In order to enable a reset or modification of an account password, a subset of the universe is required to assert that they have verified the identity of the user requesting to reset a password. Such verification can be accomplished by varying means by those to whom an inquiry has been directed. The apparatus may be in the form of a computer system or a computer readable storage medium. | 09-18-2014 |
| 20140282956 | SYSTEM AND METHOD FOR USER AUTHENTICATION - Various aspects of a system and method for user authentication are disclosed herein. An audio input is received from one of a plurality of computing devices associated with a user. The user identification data associated with the user based on said received audio input is determined. An association of the user with one or more other users in a social network is determined based on comparison of the determined user identification data with pre-stored user identification data. The user is authenticated to participate in an event in association with the one or more other users based on the comparison. | 09-18-2014 |
| 20140282957 | DTCP CERTIFICATE AUTHENTICATION OVER TLS PROTOCOL - Authenticating devices utilizing Transport Layer Security (TLS) protocol to facilitate exchange of authentication information or other data to permit or otherwise enable access to services requiring authentication credentials, certificates, tokens or other information. The authentication may utilize Digital Transmission Content Protection (DTCP) certificates, Diffie-Hellman (DH) parameters or other information available to the authenticating devices, optionally without requiring device requesting authentication to obtain an X.509 certificate. | 09-18-2014 |
| 20140282958 | MULTI-FACTOR AUTHENTICATION TECHNIQUES - An authentication technique with a teaching phase and authentication phase. In the teaching phase, authentication information is collected for a user in at least two categories, wherein one category relates to measurable physical characteristics of the user, another category relates to communication resources available to the user; and a third category relates to knowledge possessed by the user. In the authentication phase, some of the collected authentication information is used to formulate challenge(s) for presentation to the user. Response(s) to the formulated challenge(s) is/are received from the user and correctness of the received response is determined based at least partially on comparison with at least a portion of the collected authentication information. A correctness metric is calculated for the response(s). The user is authenticated if the correctness metric meets or exceeds a first threshold value. | 09-18-2014 |
| 20140282959 | SYSTEM AND METHOD FOR COMPUTER AUTHENTICATION WITH USER MODIFICATION OF AN IMAGE USING A SHARED SECRET - Computers can be authenticated using a shared secret. During an authentication process, a server transmits an image to a client. A mobile device captures and analyzes the image. If the image contains the shared secret known only to the authentic server and the authentic mobile communication device, the mobile device can authenticate the server. The secret in the image can be readily analyzed. A single image may contain multiple shared secrets. Once the server has been authenticated, the user must modify the image in accordance with a shared modification secret to thereby authentic the user. The modified image is transmitted back to the authenticated server. If the image was properly modified, the user is authenticated. | 09-18-2014 |
| 20140282960 | SEAMLESS DEVICE CONFIGURATION IN A COMMUNICATION NETWORK - One embodiment of seamless device configuration between a network device and an access point sends a device credential associated with the network device to the access point before the network device communicates with the access point. The device credential can be used to verify the identity of the network device and can authenticate the network device with the access point without requiring user interaction. Another embodiment can incorporate a central authority maintaining a database of network devices, access points and associated users. The central authority can determine when one or more network devices can seamlessly be configured for use with a particular access point. The central authority can send the device credential associated with the one or more network devices to the access point before the network device communicates with the access point. | 09-18-2014 |
| 20140282961 | SYSTEMS AND METHODS FOR USING IMAGING TO AUTHENTICATE ONLINE USERS - Systems and methods are disclosed for authenticating an identity of an online user. One method includes receiving from the user, through a first device, a request to access a web page associated with the user's online account; transmitting to the user an image that contains a unique ID and a URL of an authentication server; and receiving from the user, through the first device, an authentication request containing the unique ID. The method also includes receiving from the user, through a second device, a log-in ID associated with the user and the unique ID; and authenticating the identity of the user to grant the user access, through the first device, to the web page associated with the user's online account. | 09-18-2014 |
| 20140282962 | Generation of One Time Use Login Pairs Via a Secure Mobile Communication Device for Login on an Unsecure Communication Device - A trusted communication device may generate and display a single use user ID and/or password to be utilized for one time validation of a communication session between an unsecure communication device and a secure communication device. The generated single use user ID and/or password may be communicated from the trusted communication device to a security server that handles security for the communication session. The user utilizes the presented user ID and password pairs to log into a communication session on the unsecure communication device. A heartbeat message may be communicated between the trusted communication device and the security server, and whenever the communicated heartbeat message fails, the user ID and password pair and/or one or more corresponding authentication tokens are deauthorized. A communication session that utilizes the presented user ID and password pair may be manually disabled from the trusted communication device. | 09-18-2014 |
| 20140282963 | SYSTEMS AND METHODS FOR AUTOMATICALLY LOGGING INTO A USER ACCOUNT - Systems and methods for automatically logging into a user account are described, including receiving, using a device, data from an external source or from two or more sources comprising an internal source and another source, wherein the external source is not a user; determining, using the device, that at least a portion of received data is new data; and based on the received data, automatically logging in, from the device, to an account of the user. | 09-18-2014 |
| 20140282964 | SYSTEM AND METHOD FOR UTILIZING BEHAVIORAL CHARACTERISTICS IN AUTHENTICATION AND FRAUD PREVENTION - A behavioral characteristics authentication system and method (“BCA system”) that facilitates authentication of the identity of a user, registrant, or applicant of a website, application, or other accessible computer resource using a verification process that incorporates behavioral characteristics. In operation, the BCA system compares a single user's behavior with their previous behavior, a user's behavior with behavior generally attributed to non-fraudulent behavior, or a user's behavior with behavior generally attributed to fraudulent behavior. The population of other users that a user's behavior is compared with may be selected to have similar demographic or other characteristics as the user. By analyzing various behavioral characteristics associated with legitimate or fraudulent multi-factor authentication attempts, the BCA system adds another layer of security to online transactions. | 09-18-2014 |
| 20140282965 | Ongoing Authentication and Access Control with Network Access Device - Methods, systems, and computer programs are presented for securing network access. One method includes an operation for granting a user access to remote computer resources after authenticating a login request from the user sent from a secured computer device. In addition, the method includes an operation for receiving a network access request from a network access device to allow the user to access the remote computer resources through the network access device. A network access granted message for the user is sent to the network access device when the user currently has been granted access to the remote computer resources, where the secured computer device performs periodic authentication operations to validate an identification of the user based on biometric data taken of the user. Further, the method includes operations for receiving notification from the secured computer device that one of the authentication operations has failed, and for sending a network access denied for the user to the network access device in response to the notification. | 09-18-2014 |
| 20140282966 | PREVENTION OF PASSWORD LEAKAGE WITH SINGLE SIGN ON IN CONJUNCTION WITH COMMAND LINE INTERFACES - Provided are techniques for transmitting a lightweight domain access protocol (LDAP) request from an user interface application (UIA) to a LDAP server receiving, at the UIA, a LTPA token in response to the transmitting of the LDAP request; transmitting, from the UIA, to a command line interface associated with an application, the LTPA token in conjunction with a command to be executed by the application; verifying by the application the LTPA token; and in response to the verifying, executing, by the application the command. The techniques also include transmitting, from the application, to a second command line interface associated with a second application, the LTPA token in conjunction with a second command to be executed by the second application; verifying by the second application the LTPA token; and in response to the verifying by the second application, executing, by the second application the second command. | 09-18-2014 |
| 20140282967 | Portable Platform for Networked Computing - In one embodiment, a portable, networked, computing device comprises a processor, a plurality of radios, and a memory. The device may be operable to pair, by at least one of the radios, with a device associated with a user. The device may then monitor, by one of the radios, a signal for a connection established with a first network. When the device determines that the signal for the first network has dropped below a threshold level of quality, it may enable access point mode for at least one of the paired devices by turning on a radio to establish a connection with a second network and thereby providing connectivity to the second network for the at least one of the paired devices. If multiple networks are available, the device may select an optimal network based on an assessment of one or more factors. | 09-18-2014 |
| 20140282968 | METHOD FOR APPARATUS FOR ROUTING APPLICATION PROGRAMMING INTERFACE (API) CALLS - A method and apparatus for routing Application Programming Interface (API) calls from a partner entity to a telephony service provider (TSP) network are provided herein. In some embodiments, a method for routing API calls may include receiving a first message including an API call and a partner API key used to authenticate the partner entity on the TSP network to access a partner API layer disposed on the TSP network, extracting the partner API key from the first message, performing an authentication process to authenticate an identity of the partner entity using at least the extracted partner API key, and routing the first message based on results of the authentication process. In some embodiments, the first message is routed to the partner API layer disposed on the TSP network when the identity of the partner entity is authenticated. | 09-18-2014 |
| 20140282969 | SYSTEMS AND METHODS FOR ACCOUNT RECOVERY USING A PLATFORM ATTESTATION CREDENTIAL - Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential. | 09-18-2014 |
| 20140282970 | METHOD AND APPARATUS FOR TRANSLATION OF BUSINESS MESSAGES - A system and method are provided for translation of business messages between trading partners. A routing slip is determined based upon information related to the sender and information related to the recipient of the business message. The business message is processed using business data rationalization in accordance with the routing slip, wherein business data rationalization includes parsing an arbitrary syntax of the business message and applying semantically meaningful names to individual data elements or sets of elements of the business message identified by the arbitrary syntax. | 09-18-2014 |
| 20140282971 | SYSTEM FOR MANAGING REMOTE SOFTWARE APPLICATIONS - The disclosure describes systems, methods and devices relating to a sign-on and management hub or service for users of multiple internal, external or Software-as-a-Service (SaaS) software applications (Apps), with options for centralized management and sharing of accounts without needing to provide login credentials to individual users. | 09-18-2014 |
| 20140282972 | WIRELESS DEVICE AUTHENTICATION AND SERVICE ACCESS - Authenticating a client device coupled to an authenticator network device for a network. A service request is received from the client device at the authenticator network device. User credentials, including a user ID, a user key, and a nonce for a user are received at the authenticator network device. A token is generated using the received user credentials. The service request is modified to include the token and a user ID parameter that is the user ID to generate a modified service request. The modified service request is used to provide single sign-on access to a service that is the subject of the service request. | 09-18-2014 |
| 20140282973 | SYSTEMS AND METHODS FOR SECURELY TRANSFERRING AUTHENTICATION INFORMATION BETWEEN A USER AND AN ELECTRONIC RESOURCE - Systems and methods for securely transferring authentication information between a user and an electronic resource are disclosed herein. The methods include providing an authentication image to a user interface. The authentication image is associated with a resource-side coordinate system and the providing includes encoding the resource-side coordinate system to generate a user-side coordinate system that is different from the resource-side coordinate system and transmitting the authentication image and the user-side coordinate system to the user interface. The methods further include receiving an encoded coordinate set, which uniquely identifies an authentication location in the user-side coordinate set and that is user-selected from the authentication image, from the user interface and decoding the encoded coordinate set to generate a decoded coordinate set that uniquely identifies the authentication location in the resource-side coordinate set. The systems include systems that perform the methods. | 09-18-2014 |
| 20140282974 | Secure Transaction Systems and Methods - Systems and methods are described that use tag authentication and presence verification techniques in connection with a variety of transactions. In certain embodiments, an authentication device may verify the authenticity of a secure tag by determining whether the secure tag stores secret information provisioned by a trusted authority. In some embodiments, such an authentication process may be performed without exposing the secret information to the authentication device, thereby maintaining integrity of the secure tag. In other embodiments, insecure tags and/or tags that do not include secret information are used. | 09-18-2014 |
| 20140282975 | SYSTEMS AND METHODS FOR AUTOMATED DETECTION OF LOGIN SEQUENCE FOR WEB FORM-BASED AUTHENTICATION - A system for automating login can determine if a web artifact, such as a web page, includes a login form, by identifying a password field, a user ID field, and a submit button or another element providing the functionality to submit credentials for authorization. Submission of user credentials may be emulated, and access to password protected areas can be ascertained, e.g., by identifying any element that permits signing out from the password protected area. | 09-18-2014 |
| 20140282976 | SYSTEM AND METHOD FOR SECURE APPLICATION COMMUNICATION BETWEEN NETWORKED PROCESSORS - A system and method is disclosed for transporting application data through a communications tunnel between a host device and a guest device that each includes networked processors. The application data may be transported between the host device and the guest device through an allowed port of the host device, the communications tunnel, and a port of the guest device. Based on logon credentials, the guest device can be authenticated by a security server and a role may be determined. The role can include allowed ports and associated applications on the host that the guest is allowed to access. Remote access from the guest device to host devices or remote devices may be enabled without needing prior knowledge of their configurations. Secure access may be facilitated to remote host devices or remote devices, according to security policies that can vary on a per-session basis and takes into account various factors. | 09-18-2014 |
| 20140282977 | RISK ASSESSMENT USING SOCIAL NETWORKING DATA - Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data. | 09-18-2014 |
| 20140282978 | METHOD AND APPARATUS FOR SECURE INTERACTION WITH A COMPUTER SERVICE PROVIDER - A method for secure interaction with a website server capable of an authentication operation with a login operation checking a username and a password, is described. Standard web browsing environments are generally insecure and private information, such as passwords, are prone to theft. The proposed solution comprises securing the password used for the authentication in a trusted computing environment, such as a separate computer, without the need of revealing the password to a browser running in an untrusted computing environment, and basing the browsing on authentication data obtained as result of the login operation, that can be confirmed by the user in the trusted environment, prior of being performed. | 09-18-2014 |
| 20140282979 | USER AUTHENTICATION SYSTEMS FOR REMOTE COMPUTERS, INTERNET APPLICATIONS AND ONLINE SERVICES - A system for authenticating users to a remote computers, networks and applications is provided whereby a user provides a remote system with basic identification, the remote system contacts an authentication server, the authentication system provides the user with one or more graphical challenge interfaces that require a user to select specific locations in one or more graphics to prove his identity, where the user has previously chosen the graphics and specific locations, the graphics and specific locations are stored securely in the authentication server, and successful identification of the preselected locations authenticates the user to the remote computer, networks and/or application. | 09-18-2014 |
| 20140282980 | SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS - A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requestor identifying information; generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer. | 09-18-2014 |
| 20140289830 | METHOD AND SYSTEM OF A SECURE ACCESS GATEWAY - In one exemplary embodiment, a computer-implemented method of a secure-access gateway to a destination device in a protected computer network include the step of receiving a request from a remote user to access the destination device in the protected computer network. A session for the remote user is registered. The session includes an access to the destination device by the remote user according to a set of specified parameters controlled by the secure access gateway. The session is created. When the remote user connects and authenticates, the secure access gateway establishes the connection to the destination device on behalf of the remote user. The session is monitored according to the set of specified parameters. The session is monitored to determine if at least one specified parameters is achieved. The session between the remote user and the destination device is when terminated when the at least one specified parameters is achieved. | 09-25-2014 |
| 20140289831 | WEB AUTHENTICATION USING CLIENT PLATFORM ROOT OF TRUST - Systems and methods for performing web authentication using a client platform root of trust are disclosed herein. Website and user validity and integrity may be authenticated based on the user device's attempt to access the website. A user device may securely access the website once the user device is successfully authenticated with a server. In an embodiment, the user device may perform an authentication of the website to ensure the website is a valid entity. | 09-25-2014 |
| 20140289832 | System, Method, And Apparatus For Using A Virtual Bucket To Transfer Electronic Data - A method for transferring data between a first and a second computer system by way of a storage location in a third computer system. When needed for a transfer, the third computer system creates the storage location associated with the first computer system. Using the association, the first computer is able to access the storage location. The second computer system reads access information from a close proximity identification medium, where the information is associated with the storage location. Using the information, the second computer system is able to access the storage location. In a data transfer, one of the first and second computer system stores information in the storage location and the other of the first and second computer systems reads the data from the storage location. Once the data has been transferred from the storage location, the storage location is deleted. | 09-25-2014 |
| 20140289833 | ADVANCED AUTHENTICATION TECHNIQUES AND APPLICATIONS - A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client. | 09-25-2014 |
| 20140289834 | SYSTEM AND METHOD FOR EYE TRACKING DURING AUTHENTICATION - A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size. | 09-25-2014 |
| 20140289835 | Devices, Systems and Methods for Security Using Magnetic Field Based Identification - Devices, systems and methods are disclosed for determining an electromagnetic signature for authenticating a device, a user, and/or a location. In exemplary embodiments, a magnetometer captures an electromagnetic signature which is then compared with one or more authorized electromagnetic signatures. If the electromagnetic signature matches an authorized electromagnetic signature, then access is granted. The magnetometer is integrated into a communication device having a processor and a logic. The magnetometer captures an electromagnetic signature of a surrounding environment and detects motion of the communication device through the captured electromagnetic signature. The logic on the communication device locks or unlocks features of the device based upon the captured electromagnetic signature. In further embodiments of the subject disclosure, the magnetometer is in communication with a server which authenticates a user or communication device to provide access to a remote location. | 09-25-2014 |
| 20140289836 | DOCUMENT, METHOD FOR AUTHENTICATING A USER, IN PARTICULAR FOR RELEASING A CHIP CARD FUNCTION, AND COMPUTER SYSTEM - A document having a non-volatile memory area for storing a secret identifier that has a first n-digit character sequence from a predefined character set; a random generator for selecting at least one character from the predefined character set for replacement of at least one character of the first character sequence, such that a second n-digit character sequence is defined as a result of this replacement; a volatile memory area for storing the at least one selected character; a display device for displaying the at least one selected character; an interface for inputting a third character sequence; and a processor element for authenticating the user to the document, wherein the processor element is configured to access the non-volatile memory area and the volatile memory area in order to read the second character sequence and check for a match between the second and third character sequences in order to authenticate the user. | 09-25-2014 |
| 20140298434 | Enhancing the Security of Near-Field Communication - Security of near-field communication (NFC) may be enhanced. A user authentication may be provided via a mobile device enabled as a first NFC device. The user authentication may be specified by an end user of the mobile device for permitting NFC with a second NFC device. The user authentication may be related to an environmental object or a perspective of the mobile device specified by the end user. It may be determined whether the mobile device and the second NFC device are in proximity to one another. When the mobile device and the second NFC device are in proximity to one another and a detected action performed by a user with the mobile device is substantially similar to the provided user authentication, NFC between the mobile device and the second NFC device may be permitted. | 10-02-2014 |
| 20140298435 | Authentication using three-dimensional structure - A user can be authenticated via traversal of a three-dimensional structure and entry of an authentication code. For example, a user-entered authentication code can be compared to an authentication code, and a user-selected element of the structure can be compared to a destination element resulting from following an authentication path through the structure beginning at a starting element. As another example, a user-selected ordered series of elements of the structure and corresponding user-entered sub-codes can be respectively compared to an authentication ordered series of elements of the structure resulting from following ordered steps of an authentication path through the structure beginning at the starting element and to sub-codes of an authentication code. | 10-02-2014 |
| 20140298436 | CLOUD CONTROL SYSTEM AND METHOD FOR LAN-BASED CONTROLLED APPARATUS - A cloud control system for LAN-based controlled apparatus and method for the same is disclosed. The cloud control system includes a cloud server and a LAN sub-system. The LAN sub-system includes a LAN communication apparatus, a LAN server host, a controlled apparatus that is controlled by the LAN server host, and a an electronic device that may connect to the cloud server and the LAN server host. After logging in to the cloud server through the LAN communication apparatus of the LAN sub-system, the electronic device may acquire the a path linking to the controlled apparatus and may connect to and operate the controlled apparatus by selecting the apparatus linking path. Through the design on the cloud server that controls the controlled apparatus of each of the LAN sub-systems for the permission of linking and operation, the procedure of installation and configuration of the controlled apparatus may be simplified and the time of search for the controlled apparatus may be shorten, and further the security of the controlled apparatuses and their data transmission may be increased. | 10-02-2014 |
| 20140298437 | Exploiting Application Characteristics for Multiple-Authenticator Broadcast Authentication Schemes - A method for securing communications in a vehicle-to-vehicle (V2V) system including an on-board computer of a broadcasting vehicle predicting a value for a vehicle parameter, generating a heavyweight signature corresponding to the predicted value, and obtaining an actual value for the vehicle parameter. The method also includes the computer comparing the predicted value to the actual value to determine if the predicted value bears a first relationship to the actual value. If the computer determines that the predicted value bears the relationship to the actual value, the on-board computer generates a lightweight authenticating signature to correspond to the predicted value and broadcasts a data message having the predicted value with the corresponding heavyweight authenticating signature and the corresponding lightweight authenticating signature. | 10-02-2014 |
| 20140298438 | Automatic Reauthentication in a Media Device - A system and method is presented for verifying the ability to use stored authentication information when accessing a remote media service. A media device, such as a television, is described that stores authentication information for a remote media service. Such authentication information may include a user name and a password. Because media devices may be re-sold, returned for re-sale, or refurbished, it is necessary to automatically disable the authentication information to prevent a second owner from accessing the services and accounts belonging to a first owner. The ability to use authentication information is disabled upon a long delay in accessing the service, a complete power down cycle, a change in IP address, or a change in network interfaces used to access the network. | 10-02-2014 |
| 20140298439 | Trusted Hardware for Attesting to Authenticity in a Cloud Environment - Apparatuses, computer readable media, methods, and systems are described for storing a first measurement of a virtualization platform, storing a second measurement of a measured virtual machine, generating a quote using a key, wherein the quote is based on the first measurement and the second measurement, and providing the quote for attesting to authenticity of the virtualization platform and of the measured virtual machine. In a further example, the quote may be generated based on a third measurement of a secure tunnel. | 10-02-2014 |
| 20140298440 | PRESENTING MESSAGES ASSOCIATED WITH LOCATIONS - A user may express an interest in a set of individuals represented in a set of individual stores (e.g., friends in a social network and colleagues in an academic directory). Such individuals may send to the individual stores messages that are associated with a location, and the user may request, from respective individual stores, a presentation of the locations. According to the techniques presented herein, the messages from the individual stores may be aggregated, and the locations associated with the aggregated messages may be presented in a map, thereby presenting to the user the locations of the messages of the individuals irrespective of from which individual store each message was received. Additionally, the map may present the messages to the user, and upon receiving form the user a reply to a message, may send the message to the individual store from which the message was received. | 10-02-2014 |
| 20140304789 | CONVENIENT ONE-TIME PASSWORD - Authenticating a human user in a computer system by performing the following steps: (i) determining a one-time password determination algorithm (OTPDA) of one of the following types: graphical, audible, decoder key based, language-based, general knowledge based, temporal, transformative arithmetic and/or a hybrid type; and (ii) revealing the OTPDA to the human user in human-comprehensible form. Revealing OTPDA is done by: (i) communicating the OTPDA itself to the human user, and/or (ii) confirming, to the human user, that the human user's choice for an OTPDA will be used. Preferably, the OTPDA is simple to remember and can be applied by the human user without resort to a computer or similar device. | 10-09-2014 |
| 20140304790 | DIGITAL CONTENT DISTRIBUTION AND SUBSCRIPTION SYSTEM - Digital content distribution systems and methods are provided for distributing for digital data files, such as digital audio and video data files. In accordance with one implementation, a token-based authentication system is provided that does not require knowledge of the individual user requesting the download of digital content data or real-time access to user account information. Instead, the token-based authentication system embeds the authentication information, or token, in the download request information itself. In this way, the download or content server authenticates the download request using the token contained in the download request information and therefore does not require any additional information to carry out this authentication, such as access to user account information. | 10-09-2014 |
| 20140304791 | SYSTEM FOR AND METHOD OF SECURING A NETWORK UTILIZING CREDENTIALS - A system for and method of securing a network are described herein. A receiving device listens for packets with proper credentials. If a transmitting device sends the correct credentials, the receiving device will respond with an acknowledgment and further data is able to be transmitted. However, if the transmitting device does not send a packet with the proper credentials, then the receiving device will drop the packet and not respond. Thus, the transmitting device will be unaware of the presence of the receiving device, in particular when hackers are using scanning software to locate target devices. | 10-09-2014 |
| 20140304792 | SYSTEM AND METHOD FOR IDENTITY CONFIRMATION USING PHYSIOLOGIC BIOMETRICS TO DETERMINE A PHYSIOLOGIC FINGERPRINT - The invention provides a method for verifying a person's identity, which includes obtaining a password and/or random key from a person, and comparing the obtained password and/or random key to a plurality of known passwords and/or random keys to determine a likely identity of the person. The method further includes measuring a specific biometric of the person, the specific biometric comprising a respiratory, cardiac, or other physiologic biometric, and comparing the measured specific biometric to the known specific biometric of the person that is associated with the obtained password and/or random key to verify the likely identity of the person. | 10-09-2014 |
| 20140310789 | USER ACCESS CONTROL TO A SECURED APPLICATION - Embodiments described herein provide approaches for user access control to a secured application. Specifically, a custom authentication tool is configured to intercept a request from a user for access to a secured application and override one or more default requirements (e.g., application pre-registration, for accessing the application). That is, when credentials of the user are received at the authentication tool, they are verified against data within a user directory to generate a user profile, which is then provided to the secured application to satisfy the requirements for granting access to the user. As such, the secured application's requirements are met, yet users do not have to manually pre-register to obtain access because the registration is performed in the background by the authentication tool. | 10-16-2014 |
| 20140310790 | Full Spectrum Cyber Identification Determination Process - A full spectrum cyber identification determination process for accurately and reliably determining and reporting any identification determination from a full spectrum of possible cyber identification determinations. Utilizing cyber resources and predetermined criteria for providing cyber identification determinations for at least one unidentified subject of an observation, the process: provides identification determinations for any possible subject of an observation; provides for the utilization of any selected attainable level of accuracy, up to, and including 100% accuracy; provides for single, intermittent, and constant identification determinations; utilizes any available cyber resources; interacts with utilized cyber resources to provide any possible function and/or observation; recognizes characteristics from observations and then utilizes recognized characteristics for comparing and/or determining; provides and utilizes a standard set of designations for representing all aspects of the process; utilizes useful information and/or outcomes from comparing for making identification determinations; and, reports on any aspect of the process at any time. | 10-16-2014 |
| 20140310791 | AUTHENTICATION OF DEVICES IN A WIRELESS NETWORK - Various aspects are discussed, for example, a method is decsribed for authentication of devices in a wireless network involving NFC (Near Field Communication), wherein a device periodically switches its mode from a read mode, in which it is able to receive authentication data from one or more other devices, to a write mode, in which it sends out authentication data to the one or more other devices, according to a random time slot scheme. The device authenticates itself after having received authentication data from another device during the read mode, and the device switches permanently its mode to the write mode after being authenticated. | 10-16-2014 |
| 20140317708 | LOGIN VIA NEAR FIELD COMMUNICATION WITH AUTOMATICALLY GENERATED LOGIN INFORMATION - Methods and devices for NFC tap login with automatically-generated login information are disclosed. A user can launch a browser application and log in a desired website without having to enter the user's username and password. The user can achieve this by tapping a Near Field Communication-enabled computing device with an NFC-enabled wireless device. The wireless device generates and stores the user's usernames and passwords corresponding to a number of websites, and provides the username and password for the desired website to the computing device via an NFC-based communication link. Through a browser application running on the computing device, the user can sign up an account at and log in the desired website. | 10-23-2014 |
| 20140317709 | COMPUTER SERVER AND AUTHENTICATION METHOD - A computer server system includes a processor that executes a number of modules. The number of modules includes a receiving module to receive an account name inputted by a user, and a password generating module to generate a unique, unchangeable password corresponding to the account name. The computer server system further includes a storage unit to store the account name and the password. | 10-23-2014 |
| 20140317710 | METHOD FOR CONNECTING DEVICES TO A NETWORK THROUGH AN AUDIO CABLE AND A USER DEVICE - A method of configuring a first device, such as a monitoring device, to be controlled by a second, user device, via a network, comprises connecting the user device to the monitoring device to be configured, via an audio cable, providing a network password to a wireless network to the monitoring device from the user device, via the audio cable, connecting the monitoring device to the wireless network; and associating the monitoring device to the user device by a processing device, so that the user device can interact with the monitoring device and the processing device, via the wireless network. The user device may be a mobile user device, which may be connectable to a WiFi network and/or a cellular network, or example. A cryptographic key may be issued between the monitoring device and the user device for secure communication. | 10-23-2014 |
| 20140317711 | SYSTEM AND METHODS FOR WEAK AUTHENTICATION DATA REINFORCEMENT - Systems and methods for weak authentication data reinforcement are described. In some embodiments, authentication data is received in a request to authenticate a user. In response to detecting weak authentication data, the systems and methods determine whether the user was previously authenticated as a human user. An example embodiment may include initiating an authentication process based on determining that the user was previously authenticated as a human user. | 10-23-2014 |
| 20140317712 | PROVIDING ACCESS TO REGISTERED-USER WEBSITE - A first interface is transmitted from the server computer system to a user computer system, the first interface having a field for entering a mobile telephone number. A mobile phone number entered into the field for the mobile phone number is received from the user computer system at the server computer system. A password is generated and transmitting from the server computer system to a mobile device having a mobile phone number corresponding to the mobile phone number received from the user computer system and a second interface is transmitted from the server computer system to the user computer system, the second interface including a field for entering the password. A follow-up message is transmitted from the server computer system to the mobile device if the password is not received from the user computer system at the server computer system within a predetermined period of time. | 10-23-2014 |
| 20140317713 | Method and System of User Authentication Using an Out-of-band Channel - The user authentication method comprises: a central processing server generates an encoded data, such as a QR code, from encoding a session number, which can be randomly generated; a first client computing device displays a login page that includes the QR code to a user for authentication; the user uses a mobile communication that has already been registered and paired with the user account stored in the central processing server to image-capture the QR code, and sends the decoded QR code data to the central processing server; the central processing server validates the decoded QR code data against the session number; upon a positive validation, the user may need to enter his/her security PIN according to configuration in the second mobile communication and be sent to the central processing server for validation; and upon a positive validation, the user authentication is completed. | 10-23-2014 |
| 20140317714 | Configuration of Accessories for Wireless Network Access - A portable computing device can enable an accessory to access a wireless network. In particular, the portable computing device can provide a wireless network access credential to the accessory. The accessory can thereafter use the wireless network access credential to access a wireless network. The portable computing device can additionally configure an access point that manages the wireless network to permit the accessory to join the wireless network. | 10-23-2014 |
| 20140317715 | BLUETOOTH ENABLED CREDIT CARD WITH A LARGE DATA STORAGE VOLUME - A smart card is disclosed which includes a mass storage memory for storing biometric information of a user and private data. A radio is used as an interface to the card. When the user of the card wishes to invoke an application for the private data, biometric information about the user is provided to a device in communication with the card, enabling the card to authenticate the user as an authorized user of the private data, and in response to that authentication provide the data to the application in a manner that maintains privacy and integrity of data. | 10-23-2014 |
| 20140325627 | AUTHENTICATION SYSTEM AND METHOD FOR EMBEDDED APPLETS - A system and method for authenticating user requests issued from embedded applets running on web-accessible user devices. The server system generates authentication tokens associated with user credentials, in response to user requests for HTML pages that include the embedded applets. The server system stores the authentication tokens on the server system, and includes the authentication tokens in URLs within applet tags in the HTML pages returned to the user devices. When the applets download and request content from the server system, the applets supply the previously included authentication tokens in the URLs that identify the requested content. Upon finding a match between the applet-supplied authentication tokens and the stored authentication tokens, the server identifies the user as a trusted user, and responds with the requested content. This can be used to eliminate HTTP- based authentication challenges for subsequent user access. | 10-30-2014 |
| 20140325628 | LOGIN METHOD, APPARATUS, AND SYSTEM - Various embodiments provide methods, apparatus, and systems for logging in an application account. A request for logging in an application account sent from a first terminal can be received. It is detected if the first terminal can be included in frequently used terminals corresponding to the application account. First verification information can be sent to a second terminal bound with the application account, when it is detected the first terminal is not included in the frequently used terminals corresponding to the application account. Second verification information can be received from the first terminal to detect if the second verification information matches the first verification information. When it is detected that the second verification information matches the first verification information, the request for logging in the application account can be responded. | 10-30-2014 |
| 20140325629 | SYSTEM AND METHOD OF ONLINE DOCUMENT STORAGE AND RETRIEVAL FOR USE BY HOSTING COMPANIES AS A SERVICE TO THEIR CLIENTS - Disclosed herein is a computer-implemented system and method for hosting companies to offer a service of securely retrieving, storing and distributing critical documents for their clients. This can be done for the client by a hosting company administrator on a company administrative site, or by the hosting company's client, the end user, through a private labeled interface provided by a hosting company, via a hosting company's private label entry page. Additionally, the hosting company can administer many functions of the client's accounts through a series of Batch Interfaces thereby working on multiple accounts and functionalities done via one batch function. Also disclosed is a computer-implemented method of permanently storing critical documents in an online retrieval, storage and distribution system created to act as an interface that has predesigned storage boxes, categories and subcategories allowing the client/hosting company to immediately use the system, not having to create a structure for storage. Additionally, customization of these predesigned attributes is possible by the hosting company and/or client. | 10-30-2014 |
| 20140325630 | METHOD AND APPARATUS FOR DETERMINING MULTIMEDIA DATA AUTHENTICITY LEVEL - A method for providing multimedia data including receiving multimedia data, from a second user; determining user information relating to the second user; defining a first authenticity value based on the user information; determining multimedia data characteristics relating to the multimedia data; defining a second authenticity value based on the multimedia data characteristics; defining a multimedia data authenticity value using the first and the second authenticity value; and maintaining, by the operator, the received multimedia data associated with the multimedia data authenticity value, wherein the multimedia being available for a third user. | 10-30-2014 |
| 20140331297 | SECURED ACCESS TO RESOURCES USING A PROXY - A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature. | 11-06-2014 |
| 20140331298 | Remote Patient Monitoring - A method for securely transmitting medical data to and from a remote location includes configuring a first electronic computing device with provisioning information to access a firewall-protected electronic data network. Medical data is received at the first electronic computing device from a second electronic computing device. The medical data is transmitted to the firewall-protected electronic data network using the first electronic computing device. The provisioning information permits a secure connection between the second electronic computing device and a third electronic computing device on the firewall-protected electronic data network. | 11-06-2014 |
| 20140331299 | Managing Access to an On-Demand Service - In accordance with embodiments, there are provided mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can enable embodiments to help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability of embodiments to provide such management may lead to an improved security feature for accessing on-demand services. | 11-06-2014 |
| 20140331300 | HYBRID CLOUD IDENTITY MAPPING INFRASTRUCTURE - In various exemplary embodiments, a system and associated method for providing a hybrid cloud computing environment are disclosed. For example, a system may authorize an enterprise user based on an enterprise identity. Once authenticated, embodiments may use mapping data and a cloud role to determine an identity to use when the enterprise user accesses a cloud. | 11-06-2014 |
| 20140337948 | SYSTEM AND METHOD FOR DETERMINING LIVENESS - Systems and methods are provided for recording a user's biometric features and generating an identifier representative of the user's biometric features and whether the user is alive (“liveness”) using mobile devices such as a smartphone. The systems and methods described herein enable a series of operations whereby a user using a mobile device can capture imagery of a user's face, eyes and periocular region. The mobile device is also configured analyze the imagery to identify and determine the position of low-level features spatially within the images and the changes in position of the low level features dynamically throughout the images. Using the spatial and dynamic information the mobile device is further configured to determine whether the user is alive and/or generate a biometric identifier characterizing the user's biometric features which can be used to authenticate the user by determining liveness and/or verify the user's identity. | 11-13-2014 |
| 20140337949 | SYSTEM AND METHOD FOR GENERATING A BIOMETRIC IDENTIFIER - Systems and methods are provided for recording a user's biometric features and generating an identifier representative of the user's biometric features using mobile device such as a smartphone. The systems and methods described herein enable a series of operations whereby a user using a mobile device can capture imagery of a user's face, eyes and periocular region. The mobile device is also configured analyze the imagery to identify and determine the position of low-level features spatially within the images and the changes in position of the low level features dynamically throughout the images. Using the spatial and dynamic information the mobile device is further configured to generate a biometric identifier characterizing the user's biometric features and which can be used to identify/authenticate the user by comparing the biometric identifier to a previously generated biometric identifier. | 11-13-2014 |
| 20140337950 | Method and Apparatus for Secure Communications in a Wireless Network - A method and apparatus for secure communications between an access point and a station in a wireless network is provided. The station receives a first message from the access point in the wireless network, the first message includes a first hashed service set identifier (SSID) generated by the access point by performing a first hash function on an SSID associated with the access point. The station generates a second hashed SSID by performing the first hash function on an SSID known by the station, determines whether the second hashed SSID matches the first hashed SSID. When the second hashed SSID matches the first hashed SSID, the station sends a second message to the access point. | 11-13-2014 |
| 20140337951 | SECURITY MANAGEMENT SYSTEM INCLUDING MULTIPLE RELAY SERVERS AND SECURITY MANAGEMENT METHOD - The present invention relates to a security management system of a computer network, which includes a center server and two or more relay servers. The relay servers receives at least some of data stored in the center server and stores the received at least some of data. A first relay server stores access authentication information and transmits data requested by the client to the client, when access information received from a client does not match with the access authentication information. The center server transmits a ‘block relay’ command to the first relay server and a ‘start relay’ command to a second relay server, when the center server receives information on the malicious access. Accordingly, the second relay server performs a relay function instead of the first relay server. | 11-13-2014 |
| 20140337952 | METHOD AND DEVICES FOR RUNNING PUSH-BUTTON CONFIGURATION SESSIONS - A method and a network node device run Push-Button Configuration sessions within a heterogeneous network, IEEE 1905.1, using a push button configuration mechanism that ensures that only one single new network node device is registered for a single push button key press event and thus overlapping Push-Button Configuration sessions within a heterogeneous network are prevented. After finishing the push button configuration mode, the number of new nodes is checked. If more than one node has been added, a configuration roll-back is performed. Preferably, the push button configuration roll-back is performed as soon as the authentication of more than one distinct node has been detected. The roll-back includes the deletion or deactivation of credentials established by the push-button configuration. | 11-13-2014 |
| 20140344909 | PASSWORD ENTRY THROUGH TEMPORALLY-UNIQUE TAP SEQUENCE - Embodiments replace a password with a tap sequence. Systems and methods receive tapping signals at an input sensor. A learned sequence of taps and correlation factors is accessed in a database. Tapping is detected on an adjacent surface by comparing the tapping signals received from the input sensor to the learned sequence and the correlation factors. Access to a secure system is automatically enabled when a match is identified between the detected tapping and the learned sequence. | 11-20-2014 |
| 20140351910 | Authorizing Access by a Third Party to a Service from a Service Provider - Systems and methods are provided for authorizing third-party access to a specific service from a service provider. In an example embodiment, a server system identifies a shared service from multiple services provided by the server system. The shared service is specified by an authorizing entity. The server system provides a credential associated with the shared service and the authorizing entity. The server system receives a request to access the shared service from a requesting entity that is separate from the authorizing entity. The server system verifies that the request includes the credential and that the credential is associated with the shared service and the authorizing entity. The server system provides access to the shared service to the requesting entity based on verifying that the request includes the credential. The requesting entity is restricted to accessing the shared service identified by the credential as authorized by the authorizing entity. | 11-27-2014 |
| 20140351911 | SECURE AUTHORIZATION SYSTEMS AND METHODS - Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication processes. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider. | 11-27-2014 |
| 20140351912 | TERMINAL IDENTIFICATION METHOD, AND METHOD, SYSTEM AND APPARATUS OF REGISTERING MACHINE IDENTIFICATION CODE - A terminal identification method, a machine identification code registration method and related system and apparatus are disclosed. After receiving a first request for which signature or certificate verification is to be performed from a terminal, a service network obtains a signature or certificate of a trusted party for a machine identification code identifier of the terminal from the first request, wherein the machine identification code identifier being an identifier allocated by the trusted party to the machine identification code of the terminal. The service network verifies the obtained signature or certificate, and if a verification result indicates legitimacy, identifies the terminal using the machine identification code identifier obtained from the signature or certificate. The present disclosure further provides a trusted party and a method of registering a machine identification code by the trusted party. The present scheme can efficiently realize terminal identification, occupy fewer resources and facilitate better privacy protection. | 11-27-2014 |
| 20140351913 | Verifying User Information - A computer is configured to impose an access restriction based upon user-provided information, such as a user's birthdate. In order to enforce such a restriction, the computer requests from a user an image of a valid identity document associated with the user, such as a valid driver's license. In response to receiving such an image from the user, the computer performs an image analysis on the image to extract user information. The computer might extract the user's name, address, birthdate, driver's license number, and/or other information from the image for instance. The computer may utilize the extracted information to determine whether the user should be granted access. The computer may determine based upon the extracted information, for instance, whether the age of the user is greater than a minimum age required to access the computer. The computer may be configured to restrict access to a Web site in this manner. | 11-27-2014 |
| 20140351914 | Identity Verification for Online Education - Performing identity verification for online education is disclosed. In response to receiving a notification of a submission event, a user is prompted to provide authentication information including at least one of a plurality of types of information. Authentication information received is compared to at least a portion of stored enrollment information associated with the user with which the received authentication information is associated. The stored enrollment information includes at least two different types of information collected during an enrollment phase, including the at least one type of information solicited during the user prompting. In the event that matching criteria are met based at least in part the comparison a first action is performed. In the event that matching criteria are not met based at least in part on the comparison, a second action that is different from the first action is performed. | 11-27-2014 |
| 20140359735 | MAINTAINING APPLICATION SESSION CONTINUITY ACROSS DEVICES - The present disclosure describes methods, systems, and computer program products for maintaining application session continuity across different devices. One computer-implemented method includes identifying a first application session of an application executing within a portal environment. The first application session of the application is associated with a first user who is operating at a first device. A representation of an application state for the first application session of the application is stored. A request is received to execute a second application session of the application within the portal environment from the first user operating at a second device different form the first device. The second application session of the application can be instantiated for execution within the portal environment. The second application session is instantiated to a state corresponding to the stored representation of the application state of the first application session. | 12-04-2014 |
| 20140359736 | DYNAMIC VOICEPRINT AUTHENTICATION - A dynamic device key that identifies and authenticates a device and its user includes data representing captured sound of the user speaking a disposable pass phrase. The convenient and secure authentication of voice recognition is combined with convenient and secure device authentication by including biometric voice-recognition of the user in the dynamic device key. During registration, the user speaks all elements of a collection from which disposable pass phrases can be composed. The resulting audio signals, representing the user's voice print as modified by background noise introduced by the device and the environment, are used as references for subsequent authentication. During authentication, a dynamic device key challenge specifies a number of device attributes, including pass phrases to be spoken by the device's user. The pass phrases may be selected in a randomized manner from the collection of disposable pass phrases. The responsive dynamic device key includes data representing an audio signal captured through a microphone of the user speaking the disposable pass phrase and may be obscured with a nonce provided in the challenge. The result is very rigorous device and user authentication. | 12-04-2014 |
| 20140359737 | AUTHENTICATION SYSTEM, ELECTRONIC DEVICE, AND AUTHENTICATION METHOD - An authentication system includes one or more portable terminals and an electronic device. The electronic device includes a storage section, a terminal location acquiring section, a determining section, an authentication section, and a right granting section. The storage section stores authentication information of each of one or more users, usage right information of each user, and location information of the electronic device. The terminal location acquiring section acquires location information of each portable terminal. The determining section determines a first portable terminal that is located within a specific authentication distance from the electronic device, based on the location information. The authentication section performs authentication of a first user associated with the first portable terminal, based on the authentication information of the first user. The right granting section permits the first user to use the electronic device within a scope of usage right granted to the first user. | 12-04-2014 |
| 20140359738 | COMMUNICATION APPARATUS, METHOD OF CONTROLLING, AND STORAGE MEDIUM - A communication apparatus that selects one out of a plurality of authentication modes for connecting to a network for which an authentication is required, identifies network information relating to a connection target network, and authentication information for executing an authentication, selects an authentication mode to be used from the plurality of authentication modes based on the network information and one or more attributes for when connecting to the connection target network based on the authentication information, and executes an authentication for connecting to the connection target network using the selected authentication mode. | 12-04-2014 |
| 20140359739 | VOICE BASED BIOMETRIC AUTHENTICATION METHOD AND APPARATUS - Voice based biometric authentication method, apparatus (system), and computer program product. Provided is voice verification solution with a high accuracy rate that can prevent cheating via recording. The method includes: transmitting to the user a question prompt requiring the user to speak out a voice segment and an answer to a dynamic question, the voice segment having a corresponding text dependent speaker verification model enrolled before the authentication; segmenting, in response to receiving the voice answer, the voice segment part and the dynamic question answer part out from the voice answer; and verifying boundary smoothness between the voice segment and the answer to the dynamic question within the voice answer. With this method, whether a voice answer relates to cheating via recording is determined according to the degree of smoothness at a detected boundary. The apparatus and computer program product carry out the steps of the above-mentioned method. | 12-04-2014 |
| 20140359740 | METHOD AND DEVICE FOR WEB REDIRECT AUTHENTICATION IN WIFI ROAMING BASED ON AC AND AP INTERWORKING - A WiFi roaming management method and device which redirect an HTTP request of a mobile terminal from an AP to an AC even though the AC and the AP do not exist in the same subnet, which redirects a source IP address for an HTTP request, after transferring, to an IP address of the AC, and which smoothly support a wireless Internet service in a distributed processing system according to a web authentication of the AC in a WiFi roaming method is provided. A terminal session management function and a traffic control function are separated by a premium AC (Access Controller) and a premium AP (Access Point) interworked with a tunneling method according to a CAPWAP protocol. | 12-04-2014 |
| 20140359741 | Mutually Authenticated Communication - A method and system for securing an electronic communications session between a mobile device and a network server is provided. The method includes requesting, from the mobile device, a unique session identifier from an authentication server. The authentication server in turn requesting the session identifier from the network server on behalf of the mobile device and, upon receipt thereof, communicating it to the mobile device over a secure communication channel between the mobile device and the authentication server, established using a unique digital certificate on the mobile device which was previously issued to it by a trusted certification authority. The session identifier being useable by the mobile device and network server to secure, mutually validate and authenticate the electronic communication session between them conducted by means of a conventional electronic communications protocol. | 12-04-2014 |
| 20140359742 | Apparatus and Method for Agent Based Ingestion of Data - A computer system includes a firewall between the computer system and an external network. Private data sources are protected by the firewall. An agent executed behind the firewall is configured to connect to a target data repository external to the firewall, specify a data set in the form of a query against one or more of the private data sources, generate the data set by executing the query against one or more of the private data sources, and export the data set through the firewall and into the target data repository. | 12-04-2014 |
| 20140359743 | AUTHENTICATION USING MOBILE DEVICES - Technologies are generally described for authentication systems. In an example, an authentication system can be built among devices by sharing an image that is virtually torn into pieces. Each participant in the authentication system receives a piece of the image. The participants are authenticated when the pieces are later joined to form the original image. | 12-04-2014 |
| 20140366110 | METHODS AND SYSTEMS FOR SINGLE SIGN-ON WHILE PROTECTING USER PRIVACY - A method of enabling applications to reference user information is provided, including receiving a request for a user identifier that references a user of the application and sending a second request for the user identifier to a server. The second request may include a second user identifier that references the user and a second authentication token for the second user identifier. Furthermore, the second user identifier and the second authentication token are not accessible by the user. The method includes receiving the user identifier and an authentication token for the first user identifier. The user identifier corresponds to the second identifier; and providing the user identifier and authentication token to the application. A method of enabling an application to identify users associated with a user of the application is provided; the method may include receiving, from the server, user identifiers that reference one or more users scoped to the application. | 12-11-2014 |
| 20140366111 | CONTINUOUS AUTHENTICATION CONFIDENCE MODULE - Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session. | 12-11-2014 |
| 20140366112 | SERVER APPARATUS, INFORMATION PROCESSING APPARATUS, IMAGING APPARATUS, SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - A server apparatus includes: a first management unit which relates authentication image data of user authentication to authentication input data and manages the related data as authentication information; a request transmission unit which transmits a plurality of image data including the authentication image data included in the authentication information managed by the first management unit and transmits a request for the authentication input data related to the authentication image data; a reception unit which receives image data selected by a user from among the plurality of image data and input data input by the user in accordance with the request transmitted by the request transmission unit; and a determination unit which determines whether or not the user is successfully authenticated based on whether or not the authentication information in which the image data and the received input data are related to each other is managed by the first management unit. | 12-11-2014 |
| 20140366113 | System and Method for Biometric Authentication in Connection with Camera Equipped Devices - The present invention relates generally to the use of biometric technology for authentication and identification, and more particularly to non-contact based solutions for authenticating and identifying users, via computers, such as mobile devices, to selectively permit or deny access to various resources. In the present invention authentication and/or identification is performed using an image or a set of images of an individual's palm through a process involving the following key steps: (1) detecting the palm area using local classifiers; (2) extracting features from the region(s) of interest; and (3) computing the matching score against user models stored in a database, which can be augmented dynamically through a learning process. | 12-11-2014 |
| 20140366114 | Login Method and Device, Terminal and Network Server - A login method and device, and a terminal and a network server are disclosed, which relate to communications technologies. In the method, acquire an account waiting for login and a first password, and judge whether the first password is the same as a local password bound with the pre-stored account. If the first password is the same as the local password bound with the pre-stored account, upload a second password corresponding to the pre-stored account to a network server for matching, and log in to the account once the second password is successfully matched. The present invention introduces a custom password (i.e., the first password), thus avoids the complexity to enter an actual login password (i.e., the second password) and the unsafety to remember the actual login password in a terminal, and enhances the convenience and safety for login and offers greater user experience. | 12-11-2014 |
| 20140366115 | Methods, Systems, and Products for Authenticating Users - Methods, systems, and products authenticate a user to a device. A user selects or submits a media file for authentication. Features in the media file are compared to a set of criteria for authentication. The number of matching criteria, that is within a range of values for each criterion in the set of criteria, is determined. The number of matching criteria is compared to a threshold value. When the number of matching criteria equals or exceeds the threshold value, then the user that selected or submitted the media file is authenticated. | 12-11-2014 |
| 20140366116 | PROTECTED DEVICE MANAGEMENT - A method, apparatus, system, and computer program product for management of storage devices protected by encryption, user authentication, and password protection and auditing schemes in virtualized and non-virtualized environments. | 12-11-2014 |
| 20140373121 | SYSTEM AND METHOD FOR PROVIDING INTERNAL SERVICES TO EXTERNAL ENTERPRISES - In certain embodiments, a system for providing internal services to third party enterprises comprises a memory module operable to store credentials associated with each of a plurality of third party enterprises, an interface module operable to receive a service request associated with a particular third party enterprise, the service request including a token associated with the particular third party enterprise, and a processing module operable to validate the particular third party enterprise, determine a particular internal service offered by an enterprise that is the subject of the service request, the interface module further operable to forward the service request to the particular internal service, receive results corresponding to the service request generated by the particular internal service, and communicate the results corresponding to the service request to the particular third party enterprise, and the memory module further operable to store the results corresponding to the service request. | 12-18-2014 |
| 20140373122 | Method and Apparatus for Electronic Device Access - A method on an electronic device for a wireless network is described. Unique IDs, detectable by the electronic device, are scanned over a period of time. A unique ID is detected. A plurality of detectable time intervals is determined, within the period of time, for the unique ID. An authentication start time and an authentication end time for the unique ID are determined based on at least three of the plurality of detectable time intervals. Authentication data for the unique ID is stored in a historical database. The authentication data includes the authentication start time and the authentication end time. The electronic device is unlocked based on a lookup of authentication data in the historical database. | 12-18-2014 |
| 20140373123 | SERVICE PROVIDING METHOD AND ELECTRONIC DEVICE USING THE SAME - A method of providing, by an electronic device, a service to an external device is provided. The method and electronic device includes receiving, from the external device, information about the external device and information about a service requested by the external device, displaying on a screen an object including the information about the external device and the information about the service requested by the external device, receiving an acceptance input of a user for providing the service requested by the external device, and providing the service requested by the external device to the external device based on the acceptance input. | 12-18-2014 |
| 20140373124 | MULTIPLE-USE WIRELESS NETWORK - In embodiments of the present disclosure improved capabilities are described for a dual-use wireless network where the network may be used concurrently by the general public and by a managing agency (e.g., government or other agencies), but limited as deemed necessary in times of access restriction as determined by the managing agency, where network access may be denied to users/entities whose priority value is lower than the minimum allowed priority value set by the managing agency, or is not one of a set of allowed high priority access values or classes set by the managing agency. | 12-18-2014 |
| 20140380443 | NETWORK CONNECTION IN A WIRELESS COMMUNICATION DEVICE - The secure sharing of network security credentials allows a wireless communication device to connect to a network. By sharing the security credentials out of band, using a different communications protocol (such as Bluetooth or Bluetooth Low Energy), devices can be easily and securely connected to the network. | 12-25-2014 |
| 20140380444 | OUT-OF-BAND CHALLENGE QUESTION AUTHENTICATION - A system and method for challenge question authentication comprises determining whether a log-in attempt requires additional authentication. A user attempts to log-in using a first application and a first delivery channel. When additional authentication is required, a challenge question is communicated to the user using a second application and a second delivery channel. The challenge question is specific to the user. An answer to the challenge question is received, and the user provides the answer using the first application and the first delivery channel. The log-in attempt is completed when the answer to the challenge question is correct. | 12-25-2014 |
| 20140380445 | Universal Authentication and Data Exchange Method, System and Service - A method for securely communicating information between an authenticator at a local endpoint and a remote device at a remote endpoint and for authenticating to the remote device. The method comprises activating the authenticator; determining at least one communication scheme useable at the local or remote endpoints or any midpoints between the local and the remote endpoints on a communication channel; determining authentication schemes and authentication credentials usable at the local or remote endpoints or any midpoints on the communication channel; determining data encryption schemes useable at the local or remote endpoints or any midpoints on the communication channel; a user supplying authentication credentials to the authenticator; the authenticator supplying determined authentication credentials to the remote device; and responsive to a successful authentication, the authenticator and remote device exchanging information according to a determined communication scheme and a determined encryption scheme. | 12-25-2014 |
| 20140380446 | METHOD AND APPARATUS FOR PROTECTING BROWSER PRIVATE INFORMATION - A method and apparatus for protecting browser private information have been disclosed. The method including: detecting a viewing request to view private information of a current browser page; obtaining a current user's face image upon detecting the viewing request; determining based on a pre-set face recognition method, whether the current user's facial image and a registered user's face image bear same face print features, wherein the face print features are utilized to uniquely identify facial features of a person; and displaying the private information of the browser page, in response to a positive determination of bearing the common face print features. | 12-25-2014 |
| 20140380447 | Method, Apparatus, and System for Sending Credentials Securely - A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment, a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed. | 12-25-2014 |
| 20140380448 | SYSTEMS AND METHODS FOR IMPLEMENTING AND TRACKING IDENTIFICATION TESTS - Systems and methods for providing identification tests. In some embodiments, a system and a method are provided for generating and serving to a user an animated challenge graphic comprising a challenge character set whose appearance may change over time. In some embodiments, marketing content may be incorporated into a challenge message for use in an identification test. The marketing content may be accompanied by randomly selected content to increase a level of security of the identification test, in some embodiments, a challenge message for use in an identification test may be provided based on information regarding a transaction for which the identification test is administered. For example, the transaction information may include a user identifier such as an IP address. In some embodiments, identification test results may be tracked and analyzed to identify a pattern of behavior associated with a user identifier. A score indicative of a level of trustworthiness may be computed for the user identifier. | 12-25-2014 |
| 20140380449 | INFORMATION PROCESSING DEVICE AND METHOD, PROGRAM, AND RECORDING MEDIUM - To improve the convenience of a user and further provide service comfortable and safe for the user. A PK storing PMD as personal related information of a user communicates with a service system. When first using the service system, the PK stores the service ID of the service system and a spoofing preventing method. When the PK communicates with the service system for a second time and thereafter, a spoofing preventing process is mutually performed, and then the PMD is provided to the service system. The service system reads or changes the PMD on the basis of access permission information set in advance by the user. The present disclosure is applicable to PDAs. | 12-25-2014 |
| 20150020178 | Using Personalized URL for Advanced Login Security - Techniques for advanced login security using personalized, user-specific urls are provided. In one aspect, a method for authenticating a user is provided. The method includes the following steps. A personalized login url and credentials (e.g., username and password) are stored for the user. Upon receipt of a login url from the user, it is verified whether the login url matches the personalized url stored for the user. If the login url matches the personalized url for the user, then the user is provided with a user-specific login page where the user can enter credentials, otherwise access is denied. The user is authenticated only if the credentials the user enters match the credentials stored for the user, otherwise denying access. | 01-15-2015 |
| 20150020179 | CLOUD COMPUTING SYSTEM - The cloud computing system includes a mounting process unit that performs a process for mounting an external storage managed by an entity that is different from an entity that is providing a cloud computing service effected by said cloud computing system; a user information storage unit for storing in an associated manner user identification information for a user who is using said mounted external storage and network identification information for said external storage; and a cloud control process unit for using information stored in said external storage to execute, for a user terminal used by said user, a control process for said cloud computing system. | 01-15-2015 |
| 20150020180 | WIRELESS TWO-FACTOR AUTHENTICATION, AUTHORIZATION AND AUDIT SYSTEM WITH CLOSE PROXIMITY BETWEEN MASS STORAGE DEVICE AND COMMUNICATION DEVICE - A wireless two-factor authentication, authorization and audit system includes: a mass storage device being connected with a computer; a cloud-based authentication, authorization and audit server being connected with the Internet; and an authenticator device configured to establish wireless communication with the mass storage device, and to communicate with the authentication, authorization and audit server via the Internet. The mass storage device includes a processor connected with the computer, an RF frontend connected with the processor, and a memory storage connected with the processor. The processor is configured to encrypt data before the data is stored in the memory storage, to decrypt the data upon successful authentication, and to grant a user access to the data based on a passphrase, geographical location information, or proximity presence of the authenticator device. | 01-15-2015 |
| 20150020181 | PERSONAL AUTHENTICATION METHOD AND PERSONAL AUTHENTICATION DEVICE - (Purpose) The present invention provides a technology capable of simply performing individual authentication with high accuracy by extracting the feature of the vein pattern and the feature of the palm print shape of the person to be authenticated from a single original image data photographed using a visible light image acquisition unit (e.g. visible light camera). | 01-15-2015 |
| 20150020182 | Method, Equipment and System for Pushing Network Content - A method, an equipment, and a system for pushing network content are provided that relate to the field of communications technologies. The method for pushing network content includes: setting, by a user, selected network content as a feature of a mobile equipment according to the interest point of the user on a network portal, and pushing an identifier of the network content and setting information to the mobile equipment, so the mobile equipment obtains the corresponding network content according to the identifier of the network content, and sets the network content as an attribute of the mobile equipment according to the setting information. With the present invention, the mobile equipment automatically sets the attribute of the mobile equipment according to the received identifier of network content and setting information pushed by a network side, thereby reducing operations of the user, and improving the user experience. | 01-15-2015 |
| 20150020183 | REPRESENTATION AND CONTROL OF THE SCOPE OF IMPACT IN INHERITED SETTINGS - A method for representing and controlling an impact and scope of a widget value includes displaying at least one widget on a user interface. The widget includes a value. The value includes an inherited value. The method also includes displaying information of a scope of inheritance of the value before user interaction with the widget. The information of the scope of inheritance of the value includes a number of inheritance levels of the value and a number of objects impacted by a change to the value. The method also includes receiving a user input changing the value of the widget. The method also includes changing the value of the widget and the objects in response to receiving the user input. | 01-15-2015 |
| 20150026784 | Hash Synchronization for Preventing Unauthorized Server Access Using Stolen Passwords - Techniques for preventing unauthorized access to a server system using stolen passwords are provided. In one embodiment, the server system can store an ordered set of hash values for a user, where each hash value in the ordered set of hash values is generated by applying a hash function in an ordered set of hash functions to the user's password. The server system can further receive, from a client device, a login request for the user that includes a hashed version of the password, and can select a hash value in the ordered set of hash values using a server-side index that is synchronized with a client-side index on the client device. The server system can then grant the login request if the selected hash value matches the hashed version of the password. | 01-22-2015 |
| 20150026785 | Content Activation Via Interaction-Based Authentication, Systems and Method - Systems, methods, and use-cases of multi-modal authentications and content distribution are presented. A content consumer can capture a multi-modal digital representation of multiple objects where a juxtaposition of features derived from the digital representation can be used to recognize that at least some of the objects are a valid authentication object. Upon authentication, an authentication agent determines a content access level for content associated with the corresponding to the juxtaposition. The content can then be presented on an electronic device, possibly within a secure virtual machine, according to the content access level. | 01-22-2015 |
| 20150026786 | SYSTEM AND METHOD FOR NON-DISRUPTIVE MITIGATION OF MESSAGING FRAUD - A system and method are disclosed herein for providing mitigation of fraud in a hosted messaging service while having minimal impact on authorized messaging users. The method includes a system for detecting potential fraud based on multiple and configurable fraud indicators as well as historical data, which can be customized for individual users or groups. The system can terminate in-process messages that are potentially fraudulent and reset the network access credentials for the affected user accounts or devices that have been potentially compromised. The system uses historical data to block further messages from the compromised user accounts or devices to specific destination addresses where the presumed fraudulent messaging activity was directed. In a further aspect, the system and method can automatically reset the network access credentials for authorized users with minimal downtime. | 01-22-2015 |
| 20150026787 | AUTHENTICATION METHOD, DEVICE AND SYSTEM FOR USER EQUIPMENT - Disclose are an authentication method, device and system for a user equipment. The method comprises: first, a user equipment receiving a random value RAND and a cognitive code AUTN in an evolved packet system (EPS) authentication vector sent by a network side device; when an operating mode of the user equipment is a long-term evolved node LTE Hi operating mode, the user equipment performing authentication based on the RAND and the AUTN. In the authentication process, the user equipment ignores a verification result of a separation bit of an authentication management field (AMF) in the AUTN; or, the user equipment does not verify the separation bit of the AMF. The present disclosure is applicable to the field of communication systems. | 01-22-2015 |
| 20150026788 | AUTHENTICATION BY IMAGE MANIPULATION - In some examples, a method of authenticating is described. The method may include sending first repair parameters representing one or more first repair operations applied to a first marked image to generate a first repaired image to a first entity. The method may also include receiving, from the first entity, a second repaired image. The method may also include authenticating the first entity when the second repaired image received from the first entity matches the first repaired image. | 01-22-2015 |
| 20150026789 | APPARATUS, METHOD, AND PROGRAM FOR VALIDATING USER - User validation accuracy is improved without inconveniencing a user. When an authentication request packet is received from a terminal and the authentication is successful based on a user ID and a password, an HTTP header, user-agent information, and access source IP address are extracted from the packet, and user authentication is performed by verifying the IP address and the user-agent information against usage history information where at most two sets of the IP address and the user-agent information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information. | 01-22-2015 |
| 20150033306 | APPARATUS AND METHOD FOR SYSTEM USER AUTHENTICATION - An apparatus for user authentication includes an input module that receives an authentication token, a counter module that increments a count of the number of authentication tokens received, a security module that determines whether the authentication token matches a valid authentication token for the user, prompts the user for another authentication token in response to determining that the authentication token does not match the valid authentication token, and provides the user simulated access to an electronic system in response to determining that (i) the count of the number of authentication tokens received is equal to one and (ii) the authentication token matches the valid authentication token, and an access module that provides the user authentic access to the electronic system in response to determining that (i) the count of the number of authentication tokens received is greater than one and (ii) the authentication token matches the valid authentication token. | 01-29-2015 |
| 20150033307 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING SYSTEM - An information processing apparatus includes a user authentication unit that authenticates a user, a data storage controller that controls the storing of data in a network storage and a local storage, a usage history information recording unit that records usage history information for all data stored in the network storage including user information who accessed the data, a prediction unit that predicts data that has a high probability of being accessed by the user based on identification information and the usage history information of the user authenticated by the user authentication unit, and an acquisition unit that acquires the data that has a high probability of being accessed predicted by the prediction unit from the network storage and stores the data in the local storage. | 01-29-2015 |
| 20150033308 | AUTO-CORRECTING CREDENTIALS FOR NETWORK SUBSCRIBER EQUIPMENT - A network communication system includes a computing device, which includes a processor, a memory device, and a component management module. The component management module is configured to receive a message from customer-premises equipment (CPE). The component management module is also configured to determine from the message that the CPE is operating in a captive portal. The captive portal restricts Internet access to the CPE. The component management module is configured to obtain stored connection credential values corresponding to a subscriber in response to determining that an identification parameter of connection credentials associated with the CPE is valid for the subscriber. The component management module is also configured to provide the stored values to the CPE. | 01-29-2015 |
| 20150033309 | PROGRAMMABLE DISPLAY APPARATUS, CONTROL METHOD, AND PROGRAM - Provided is a programmable display apparatus that can permit access to an application through facial authentication, and can display a screen corresponding to an authenticated user after the access is permitted. The programmable display apparatus stores feature data of faces of a plurality of users and screen data for displaying a plurality of screens. The programmable display apparatus performs facial authentication based on image data of a user obtained through image capture and on the feature data. The programmable display apparatus permits a user to access the application if the user has been authenticated. Upon permitting the access, the programmable display apparatus displays, on a display, a screen corresponding to the authenticated user from among the plurality of screens. | 01-29-2015 |
| 20150033310 | USER AUTHENTICATION SYSTEM AND METHODS - Authenticating a user by presenting an authentication instruction to an individual via any computing device output interfaces, the authentication instruction selected from an identity authentication profile, receiving a response to the authentication instruction via any input methods supported by the computing device, the response including content provided through the performance of an action, determining a current action measurement for characteristics associated with the action, and a current content measurement for characteristics associated with the content, where the characteristics are associated with the authentication instruction, determining that each of the measurements matches a corresponding benchmark associated with the authentication instruction to within a predefined tolerance, where the benchmarks are selected from the identity authentication profile and performing the presenting, receiving, and determining steps for each of a predefined number of authentication instructions selected from the identity authentication profile, thereby authenticating the individual. | 01-29-2015 |
| 20150033311 | End-To-End M2M Service Layer Sessions - Mechanisms support machine-to-machine service layer sessions that can span multiple service layer hops where a machine-to-machine service layer hop is a direct machine-to-machine service layer communication session between two machine-to-machine service layer instances or between a machine-to-machine service layer instance and a machine-to-machine application. Mechanisms are also disclosed that illustrate machine-to-machine session establishment procedures for oneM2M Session Management Service supporting multiple resources. | 01-29-2015 |
| 20150033312 | End-To-End M2M Service Layer Sessions - Mechanisms support machine-to-machine service layer sessions that can span multiple service layer hops where a machine-to-machine service layer hop is a direct machine-to-machine service layer communication session between two machine-to-machine service layer instances or between a machine-to-machine service layer instance and a machine-to-machine application. Mechanisms are also disclosed that illustrate machine-to-machine session establishment procedures for oneM2M Session Management Service supporting multiple resources. | 01-29-2015 |
| 20150033313 | Security Module and Method within an Information Handling System - A security module and method within an information handling system are disclosed. In a particular form, a processing module can include a local processor configurable to initiate access to resources of a host processing system. The processing module can also include a security module configured to enable use of the resources of the host processing system using a security metric. According to an aspect, the security module can be further configured to detect the security metric, and enable access to a resource of the host processing system in response to the security metric. The security module can further be configured to disable access to another resource of the host processing system in response to the security metric. | 01-29-2015 |
| 20150033314 | PUSH BUTTON CONFIGURATION OF DEVICES - Systems and methods for push button configuration of devices are provided. One system comprises one or more circuits configured to determine that a configuration button on the second device has been activated and determine whether a configuration button has been activated on a first device or a third device within a time interval from a time at which the button on the second device is activated. The circuits are configured to, in response to determining that the configuration button has been activated on either the first device or the third device within the time interval, allow the second device to be authenticated. The circuits are configured to, in response to determining that the configuration button has not been activated on either the first device or the third device within the time interval, prevent admission of the second device. The network may be a wired network, such as a MoCA network. | 01-29-2015 |
| 20150040200 | METHOD FOR AUTHENTICATING A DEVICE CONNECTION FOR WEBSITE ACCESS WITHOUT USING A WEBSITE PASSWORD - A method herein is for authenticating a device connection for website access without using a website password. In the method, a web server receives an access request over the device connection from a device requesting access to a website based on a pre-established identity. The web server, in response to the access request, forwards an access cookie to the device over the device connection and forwards an activation URL to an address associated with the pre-established identity. The web server receives a request for the forwarded activation URL and, using the access cookie, grants access to the device over the device connection. | 02-05-2015 |
| 20150040201 | REGISTERING A MOBILE APPLICATION WITH A SERVER - In an example embodiment, a test request is sent to a server configured to provide data to the mobile device application. Then a response to the test request is received from the server. The response is analyzed to identify a pattern in the response indicative of a communication sent via a particular communication path. An available communication path between the mobile device application and the server corresponding to the pattern is identified. Then, a mobile device application is registered with the server via the identified communication path. | 02-05-2015 |
| 20150040202 | IMAGE FORMING APPARATUS AND METHOD OF AUTHENTICATING USER THEREOF - A method of authenticating a user of an image forming apparatus is provided that includes receiving, at the image forming apparatus, a one-time password (OTP) generating request, generating, at the image forming apparatus, an OTP according to the OTP generating request, receiving, at the image forming apparatus, an authentication request, from the host apparatus, including the OTP, and when the OTP received from the host apparatus matches the OTP generated according to the OTP generating request and absent a condition, approving an access to the image forming apparatus. | 02-05-2015 |
| 20150040203 | AUTHENTICATION METHOD OF WEARABLE DEVICE AND WEARABLE DEVICE - The present invention relates to the information security field and discloses an authentication method of a wearable device, and a wearable device. The authentication method includes: determining whether a user is a preset user of a wearable device; if the user is the preset user, acquiring verification information of an electronic device, where the verification information is used for authenticating the user by the electronic device; and sending the verification information to the electronic device. | 02-05-2015 |
| 20150040204 | METHOD AND SYSTEM FOR ABSTRACTED AND RANDOMIZED ONE-TIME USE PASSWORDS FOR TRANSACTIONAL AUTHENTICATION - A security system and method for authenticating a user's access to a target system is disclosed. The security system receives an authentication request from the user and generates a security matrix which comprises a mapping between each symbol within a symbol set and a code value randomly selected from a distinct code set. The number of elements in the symbol set and in the code set are selected to provide a predetermined level of security against capture of a user-defined keyword by an unauthorised observer. The security system sends the security matrix to the user and awaits a one-time code in response. The user forms the one-time code based on the user keyword and the security matrix. The security system validates the one-time code against the security matrix and the keyword to determine an authentication result, permitting or denying the user access to the target system. | 02-05-2015 |
| 20150046993 | PASSWORD AUTHENTICATION METHOD AND SYSTEM - A computing system comprising a memory for storing a user list, character configuration options, algorithm options, and a user registration system; and a processor coupled to the memory and configured to execute the user registration system; wherein the user registration system is configured to receive a login request from a user, look up the user in the user list to identify a selected character configuration and a selected password algorithm. The processor is further configured to randomly generate system characters based on the selected character configuration; transmit the system characters to the user for display based on the selected character configuration; generate a system password based on the system characters and the selected password algorithm. The user is granted access to the computing system when the system password and a user password are the same. | 02-12-2015 |
| 20150046994 | ZERO-STEP AUTO-CUSTOMIZATION OF MOBILE APPLICATIONS - In an embodiment, mobile application downloaded and installed in a mobile device is launched for the first time. The mobile application automatically locates a configuration server and connects automatically to the located configuration server. After connection is established with the configuration server, appropriate configuration parameters set is identified and automatically fetched to the mobile device. The fetched configuration parameters set is automatically applied to the mobile application. After applying the configuration parameters set, automatically authenticate the mobile application to an enterprise server. Thus, when the user of the mobile device launches the installed mobile application for the first time, the zero-step auto-customization noted above takes place without manual intervention. The user is thus able to use the mobile application in a normal manner subject to the configurations applied. | 02-12-2015 |
| 20150046995 | MEDIA PLAYING SYSTEM AND MEDIA PLAYING METHOD FOR PLAYING MEDIA FILE IN DIFFERENT AREA NETWORK GROUPS - A media playing method is provided for playing a media file in different area network groups. Firstly, a first area network group is connected to a network group server through network connection. Then, a communication address data of the second area network group and a device data of an electronic device of the second area network group are acquired from the network group server. According to the communication address data and the device data, a control command is transmitted from the first area network group to the electronic device. According to the control command, the electronic device performs a corresponding controlled task. By using the media playing method, it is not necessary to frequently communicate plural electronic devices with each other. Consequently, the data transmission speed is largely enhanced. | 02-12-2015 |
| 20150046996 | ADAPTIVE METHOD FOR BIOMETRICALLY CERTIFIED COMMUNICATION - A recipient communication device and method wherein a user authenticates a message that is being received. The method includes receiving, by a messaging utility of the recipient communication device, a message transmitted from a sender communication device. The messaging utility determines that one of (a) sender authentication of the message and (b) recipient authentication to open the message is required. In response to sender authentication being required, the recipient communication device transmits a request to the sender communication device for sender authentication of the message, and receives a certification of the message based on an authentication of a user input via the sender communication device. When recipient authentication is required, the recipient is prompted to enter biometric input at the recipient device. In one embodiment, a clearinghouse service authenticates a user of a communication device in order for the recipient communication device to receive certification of the user and/or the message. | 02-12-2015 |
| 20150046997 | Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection - A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier. | 02-12-2015 |
| 20150046998 | SECURE DATA STORAGE - A method and apparatus for storing data and performing logical comparisons and other operations on said data, the results of said comparisons and operations reveal only limited information about the stored data. Stored data may include, but is not limited to, confidential information such as passwords, biometric data, credit card data, personal identifiers that uniquely identify an individual, authorisation levels where an entity may make a claim to have a certain level of access right or authorisation, votes cast in an election, and encryption keys. Control logic within the apparatus prevents direct access to the data store other than via a restricted command interface which prevents data from being revealed. For example, operations such as checking a putative password against a password in the data store is performed by the apparatus which returns a pass or fail, but does not reveal the stored password. | 02-12-2015 |
| 20150046999 | Identifying peers by their interpersonal relationships - According to this disclosure, a user is identified (and selectively granted access to protected resources) by using information that describes the user's interpersonal relationships. This information typically is stored in a datastore, such as a digital address book, an online profile page, or the like. The user's digital address book carries an “acquaintance pattern” that changes dynamically in time. This pattern comprises the information in the user's contact list entries. In this approach, the entropy inherent in this information is distilled into a unique acquaintance digest (or “fingerprint”) by normalizing the contact list data, and then applying a cryptographic function to the result. | 02-12-2015 |
| 20150047000 | Authentication System - A system for creating a combined electronic identification that obtains user information ( | 02-12-2015 |
| 20150047001 | APPLICATION PROGRAM EXECUTION DEVICE - When a first communication part of an application program management part receives, from an application, an access request requesting use of a protected resource, an authentication information acquisition part acquires authentication information employed for verification of a legitimacy of the application program management part, from an authentication information storage part. A second communication part transmits the access request from the application and the authentication information, to an authentication part that determines whether or not the application is permitted to use the protected resource. | 02-12-2015 |
| 20150047002 | COMMUNICATION SYSTEM, MANAGEMENT APPARATUS, COMMUNICATION METHOD AND COMPUTER-READABLE RECORDING MEDIUM - In the present invention, a start request terminal transmits start request information including participation restriction information to a management system. A transmission/reception unit of the management system transmits participation authentication information for authenticating participation in an established session to a middle-of-conference participation terminal. A transmission/reception unit of a participation request terminal transmits, to the management system, participation request information for requesting participation of the participation request terminal in an established session and participation authentication information which is input with the terminal in accordance with the participation authentication information transmitted to the terminal. A participation determination unit of the management system compares the participation request information received from the participation request terminal and the participation authentication information corresponding to the participating terminal in a terminal management table, and determines whether to permit the participation request terminal to participate in the established session. | 02-12-2015 |
| 20150047003 | VERIFICATION AUTHORITY AND METHOD THEREFOR - A method is disclosed for user verification. From a user system personal data of a first user is provided to a server. From the server the personal data of the first user is provided to an authority server, the personal data for being verified. The personal data of the first user is verified against data stored by the authority server to provide a verification signal indicative of whether the personal data is verified as accurate or other than accurate, the authority server other than a commercial party to a commercial transaction between the first user and the server; and when the personal data of the first user corresponds with data stored by the authority server. Then the verification signal indicating that the personal data is accurate personal data of the first user is provided to the server. | 02-12-2015 |
| 20150047004 | Electronic Messaging Exchange - A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform. | 02-12-2015 |
| 20150047005 | Method for Authenticating Identity of Handset User - A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image. | 02-12-2015 |
| 20150047006 | Method for Authenticating Identity of Handset User - A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image. | 02-12-2015 |
| 20150047007 | Methods and Apparatus for Enabling Secure Network-Based Transactions - A security process involves log-in and data exchange between a server and a user operating a computerized appliance. The process requires a user-specific token, independent verification of the server execution within a programmed time window. A hash created at the client side is reproduced at the server side from separate data and compared to the client hash. Too much time or incorrect hash denies access. | 02-12-2015 |
| 20150052595 | USER, DEVICE, AND APP AUTHENTICATION IMPLEMENTED BETWEEN A CLIENT DEVICE AND VPN GATEWAY - An application executing on a device is authenticated by an enterprise gateway components. This authentication is done in addition to authenticating the device and user. This includes authenticating apps that are being used on the device. The enterprise, by virtue of the gateway component, can authenticate details about specific app usage. The enterprise gateway component establishes a dedicated link coupling the gateway device and a specific executing app. Prior to this app-specific link being established, the gateway device collects information and stores it in a database, including information about the user, device, and the specific application. Authentication is performed at each level. | 02-19-2015 |
| 20150058944 | SOCIAL DRIVEN PORTAL USING MOBILE DEVICES - The present disclosure describes methods, systems, and computer program products for measuring strength of a unit test. One computer-implemented method includes receiving a login request for a portal user from a mobile device, exposing one or more available widgets based, at least in part, on credentials associated with the portal user, determining that a widget identified in a received widget selection is a mobile-aware widget (MAW), receiving mobile device data responsive to a query to select a specific action associated with the MAW, the mobile device data associated with the specific action, and transmitting the received mobile device data to the MAW. | 02-26-2015 |
| 20150058945 | SYSTEM AND METHOD FOR ACCEPTING USER INPUT USING ASYNCHRONOUS AUTHENTICATION - A method and system for accepting user inputs over a network. The user is provided with an input widget on a client system to collect and send an input and user identity information to a server system, without the requirement to authenticate the user identity on the client system upfront. The server stores the user input and the user identity information, and associates the user input information with the user identity information. The server system sends to the user identity URL a message comprising of the user input information and an indication of action such as a link that the user is to perform to confirm the authenticity of the input. In response to the indicated action being performed, the server system processes the user input as authenticated input. | 02-26-2015 |
| 20150058946 | CONNECTIVITY SERVICES APPLICATION PROGRAMMING INTERFACE - Systems and methods are disclosed herein to method comprising: providing a first system; generating data to be sent over a network link; determining a transport protocol that will be used to transmit data over the network communication link; negotiating connection services to be performed on data that will transmitted over the network communication link; sending a request to open a network communication link; sending a request to the connectivity services of the second system for credentials of the second system; receiving the credentials from the connectivity services module of the second system; verifying that the credentials match an authenticated computer system; opening a network connection between the first system and the second system when the second system's credentials have been verified by the connectivity services module of the first system; and transmitting the data to the second system according to the determining network protocol and negotiated connection services. | 02-26-2015 |
| 20150058947 | MOBILE DEVICE AUTHENTICATION - One aspect of the invention is a system for mobile device authentication. The system includes a public-facing server configured to interface with a mobile device. The system also includes a secure server configured to interface with the public-facing server and an authorization station. The authorization station includes processing circuitry configured to establish authorization limits for the mobile device and generate an authentication key associated with the authorization limits. The processing circuitry is further configured to provide the authentication key and an identifier of the mobile device to the secure server, and generate an authorization code including an encoded version of the authentication key and an address of the public-facing server. The processing circuitry is also configured to provide the authorization code to the mobile device to establish authentication for the mobile device to receive data from a control system network as constrained by the authorization limits. | 02-26-2015 |
| 20150058948 | CONTENT SHARING SYSTEM, CONTENT SHARING METHOD, AND INFORMATION COMMUNICATION APPARATUS - A content sharing system includes: a server; a first information communication apparatus; and a second information communication apparatus, in which the first information communication apparatus includes a reserve requesting unit which sends to the server a reserve request message for requesting to reserve a sharing space to be newly generated, the reserve request message including first identification information for identifying the second information communication apparatus or the user using the second information communication apparatus, and the server includes: a first storage; and a sharing space generating unit which, upon receiving the reserve request message, generates the sharing space in the first storage, and stores in the first storage the first identification information included in the reserve request message. | 02-26-2015 |
| 20150058949 | METHOD AND SYSTEM FOR COMPUTING CODE MANAGEMENT PLATFORM - A method for authenticating a computing device includes: storing an account profile, the profile including data related to a service account including an alphanumeric code; generating a session identifier and a seed value; computing a first hash using the session identifier; computing a second hash using the session identifier and the alphanumeric code; computing a third hash using the second hash and a utilized seed value; transmitting the session identifier to a computing device via a first communication protocol; transmitting the session identifier and first hash to a remote notification service for transmission to the computing device via a second communication protocol; receiving a fourth hash and the session identifier from the computing device via the first communication protocol; validating the fourth hash based on a comparison of the fourth hash and the computed third hash; and transmitting a validation result to the computing device based on the validation step. | 02-26-2015 |
| 20150058950 | System and method for identity management - Some implementations may provide a machine-assisted method that includes: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction; generating first machine-readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the transaction request, the first inquiry including the credential information of the submitting user, as well as the summarized transactional characteristics that is applicable only once to the underlying transaction request; and receiving the access eligibility determination from the first engine. | 02-26-2015 |
| 20150058951 | Distribution of Content Document to Varying Users with Security, Customization and Scalability - A system and method for receiving a request for a container document, determining whether the request is for a container document associated with a user group, determining whether a requestor of the request is associated with a level of status within the user group among a plurality of levels of status within the user group, determining the level of status of the requestor based on a determination that the requestor is associated with a level of status within the user group, requesting configuration information based on a determination that the container document is associated with a user group and the level of status, receiving the configuration information, and serving the container document using the configuration information. | 02-26-2015 |
| 20150058952 | DIGITAL HANDSHAKE FOR AUTHENTICATION OF DEVICES - This is directed to a digital handshake for establishing a secure communications path between two electronic devices. Each device can capture an image of the other device using a camera (e.g., a front facing camera or a back facing camera) and extract, from the captured image, a key or seed associated with the other device. For example, each device can display a seed to be identified from an image taken by the other device. Using the extracted keys or seeds, each device can generate, using a same process, an identical digital handshake key. The digital handshake key can then be used to define a secure communications path between the two devices and share information securely. In some embodiments, a digital handshake key can be shared among several devices to create a multi-device secure communications path. Once a communications path has been established, the devices in the path can be identified and authenticated from the digital handshake key to receive access to secured goods, services or information. | 02-26-2015 |
| 20150058953 | IMAGE PROCESSING APPARATUS AND METHOD, INCLUDING USER AUTHENTICATION, AND STORAGE MEDIUM - An image processing apparatus which is capable of realizing security improvements without degrading the usability. A user is authenticated, and an operation screen accepting an operation input from the user is displayed. A job is executed according to an instruction of the user authenticated by the user authenticating unit. It is determined whether or not the job of which execution is instructed by the user, is being executed when the user authenticating unit authenticates the user. A first operation screen through which the user inputs an instruction for the job in execution is displayed when the job executing unit is executing the job, of which execution is instructed by the user, whereas another operation screen through which another user inputs an instruction for another job is displayed when not. | 02-26-2015 |
| 20150058954 | SECURE WIRELESS LOCAL AREA NETWORK (WLAN) FOR DATA AND CONTROL TRAFFIC - A device receives capability information associated with a next hop device of a wireless local area network (WLAN). The device also determines, based on the capability information, whether the next hop device is capable of implementing security for traffic, where the security includes a media access control (MAC) security standard and a layer 2 link security standard. The device further creates, via the MAC security standard, a secure channel with the next hop device when the next hop device is capable of providing security for traffic. | 02-26-2015 |
| 20150058955 | Cloud-Based Device Information Storage - Device information for each of multiple devices associated with a user account is maintained by a cloud service. The device information can include credential information allowing the device to be accessed by other ones of the multiple devices, remote access information indicating how the device can be accessed by other ones of the multiple devices on other networks, and property information including settings and/or device drivers for the device. The device information for each of the multiple devices is made available to other ones of the multiple devices, and can be used by the multiple devices to access one another and provide a consistent user experience across the multiple devices. | 02-26-2015 |
| 20150058956 | LOCATION BASED SHARING OF A NETWORK ACCESS CREDENTIAL - A network access credential can be shared among devices based on location information for a device. Location information can include timed fingerprint location information. In an aspect, location information can be associated with a location of user equipment. This location information can be correlated with network access credentials. Location information can be used to access a relevant network access credential. The relevant network access credential can be shared with other devices. In an embodiment, sharing a network access credential can be between mobile devices. In another embodiment, sharing a network access credential can be between a remote computing device and a mobile device. Sharing a credential can allow for access to a network without having to generate or input new credentials. | 02-26-2015 |
| 20150058957 | SYSTEMS AND METHODS TO PRESENT MESSAGES IN LOCATION-BASED SOCIAL NETWORKING COMMUNITIES - Systems and methods to let users connect authentically with new people anywhere nearby in homes, offices, classrooms, dorms, bars, etc., where the users can be who they really are, and also say what they want without fear, using periodic anonymized posting of expiring content from an otherwise attributed user profile. Users put out a broadcast message and get back personal communications. A one-to-many message from a user results in a one-to-one private communication, which feature may be referred to as “social to personal”. | 02-26-2015 |
| 20150058958 | SYSTEMS, METHODS, AND APPARATUS TO MONITOR MOBILE INTERNET ACTIVITY - Systems, methods, and apparatus to monitor mobile Internet activity are disclosed. An example method comprises determining if a media request originated from a desktop computer or a mobile device by inspecting a user agent identifier of the media request. The media request is blocked if the media request originated from the desktop computer, the blocking to prevent the media request originating from the desktop computer from affecting a media exposure monitoring result. If the media request originated from the mobile device, an identifier of the media requested by the media request in association with the mobile device is stored. | 02-26-2015 |
| 20150058959 | EFFICIENTLY THROTTLING USER AUTHENTICATION - In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination. | 02-26-2015 |
| 20150067802 | METHOD AND SYSTEM FOR PROVIDING ACCESS TO ENCRYPTED DATA FILES FOR MULTIPLE FEDERATED AUTHENTICATION PROVIDERS AND VERIFIED IDENTITIES - The embodiments herein disclose a method and system for providing access to an encrypted data tile by separating the concerns of Authentication, Identity Resolution and Authorization from Encryption thereby allowing for multiple federated authentication providers and verified identities. The method comprises of creating an encrypted data file, embedding a file usage policy to the data file, sharing the encrypted data file with an identity of an intended content recipient and an allowed authentication provider specified in the file usage policy, activating a client application installed in a user device to open the encrypted data file, fetching and updating the data file usage policy from an application server, prompting the user to authenticate with the allowed authentication provider, authenticating the user with a specified authentication provider, verifying if the authenticated user is allowed to open the data file, opening the data file on successful verification and enforcing the file usage policy. | 03-05-2015 |
| 20150067803 | COMPUTER DEVICE, A METHOD FOR CONTROLLING A LOGIN STATUS OF A COMPUTER DEVICE AND A SERVER - A computer device that can login to a personal account located on a server via the internet, the computer device includes communication circuitry that is configured to access the internet, a user interface to receive a request to login to the personal account, a memory that stores information, and processing circuitry that controls the communication circuitry to transmit to the server a request to login to the personal account, analyzes a type of the personal account, calculates a distance between the computer device and another computer device, controls the communication circuitry to transmit a notification to the another computer device in response to the processing circuitry determining that the type of personal account is a specific personal account and the distance being greater than a first predetermined distance, and transmits a request to the server to logoff the personal account when a permission is received. | 03-05-2015 |
| 20150067804 | SYSTEMS AND METHODS FOR MANAGING RESETTING OF USER ONLINE IDENTITIES OR ACCOUNTS - Systems and methods are disclosed for managing the resetting of online identities or accounts of users of Internet web pages. One method includes: receiving, through an electronic device, a request to reset login information to access a web page associated with the user's online account; determining that an IP address associated with the request is not identified as being suspicious; receiving user data intrinsic to the user's request; automatically verifying two or more values of the data intrinsic to the user's request as being indicative of a level of trust of the identity of the user; and transmitting, to the user over the Internet, a subset of options to reset the login information, the subset being selected based on the level of trust. | 03-05-2015 |
| 20150067805 | MAKING A USER'S DATA, SETTINGS, AND LICENSED CONTENT AVAILABLE IN THE CLOUD - A cloud-based computer system changes the modern paradigm from being device-centric to being person-centric. The system makes all user data, software settings, device settings, and licensed content for a user available in the cloud. The system includes a conversion mechanism that can convert information intended for one device type to a different device type. Thus, a user changing smart phone platforms can convert their current smart phone settings to equivalent settings on the new phone platform, and their new phone can then be configured using the user's converted settings stored in the cloud. By storing all the user's relevant information in the cloud, this information may be accessed anywhere and may be used to configure a large number of different devices according to the user's settings. | 03-05-2015 |
| 20150067806 | AUTHENTICATION DEVICE, AND NON-TRANSITORY COMPUTER-READABLE DEVICE STORING AUTHENTICATION PROGRAM - There is provided an authentication device configured to: store, as an authentication information database, authentication information in which a preset authentication identifier including a plurality of identifiers is associated with a pattern of a relative input position of the plurality of identifiers; acquire as input information a piece of information indicating the identifier input from a user and the input position of the identifier; and grant authentication when the identifier included in the input information corresponds with the identifier in the authentication information and when a pattern of a relative input position of the identifier included in the input information corresponds with the pattern of the relative input position of the identifier in the authentication information. | 03-05-2015 |
| 20150067807 | OPERATING A USER DEVICE - Measures for operating a user device in a telecommunications network. In a browser on the user device, a password associated with a given telephony service identifier is stored in a browser cache associated with the browser. A user of the user device has one or more telephony service identifiers, including the given telephony service identifier, allocated by a service provider for conducting communication services in the network. In the browser on the user device, in response to receipt of user input via the browser indicative of a request to conduct communications using the given telephony service identifier, the stored password is retrieved from the browser cache and used to authenticate the user device for at least one communication service in the network using the given telephony service identifier. | 03-05-2015 |
| 20150067808 | Client Identification System Using Video Conferencing Technology - An aspect of the preset invention relates to a system for identifying a client, comprising a client device having a video camera and a voice transmitting and receiving device capable of transmitting a client's image and voice via a communication carrier system and a communications network to a user terminal, whereby the client is authenticated in real time, wherein, real-time dialogue between the client and a live person authenticates the client, wherein said dialogue authentication does not rely on information obtained from a public or government database. A further aspect of the present invention relates to a method of identifying a client, comprising the steps of using a client device having a video camera and voice transmitting and receiving device to initiate an authentication of a client's identity, transmitting a client's image and voice over a communication carrier system and a communications network to a user terminal, and authenticating the client's image and voice in real time, wherein, real-time dialogue between the client and a live person authenticates the client, wherein said dialogue, authentication does not rely on information obtained from a public or government database. A further aspect of the present invention relates to a method of identifying a fraudster, comprising the steps of using a client device having a video camera and voice transmitting and receiving device to initiate an authentication of a client's identity, transmitting the fraudster's image and voice over a communication carrier system and a communications network to a user terminal, comparing the fraudster's image and voice to the client; and storing the fraudster data, wherein, real-time dialogue between the fraudster and the live advisor authenticates the client, wherein said dialogue authentication does not rely on information obtained from a public or government database. | 03-05-2015 |
| 20150074777 | DYNAMICALLY MITIGATING A NONCOMPLIANT PASSWORD - Techniques are disclosed for dynamically mitigating a noncompliant password. The method comprises obtaining a password; generating one or more quality scores for the password using a password policy for an authentication and authorization service; determining whether the password has sufficient score quality; in response to determining that the password does not have sufficient score quality, granting to the user a different level of access to the service than if the password meets the quality criteria; wherein the method is performed by one or more computing devices. | 03-12-2015 |
| 20150074778 | Methods, Systems, Devices, and Products for Authenticating Users - Enhanced biometric authentication combines a user's inherent biometric data with the user's password, code, or other secret glyph. For example, the user's finger makes an input on a touchpad. An image of a fingerprint is extracted from the input, along with the user's password, code, or other secret glyph. In one input, then, the user's finger serves two authentication schemes for increased security. | 03-12-2015 |
| 20150074779 | PEER ENROLLMENT METHOD, ROUTE UPDATING METHOD, COMMUNICATION SYSTEM, AND RELEVANT DEVICES - A peer enrollment method, a route updating method, a communication system, and relevant devices to improve security of a peer-to-peer (P2P) network. The peer enrollment method includes: receiving an enrollment request from a peer, where the enrollment request carries identity information of the peer; verifying the identity information of the peer, and if the verification succeeds, obtaining peer location information of the peer and generating a peer credential according to the peer location information; and sending the peer credential carrying the peer location information to the peer so that the peer joins the P2P network according to the peer credential. Embodiments of the present application further provide a route updating method, a communication system, and relevant devices. Embodiments of the present application may improve security of the P2P network effectively. | 03-12-2015 |
| 20150074780 | METHODS AND APPARATUS FOR STORAGE AND EXECUTION OF ACCESS CONTROL CLIENTS - Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated. | 03-12-2015 |
| 20150074781 | USER CREDENTIAL VERIFICATION INDICATION IN A VIRTUAL UNIVERSE - User credential verification indication in a virtual universe is disclosed. A method, system and program product are provided that include verifying a credential of the user of a first avatar in the virtual universe; and establishing a zone that causes an indication of the credential of the user of the first avatar to appear in response to an action being taken relative to the zone. | 03-12-2015 |
| 20150082401 | METHOD AND DEVICE FOR FACILITATING MUTUAL AUTHENTICATION BETWEEN A SERVER AND A USER USING HAPTIC FEEDBACK - A method is provided for facilitating mutual authenticating between a server and a user of a haptic enabled device. The method comprises providing identity information of a user to a server, and in response, providing a haptic feedback output to the user corresponding to the identity information. Further, the user compares the haptic feedback output received from the server to a haptic feedback pattern as predefined by the user, to determine whether the server is authenticated or not. | 03-19-2015 |
| 20150082402 | SYSTEM AND METHOD FOR AUTOMATED AUTHENTICATION - In example embodiments, a system and method for automated authentication are provided. A service provider system receives a message triggered by an application operating on a user device of a user. A contact identifier corresponding to the user device is determined from the message. A reply message that includes a token is transmitted to the contact identifier. A return token is received from the application that intercepted the reply message and extracted the token without user intervention. The return token is compared to the token sent in the reply message. Based on the return token matching the sent token, the contact identifier is verified as corresponding to the user device. | 03-19-2015 |
| 20150082403 | USER TERMINAL FOR PASSWORD-BASED AUTHENTICATION, AND PASSWORD-BASED TRADING TERMINAL, SYSTEM, AND METHOD - A user terminal, a password-based trading terminal, a system and a method for password-based authentication are provided. Wherein, the user terminal comprises a password generation module and a first near field communication module. The password generation module is configured to generate a password. The first near field communication module is configured to convert the generated password into near field communication label data, and then send the data to a password-based trading terminal through near field communication. The present application effectively ensures password security during the password-based authentication. | 03-19-2015 |
| 20150082404 | METHODS AND SYSTEMS FOR VOICE AUTHENTICATION SERVICE LEVERAGING NETWORKING - A method and system for persona authentication includes obtaining from a server a presence list of devices at a location, refining the presence list according to a user profile of the devices thereby forming a dynamic presence list, capturing at least one biometric input from at least one of the devices, authenticating a persona of an individual at the location according to the biometric input and the user profiles in the dynamic presence list, and presenting at least one descriptor of the persona of the individual. In one embodiment, voice authentication uses a centralized voice id database service in conjunction with a Bluetooth 4.0 UUID service to obtain multi-modal biometric user data. Other embodiments are disclosed | 03-19-2015 |
| 20150082405 | AUTHENTICATION METHOD, AUTHENTICATION DEVICE, AND SYSTEM - An authentication method executed by a computer includes: receiving input data which is a target of authentication; specifying registration data, from among a plurality of registration data stored in a storage device, having a second feature value within a threshold value relative to a first feature value of the input data, the first feature value representing a distance between the input data and a reference, the second feature value representing another distance between the registration data and the reference, and the threshold value being used when a determination as to whether the authentication has been successfully performed; and executing a process of comparing the registration data with the input data. | 03-19-2015 |
| 20150089611 | Mobile sender controlled data access and data deletion method and system - A method and system are provided for remotely deleting data stored on the remote mobile communication device, and within the communication network, by initiating a delete command, or setting data time of existence when creating the data, from a sender mobile communication device. | 03-26-2015 |
| 20150089612 | CLOUD STORAGE SERVER AND MANAGEMENT METHOD THEREOF - A cloud storage server and a management method thereof are provided. The cloud storage server runs a management program for managing and sharing a plurality of resources. When a user wants to share a resource stored in the cloud storage server to a target address, the cloud storage server creates a share link of the shared resource and delivers the share link to a target address. After the user receives the share link from the target address, the user can set his own password for accessing the cloud storage server via the share link and download the shared resource. | 03-26-2015 |
| 20150089613 | METHOD AND SYSTEM FOR PROVIDING ZERO SIGN ON USER AUTHENTICATION - An approach for receiving a request for an authentication code for presentation in an authentication user interface, wherein the request is from a relying party and wherein the authentication user interface is presented by the relying party at a first device. The approach further involves transmitting the authentication code to the relying party. The approach also involves authenticating a user with respect to the relying party by determining that a second device associated with the user has read the authentication code from the authentication user interface of the first device, wherein the second device is a previously authenticated device. | 03-26-2015 |
| 20150089614 | SINGLE SIGN-ON BETWEEN MULTIPLE DATA CENTERS - Systems and methods are disclosed for a single sign-on (SSO) enterprise system with multiple data centers that use a lightweight cookie on a user's client device. The lightweight cookie includes a reference to a data center in which the user is already authenticated, and a new data center contacts the old data center for creating a session for the user on the new data center. If the old data center is unavailable, then the new data center may fall back to accessing a local security store, a backup of keys, security tokens, and/or other security data, in order to create a local session for the user on the new data center. | 03-26-2015 |
| 20150089615 | DOCUMENT AUTHENTICATION BASED ON EXPECTED WEAR - Systems and methods are disclosed that enable authentication based on a physical document. Specifically, a document authentication service is disclosed that utilizes characteristics of a physical document, such as an identification card already in a user's possession, to authenticate a user. In one embodiment, the characteristics of a document may be processed based at least in part on an expected wear of the document (e.g., from use by the user). Expected wear may be identified, for example, based on historical data gathered across a number of users of the document authentication service. | 03-26-2015 |
| 20150089616 | TECHNIQUES FOR USER AUTHENTICATION - Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource. | 03-26-2015 |
| 20150096001 | Systems and Methods for Credential Management Between Electronic Devices - Embodiments are provided for managing user credentials that enable access to secure websites. According to certain aspects, a browser device connects ( | 04-02-2015 |
| 20150096002 | Method of Criminal Profiling and Person Identification Using Cognitive/Behavioral Biometric Fingerprint Analysis - A method of criminal profiling and person identification that utilizes an online identity software-based solution which focuses on the cognitive/behavioral aspects of an individual who is attempting to gain or has gained unauthorized access to a computer system or portions of that system, who may be posing as an authorized user of that system. There is an emphasis on identifying the intruder's unique cognitive/behavioral biometric fingerprint while he is creating usable electronic evidence during his criminal behavior in cyberspace. | 04-02-2015 |
| 20150096003 | PORTABILITY TYPE SEMICONDUCTOR MEMORY DEVICE AND THE OPERATING METHOD - According to one embodiment, a portability type semiconductor memory device includes communications circuitry, an interface circuitry, a non-transitory computer readable memory, a first retrieval circuitry, a second retrieval circuitry. If the at least one access point is not within communicating range, the portability-type semiconductor memory device is configured to disregard commands from the host device. If the at least one access point is within communicating range, as determined by the first retrieval circuitry, the second retrieval circuitry is further configured to determine whether the server is accessible through the access point, based on the stored information. | 04-02-2015 |
| 20150096004 | METHOD AND APPARATUS FOR SERVICE LOGIN BASED ON THIRD PARTY'S INFORMATION - A method and apparatus for service login to a service provider sites have been disclosed. The method including: receiving a login request from a user, wherein the login request comprises at least both terminal's login information input by the user and third party account information pertaining to the user; after successful verification on the third party account information, determining by the service provider, whether the terminal's login information input by the user matches to reference login information, wherein the reference login information comprises specific information of the user to further identify user's identity; if the terminal's login information matches to at least a portion of the reference login information, delivering service to the terminal according to the third party account information. | 04-02-2015 |
| 20150101031 | VERIFICATION THAT AN AUTHENTICATED USER IS IN PHYSICAL POSSESSION OF A CLIENT DEVICE - A device user being authenticated is determined to be in physical possession of the device according to data in one or more user input device buffers that indicates whether data received from a user input device is injected or is generated by physical manipulation of the user input device. If the events recorded in the buffer are not injected, the user entering the authentication data is determined to be in physical possession of the device and the user can be authenticated if the authentication data entered by the user matches predetermined reference data. Conversely, if the events are injected, the user is determined to not be in physical possession of the device and authentication fails regardless of whether the authentication data matches the predetermined reference data. | 04-09-2015 |
| 20150106895 | DYNAMIC TRUST FEDERATION - Aspects of the present disclosure are directed to methods and systems dynamic trust federation. In one aspect, a computer implemented method may include a security token that enables sign-on into a group applications based on applicable trust criteria. In one aspect, when a user interacts with one application in the group, the trust is elevated through the application internal authentication application program interface (API). The trust may be included in the security token to make available to other applications in the group. Applications can be in multiple groups with variable level of authentication based on location and other transactions variables. | 04-16-2015 |
| 20150106896 | Method and System for Including Network Security Information in a Frame - A method and apparatus for including network security information in a frame is disclosed. Network security information is included in a secure portion of overhead of a frame. The network security information is configured to facilitate network security. A network device configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security. | 04-16-2015 |
| 20150106897 | METHOD AND SYSTEM FOR IMPLEMENTING VIDEO TWO FACTOR AUTHENTICATION - A method for authentication includes receiving a log-in request at a first client computer, and capturing user information with the request. The method includes capturing an image of the user, and sending a request for authentication, including the user information and image, to an authentication server. The method includes determining a representative user based on the user information, and determining an authorizing agent responsible for authorizing the representative user. The method includes sending the authentication request to a client computer associated with the authorizing agent, and providing verified identification information of the representative user along with the request so that the authorizing agent can perform authentication of the requesting user based on the user information, the captured image, and the verified identification information. The method includes receiving a result of the authentication, and controlling access by the first client computer to a secure data center based on the result. | 04-16-2015 |
| 20150106898 | METHOD, DEVICE, AND SYSTEM FOR IDENTITY AUTHENTICATION - A method for identity authentication comprises: 1) a first authenticator transmitting to a second authenticator a first identity authentication message; 2) the second authenticator transmitting to the first authenticator a second identity authentication message; 3) the first authenticator transmitting to an authentication server a third identity authentication message; 4) the authentication server verifying the validity of a secure domain for the second authenticator on the basis of the third identity authentication message; 5) the authentication server transmitting to the first authenticator a fourth identity authentication message; and, 6) the first authenticator authenticating when the fourth identity authentication message is received. The identity authentication system mainly comprises: the first authenticator, the second authenticator, the secure domain for the second authenticator, and the authentication server. | 04-16-2015 |
| 20150106899 | SYSTEM AND METHOD FOR CROSS-CLOUD IDENTITY MATCHING - A system and method for cross-cloud identity matching are provided. The method includes receiving at least one user identifier of a user of a client node; determining at least one cloud-based resource accessed by the client node; selecting a cloud-based resource of the at least one accessed cloud-based resource; extracting at least one possible user identity of the user from the selected cloud-based resource; identifying at least one user identifier of the extracted at least one possible user identity; matching between each identified user identifier and the at least one received user identifier; determining whether each possible user identity is associated with the user respective of the matching; and upon determining that at least one possible user identity is associated with the user, storing each associated user identity respective of the client node. | 04-16-2015 |
| 20150106900 | MOBILE NETWORK-BASED MULTI-FACTOR AUTHENTICATION - Verification of a user login to a secure account from a mobile device occurs when the user provides login credentials and a hardware identifier (ID) corresponding to the mobile device. The provided login credentials and hardware ID are then verified against a registry. Further, the mobile device determines and provides a geographic location of the mobile device using a global positioning system (GPS) component installed therein. The location provided by the mobile devices is then matched with a location of a network element with which the mobile device is currently communicating. | 04-16-2015 |
| 20150106901 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD AND COMMUNICATION DEVICE - Provided is a state with which each user is able to use information processing service of each user. A router ( | 04-16-2015 |
| 20150113620 | PROXIMITY BASED DUAL AUTHENTICATION FOR A WIRELESS NETWORK - A method of accessing a network wirelessly is described. In the method an authentication is provided to access the network from a wireless device to a first network node via a first wireless signal having a first range. A proximity validation is provided to access the network through the first network node. The proximity validation is provided to the first network node when the wireless device is within a second range of a second wireless signal of a second network node. The second range is less than the first range. The method further provides for accessing the network when both the authentication and the proximity validation are valid. | 04-23-2015 |
| 20150113621 | PEER BASED AUTHENTICATION - The disclosure is related to confirming an identity of a first user of a first user device. An aspect includes receiving a request to confirm the identity of the first user, determining whether or not there is a relationship between the first user or the first user device and a second user of a second user device or the second user device based on a first list of user interactions associated with the first user device and a second list of user interactions associated with the second user device, and confirming the identity of the first user based on determining that there is a relationship between the first user or the first user device and the second user or the second user device. | 04-23-2015 |
| 20150113622 | METHOD, APPARATUS, AND SYSTEM FOR ACCESSING DATA STORAGE WITH BIOMETRIC VERIFICATION - A device, system, and method to provide access to a storage device based on biometric verification. A computing device includes a wireless transceiver configured to communicate wirelessly with a data network, a user interface configured to receive a user input to access data from a storage device in communication with the data network, and a biometric characteristic reader configured to receive user characteristic data to verify a user's identity. The computing device is configured to access the data from the storage device via the wireless transceiver and the data network based on verification of the user's identity. | 04-23-2015 |
| 20150113623 | METHOD, APPARATUS, AND SYSTEM FOR STREAMING DATA WITH BIOMETRIC VERIFICATION - A device, system, and method for streaming data over a data network based on biometric verification. A computing device includes a wireless transceiver configured to communicate wirelessly with a data network, a user interface configured to receive a user input to stream data between a streaming device and the computing device in communication with the data network, and a biometric characteristic reader configured to receive user characteristic data to verify a user's identity. The computing device is configured to stream the data between the streaming device and the computing device via the wireless transceiver and the data network based on verification of the user's identity. | 04-23-2015 |
| 20150113624 | SYSTEM AND METHOD OF VERIFYING A NUMBER OF A MOBILE TERMINAL - A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit. | 04-23-2015 |
| 20150113625 | Identity Verification And Authentication - In one embodiment, receiving, at a first computing device associated with a social-networking system and from a second computing device, a first request to verify an identity of a user of the social-networking system; sending, by the first computing device and to a mobile device associated with the user, a second request for information about the user; receiving, at the first computing device and from the mobile device, the information about the user; determining, by the first computing device, a confidence score indicating a probability that the identity of the user is true based on the information about the user received from the mobile device and information available to the social-networking system; and sending, by the first computing device and to the second computing device, the confidence score. | 04-23-2015 |
| 20150121496 | REMOTE AUTHENTICATION USING MOBILE SINGLE SIGN ON CREDENTIALS - Systems and methods for remote authentication using mobile single sign on credentials are disclosed. In some implementations, a proxy server receives, from a web access device, a request to access a secure online resource via the web access device. The proxy server receives, from a mobile device different from the web access device, one or more credentials for accessing the secure online resource. The proxy server determines that a geographic distance between the web access device and the mobile device is less than a geographic distance threshold. Upon determining that the geographic distance between the web access device and the mobile device is less than the geographic distance threshold, the proxy server enables the web access device access to the secure online resource. | 04-30-2015 |
| 20150121497 | Method For Securing Access To A Computer Device - The invention relates to a method for securing access to a computer device, that includes the step of establishing a secured connection and authentication of said computer device and the user of the computer device with a remote server, wherein the steps of establishing the secured connection and authentication are carried out upon the execution of commands included in a data set adapted for implementing the pre-start of the computer device before triggering the execution of the boot loader of the computer device operating system. | 04-30-2015 |
| 20150121498 | REMOTE KEYCHAIN FOR MOBILE DEVICES - An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset. | 04-30-2015 |
| 20150121499 | METHOD OF OPERATING A SECURITY TOKEN, COMPUTER PROGRAM PRODUCT AND SECURITY TOKEN - There is provided a method of operating a security token, said security token comprising a secure element and a microcontroller unit being coupled to said secure element, wherein: the secure element receives an authentication command from a host device while the microcontroller unit is in a first sleep state; the secure element decodes the authentication command, sends a corresponding authentication request to the microcontroller unit and subsequently enters into a second sleep state; the microcontroller unit wakes up upon receiving the authentication request and subsequently determines an amount of available power; the microcontroller unit processes the authentication request only if the amount of available power exceeds a threshold. Furthermore, a corresponding computer program product and a corresponding security token are provided. | 04-30-2015 |
| 20150128236 | Systems and Methods for Verifying a User Based on Reputational Information - Systems and methods for verifying a user based on reputational information are provided. In particular, a computerized CAPTCHA system consisting of one or more computers can determine a trust score based on one or more reputation signals associated with a user computing device, select a challenge to provide to the user computing device based on the trust score, and determine whether to verify the user computing device based on a received response to the challenge and/or the trust score. | 05-07-2015 |
| 20150128237 | Delegating Authorizations - Delegation of authorizations from one device to another device is contemplated. The contemplated capabilities may enable an authenticated device to confer access tokens or other authoritative permissions to a non-authenticated or unsecured device, such as to enable the delegated device to access user content without the user having to enter a username and password or other identifying credentials thereto. | 05-07-2015 |
| 20150128238 | METHOD, DEVICE, AND SYSTEM FOR IDENTITY AUTHENTICATION - The present invention relates to the field of identity authentication. Provided are a method, device, and system for identity authentication, solving the technical problem that existing identity authentication technologies are incapable of protecting personal privacy, and that authentication technologies comprising personal privacy must provide a traceability feature. The method for identity authentication mainly comprises: a first authenticator transmitting to a second authenticator a first identity authentication message; the second authenticator transmitting to an authentication server a second identity authentication message; the authentication server verifying the validity of a secure domain where the second authenticator is at on the basis of the second identity authentication message; the authentication server returning to the second authenticator a third identity authentication message; when the third identity authentication message is received by the second authenticator, same transmitting to the first authenticator a fourth identity authentication message. | 05-07-2015 |
| 20150128239 | IMAGE FORMING APPARATUS CAPABLE OF REDUCING SECURITY RISK, METHOD OF CONTROLLING IMAGE FORMING APPARATUS, SYSTEM INCLUDING IMAGE FORMING APPARATUS, AND STORAGE MEDIUM - An image forming apparatus capable of notifying a user of violation of the information security policy or preventing execution of the job from being stopped. A password policy set via a password policy-setting screen. A password-added print job transmitted from a PC is stored in a storage device. A user inputs a password so as to execute processing of the password-added print job stored in the storage device. If the password input by the user matches the password added to the job, processing of the password-added print job is executed. It is determined whether or not the password added to the print job satisfies the password policy. | 05-07-2015 |
| 20150128240 | Determining Identity Of Individuals Using Authenticators - Systems are provided that allow users to access resources in a manner that addresses inherent deficiencies in existing authentication systems. During a typical authentication process, the system may connect the user to one or more authenticators in real time through a variety of communications channels so that the authenticators may verify that the user is who he/she purports to be. In this way, a user may be authenticated and allowed to complete transactions that require access to protected resources/transactions. In some embodiments, the system may automatically identify authenticators for a user via an onboarding process by searching the user's electronic files, accessing social and professional networking sites, searching one or more credit reporting databases, or other such means. Based upon the determinations made by the authenticators, and other factors, such as the trust scores assigned to authenticators, an authentication engine may be used to calculate a confidence score regarding the user's identity that may be utilized in determining whether to grant the user access to protected resources/transactions. | 05-07-2015 |
| 20150128241 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER AND DEVICE - Systems and methods for authenticating a user request for authentication are provided. An authentication device that may be part of such a system includes a network interface component coupled to a network and configured to receive at least one data packet having authentication information including at least a username of a user and user credentials. The device also includes a memory coupled to the network interface component and configured to store the received authentication information, one or more instructions for authenticating the user, and account information of the user. The device further includes one or more processors configured to analyze the received information, calculate a score based on the received information, determine a threshold, compare the calculated score with the determined threshold, and authenticate the user and a device from which the data packet is received if the calculated score is greater than or equal to the determined threshold. | 05-07-2015 |
| 20150135292 | APPARATUS AND METHOD FOR MANAGING PHONE NUMBER-BASED SNS ACCOUNT - A Social Network Service (SNS) account management server transmits, when phone number change schedule information is received from a user terminal, a phone number change schedule message to user terminals respectively corresponding to friend accounts included in a friend list of the corresponding account; confirms, when authentication of the new SNS account is requested from the user terminal, whether or not the account is an account of the changed phone number for the new authentication request based on the previously transmitted phone number change schedule information; transmits, if the account is of the changed phone number, a phone number change notification message to user terminals corresponding to friend accounts included in a friend list of the account of the changed phone number; and updates the changed phone number of the user terminal in a database of each friend account. | 05-14-2015 |
| 20150135293 | RECONFIGURABLE ANTENNA BASED SOLUTIONS FOR DEVICE AUTHENTICATION AND INTRUSION DETECTION IN WIRELESS NETWORKS - Channel based authentication schemes for intrusion detection that operates at the physical layer are described that apply the capabilities of a pattern re-configurable antenna for improved performance. Performance gains are achieved by the schemes as a function of the number of antenna modes. The first scheme relies on a channel based fingerprint for differentiating between transmitters whereas another scheme poses the intruder detection problem as a generalized likelihood ratio (GLR) test problem that operates on the channel realizations corresponding to different modes present in a reconfigurable antenna. The benefits of these two schemes over single element antennas are demonstrated. General guidelines are provided on how to choose the different elements of the decision metric in order to realize better performance for physical layer based authentication schemes based on any diversity scheme. | 05-14-2015 |
| 20150135294 | METHOD, DEVICE, AND SYSTEM FOR AUTHENTICATION - The present invention relates to the field of identity authentication. Provided are a method, device, and system for authentication, solving the problem that existing identity authentication technologies are incapable of protecting personal privacy, and that authentication technologies comprising personal privacy must provide a traceability feature. The method for identity authentication comprises: a second authenticator transmitting to a first authenticator a first identity authentication message; the first authenticator transmitting to an authentication server a second identity authentication message; the authentication server verifying the validity of a secure domain where the second authenticator is at and of the first authenticator on the basis of the second identity authentication message; the authentication server returning to the first authenticator a third identity authentication message; the first authenticator transmitting to the second authenticator a fourth identity authentication message; the second authenticator proceeding to verification when the fourth identity authentication message is received; the second authenticator transmitting to the first authenticator a fifth identity authentication message; and the first authenticator proceeding when the fifth identity authentication message is received. The authentication system comprises the first authenticator, the second authenticator, the secure domain where the second authenticator is at, and the authentication server. | 05-14-2015 |
| 20150135295 | NETWORK AGGREGATOR - A device, system and method for aggregating resources, services or data across a network in which data and services from various source networks can be converted into an internal, aggregatable form (or vice versa) that can be sent to relevant properties or systems on request or through scheduling. The framework of the device, system and method permits scalability and potentially support any number of users, applications and services. | 05-14-2015 |
| 20150143492 | SYSTEM AND METHOD FOR IDENTIFYING COLLABORATORS ON A SHARED MOBILE DEVICE - A method, computer program product, and system is provided for identifying collaborators on a shared mobile device. In an implementation, a method may include receiving, by a shared mobile device, an identifier input including one or more biometric identifiers associated with a user. The method may also include receiving, by the shared mobile device, a collaborative content input from the user, the collaborative content input being associated with at least a portion of collaborative content. The method may further include comparing the one or more biometric identifiers associated with the user with biometric identifiers of a plurality of users of the shared mobile device. The method may further include, when the identifier input including the one or more biometric identifiers associated with the user matches a biometric identifier of an identified user of the plurality of users of the shared mobile device, associating the identified user with the collaborative content input. | 05-21-2015 |
| 20150143493 | ELECTRONIC DEVICE AND LOGIN METHOD THEREOF - An electronic device and a login method thereof are provided. The method includes the following steps. A first user information is received. A login authentication message corresponding to the first user information is obtained according to the first user information. A current sequence combination corresponding to a plurality of function buttons being pressed is received, and the function buttons are used for controlling the electronic device to execute a plurality of functions correspondingly. The current sequence combination is compared with a preset sequence combination of function buttons in the login authentication message. Whether a login process of the first user information is completed is determined. Accordingly, difficulties in entering a password may be solved by the function buttons on a remote controller, and an identity authentication may be simplified and quickly completed, so as to provide a better user experience for the user. | 05-21-2015 |
| 20150143494 | CONTINUOUS IDENTITY AUTHENTICATION METHOD FOR COMPUTER USERS - The present invention provides a continuous identity authentication method. This method transforms the behavior records of different time intervals of the system user into a text format, and uses a resampling technique to generate a large number of articles of different lengths in order to have behavior records of the system user in different lengths of time, then using a document classification technique to build a matrix. In the end, building behavioral models of different time periods of the system's user using Minimum Enclosing Ball technology. The behavioral models can then learn the behavior of the legitimate system user and continuously check whether the system is currently operated by the legitimate system user or not. | 05-21-2015 |
| 20150143495 | CAPTCHA PROVISION METHOD AND PROGRAM - [Problem] To selectively provide, in accordance with a user terminal a CAPTCHA that can be easily executed by an operator of the user terminal. [Solution] A web server ( | 05-21-2015 |
| 20150143496 | MULTI-FACTOR AUTHENTICATION - Methods, systems and devices for multi-factor authentication (MFA) are described. An MFA device includes a plurality of tiles, a frame to hold the tiles and a stylus movable over the frame and the tiles. Each of the tiles includes at least one of visible indicia and tactile indicia, for representing a notation, and at least one track of acoustic code generation indicia. The acoustic code generation indicia of each tile, on being swiped, generate a complex sound waveform that encodes a composite binary pattern. The composite binary pattern comprises information blocks including a device identifier block for a device identifier associating the MFA device with a user, a biometric block for at least a part of a biometric pattern of the user, and a data block for the notation of the corresponding tile. | 05-21-2015 |
| 20150143497 | IDENTITY AUTHENTICATION BY USING HUMAN BIOLOGICAL CHARACTERISTIC - A human biological characteristic file corresponding to a particular identity is received and used as a base file. A characteristic code to be authenticated is obtained according to a human biological characteristic of a person who requests identity authentication when an identity authentication request corresponding to the particular identity is received. A base characteristic code is collected from a base file. A collecting algorithm applied for collecting the base characteristic code is the same as or matches an algorithm applied for obtaining the characteristic code. The present techniques determine whether the base characteristic code and the characteristic code correspond to a same human biological characteristic. If a result is positive, the identity authentication request is verified. The present techniques implement communication between different terminal devices of different manufacturers and effectively improve user experiences, thereby efficiently and conveniently implementing remote identity authentication. | 05-21-2015 |
| 20150143498 | OFFLINE AUTHENTICATION - A method including determining, by a processing device, whether a computer system is able to access an authentication server, in response to determining that the computer system is able to access the authentication server, requesting a first set of credentials, authenticating the first set of credentials, assigning a user a first role for performing operations on the computer system in view of the first set of credentials, and in response to determining that the computer system is unable to access the authentication server, requesting a second set of credentials different from the first set of credentials, authenticating one or more credentials provided by the user, and assigning the user a second role for performing operations on the computer system in view of the one or more credentials, wherein the first role specifies a first type of access to at least one object on the computer system, and the second role specifies a second type of access to the at least one object, wherein the first type of access is different from the second type of access. | 05-21-2015 |
| 20150150100 | INTEGRATED PROFILE CREATION FOR A SOCIAL NETWORK ENVIRONMENT - In an example, a system and method is disclosed for providing a user matching system. To ease creation of a profile, a node may be enabled to connect to a third-party social media site where the node already has an established profile. The established profile is imported, wherein common fields are directly mapped, inferred fields may be deterministically inferred, and other fields such as “likes” may be assigned relative weights based on recentness, subjective user rankings, or correlation to other “likes.” The node may also be enabled to permanently log in to the matching system via credentials for the third-party social media site. | 05-28-2015 |
| 20150150101 | NETWORKED DEVICE ACCESS CONTROL - A computer apparatus is remotely initiated. Confirmation of a detected and authenticated presence of a user is detected and confirmed remote from the computer apparatus. A dedicated resource that will be implemented using the computer apparatus is logged in in a protected workstate that prevents access to the computer apparatus until a local presence of the user is detected and authenticated. The workstate of the computer apparatus is unprotected upon confirmation of the local presence of the user. Access to the user is allowed upon unprotecting the workstate of the computer apparatus. | 05-28-2015 |
| 20150150102 | BRIDGE DEVICE CONTROLLING SYSTEM, BRIDGE DEVICE, AND BRIDGE DEVICE CONTROLLING METHOD - A bridge device controlling system may include: a bridge device including an authentication code; and a wireless communications terminal generating authentication information depending on the authentication code provided by the bridge device and providing the generated authentication information to the bridge device. The bridge device may provide authentication authority to the wireless communications terminal in the case in which the authentication information provided by the wireless communications terminal coincides with preset reference information. | 05-28-2015 |
| 20150150103 | METHOD OF AUTHENTICATING A DEVICE TO ACCESS A SERVICE - The invention relates to a method of authenticating a user of a first device while accessing a service offered by a service provider, the first device forming part of a group of devices in a local network that includes a second device of a user having an identification module for identifying and authenticating the user with the service, the method being characterized in that it comprises a prior broadcast step during which the second device broadcasts to the first device its ability to supply proof of an authentication, and in that, when the first device seeks to authenticate itself, the method further comprising:
| 05-28-2015 |
| 20150150104 | DYNAMIC SECURITY QUESTION GENERATION - A method of dynamically generating a security question for accessing a resource. The method comprises monitoring a behavior of said user during a monitoring period to identify automatically a deviation from a behavioral pattern indicative of repetitive behavior of a user, automatically generating a security question responded to by an indication of said deviation, receiving a user input inputted by a user in response to a presentation of said security question and said deviation, and authenticating, after said monitoring period, an access to a resource according to a match between said user input and said deviation. | 05-28-2015 |
| 20150150105 | COMMUNICATION MANAGEMENT APPARATUS, PROGRAM, COMMUNICATION MANAGEMENT METHOD, AND COMMUNICATION MANAGEMENT SYSTEM - A communication management apparatus for performing access control over a plurality of terminal devices is provided. The communication management apparatus includes a registration unit that accepts registration of a group of terminal devices to be granted permission of access among the plurality of terminal devices; and an access control unit that performs access control, if authentication information is set in association with the group in group information having information about the group, to permit access from one terminal device of the group of the terminal devices that supplies an input that matches the authentication information. | 05-28-2015 |
| 20150150106 | DELEGATING AUTHORIZATIONS - Delegating authorizations sufficient to access services is contemplate. The authorization may be delegated in the form of a token or other transmissible construct relied upon to authenticate access to services, such as but not necessarily limited to conferring a user identity established via authenticated device for the purposes of enabling an unauthenticated or unsecured device to access a service associated with the user identity. | 05-28-2015 |
| 20150150107 | SYSTEMS AND METHODS FOR UNIVERSAL ENHANCED LOG-IN, IDENTITY DOCUMENT VERIFICATION, AND DEDICATED SURVEY PARTICIPATION - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data, A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server. | 05-28-2015 |
| 20150295880 | SOCIAL DISCOVERY OF USER ACTIVITY FOR MEDIA CONTENT - Aspects of the present disclosure provide techniques that may enable user activity information to be automatically generated and shared with other users of a social network. In one example, a method of automatically publishing, to one or more social network services, information about user activities regarding media content items includes receiving user activity information regarding a media content item, wherein a user is a member of one or more social network services, and the user activity information is generated in response to one or more activities taken by the user with respect to the media content item. The method may also include receiving an indication of one or more users of the one or more social network services to whom the user activity information is to be made accessible, and automatically publishing the user activity information to the one or more social network services. | 10-15-2015 |
| 20150295910 | AUTHENTICATING DATA AT A MICROCONTROLLER USING MESSAGE AUTHENTICATION CODES - A system and method of verifying data at a microcontroller using message authentication codes (MACs) includes generating at a microprocessor of the microcontroller a valid MAC using valid data; transmitting the valid MAC to a peripheral of the microcontroller along with the valid data; receiving an authentication message at the microprocessor from the peripheral in response to transmitting the valid MAC; generating at the microprocessor an invalid MAC, which is created by changing one or more bits of the valid MAC; transmitting the invalid MAC to the peripheral along with the valid data in response to the authentication message; and receiving a second authentication message at the microprocessor from the peripheral in response to transmitting the invalid MAC. | 10-15-2015 |
| 20150295912 | AUTHENTICATION APPARATUS, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND STORAGE MEDIUM - The first authentication unit of an authentication apparatus decides whether first authentication data exists in a received message, and performs, if it is decided that the first authentication data exists, authentication based on the first authentication data. The second authentication unit of the authentication apparatus decides whether second authentication data exists in the received message, and performs, if it is decided that the second authentication data exists, authentication based on the second authentication data. If the second authentication unit decides that no second authentication data exists in the received message, and the first authentication unit decides that authentication has succeeded, it is decided that authentication for the received message has succeeded. | 10-15-2015 |
| 20150295915 | PORTAL AUTHENTICATION - When a portable terminal of a user receives an authentication prompt message pushed by an application server, an authentication prompt option corresponding to the authentication prompt message is output at the portable terminal. A portal authentication is initiated after the authentication prompt option is selected by the user. MAC address information of the portable terminal returned by a portal server is acquired after the portal authentication is initiated. A user name and password for the application client terminal to log into the application server terminal is used as a user name and password for portal authentication. The MAC address information of the portable terminal returned by the portal server is sent to the application server. The present disclosure facilitates the operation of using the portal authentication, prevents the user from forgetting to perform the portal authentication, and brings convenience to those who are not familiar with the portal authentication mechanism. | 10-15-2015 |
| 20150295921 | Service Authorization using Auxiliary Device - Implementations of the present disclosure relate to systems and methods for service authorization. A server terminal device may receive user authentication information that is stored on the auxiliary device for user authentication associated with an authentication device. Based on the user authentication information, the server terminal device may then determine whether the authentication device meets the authentication condition. The implementations further relate to methods and systems for requesting service authorization. | 10-15-2015 |
| 20150295927 | METHODS AND SYSTEMS FOR CAPTURING BIOMETRIC DATA - A method of capturing biometric data is provided that includes activating a security application in a device. The security application is activated by an operator of the device and is configured to cause the device to display an outline image. Moreover, the method includes displaying the outline image in a stationary position on a display of the device, positioning desired biometric data proximate the device such that the desired biometric data appears as a biometric image on the device display, and monitoring the outline and biometric images shown on the device display. Furthermore, the method includes positioning the device and the desired biometric data to better align the outline and biometric images when the outline and biometric images do not align and capturing the desired biometric data from an individual after approximately aligning the outline image with the biometric image. | 10-15-2015 |
| 20150295929 | METHOD AND SYSTEM FOR WIRELESS LOCAL AREA NETWORK USER TO ACCESS FIXED BROADBAND NETWORK - A method and system for a wireless local area network user accessing a fixed broadband network, the method includes: a broadband network gateway (BNG) device initiating an identity authenticating process to an authentication authorization accounting (AAA) server for a wireless local area network (WLAN) user; after the AAA server successfully authenticates the WLAN user, the BNG device acquiring a mobility identifier of the WLAN user from the AAA server; after receiving the mobility identifier of the WLAN user, the BNG device allowing the mobility access of the WLAN user. | 10-15-2015 |
| 20150304292 | A SYSTEM AND METHOD FOR SECURE PROXY-BASED AUTHENTICATION - A system and method for secure authentication facilitates improving the security of authentication between a client and a target by using an innovative authentication module on a proxy. The client can connect to the proxy using a native protocol and provides client credentials to the proxy. The proxy uses an authentication module to authenticate the client and then to provide target access credentials for proxy-target authentication, thereby giving the client access to the target through the proxy. The invention facilitates connection between the client and the target without requiring the client to be in possession of the target access credentials. The proxy can optionally be connected to a privileged, access management system which can provide and/or store target access credentials. Proxy-provided target access credentials facilitate preventing a client security breech from exposing target access credentials. | 10-22-2015 |
| 20150304299 | Social Authentication - In one embodiment, a method includes providing for presentation to a user a number of content objects. At least one of the presented content objects is socially relevant to the user. wherein at least one of presented content objects is socially irrelevant to the user. The presented content objects are socially relevant or socially irrelevant to the user based on whether in a social graph a node corresponding to the user is connected by an edge to a node associated with the content object. The edge represents a social relationship between the content object and the user. The method also includes receiving an input indicating a selection of a number of the presented content objects by the user; and authenticating the user based on a determination of whether the selected content objects are socially irrelevant to the user. | 10-22-2015 |
| 20150304301 | Systems and Methods for Login and Authorization - Systems and methods are provided for login and authorization. For example, a third-party terminal receives a login request from a user and sends an authorization request from the third-party terminal to a network server; the network server generates first two-dimensional-barcode information and sends the first two-dimensional-barcode information to the third-party terminal; the third-party terminal displays a first two-dimensional-barcode image; a mobile terminal extracts the first two-dimensional-barcode information from the first two-dimensional-barcode image and sends first user account information and the first two-dimensional-barcode information to the network server; the network server validates the first user account information and the first two-dimensional-barcode information based on at least information associated with stored second user account information and second two-dimensional-barcode information generated by the network server. | 10-22-2015 |
| 20150304318 | METHOD AND SYSTEM FOR ACCESSING A SERVICE - To access a service, each user device stores one first key. The user device is connected to a first server. A terminal sends to a second server a connection request. The second server responds with first data relating to a transaction identifier and an associated challenge. The terminal determines a first result depending upon the first data and the first key. The terminal sends to the first server the first result and user device data. The first server identifies a user device based upon the user device data and sends to the device the first result. The device determines the challenge and the transaction identifier based upon the first result and the first key and sends to the second server the challenge and the transaction identifier. The second server verifies whether the data received from the device matches the first data and, if so, authorizes the terminal to connect. | 10-22-2015 |
| 20150304325 | METHOD, SYSTEM AND APPARATUS FOR GEO-VERIFICATION - A method, system and apparatus are provided for geo-verification for access to data stored in a memory of a server having a processor and a network interface connected to the memory. The method includes: storing, in the memory, access control data including an approved geographic area; receiving at the processor, from a client computing device via the network interface, a request for access to the data, the request containing a client location of the client computing device, the client location including global positioning system (GPS) coordinates; comparing, at the processor, the client location to the approved geographic area; when the client location is within the approved geographic area, permitting access to the data for the client computing device via the network interface; and when the client location is not within the approved geographic area, denying the request. | 10-22-2015 |
| 20150304332 | LOCKABLE NETWORK TESTING DEVICE - A network testing device may be linked to a dedicated remote server e.g. a could-based server having a unique, pre-determined address. The testing device may be configured to cease operating, become locked or limited in testing functionality after a number of startup cycles, days of use, a certain date, etc. Once the testing device is locked, the testing device may be re-activated only by establishing a connection to the server. A database of network testing devices currently in use may be provided. Once a testing device is lost or stolen, the database may be remotely updated to prevent reactivation of that testing device, so as to render the lost or stolen testing device useless for an unauthorized operator of the testing device. | 10-22-2015 |
| 20150304342 | IDENTITY INFORMATION SYSTEMS AND METHODS - A computer implemented method of providing candidate information comprises: obtaining a challenge code from a verification service at a first device associated with an ID candidate; capturing the challenge code from the first device at a second device associated with an ID checker; verifying the challenge code between the second device and the verification service and, if the challenge code is verified, providing the candidate information from the verification service, such that the candidate information is accessible to the ID checker. | 10-22-2015 |
| 20150304435 | EXPECTED LOCATION-BASED ACCESS CONTROL - In an approach for authenticating a user attempting to access to a resource, a processor receives an indication of a user attempting to access a resource within a timeframe, wherein the indication includes a location of the user. A processor identifies a location requirement for the user attempting to access the resource, wherein the location requirement originates from an entry indicating an expected location of the user within the timeframe, and wherein the entry is unmodifiable by the user. A processor determines whether the expected location of the user matches, within a threshold, the received location of the user attempting to access the resource. | 10-22-2015 |
| 20150304850 | SYSTEM AND METHOD FOR TRANSACTION SECURITY RESPONSIVE TO A SIGNED AUTHENTICATION - A system arranged to authenticate a user via its mobile device to a service provider, the system comprising: an authentication server; the user mobile device, the user mobile device provided with a verification application arranged to communicate with the authentication server; and a notification server in communication with the authentication server and arranged to transmit a notification to the user mobile device responsive to the authentication server, the authentication server arranged to provide a signed authentication to the service provider responsive to present and historical information regarding one of: the user mobile device; and an additional user device in communication with said authentication server, said signed authentication provided in accordance with a rule set determined by an authorized entity stored on said authentication server memory governing the required present and historical information attribute. | 10-22-2015 |
| 20150310201 | USER AUTHENTICATION SYSTEM - A user authentication system | 10-29-2015 |
| 20150312234 | Authenticating a Device When Connecting it to a Service - There is provided a method and apparatus for authenticating user equipment access to a device over a communications network. The method comprises: sending a first message to the user equipment, the first message requesting the user to power off the device; detecting that the device is not available; sending a second message to the user equipment, the second message requesting that the user power on the device; detecting that the device is available; and if both detections are positive, then authenticating user equipment access to the device. | 10-29-2015 |
| 20150312238 | METHOD FOR UPDATING A TABLE OF CORRESPONDENCE BETWEEN A LOGICAL ADDRESS AND AN IDENTIFICATION NUMBER - This invention relates to a Method for updating a table of correspondence between a logical address associated to a user unit in a communication network and a unique identification number associated to a user unit of a group of user units managed by a management centre, a method in which messages are exchanged between said management centre and at least one specific user unit of said group by means of said communication network, these messages being forwarded to the specific user unit using the logical address of said user unit in said network, wherein it includes the steps of searching in said table of correspondence for the logical address of the user unit in said communication network corresponding to the unique identification number of the specific user unit; of sending of messages to the user unit having the concerned unique identification number, to the logical address corresponding to said communication network; in the case of incorrect reception of the messages, sending of a request containing an identifier of said specific user unit (STB*), this request being sent to all or part of the user units (STB) forming said group; detection of a return message of a user unit (STB*) whose unique identification number (UA*) corresponds to said identifier contained in the request; determination of the logical address (AD*) in said network, used by the user unit (STB*) having transmitted the return message; verification of the logical address (AD) by establishing a communication between the management centre and the user unit (STB*) and authentication of the specific user unit by the management centre; storage in the table of correspondence (TC) of the management centre of said logical address (AD*) of the user unit in said network, in connection with said unique identification number (UA*) of the user unit (STB*) having transmitted the return messages. | 10-29-2015 |
| 20150312248 | IDENTITY AUTHENTICATION - A system for authenticating a mobile user's identity is disclosed. The user may be required to log in upon first launching a mobile application. Subsequent launches of the mobile application may not require the user to log in. Upon subsequently launching the mobile application, the mobile device may transmit a token validation request that includes a soft token stored at the mobile application. An authentication server may receive the request and transmit a one-time password to a device that has the phone number associated with the soft token. The authentication server may also transmit a session ID number. When the authentication server receives an identity validation response from the mobile device that includes the session ID number and the one-time password, the authentication server may output requested customer account information. | 10-29-2015 |
| 20150312251 | ENSURING THE SECURITY OF A DATA TRANSMISSION - Ensuring the security of a data transmission by verifying an identity of a user, comprising: a prior step of enrolling a terminal of the user, comprising: an association of a authentic identity data item of the user and a data item of a terminal available to the user and communicating via a network, the association being stored with data for contacting the terminal via the network, and a determination of an identity derived from at least said information, stored in the memory of the terminal, in correspondence with a data item specific to the user, for the purposes of a later strong authentication based on both the data item specific to the user and on the derived identity, as well as a current step of verifying the user identity. | 10-29-2015 |
| 20150312252 | METHOD OF ALLOWING ESTABLISHMENT OF A SECURE SESSION BETWEEN A DEVICE AND A SERVER - The invention is a method for allowing a user to establish a secure session between a device and a server by using a username/password associated with the user. The user provides the username for the device. In response to a message comprising the username, the server opens a session and generates an identifier of the session and sends the identifier to the device. The identifier is transmitted to a machine distinct from the device. The user provides the password for the machine. The machine sends an authenticating message to the server, the authenticating message comprises the identifier and an authenticating data generated from the password. The server sends a result message reflecting the result of the authenticating data checking to the device. | 10-29-2015 |
| 20150312265 | Method for Verifying Sensitive Operations, Terminal Device, Server, and Verification System - The disclosure, pertaining, to the field of network technologies, discloses a method for verifying sensitive operations, a terminal device, a server, and a verification system. The method includes: receiving by a verification server, a second verification request from a sensitive operation server sending, by the verification server, a verification code to a two-dimensional code server; upon receiving a first verification request from a first terminal device, performing verification by the verification server according to the verification information of the first terminal device and the information in the two-dimensional code; and when the user initiating the sensitive operation is a user determined by the identity information, allowing a sensitive operation initiated by the user determined according to the information in the two-dimensional code. | 10-29-2015 |
| 20150317466 | CERTIFICATE VERIFICATION SYSTEM AND METHODS OF PERFORMING THE SAME - A system for generating certificates, the system include a certification generation unit having a processor and a memory with an application in the memory executing the steps of generating a digital certificate, retrieving verification information from a user where the verification information are unique to the user, appending a certificate content onto the verification information, appending an issuing authority identifier to the verification information, appending metadata to the verification information, embedding the appended verification information into the digital certificate, encoding the digital certificate with the embedded information, and issuing the encoded digital certificate. | 11-05-2015 |
| 20150319154 | STATE DRIVEN ORCHESTRATION OF AUTHENTICATION COMPONENTS IN AN ACCESS MANAGER - Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process. | 11-05-2015 |
| 20150319155 | System for Providing Access to the Internet - A system for providing access to the internet, comprises a network of routers (R) hereinafter designated “new routers”) wherein each new router (R) has a CPU (112) that has, or is associated with, a public area (142) that allows simultaneous access to the new router's CPU by more than one user account. The system is so arranged that a pre-registered user with a user account identified by an identifier, typically a user name and/or password, can access the internet from any new router (R) in the network by connecting to the public area (142) of the new router's CPU (112) and entering the account identifier of the pre-registered user account. | 11-05-2015 |
| 20150319156 | INDEPENDENT IDENTITY MANAGEMENT SYSTEMS - Systems, methods and apparatus embodiments are described herein for authenticating a user and/or a user equipment (UE). For example, a user and/or UE may request access to a service controlled by a service provider (SP). The user may be authenticated by an identity provider (IdP), producing a result. A user assertion may be provided to the SP, and the user assertion may comprise the user authentication result. The UE may be authenticated with another IdP, producing an associated result. A device assertion may be provided to the SP and may comprise the device authentication result. A master IdP may bind the assertions together and a consolidated assertion may be provided to the SP so that the user/UE can receive access to a service that is provided by the SP. | 11-05-2015 |
| 20150319157 | SYSTEM AND METHOD FOR DYNAMIC AND SECURE COMMUNICATION AND SYNCHRONIZATION OF PERSONAL DATA RECORDS - A system and method for dynamic and secure communication and synchronization of personal data records through a distributed network. More specifically, a system that receives, stores and secures personal data records for users and then transmits and synchronizes personal data records between users in a distributed network based on rule-based security controls. | 11-05-2015 |
| 20150319159 | System and Method of Generating and Using Bilaterally Generated Variable Instant Passwords - Implementations of a system and method of generating and using bilaterally generated variable instant passwords are provided. In some implementations, the Bilaterally Generated Variable Instant Password System is a Password generation and authentication system that may be used to secure electronic transactions (e.g., a stock market transaction). The system works by authenticating a user at the beginning of a session and at the initiation of any subsequent transactions that occur during the same session. The initial password is entered by the user while additional passwords required to authenticate subsequent transactions are generated by the system without any effort on the part of the user. The passwords are used as encryption keys to encrypt each transaction and may be used to limit a user's access to specific portions of a service providers system. A variety of authentication devices may be used to generate system passwords. | 11-05-2015 |
| 20150319169 | SECURE COMMUNICATIONS SMARTPHONE SYSTEM - Methods, systems, and non-transitory data storage media are provided for secured communications where biometrics are used to secure communications sent over a data communication path. A sender of a secured communication may identify one or more biometrics required from a recipient before the recipient is allowed to interpret, read, view, or listen to the communication. Communications secured by the present invention may include email, text messages, iMessages, files, links, Universal Resource Locators (URLs), videos, photos, attachments, or other forms of electronic data or media communications. | 11-05-2015 |
| 20150319174 | Enterprise System Authentication and Authorization via Gateway - Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource. The methods and systems may also include receiving, by the computing device, the authorization information associated with the enterprise resource, transmitting, by the computing, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource, and passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource. | 11-05-2015 |
| 20150319180 | METHOD, DEVICE AND SYSTEM FOR ACCESSING A SERVER - A method for accessing a first server, wherein a first device is coupled or connected to a first server. The first device captures, at at least one predetermined time and/or during at least one predetermined time period, at least one signal, the at least one signal being emitted at a place where the first device is located. The first device, the first server or a second server compares each of the at least one captured signal to each of at least one predetermined signal respectively. And if each of the at least one captured signal does or does not match each of the at least one predetermined signal respectively, then the first device, the first server or the second server authorizes or forbids to access the first server respectively. | 11-05-2015 |
| 20150319613 | Co-Activation For Authenticating A User's Registration - A method of authenticating a user's right to a mobile communication device, comprising: providing a service server comprising a database having registered service users entries, each the entries comprising an identification of the service user's mobile communication device, and an identification of the network operator used by the service user's mobile communication device; and requesting by the service server from a client application running on a first mobile communication device to send a SMS message to a client application miming on a second mobile communication device, the first and second mobile communication devices sharing the same network operator. | 11-05-2015 |
| 20150319614 | ELECTRONIC DEVICE AND METHOD FOR PROVIDING SERVICE INFORMATION - A method of providing service information using an electronic device is provided. The method includes receiving a service information packet, determining whether a service IDentification (ID) included in the received service information packet is a registered service ID, determining whether a service condition corresponding to the service ID and a registered condition are matched, and in response to determining that the service condition corresponding to the service ID and the registered condition are matched, displaying information corresponding to the matched condition. | 11-05-2015 |
| 20150319616 | MOBILE DEVICE DIGITAL COMMUNICATION AND AUTHENTICATION METHODS - Embodiments of the present invention provide various approaches for mobile device intercommunication (e.g., digital) as well as various authentication methods. In one embodiment, the present invention provides direct line-of-sight visual digital communication between mobile devices for controlled security. In another embodiment, the present invention provides direct contact motion-based digital communication between mobile devices for controlled security. Embodiments of the present invention also provide various authentication methods. One such example relates to secure authentication code exchange with subsequent digital communications in one or more channels. In another example, human-readable information is used along machine-readable digital codes (e.g., quick response (QR) codes to verify visual codes. Still yet, embodiments of the present invention provide non-obtrusive visual codes that maintain a user's access to a mobile device screen. | 11-05-2015 |
| 20150324558 | FLEXIBLE AUTHENTICATION USING MULTIPLE RADIUS AVPS - An apparatus, method and machine readable storage medium, for an authentication server such as a RADIUS server, for authenticating a subscriber are disclosed. The method comprises: receiving a request message including a plurality of attributes such as attribute value pairs (AVPs) having respective attribute names and respective attribute values; retrieving an authentication profile object; identifying a plurality of authentication attributes to use for authentication from the authentication profile object; extracting the plurality of authentication attribute values from the message; pre-processing one or more of the extracted attribute values; and authenticating the request message based on the pre-processed extracted attribute values. | 11-12-2015 |
| 20150324563 | Behavioral Authentication System using a Behavior Server for Authentication of Multiple Users based on their Behavior - A method and a corresponding device for authenticating a user for access to protected information, the method comprising generating a behavioral user profile associated with a first user known to be a legitimate user of the protected information, obtaining from a second user, using a behavioral input device associated with a second computing device, a behavioral user sample, storing the behavioral user sample, associated with the second user, in a temporary user profile, comparing the behavioral user sample of the second user to the behavioral user profile, and if the behavioral user sample does not match the behavioral user profile contacting the legitimate first user and receiving from the legitimate first user information regarding the legitimacy of the second user and based on the information received from the first user, providing a response to the second user and updating the user profile. | 11-12-2015 |
| 20150324578 | RE-VERIFICATION OF A DEVICE - A user of a user device may be verified based on user credentials. The user device may be self-registered in a network. After a predetermined period of time, a re-verification timer may be implemented to re-verify credentials of a user of a user device. | 11-12-2015 |
| 20150324595 | PROVIDING ACCESS TO APPLICATION DATA - Disclosed are various embodiments for providing access to application data associated with multiple applications of a user. A request to store application data is obtained by a data storage service from an application associated with a user. The application is executed in a client computing device, and the request is obtained by way of a network. The application data is stored by the data storage service in response to the request to store. The data storage service may be configured to store data for multiple applications associated with the user. | 11-12-2015 |
| 20150326511 | MESSAGE TRANSMISSION SYSTEM AND METHOD SUITABLE FOR INDIVIDUAL AND ORGANIZATION - A message transmission system and method suitable for an individual and an organization are disclosed, where the system includes: a database, a server, a push gateway, and a mobile communications device. The database, the server, and the push gateway are combined into a cloud of the present disclosure. A plurality of pieces of organization member information and a plurality of pieces of non-organization member information are stored in the database, each piece of organization member information includes at least one organization ID, an account, and a password, different organization IDs are unique to each other, each organization ID defines an organization as a single-level organization or a multi-level organization, and each piece of non-organization member information includes an account and a password. A client accesses the cloud by using a single App and a single interface, so as to receive or transmit a message. | 11-12-2015 |
| 20150326512 | MESSAGE TRANSMISSION SYSTEM AND METHOD FOR A STRUCTURE OF A PLURALITY OF ORGANIZATIONS - A message transmission system and method for a structure of a plurality of organizations are disclosed, where the system includes: a database, a server, a push gateway, and a mobile communications device. The database, the server, and the push gateway are combined into a cloud of the present disclosure. A plurality of pieces of member information is stored in the database, each piece of member information includes at least one organization ID, an account, and a password, different organization IDs are unique to each other, and each organization ID may define an organization as a single-level organization or a multi-level organization. A client may access the cloud by using a single App and a single interface to receive or transmit messages. | 11-12-2015 |
| 20150326513 | MESSAGE TRANSMISSION SYSTEM AND METHOD SUITABLE FOR INDIVIDUAL AND ORGANIZATION - A message transmission system and method suitable for an individual and an organization are disclosed, where the system includes: a database, a server, a push gateway, and a mobile communications device. The database, the server, and the push gateway are combined into a cloud of the present disclosure. A plurality of pieces of organization member information and a plurality of pieces of non-organization member information are stored in the database, each piece of organization member information includes at least one organization ID, an account, and a password, different organization IDs are unique to each other, each organization ID defines an organization as a single-level organization or a multi-level organization, and each piece of non-organization member information includes an account and a password. A client accesses the cloud by using a single App and a single interface, so as to receive or transmit a message. | 11-12-2015 |
| 20150326517 | SYSTEM AND METHOD FOR DELIVERING INFORMATION VIA SECURE ELECTRONIC MESSAGING - A computer-implemented system for delivering information comprising: a sender device with an email client for composing and sending an original email message to a Simple Mail Transfer Protocol (SMTP) listener server with encryption enabled; a message processor that extracts the message body payload from the email message, stores it in a database, and creates a new email message with a message body containing a reference to the message body of the original email message; a file repository for storage of attachments to the email message; and an SMTP sender that sends the new email message to a recipient mail server. The listener server assigns the message to the message processor, and the new email message contains links to the attachments residing in the file repository. A method utilizing the system described above. | 11-12-2015 |
| 20150326549 | OPERATING SOFTWARE IN A VIRTUAL MACHINE ENVIRONMENT - A method of operating software in a virtual machine environment which is resident on a physical machine. The method comprises examining authenticity of a software license against authentication information stored in the virtual machine environment after activation of the software. The authentication information comprises unique virtual machine identification information that defines a unique association between the virtual machine and the physical machine. | 11-12-2015 |
| 20150326550 | AUTHENTICATION WITH PARENTAL CONTROL FUNCTIONALITY - In various embodiments, disclosed are a system and method for authenticating activity associated with a child account as controlled or managed by a parent account. A child-account user can enter a username, or other form of access information, in a child-account device. The username can contain a predetermined identifier in response to which, upon detecting the presence of the predetermined identifier, a third-party website can carry out authentication functions including sending a message to an authentication platform that carries out additional authentication functions, provided that a parent-account device authorizes doing so. | 11-12-2015 |
| 20150326552 | RESOURCE PROTECTION ON UN-TRUSTED DEVICES - Authenticating a client device to a service to allow the client device to access a resource provided by the service. A client device obtains a secondary credential that is associated with a primary credential and that is generated as being usable by a particular set of devices including the client device to indirectly gain access to the service through the primary credential. While outside of an enterprise network, the client device requests access to the service, including sending the secondary credential to an enterprise gateway. Based at least on sending the secondary credential to the enterprise gateway, the client device receives a resource from the service. The resource is received based at least on the enterprise gateway having forwarded the primary credential to the service after verifying that the secondary credential is valid and that the client device is in the particular set of client devices. | 11-12-2015 |
| 20150326553 | MOBILE HANDSET EXTENSION TO A DEVICE - Mobile operation is extended to a device. An extension interface comprises a client component within a mobile that is linked to a client component within the device. Extension of mobile operation is secured via delivery of credentials associated with the mobile to the device. Delivery of credentials is temporary and typically spans the period during which mobile operation is extended to the device. Application(s) and content(s) can be conveyed to the device for utilization therein. An emulation component that can reside at least in part on the client component within the device can emulate mobile operation. Client component within the mobile can include at least in part (i) a component that downloads drivers for communication with, and utilization of, the device to which mobile operation is extended, and (ii) a component that can scan for wireless-capable devices to extend mobile service thereto. | 11-12-2015 |
| 20150326557 | RELAY DEVICE, RELAY METHOD, AND PROGRAM - Provided are a relay device capable of appropriate access management, a relay method, and a program. The relay device ( | 11-12-2015 |
| 20150326574 | DEVICE VALIDATION USING DEVICE FINGERPRINT - Embodiments of the invention are directed to apparatuses, methods and computer program products for validating a device. An exemplary apparatus is configured to: determine a device accesses an application; determine whether the device is a trusted device based on a device fingerprint associated with the device; in response to determining the device is a trusted device, create an authenticated session; and enable performance of a transaction using the device during the authenticated session. | 11-12-2015 |
| 20150327060 | Connecting Devices to Networks - Illustrative aspects described herein relate to assisting wireless devices, such as dependent devices, in connecting to an access point or associated wireless network. Dependent wireless devices may lack user interfaces, which may make it difficult for a user to input credentials for accessing the access point directly from the wireless device. Assisting the wireless device in connecting to the access point may be done through the access point or through other devices, such as host devices. Additionally, the wireless device may connect to the access point using other devices having user interfaces. | 11-12-2015 |
| 20150334103 | DEVICE AUTHENTICATION USING PROXY AUTOMATIC CONFIGURATION SCRIPT REQUESTS - Methods and systems for performing device authentication using proxy automatic configuration script requests are described. One example method includes generating a unique key for a client device; configuring the client device to send a request for a proxy automatic configuration (PAC) script upon accessing a network, the request including the unique key; receiving, over a network, a request for the PAC script including a request key; and authenticating the client device on the network if the request key matches the client device's unique key. | 11-19-2015 |
| 20150334112 | VOICE OVER IP BASED BIOMETRIC AUTHENTICATION - A request from a party is received by a receiver from a remote system. The request from the party is received when the party attempts to obtain a service using the remote system. A selective determination is made to request, over a network, authentication of the party by a remote biometric system. A request is sent to the remote system for the party to provide a biometric sample responsive to determining to request authentication of the party. The service is provided contingent upon authentication of the party by the remote biometric system. | 11-19-2015 |
| 20150334564 | TRANSPARENT TWO-FACTOR AUTHENTICATION VIA MOBILE COMMUNICATION DEVICE - Two-factor authentication can be provided transparently to a user by virtue of proof information available at a mobile communication device. For example, after an access request for a service is sent, an authentication code can be intercepted from a responsive incoming message. The technologies can incorporate a cost proof as part of a cost optimization. Other features such as obfuscation and separate channels can be incorporated into the technologies to provide a superior user experience while implementing superior security. | 11-19-2015 |
| 20150339472 | SYSTEM AND METHOD FOR REAL WORLD BIOMETRIC ANALYTICS THROUGH THE USE OF A MULTIMODAL BIOMETRIC ANALYTIC WALLET - A system and method for real world biometric analytics through the use of a multimodal analytic wallet. The system includes a biometric wallet comprising a pervasive repository for storing biometric data, the pervasive repository including at least one of a biometric layer, a genomic layer, a health layer, a privacy layer, and a processing layer. The biometric wallet further comprises a biometric analytic interface configured to communicate the biometric data to one or more devices. | 11-26-2015 |
| 20150341319 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A method of establishing a secure communication link comprises: (a) receiving a request that (i) includes an identifier of a client and (ii) was sent in response to a determination that a DNS request from the client corresponds to a first computer configured to communicate securely; (b) comparing the received client identifier to at least one stored client identifier; (c) determining, based on the comparison, whether the client is authorized to communicate with the first computer; (d) generating a resource used to establish the secure communication link between the client and the first computer; (e) generating a message in response to determining that the client is not authorized to communicate with the first computer; and (f) in response to determining that the client is authorized to communicate with the first computer, making the resource available to the client to automatically establish the secure communication link. | 11-26-2015 |
| 20150341344 | SYSTEMS AND METHODS FOR USING IMAGING TO AUTHENTICATE ONLINE USERS - Systems and methods are disclosed for authenticating an identity of an online user. One method includes receiving from the user, through a first device, a request to access a web page associated with the user's online account; transmitting to the user an image that contains a unique ID and a URL of an authentication server; and receiving from the user, through the first device, an authentication request containing the unique ID. The method also includes receiving from the user, through a second device, a log-in ID associated with the user and the unique ID; and authenticating the identity of the user to grant the user access, through the first device, to the web page associated with the user's online account. | 11-26-2015 |
| 20150341348 | System and Method for Safe Login, and Apparatus Therefor - Disclosed is a safe log-in system and method for allowing log-in of a user in association with a plurality of devices, and an apparatus for the same. The safe log-in method for allowing a safe log-in of a communication device which accesses a web site includes: by an authentication data providing device, receiving a request for authentication-related data, which is required for log-in to the web site, from the communication device; by the authentication data providing device, extracting authentication-related data required for log-in to the web site; by the authentication data providing device, transmitting the extracted authentication-related data to the communication device; and by the communication device, attempting log-in authentication to the web site by using the authentication-related data. | 11-26-2015 |
| 20150341349 | PRIVACY-PRESERVING BIOMETRIC AUTHENTICATION - A method includes receiving a registration input including a first raw biometric template and a user identifier. The first raw biometric template may be representative of unique features of a biometric characteristic of a user associated with the user identifier. The method includes generating a first transformed biometric template by applying a random projection to the first raw biometric template and communicating the first transformed biometric template and the user identifier to an authentication server. The method includes receiving a challenge input including a second raw biometric template and the user identifier. The method includes generating a second transformed biometric template and communicating the second transformed biometric template and the user identifier to the authentication server. The method includes receiving a signal indicative of an authentication decision from the authentication server. | 11-26-2015 |
| 20150341351 | Secure data processing method and system - The invention discloses a secure data processing method and system, wherein the secure data processing method comprises the following steps of: a security control server receiving a data upload request from a terminal, and obtaining a file feature, an identification code of the terminal and a directory path of a file with the file feature in the terminal comprised in the data upload request; the security control server judging whether the terminal is a trustable machine and/or judging whether the directory path is a credit directory according to the identification code and/or the directory path, and if the terminal is a trustable machine and/or the directory path is a credit directory, adding the uploaded file feature into a security database, or otherwise, not adding it into the security database; the trustable machine is a terminal in which data is considered as secure data. The invention further provides a secure data processing system implementing the foregoing method. The secure data processing method and system can improve the update efficiency of the secure data. | 11-26-2015 |
| 20150341356 | LOGIN METHOD AND APPARATUS - A login method and a login apparatus are provided. A third party server receives a login request of a first client and returns an identification code, the first client displays the identification code, and the third party server receives an authentication request of a second client to obtain a user unique identifier of the second client, wherein, the authentication request is sent by the second client according to an address of the third party server contained in the identification code after performing image acquisition to the identification code, and the third party server performs login authentication to corresponding third party account information bound to the user unique identifier and returns a login authentication result. The third party account information bound to the user unique identifier varies depending on the difference in the address information of the third party server contained in the identification code. | 11-26-2015 |
| 20150347683 | MULTI-SERVICES APPLICATION GATEWAY AND SYSTEM EMPLOYING THE SAME - An intelligent gateway device provided at a premise (home or business) for providing and managing application services associated with use and support of a plurality of digital endpoint devices associated with the premises. The device includes a communications and processing infrastructure integrated with a peer and presence messaging based communications protocol for enabling communications between the device and an external support network and between the device and connected digital endpoint devices. A services framework at the gateway device implements the communications and processing infrastructure for enabling service management, service configuration, and authentication of user of services at the intelligent gateway. The framework provides a storage and execution environment for supporting and executing received service logic modules relating to use, management, and support of the digital endpoint devices. Thus, the gateway device provides a network-based services point of presence for a plurality of digital endpoint devices at the premises. | 12-03-2015 |
| 20150347777 | A DATABASE ACCESS SYSTEM AND METHOD FOR A MULTI-TIER COMPUTER ARCHITECTURE - A method for assigning access rights in a database server operating in a multi-tier computer architecture comprises granting a database connection user execution rights to execute a gatekeeper function of the database server. The gatekeeper function is executable to extract session related data and request data from an XML database request message provided by the database convection user. The gatekeeper function is further executable to execute an authentication function for authenticating the session related data. An owner of the authentication function is granted rights to call one or more stored procedures identified by the session related data, responsive to the session related data being successfully authenticated. | 12-03-2015 |
| 20150347889 | INFORMATION CODE, INFORMATION CODE PRODUCING METHOD, INFORMATION CODE READER, AND SYSTEM WHICH USES INFORMATION CODE - There is provided a system that uses a two-dimensional information code. The system administers an information code which is provided with a data recording region and an image region. The system is provided with a specific information acquisition section that acquires specific information of a subject or an object, as information recorded in the data recording region, or as information to be correlated to the information recorded in the data recording region. Further, the is provided with a unique image acquisition section that acquires a unique image of a subject or an object, or a unique image for specifying the subject or the object, as information indicated in the image region. Further, the system is provided with a registration section that registers specific information acquired by the specific information acquisition section, being correlated to a unique image acquired by the unique image acquisition section. | 12-03-2015 |
| 20150350173 | AUTOMATING AUTHENTICATION WITH MULTI-CHANNEL MEDIA DISTRIBUTORS - In some embodiments, a processing device extracts a cookie from a first media application that is prevented from providing the cookie to a second media application. The cookie includes authentication information that is associated with an authentication of the first media application with a multi-channel media distributor for accessing a first media channel. The processing device copies the extracted cookie to a shared storage resource that is accessible to both the first media application and the second media application. In response to the second media application accessing a second media channel, the processing device retrieves the extracted cookie from the shared storage resource. The second media application provides the authentication information from the extracted cookie to the multi-channel media distributor for authenticating the second media application to access the second media channel. | 12-03-2015 |
| 20150350182 | SYSTEMS AND METHODS FOR SECURELY ACCESSING PROGRAMMABLE DEVICES - According to various aspects and embodiments, a system including a programmable device is provided. The programmable device includes a memory storing an identifier of an authentication session and at least one processor coupled to the memory. The at least one processor is configured to receive an authentication credential, decode the authentication credential to access a session identifier and information associated with a requestor of the authentication credential, determine whether the session identifier matches the identifier of the authentication session, and grant the requestor access to protected functionality of the programmable device if the session identifier matches the identifier of the authentication session. | 12-03-2015 |
| 20150350185 | SYSTEM AND METHOD USING SINGLE ENTRY PASSKEY FOR PAIRING MULTIPLE PERIPHERAL DEVICES - A system for pairing a plurality of peripheral devices is disclosed, and includes a portable electronic device and a plurality of peripheral devices in wireless communication with the portable electronic device. The portable electronic device includes a processor and memory. The processor is configured to execute an instruction for prompting a user to enter a passkey only once. The processor is also configured to execute an instruction which references the memory of the portable electronic device to determine if there is at least one peripheral device that is in wireless communication with the portable electronic device that is original. The processor is configured to execute an instruction for pairing the at least one peripheral device that is original together with the portable electronic device. | 12-03-2015 |
| 20150350192 | Dynamic Secure Login Authentication - A system for performing a secured transaction using a network including a server in communication with the network is provided. The server has a processor and a memory to store private account information from registered users and store commands that when executed by the processor cause the server to perform a method including: providing a login configuration to a user, including a matrix of dynamic symbols; determining an expected password for the user based on a trace pattern from the user and the symbols in the matrix; receiving a password from the user; and determining whether the password matches the expected password. A non-transitory machine-readable medium including a plurality of machine-readable instructions which when executed by one or more processors of a server controlled by a service provider are adapted to cause the server to perform a method as above is also provided. | 12-03-2015 |
| 20150350201 | SYSTEMS AND METHODS FOR USING WEARABLE TECHNOLOGY FOR BIOMETRIC-BASED RECOMMENDATIONS - Methods and systems are disclosed herein for determining a biometric state of a user or an emotional state of a user. Based on the determined biometric state or emotional state, a determination is made whether information about a location is restricted. In response to determining that information about a location is restricted, a portion of the information about the location is identified, and access to the portion of the information is disabled. | 12-03-2015 |
| 20150350203 | MOBILE DEVICE, METHOD OF AUTHENTICATING A USER, COMPUTER PROGRAM, ARTICLE OF MANUFACTURE, DISPLAY - There is disclosed a mobile device comprising a processing unit for executing a host application, a user-interactive display and an authentication unit; wherein the authentication unit is arranged to receive an authentication request from the host application; wherein the authentication unit is arranged to cause the display to show a set of pictures in response to receiving the authentication request; wherein the authentication unit is further arranged to identify a selection of at least one picture from said set of pictures; and wherein the authentication unit is further arranged to initiate a verification of said identified selection. Furthermore, a corresponding method of authenticating a user is disclosed, as well as a corresponding computer program, an article of manufacture and a display. | 12-03-2015 |
| 20150350205 | CONTENT URL AUTHENTICATION FOR DASH - Technology for content uniform resource locator (URL) authentication for dynamic adaptive streaming over hypertext transfer protocol (HTTP) (DASH) is disclosed. In an example, a client device can include computer circuitry configured to: Receive a URL authentication key indicator and a content URL signature indicator from a server; generate a calculated URL signature for a URL in a DASH media presentation description (MPD) from the URL authentication key indicator; request the DASH segment when the calculated URL signature matches the received content URL signature, thereby authenticating content URL; and receive a DASH segment using the authenticated content URL. The received content URL signature is derived at the server from the content URL contained within the DASH segment URL. | 12-03-2015 |
| 20150350210 | ADVANCED PROOFS OF KNOWLEDGE FOR THE WEB - Embodiments described herein relate to a server computer operable to provide a proof of knowledge service. In some embodiments, the server computer includes processor(s) and memory containing instructions executable by the processor(s) such that the server computer is operable to authenticate a user on behalf of a relying party server. The server computer is further operable to obtain results of one or more tests from a client device of the user. The server computer is further operable to send one or more instructions to the relying party server in accordance with the results of the one or more tests, where the one or more instructions have been predefined by the user and define one or more actions to be taken by the relying party server in an event where the user does not pass the one or more tests. | 12-03-2015 |
| 20150350902 | Anomalous Behavior Detection Using Radio Frequency Fingerprints and Access Credentials - Electromagnetic (EM)/radio frequency (RF) emissions may be detected and corresponding EM personas may be created. One or more EM personas may be associated with a super persona corresponding to a particular entity. EM personas, super personas, and/or supplemental identifying information can be used to enforce security protocols. | 12-03-2015 |
| 20150350905 | Function Execution Device and Communication Terminal - A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal. | 12-03-2015 |
| 20150356284 | USER AUTHENTICATION - A method and system for authenticating a user is provided. The method includes receiving keyboard entries from a user while a cursor of a computer screen is positioned in a password field of the user. The keyboard entries include a series of alphanumeric characters forming part of a password of the user and one or more function keys that either delete one or more of the alphanumeric characters or do not affect the alphanumeric characters as entered into the password field. The key board entries are logged. The logged keyboard entries checked to determine whether they match a stored valid password for the user such that the one or more function keys that either delete one or more of the alphanumeric characters or do not affect the alphanumeric characters are considered part of the submitted password which is compared to the stored valid password for authentication of the user. | 12-10-2015 |
| 20150356285 | SYSTEM OR DEVICE FOR RECEIVING A PLURALITY OF BIOMETRIC INPUTS - A system or device includes a substrate and a plurality of sides. A plurality of pixel stacks, each of which includes a plurality of pixel elements, or a plurality of input layers are positioned on at least one of the sides. The pixel stacks or input layers are configured to receive a plurality of biometric, or multi-biometric, inputs, and at least one biometric input passes entirely through at least one pixel element or at least one pixel layer before being received by another pixel element or layer. | 12-10-2015 |
| 20150356289 | Secure Current Movement Indicator - Methods, devices, systems, and non-transitory processor-readable storage media for authenticating a computing device to access functionalities. An embodiment method may include operations for receiving in the computing device a signal from a proximity beacon device, obtaining from the received signal information that indicates whether the proximity beacon device has detected movement, determining whether the obtained information matches stored data corresponding to the proximity beacon device, performing an abbreviated authentication operations for the computing device to access the functionalities when it is determined that the obtained information from the received signal matches the stored data, and performing a normal authentication operations for the computing device to access the functionalities when it is determined that the obtained information from the received signal does not match the stored data. | 12-10-2015 |
| 20150358295 | SYSTEM AND METHOD FOR AUTHENTICATING A USER THROUGH COMMUNITY DISCUSSION - Provided are a system and method to authenticate user identities. The method includes gathering metadata from at least one discussion involving at least one pre-defined user identity on a first social network. The method evaluates the metadata of at least one third party response related to a posting by the at least one pre-defined user identity. The at least one pre-defined user identity is authenticated based on the evaluated third party response. And an indication of authentication for the at least one pre-defined user identity is provided. The system and method may also permit bridging of the established authentication between different social networks. | 12-10-2015 |
| 20150358314 | METHOD, SYSTEM AND APPARATUS FOR SECURED WIRELESS DOCKING CONNECTION - Examples are disclosed for techniques for wireless docking. According to some embodiments, a mobile device may scan for an available docking device, for example a device with one or more I/O devices such as a large display. The mobile device may automatically establish a secure wireless link with the device, for example if the docking device is known to the mobile device. However, I/O services are not activated. Instead, the docking device will prompt a user for identification data. If the identification data passes verification, the I/O services may be activated. According to some embodiments, the identification data obtained by the docking device may also be used to wake and/or login to the mobile device, unlocking the mobile device for user access. | 12-10-2015 |
| 20150358318 | BIOMETRIC AUTHENTICATION OF CONTENT FOR SOCIAL NETWORKS - A method on a web server for biometric authentication of content for social networks including providing a user interface configured for accepting login data and proposed content captured from a remote computing device of a user and authenticating said user by comparing the login data entered into the user interface and login data in a user record corresponding to said user. The method further includes determining whether the proposed content is authentic by searching for a biometric cue in the proposed content and if the proposed content includes a biometric cue, then: a) generating approved content comprising at least a portion of the proposed content and an authentication mark, and b) transmitting, over the communication network, the approved content. | 12-10-2015 |
| 20150358320 | TECHNIQUES FOR EXTENDING COMMUNICATIONS CHAIN OF TRUST TO CLIENT APPLICATIONS - Various embodiments are generally directed to techniques to form secure communications between two computing devices in which the chain of trust of those communications is extended to a particular application routine executed by one of the two computing devices. An apparatus includes a processor component; a verifying component to verify a link attestation credential received from a server to verify an ability of the server to form a secure pipeline, and to signal an application routine with an indication of a result of the verification by the verifying component; and a hash component to generate a return hash of a return signature associated with the application routine to indicate to the server that the application routine has also verified the link attestation credential to form the secure pipeline between the server and the application routine. Other embodiments are described and claimed. | 12-10-2015 |
| 20150358325 | Method and System for Distributing Service Data - Provided are a method and system for distributing service data, wherein the method includes that a user terminal is authenticated and accesses a core network, a service data message sent by the user terminal is received, target address information contained in the service data message is acquired, and the service data message is distributed according to the acquired target address information. | 12-10-2015 |
| 20150358331 | IDENTITY MANAGEMENT, AUTHORIZATION AND ENTITLEMENT FRAMEWORK - A system and method are provided for identity management of applications on computing devices. A set of applications are registered at an identity management system. Each application allows a different level of access permission to the application based on a user role associated with a user accessing the application. A set of user profiles associated with users are received. Each user profile includes a login credential for allowing access to the applications and a user role for defining a user level of access permission to the applications. An access request to access an application is received at the identity management system and responsive to the access request, a user associated with the access request is authenticated. Upon successful authentication, the user role associated with the authenticated user is determined and the user is allowed to access functions of the application corresponding to the determined user role. | 12-10-2015 |
| 20150358333 | GEO-LOCATION AND BIOMETRIC PRESENCE SECURITY - Geo-location and biometric security systems and methods are provided for authenticating a user of a mobile device. The geo-location and biometric security system may include a plurality of human biometric and geo-location security functions on the user device. The biometric and geo-location security functions may be set in any combination by the user to determine the security conditions for the device to enable resources or applications local to or remote from the user device. In certain instances, the applications enabled by the present invention are secure financial transactions. | 12-10-2015 |
| 20150358335 | Method and Apparatus for Trusted Branded Email - A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure. | 12-10-2015 |
| 20150358819 | SYSTEMS, APPARATUSES, AND METHODS FOR SECURE BEACON AUTHENTICATION VIA MOBILE DEVICES - Systems, apparatuses, and methods for secure beacon authentication via mobile devices are disclosed. In some example embodiments, a verification element comprises: a memory storing a plurality of non-repeated verification codes; a wireless broadcast element; and a processing circuit electronically coupled to the memory and the wireless broadcast element, the processing circuit being configured to retrieve one of the non-repeated verification codes from the memory and to transfer the non-repeated verification code to the wireless broadcast element, the wireless broadcast element being configured to wirelessly broadcast the non-repeated verification code to a plurality of mobile devices for individual verification of the plurality of mobile devices, the non-repeated verification code being different than any other non-repeated verification code previously retrieved from the memory and used for individual verification of the plurality of mobile devices. | 12-10-2015 |
| 20150365387 | SYSTEMS AND METHODS FOR CUSTOMER SERVICE ACCESS TO A CONSUMER INTERFACE SYSTEM - A computer-based method for providing a customer service representative (CSR) access to an interface system uses a computing device including a processor and a memory. The method includes receiving, by the processor, an authentication request including a CSR identifier associated with the CSR. The method also includes identifying, in the memory, a customer identifier using at least the CSR identifier. The method further includes transmitting an authentication response in response to the authentication request. The authentication response includes at least the customer identifier. | 12-17-2015 |
| 20150365388 | SYSTEMS AND METHODS FOR MULTI-STAGE IDENTITY AUTHENTICATION - Certain implementations of the disclosed technology may include systems and methods for multi-stage identity authentication. A method is provided that includes receiving a set of identity information associated with a subject and querying one or more public or private databases with at least a portion of the set of identity information. The method includes receiving independent information responsive to the querying. The method includes determining zero or more first indicators of fraud risk and producing one or more identity proofing queries derived from the independent information. Based at least in part on a comparison of the one or more proofing queries and a query response, the method includes determining zero or more second indicators of fraud risk and evaluating a fraud score. Responsive to evaluating the fraud score, the method includes initiating one or more of authentication enrollment and multi-factor authentication of the subject. | 12-17-2015 |
| 20150365394 | STATELESS AND SECURE AUTHENTICATION - Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device. | 12-17-2015 |
| 20150365400 | PASSWORD-LESS AUTHENTICATION SYSTEM AND METHOD - In one aspect, the present disclosure describes a server-implemented method for authenticating a login without a password. The method includes: a) receiving, from a request initiator, a request to authenticate a login, the request including a user identifier; b) providing, to a device pre-registered for use in association with the user identifier, an acknowledgement request, the device being configured to generate a prompt in response to receiving the acknowledgment request, the prompt requesting input to authenticate the login; c) initiating a timer; d) determining that a login confirmation message has been received from the pre-registered device before expiration of the timer; and e) in response to determining that the login confirmation message has been received from the pre-registered device before expiration of the timer, providing an authentication acknowledgment message to the request initiator. | 12-17-2015 |
| 20150365401 | CAPTCHA CHALLENGE INCORPORATING OBFUSCATED CHARACTERS - A method for determining if a user of a computer system is a human. A processor receives an indication that a computer security program is needed and acquires at least one image depicting a first string of characters including at least a first and second set of one or more characters. A processor assigns a substitute character to be used as input for each of the second set of one or more characters. A processor presents the at least one image and an indication of the substitute character and when to use the substitute character to the user. A processor receives a second string of characters from the user. A processor determines whether the second string of characters substantially matches the first string of characters based on the substitute character assigned to each of the second set of one or more characters and determines whether the user is a human. | 12-17-2015 |
| 20150365410 | LOCATION DETERMINATION FOR USER AUTHENTICATION - User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process. | 12-17-2015 |
| 20150365412 | SECURED ACCESS TO RESOURCES USING A PROXY - A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature. | 12-17-2015 |
| 20150365414 | Method and Device for Authenticating Static User Terminal - Provided are a method and device for authenticating a static user terminal. The method comprises: an identity request message used for acquiring a user identity of the static user terminal is sent to the static user terminal; a response message is received from the static user terminal, wherein the response message carries the user identity of the static user terminal; and, an Extensible Authentication Protocol (EAP) authentication is performed on the static user terminal according to the user identity of the static user terminal. The present disclosure solves the problem in the related art of low security in the authentication on the static user terminal access the network, thus achieving the effects of increasing the security and reliability in the authentication on the static user terminal accessing the network and improving the WLAN service using experience of the static user. | 12-17-2015 |
| 20150365415 | METHOD, SYSTEM AND APPARATUS FOR HANDLING TERMINAL CAPABILITIES - The present invention relates to telecommunication systems providing multiple services which could require possible adaptations based on the capabilities of the terminal used to access those services. | 12-17-2015 |
| 20150365417 | NETWORK MANAGEMENT ACCESS BASED PREVIOUS REGISTRATION OF USER DEVICE - A user device may be self-registered in a network where it may be determine if the user device was previously registered and marked for deletion; and if the user device was previously registered and marked for deletion, access to the network may be granted or denied depending on whether the user device was previously registered and marked for deletion. | 12-17-2015 |
| 20150371026 | SYSTEMS AND METHODS FOR AUTHENTICATION VIA BLUETOOTH DEVICE - A system and/or method is provided to implement authentication via Bluetooth devices. In particular, a user's Bluetooth device, such as a smart phone, may be registered to be used for automatic authentication for an online user account. When the user is attempting to log onto the online user account at a user device, such as a laptop, the user device may detect that the user's Bluetooth device is in proximity to the user device and the user may be logged into the online user account at the user device automatically. Thus, the user may be logged into the online user account seamlessly without requiring the user to input credentials, such as user name and/or password. | 12-24-2015 |
| 20150371032 | Method to Securely Authenticate Management Server Over Un-Encrypted Remote Console Connection - A Virtual network computing (VNC) server receives a client launch request from a VNC client and provides a log-in page for display at the VNC client. The log-in page includes a graphical representation of a keyboard having a plurality of keys. Individual key designations at the keyboard are unique and are generated randomly in response to the client launch request. The VNC server receives pointing device movement coordinates from the VNC client; the movement coordinates indicating selection of individual keys at the keyboard by a user of the VNC client. | 12-24-2015 |
| 20150373000 | SYSTEM AND METHOD FOR CONNECTING TO SECURITY DEVICE BY MEANS OF PEER-TO-PEER (P2P) RELAY DEMON - A system and method for connecting to a security device by means of a Peer-to-Peer (P2P) relay demon. In the present disclosure, a P2P technology is applied to a technology for connecting to a security device, such as a Network Video Recorder (NVR), Digital Video | 12-24-2015 |
| 20150373003 | SIMPLE IMAGE LOCK AND KEY - A system for and method of securely controlling access to files on a server are disclosed herein. The method may include receiving an upload of a file to the server, receiving an upload of a first image of an object, using computer vision algorithms to extract first information about the object from the first image, associating the first information with the file, and restricting access to the file. The method may further include receiving an upload of a second image of the object, using the computer vision algorithms to extract second information about the object from the second image, determining that the second information and the first information match within a threshold, and providing access to the file. | 12-24-2015 |
| 20150373008 | METHODS, APPARATUSES & COMPUTER PROGRAM PRODUCTS FOR UTILIZING VISUAL AUTHENTICATION TOKENS AS CROSS-PLATFORM CREDENTIALS - An apparatus is provided for facilitating cross-platform authentication. The apparatus may include at least one memory and at least one processor configured to detect that a visual token includes data indicating one or more authentication credentials for accessing a communication device in response to scanning the visual token. The computer program code may further cause the apparatus to communicate the authentication credentials of the detected visual token to the communication device to request the communication device to determine whether the authentication credentials are valid for a user. The computer program code may further cause the apparatus to enable access to the communication device in response to receiving an indication from the communication device that the authentication credentials of the detected visual token are valid. Corresponding computer program products and methods are also provided. | 12-24-2015 |
| 20150373010 | Authentication to a Remote Server from a Computing Device Having Stored Credentials - Authentication to a remote-server from a computing device having stored credentials for the remote server is described. In one example, a method of authenticating a user to a remote server through a client application executing on a computing device includes: receiving, by the client application, a request to authenticate the user to the remote server using credentials stored on the computing device; prompting, by the client application, the user for gesture-based password; authenticating, by the client application, the gesture-based password; and sending, by the client application, the stored credentials to the remote server for authentication in response to successful authentication of the gesture-based password. | 12-24-2015 |
| 20150373012 | Integrated APIs and UIs for Consuming Services across Different Distributed Networks - User interface integration across multiple clouds is achieved by hosting UI extensions for different services in the same browser window. The UI extensions are initialized by a shell with any necessary security context for the corresponding cloud. The shell provides versioning so that the newest version of the UI is presented to users for all versions of a service. A connector in a local cloud provides translation between APIs across different clouds. | 12-24-2015 |
| 20150373018 | Biometric identification device - A biometric identification device comprising a computer unit ( | 12-24-2015 |
| 20150373031 | DETERMINING EMAIL AUTHENTICITY - Monitoring across multiple-channels, used by multiple devices, to determine which email messages being sent to a user are solicited by the user. A broad spectrum of network and telephony access records are analyzed to determine whether an email message is likely being sent as a result of legitimate services access by the user. | 12-24-2015 |
| 20150373545 | WORKING MACHINE AND SETTING CHANGE SYSTEM FOR WORKING MACHINE - In addition to improving security of data communication between a control device and a mobile terminal, to make it possible to easily make the data communication. A working machine of the present invention is provided with a control device that can make wireless communication with a mobile terminal | 12-24-2015 |
| 20150379247 | SYSTEM AND METHOD FOR DYNAMICALLY GENERATED CHALLENGE-RESPONSE PASSWORDS - A device and method for challenge-response authentication are described herein. A challenge may be presented to a user on a computing device that includes visual information. Users may input a valid response by selecting and/or entering at least part of visual information. Elements of the visual information may be associated with text. A text-based key may be compiled based on the user entry and/or selection. The text-based key may be provided to an authenticator to authenticate the user to a protected resource. | 12-31-2015 |
| 20150379248 | Online Biometric Authentication without Saving Biometric Data - The invention provides a device and a method for biometric user authentication during client-server communication. The device is a sensor for recording of a user's biometric data and an access card which belongs to the user. The method is based on the user's representation on the server by an array of random numbers unrelated to the user's biometric data. The information recorded on the access card is the array of coefficients calculated in such a way that applying these coefficients to the biometric data of the user produces the array of random numbers saved on the server. | 12-31-2015 |
| 20150379250 | SECURE BIOMETRIC VERIFICATION OF IDENTITY - A high security identification card includes an on-board memory for stored biometric data and an on-board sensor for capturing live biometric data. An on-board processor on the card performs a matching operation to verify that the captured biometric data matches the locally stored biometric data. Only if there is a positive match is any data transmitted from the card for additional verification and/or further processing. Preferably, the card is ISO SmartCard compatible. In one embodiment, the ISO SmartCard functions as a firewall for protecting the security processor used for storing and processing the protected biometric data from malicious external attack via the ISO SmartCard interface. In another embodiment, the security processor is inserted between the ISO SmartCard Interface and an unmodified ISO SmartCard processor and blocks any external communications until the user's fingerprint has been matched with a previously registered fingerprint. Real-time feedback is provided while the user is manipulating his finger over the fingerprint sensor, thereby facilitating an optimal placement of the finger over the sensor. The card may be used to enable communication with a transactional network or to obtain physical access into a secure area. | 12-31-2015 |
| 20150379293 | INTEGRATING A USER'S SECURITY CONTEXT IN A DATABASE FOR ACCESS CONTROL - Techniques are provided for integrating application-level user security context with a database. A session manager, in a middle tier that includes an application, obtains the security context of a user and establishes, in the database, a light-weight session (LWS) that reflects the security context. The security context is synchronized between the middle tier and database before application code execution. The database maintains an isolated copy of the LWS for the unit of application code executed as the security context. The database sends to the session manager the identifier of the copy of LWS. Before allowing a request from an application to be sent to the database, the session manager, transparent to the application, inserts an identifier that identifies the LWS. In this way, the database processes an application request in the context of the corresponding user's security context that is the same as the security context in the middle tier. | 12-31-2015 |
| 20150381595 | SYSTEM AND METHOD FOR MANAGING MULTIPLE DEVICES - A system and method for integrating a client application across multiple client devices is disclosed. A device management server receives a session request from a first client device, the session request indicating a second client device for a communication session. Upon receipt of the session request, the device management server transmits a security key to the first client device, and subsequently, receives the security key from the second client device. Upon receipt of the security key, the device management server establishes the communication session, and integrates the client application across the first and second client devices. | 12-31-2015 |
| 20150381614 | METHOD AND APPARATUS FOR UTILIZING BIOMETRICS FOR CONTENT SHARING - Disclosed is a method and apparatus for biometric based media data sharing. The method may include initiating, in a first device, biometric data capture of a user based, at least in part, on playback of media data by the first device. The method may also include determining that captured biometric data of the user does not correspond with biometric data associated with an authorized user of the first device. Furthermore, the method may also include in response to a failure to match the captured biometric data by the first device, establishing that the user is an authorized user of a second device based, at least in part, on the captured biometric data. The method may also include sharing the media data with the second device. | 12-31-2015 |
| 20150381619 | METHODS AND APPARATUS FOR USING KEYS CONVEYED VIA PHYSICAL CONTACT - An example touch key system may include a master device, one or more carrier devices and protected devices, and a server. The master device may automatically detect a predefined trigger action. In response, the master device may automatically generate a carrier device credential and a corresponding cloud credential. The master device may then automatically send the cloud credential to the server. The master device may also automatically detect the carrier device in electrical communication with the master device. In response, the master device may automatically determine whether the carrier device credential from the key pair is intended for the carrier device. If so, the master device may automatically transfer the carrier device credential to the carrier device. The carrier device may use the carrier device credential to obtain access to the protected device. Other embodiments are described and claimed. | 12-31-2015 |
| 20150381621 | Enterprise Authentication Via Third Party Authentication Support - Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential. The methods and systems may also include transmitting, by the computing device and in response to a successful validation of the first authentication credential, an approval of the request made by the client device application to authenticate via the forms login protocol. | 12-31-2015 |
| 20150381739 | NETWORK SESSION CONTROL - According to an example, a proxy device receives a request packet sent by the session management device, determines a target access device corresponding to the request packet, modifies the destination IP address of the request packet to be the IP address of the target access device while keeping the source IP address of the request packet unchanged, and sends the modified request packet to the target access device. | 12-31-2015 |
| 20150382196 | Personal Area Network System and Method - An exemplary system includes a mobile device having an application and wireless access user credentials, a configurable access point of a network, and a terminal connected to the configurable access point. The wireless access user credentials can be pushed, using the application, from the first mobile device to the terminal to reconfigure the access point and create a virtual network that recognizes the wireless access user credentials. | 12-31-2015 |
| 20160004851 | PROCESSING APPARATUS, METHOD FOR CONTROLLING PROCESSING APPARATUS, AND NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM - Provided is a processing apparatus that authenticates a requestor in response to a request for performing predetermined processing. The processing apparatus executes the predetermined processing upon the authentication succeeding. Whether or not authentication is performed is set individually for each of the processing apparatus and an external apparatus of the processing apparatus that serve as the requestor. The authentication is performed in the case where authentication is set to be performed on the requestor that made the request. | 01-07-2016 |
| 20160004852 | System and Methods for Validating and Managing User Identities - A system and associated methods for validating and managing user identities are disclosed. In at least one embodiment, a central computing system is configured for receiving and processing data related to an at least one user and associated identity. A user account is established and associated with each user, the account containing at least one of a unique account identifier, an identity score representing a quality rating of the user based on the at least one identity, and an identity table containing details related to the at least one identity. In at least one embodiment, the computing system is capable of selectively validating the at least one identity, dynamically calculating the identity score associated with the at least one user, and even leveraging select unique identifying data to create a persistent multi-factor authentication process in conjunction with a mobile device associated with the at least one user. | 01-07-2016 |
| 20160004856 | SERVER, USER APPARATUS AND TERMINAL DEVICE - A server, a user apparatus and a terminal device are provided. The server includes a transmission interface, a database and a processor. The transmission interface receives an identification verification request from the user apparatus. The processor captures a plurality of selected patterns from a plurality of database patterns stored in the database according to the identification verification request, selects at least one target pattern from the plurality of selected patterns, and enables the user apparatus to display the plurality of selected patterns and the at least one target pattern in a match object area and a target object area of a user interface displayed by the user apparatus, respectively. An identification verification procedure is finished while the processor determines that one of the plurality of selected patterns that corresponds to the at least one target pattern is selected to conform to the at least one target pattern. | 01-07-2016 |
| 20160006711 | DEVICE-AGNOSTIC USER AUTHENTICATION - A user of a client device that executes a remote application is authenticated by first receiving an HTTP or HTTPS request to authenticate the user from the remote application. The user is prompted for authentication information, and authentication information is obtained by communicating with a hardware device in electronic communication with the client device. The user's authorization to use the remote application is then verified using a computer processor and using the authentication information. | 01-07-2016 |
| 20160006716 | SYSTEM AND METHOD FOR SECURE DIGITAL CONTENT DELIVERY - A system for the secure delivery of digital content related to the purchase of a physical product is presented. A unique digital key and PIN is used to access digital content featuring the artist. The digital key leads to a custom opt-in page. After providing the PIN and user information at the opt-in page, the system directs the purchaser to a customized landing page where the purchaser may access a multitude of digital content such as social media feeds, digital images and videos, and streaming audio centered on the featured artist. A digital download to be saved by the user on any device is also available to the user. The system tracks the user's online interactions and delivers analytics back to the brand of the physical product and the digital content provider. The process prohibits theft, secures delivery of the digital content, and contributes detailed metrics on each transaction. | 01-07-2016 |
| 20160006717 | PROMPTING LOGIN ACCOUNT - A login request initiated by a user at a current page is received. Whether there exists an account record matched with a login account name and login password combination in the login request is searched from an account table of the current page. If a result is positive, the user is allowed to log in. If a result is not positive, a preconfigured account name collection corresponding to the login account name is acquired. The account name collection includes login account names of the user's registered accounts in a plurality of member systems. A login account name in a member system to which the current page belongs is searched from the account name collection, and the found login account name is provided to the user. The techniques of the present disclosure prompts a correct login account name to the user, especially when there are many user login account names, thereby reducing memory burden of the user and assisting the user in implementing a quick login under multi-account management. | 01-07-2016 |
| 20160006730 | CORRELATING COGNITIVE BIOMETRICS FOR CONTINUOUS IDENTIFY VERIFICATION - A technique is provided for continuous user authentication through real-time fusion and correlation of multiple factors. Monitored data is continuously obtained from a computer. The monitored data is related to user actions on the computer of a user. A server analyzes the monitored data of the computer to execute a windowing system event sequences modality, a network footprint modality, an application specific user actions modality, and/or a forensic linguistic analysis modality for the user. The user is authenticated on the computer based on a combination of the windowing system event sequences modality, the network footprint modality, the application specific user actions modality, and/or the forensic linguistic analysis modality. | 01-07-2016 |
| 20160014120 | METHOD, SERVER, CLIENT AND SYSTEM FOR VERIFYING VERIFICATION CODES | 01-14-2016 |
| 20160014126 | Facilitating a Secure 3 Party Network Session by a Network Device | 01-14-2016 |
| 20160014128 | LEVERAGING ONLINE IDENTITIES TO GRANT ACCESS TO PRIVATE NETWORKS | 01-14-2016 |
| 20160014132 | SCALABLE FULL SPECTRUM CYBER DETERMINATION PROCESS | 01-14-2016 |
| 20160021081 | MOBILE DEVICE USER AUTHENTICATION BASED ON USER BEHAVIOR INFORMATION - Authentication involves collecting information relating to a user's behavior relative to a mobile device carried by the user, over a number of time periods that correspond to each other. An authentication technique includes processing the collected information to generate baseline data representing typical user behavior. The authentication technique includes collecting additional information relating to the user's behavior relative to the mobile device over another time period that corresponds to the time periods used to generate the baseline data. The additional information relating to the user's behavior is compared to the baseline data, and a difference between the additional information and the baseline data is determined. An authentication procedure is then applied based on the difference. The authentication may be performed by a mobile device such as a smartphone. | 01-21-2016 |
| 20160021084 | SYSTEMS AND METHODS OF SHARING INFORMATION THROUGH A TAG-BASED CONSORTIUM - The invention provides one or more consortia of networks that identify and share information about users and/or user devices interacting with the consortia. User devices may be identified, at least in part, by tag-based computer information. Computers and other devices accessing the Web carry device tags with date and time information describing when they were issued by a security tag server. A server time stamp may be inserted into time based computer tags such as a cookies indicating when they were created. Such time stamp information can be encrypted and analyzed during future attempts to access a secure network such as a customer attempting to log into an online banking account. When the time stamp information from the tag is compared to other selected information about the user, device and/or account, including but not limited to last account log-in date/time or account creation date, the invention may be used to detect suspicious activity. The invention may be use for identity-based applications such as network security, the detection of fraudulent transactions, identity theft, reputation-based communities, and law enforcement. | 01-21-2016 |
| 20160021088 | CONTENT RESTRICTION COMPLIANCE USING REVERSE DNS LOOKUP - A method for alerting Internet content providers of the age or other personal information of a computer user, which includes receiving a reverse DNS lookup query from an Internet content provider; and providing the age information of the computer user, in addition to a host name, from a reverse map zone file in response to the request. The personal information may be used by the content provider to select appropriate content for the requesting host, for example for complying with content restrictions. A system of alerting an Internet content provider of the age or other personal information of a computer user is also provided. | 01-21-2016 |
| 20160021105 | Secure Voice Query Processing - Techniques for securely processing voice queries are provided. In one embodiment, a computing device can receive speech data corresponding to a voice query uttered by a user and, in response to the speech data, determine the user's identity and a query type of the voice query. The computer device can further retrieve a first security level associated with the user's identity and a second security level associated with the query type. The computing device can then determine, based on the first security level and the second security level, whether the voice query should be processed. | 01-21-2016 |
| 20160021106 | USER AUTHENTICATION VIA EVOKED POTENTIAL IN ELECTROENCEPHALOGRAPHIC SIGNALS - Techniques are disclosed for authentication and identification of a user by use of an electroencephalographic (EEG) signal. For example, a method for authenticating a user includes the following steps. At least one electroencephalographic response is obtained from a user in accordance with perceptory stimuli presented to the user. The user is authenticated based on the obtained electroencephalographic response. The authenticating step may be based on detection of an event-related potential in the obtained electroencephalographic response. The event-related potential may be a P300 event-related potential. The method may also include the step of enrolling the user prior to authenticating the user. The enrolling step may include a supervised enrollment procedure or an unsupervised enrollment procedure. | 01-21-2016 |
| 20160028706 | DISPLAYING THE ACCESSIBILITY OF HYPERLINKED FILES - The accessibility of a hyperlinked files is displayed. A hyperlink that references a resource is extracted from a target file. An attempt to acquire the resource is made by performing a first authentication operation. A first object is received in response to performing the authentication operation. A second object is acquired by performing a second authentication operation using pre-determined authentication information. The first object and the second object are compared to determine if the first object is the same as the second object. Information indicating the accessibility of the resource is presented via a display apparatus. | 01-28-2016 |
| 20160028715 | SYSTEMS AND METHODS FOR AUTHENTICATING USER IDENTITIES IN NETWORKED COMPUTER SYSTEMS - The disclosed embodiments include methods, systems, system terminals, and point-of-sale terminals for authenticating a user. The disclosed embodiments include, for example, a method for receiving, by one or more processors, authentication data from an authentication network, the authentication data including an authentication code identifying an authentication transaction associated with an authenticating partner system. The method may also include validating, by the one or more processors, the authentication data, the validating comprising comparing the authentication data with validation data corresponding to a prior authentication event associated with the user. The method may also include generating, by the one or more processors, validation information based on the validating, the validation information comprising a determination whether to validate the user for the authentication transaction. The method may also include providing, by the one or more processors, the validation information to the authentication network. | 01-28-2016 |
| 20160028724 | Identity Reputation - A method of indicating a reputation of a first user associated with a first user device to a second user associated with a second user device, the method comprising: detecting at the first user device initiation by the first user of a communication event to the second user; in response to said detection, capturing one or more characteristics of said first user at the first user device; and transmitting a request to establish a communication event to the second user, the transmitted request including an indication of an asserted identity of the first user and information relating to the captured one or more characteristics of said first user such that the second user can make an assessment as to the likelihood that the first user is validly correlated with the asserted identity. | 01-28-2016 |
| 20160034673 | ALLOWING ACCESS TO APPLICATIONS BASED ON USER CAPACITANCE - Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session. | 02-04-2016 |
| 20160034674 | ALLOWING ACCESS TO APPLICATIONS BASED ON USER HANDLING MEASUREMENTS - Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session. | 02-04-2016 |
| 20160034675 | ALLOWING ACCESS TO APPLICATIONS BASED ON USER AUTHENTICATION - Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session. | 02-04-2016 |
| 20160034678 | ALLOWING ACCESS TO APPLICATIONS BASED ON CAPTURED IMAGES - Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session. | 02-04-2016 |
| 20160034680 | CREDENTIAL-FREE IDENTIFICATION AND AUTHENTICATION - A method of authenticating a user so that the user can access a website without entering a unique user credential. A user accesses a target and is presented with an authentication code and an address, and the user sends a message containing the authentication code to that address. Alternatively, the user is pre-supplied with an address and is presented only with an authentication code when the user accesses the target. The user's identity is authenticated by comparing an aspect of the metadata of the message with known metadata aspects, and the user is authenticated by comparing the authentication key presented to the user with the one received in the message. Both the user and the user's identity are authenticated in a single step without requiring the user to input any unique user credential. | 02-04-2016 |
| 20160036798 | SECURE MOBILE CONTACT SYSTEM (SMCS) - A system for authenticating an identity of a user is disclosed. The system comprises a processor and a non-volatile storage medium comprising computer executable instructions to instruct the processor to receive an image file relating to the user, from a user device owned by the user; determine whether the image file matches stored image information ma database, wherein the stored image information is not an image file and contains identifying information about the image; and, if the image file matches the stored image information, allow the user to request an authentication message be sent to the user device, request that an authentication message be sent to a destination oilier than, the user device, or request that a message be sent to a third party whose message addressing information is unknown to the user. | 02-04-2016 |
| 20160036799 | SYSTEMS AND METHODS FOR LOCATION-BASED DEVICE SECURITY - A device may collect environmental information surrounding the device. Based on the collected environmental information, the device may automatically identify a potentially secured location that has lower security risk. When a potentially secured location is identified, the device may prompt the user to setup a security profile having reduced security requirement for the secured location. The device may store and associate the security profile with the secured location. The device may activate the security profile with reduced security requirement when the device is in the secured area. Further, the security profile may require that certain features of the device be disabled when the device is in the secured location. | 02-04-2016 |
| 20160036807 | SYSTEMS AND METHODS FOR COMBINED OTP AND KBA IDENTITY AUTHENTICATION - Certain implementations include systems and methods for combined one-time-passcode (OTP) and knowledge-based-authentication (KBA) identity authentication. A method is provided that includes receiving a set of identity information associated with a subject; querying one or more databases; receiving personally identifiable information; producing at least one knowledge based authentication (KBA) identity proofing question having a personally identifiable correct answer; generating a unique correct one-time pass (OTP) code for the personally identifiable correct answer; generating one or more incorrect answers with corresponding incorrect codes; outputting, the at least one KBA identity proofing question; outputting the personally identifiable correct answer with the unique correct OTP code, and the one or more incorrect answers with corresponding incorrect codes; receiving a response code; comparing the response code and the unique correct OTP code; and responsive to a match between the response code and the unique correct OTP code, outputting a first indication of authentication. | 02-04-2016 |
| 20160036810 | ELECTRONIC DEVICE AND METHOD OF TRANSCEIVING DATA - An electronic device and a method of transceiving data are disclosed. A method of transceiving data by an electronic device includes: storing one or more pieces of input biometric information; searching for one or more electronic devices in response to the input of the same biometric information as the stored biometric information; connecting a communication session with the one or more searched electronic devices; and transceiving data with the one or more electronic devices through the connected communication session. | 02-04-2016 |
| 20160036811 | DEVICE AND METHOD OF SETTING OR REMOVING SECURITY ON CONTENT - A device for removing security on content using biometric information includes a memory configured to store content on which security has been set based on first biometric information of a user; and a controller configured to obtain second biometric information of the user, which is of a different type than the first biometric information, and remove the security on the content based on the second biometric information, in response to a user input for executing the content. | 02-04-2016 |
| 20160042164 | MOBILE COMMUNICATIONS DEVICE PROVIDING HEURISTIC SECURITY AUTHENTICATION FEATURES AND RELATED METHODS - A mobile communications device includes a plurality of first input devices capable of passively collecting input data, a second input device(s) capable of collecting response data based upon a challenge, and a processor capable of determining a level of assurance (LOA) that possession of the mobile communications device has not changed based upon a statistical behavioral model and the passively received input data, and comparing the LOA with a security threshold. When the LOA is above the security threshold, the processor may be capable of performing a given mobile device operation without requiring response data from the second input device(s). When the LOA falls below the security threshold, the processor may be capable of generating the challenge, performing the given mobile device operation responsive to valid response data, and adding recent input data to the statistical behavioral model responsive to receipt of the valid response data. | 02-11-2016 |
| 20160042166 | METHOD AND DEVICE FOR PROVIDING SECURITY CONTENT - A method, performed by a device, of providing security content includes receiving a touch and drag input indicating that a user drags a visual representation of a first application displayed on a touch screen of the device to a fingerprint recognition area while the user touches the visual representation of the first application with a finger; performing authentication on a fingerprint of the finger detected on the touch screen using a fingerprint sensor included in the fingerprint recognition area; and when the performing authentication on the fingerprint is successful, displaying the security content associated with the first application on an execution window of the first application. | 02-11-2016 |
| 20160042167 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes validating the communications device, capturing biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and granting access to the protected resources when the transmitted and stored one-time pass-phrases match. | 02-11-2016 |
| 20160042168 | METHOD AND APPARATUS FOR AUTHENTICATING USERS - A method for authenticating users is provided that includes indicating, by a user, a desire to conduct a transaction. Moreover, the method includes monitoring, using a terminal device, for devices proximate the terminal device, and determining whether each device included in an authentication data requirement is included in proximate devices detected while monitoring for devices proximate the terminal device. Furthermore, the method includes successfully authenticating the user when each device included in the authentication data requirement is included in the detected proximate devices. | 02-11-2016 |
| 20160044016 | Pre-Delivery Authentication - Pre-delivery authentication may be required prior to routing and delivery of electronic content. A sender of the electronic content, for example, may require that a recipient authenticate to ensure legitimate use or identity. Should pre-delivery authentication be required, the electronic content is held at any networked device while the recipient authenticates. If the recipient correctly authenticates, then the electronic content is released for delivery. | 02-11-2016 |
| 20160044019 | EXTENSIBLE CONFIGURATION SYSTEM TO ALLOW A WEBSITE TO AUTHENTICATE USERS BASED ON AN AUTHORIZATION PROTOCOL - An extensible configuration system to allow a website to authenticate users based on an authorization protocol is disclosed. In some embodiments, the extensible configuration system includes receiving an identifier for an authentication provider; and automatically configuring a website to use the authentication provider for logging into the website. | 02-11-2016 |
| 20160044024 | ONE-TIME ACCESS TO AN AUTOMATION SYSTEM - Methods and systems are described for managing one-time access to an automation system. According to at least one embodiment, a computer-implemented method to grant a user access to an automation is described. The method may comprise receiving one or more access parameters to authorize one-time permission to the user to access the automation system. The method may further comprise granting one-time permission to the user to access the automation system based at least in part on the one or more access parameters. The method may additionally comprise generating a message comprising at least the one-time permission to access the automation system. The one or more access parameters may comprise at least one of a limited time frame, single use entry code, or a limited number of entries. | 02-11-2016 |
| 20160044029 | METHOD OF HOST-DIRECTED ILLUMINATION AND SYSTEM FOR CONDUCTING HOST-DIRECTED ILLUMINATION - A method of host-directed illumination for verifying the validity of biometric data of a user is provided that includes capturing biometric data from a user with an authentication device during authentication and directing illumination of the biometric data from a host authentication system during the capturing operation. Moreover, the method includes comparing illumination characteristics of the captured biometric data against illumination characteristics expected to result from the directing operation, and determining that the user is a live user when the illumination characteristics of the captured biometric data match the illumination characteristics expected to result from the directing operation. | 02-11-2016 |
| 20160044038 | PREVENTION OF QUERY OVERLOADING IN A SERVER APPLICATION - A system for processing a transaction request. A transaction request is received by a server computer that includes a user identification and an associated request token, to execute on an application on the server computer. It is determined by the server computer whether available resources on the server computer to perform the transaction are below respective threshold values. In response to determining, by the server computer, that the available resources on the server computer to perform the transaction are below the threshold value, the server computer determines whether the user identification is allowed access to the application. In response to determining that the user identification is allowed access to the application, the transaction is executed on the server computer. In response to determining that the user identification is not allowed access to the application, the transaction is rejected. | 02-11-2016 |
| 20160044044 | INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM - An image forming apparatus controls the use of a remote user interface (RUI) by requesting authentication with an RUI access password from a client device in a case where the RUI access password is set. In a case of a department ID management setting, the security setting is different from the RUI access password setting. In this situation, the image forming apparatus requests authentication with the department ID, and then controls the use of the RUI based on the result of the authentication. | 02-11-2016 |
| 20160050193 | SYSTEM AND METHODS FOR SECURE COMMUNICATION IN MOBILE DEVICES - A system and a method for secure communication in a mobile computing device involve obtaining, by a first program installed on the mobile computing device, an access credential from an authentication server on behalf of a second program installed on the mobile computing device. The second program submits the access credential to a remote resource as proof that the second program has been authenticated by the authentication server. Upon successful verification of the access credential, the remote resource allows the second program to access data. | 02-18-2016 |
| 20160050196 | Control Device and Method for Electronic Atomization Device Based on Mobile Terminal - Disclosed are a control device and a control method for electronic atomization device based on mobile terminal. The device includes a Bluetooth control module, a matching module and an authentication module. The control method includes steps of: building a Bluetooth connection between battery and mobile terminal; sending atomizer identification information stored in atomizer to the mobile terminal and then carrying out a match by comparing the atomizer identification information and original identification information; and searching corresponding user identification information according to serial number of the battery, receiving authentication information entered by user and then carrying out an authentication by comparing the authentication information entered by user and the user identification information. By using authentication device and powerful computing ability of the mobile terminal directly, both of authentication for the electronic atomization device and match between the battery of electronic atomization device and atomizer can be achieved on the mobile terminal. | 02-18-2016 |
| 20160050199 | KEY MANAGEMENT USING QUASI OUT OF BAND AUTHENTICATION ARCHITECTURE - A portable apparatus is removably and communicatively connectable to a network device to communicate authentication or authorization credentials of a user in connection with the user logging into or entering into a transaction with a network site. The apparatus includes a communications port to connect and disconnect the apparatus to and from the network device and to establish a communication link with the network device when connected thereto. A processor receives a secure message from the network security server via the port. The message has a PIN for authenticating the user to the network site, and is readable only by the apparatus. The processor either transfers, via the port, the received PIN to an application associated with the network site that is executing on the network device or causes the apparatus to display the received PIN for manual transfer to the application associated with the network site. | 02-18-2016 |
| 20160050203 | Environment-Based Two-Factor Authentication without Geo-Location - The invention provides a method and system for accomplishing two-factor authentication for internet transactions, wherein the user of the device through which the transaction is negotiated needs to give only a single yes/no verification to the system. In some embodiments, the second factor authentication is automated without any action on the part of the user. The method calls on the user's wireless voice device for the detection of environmental wireless signals (“Short Distance Wireless Information” or “SDWI”), and uses these signals collectively as a “fingerprint” that uniquely identifies the wireless signals near the wireless voice device. The system stores these SDWI fingerprints, and later uses the stored information to establish whether or not the user's wireless voice device is near a previously-recognized SDWI. | 02-18-2016 |
| 20160050209 | ACCESS CONTROL BASED ON AUTHENTICATION - Systems and methods for granting access to different applications and/or functionalities on a user device based on at least a length of authentication provided by a user are described. A user preconfigures an authentication control program by establishing two or more authentications that are of different length or type from each other, and associates each authentication with a level of access. When the user provides a valid authentication for full access to unlock the user device, the user is granted access to all applications on the user device. When the user enters a valid authentication for partial access, the user is granted varying levels of access to applications on the user device depending on the length or type of the authentication. | 02-18-2016 |
| 20160050281 | SEAMLESS PEER TO PEER INTERNET CONNECTIVITY - A system and methods for seamlessly providing access to a data network via a peer-to-peer connection service is provided. The peer-to-peer connection service is provided to a client device by a host device. The client device scans for available data network connections and recognizes a beacon broadcast by the host device. The beacon contains a unique identifier that indicates that the host device is configured to provide the peer-to-peer connection service. Upon recognizing the unique identifier, the client device transmits authentication credentials to the host device, which in turn transmits the authentication credentials to a server configured to determine whether a social media connection exists between a user account associated with the client device and a user account associated with the host device. If the social media connection exists, then the host device provides access credentials for the client device to access the peer-to-peer connection service. | 02-18-2016 |
| 20160050563 | SECURE WIRELESS CHARGING - An embodiment includes a method executed by at least one processor of a member computing node comprising: establishing a communication channel with a verifier computing node, the member computing node and the verifier computing node each coupled to a respective charging coil; determining a group of devices approved for charging with the verifier computing node; determining the member computing node is a member of the group of devices; authenticating the member computing node to the verifier computing node; in response to authenticating the member computing node to the verifier computing node, inductively charging the member computing node based on a magnetic field produced by the verifier computing node. Other embodiments are described herein. | 02-18-2016 |
| 20160055322 | VERIFICATION SYSTEM FOR SECURE TRANSMISSION IN A DISTRIBUTED PROCESSING NETWORK - A verification system, includes: an arithmetic/logic unit (“ALU”) to perform one or more mathematical operations and compare selected variables; a register to hold a value from a comparison of selected variables performed by the ALU; an instruction decoder to provide read and write commands to memory; an address bus to provide an address to memory for a read or write operation; and a data bus to provide or access data for a write or read operation to or from memory, wherein the ALU generates and provides a recipient identifier to a target computational device, the recipient identifier being related to an identity of the target computational device and/or a target device human operator, and write the recipient identifier to memory in response to a write command issued by the instruction decoder and, as a part of a transaction, the ALU receives, from a user computational device of a first user, the recipient identifier and a credential of the first user and/or user computational device, compares each of the recipient identifier and credential against one or more stored values, and, when each of the comparisons match, causes information provider system to provide restricted information to the target computational device to enable the target computational device to perform an operation. | 02-25-2016 |
| 20160055329 | CAPTCHA TECHNIQUES UTILIZING TRACEABLE IMAGES - Techniques are disclosed for generating, utilizing, and validating traceable image CAPTCHAs. In certain embodiments, a traceable image is displayed, and a trace of the image is analyzed to determine whether a user providing the trace is human. In certain embodiments, a computing device receives a request for an image, and in response, creates a traceable image based upon a plurality of image elements. The computing device transmits data representing the traceable image to cause a second computing device to display the traceable image via a touch-enabled display. The computing device receives a user trace input data generated responsive to a trace made at the second computing device, and determines whether the trace is within an error tolerance range of the set of coordinates associated with the traceable image. The computing device then sends a result of the determination. | 02-25-2016 |
| 20160055343 | HIERARCHICAL PRIVACY SETTINGS FOR COMMENTS AND MARKUPS IN A SHARED DOCUMENT - A user selects a markup and a privacy setting user input mechanism is displayed. User actuation of the mechanism, setting of privacy level, is received and a hierarchical privacy level of the selected markup is set. The hierarchical privacy level is stored for the selected markup. | 02-25-2016 |
| 20160057110 | SECURITY CHALLENGE ASSISTED PASSWORD PROXY - Systems, apparatus, and methods of authentication utilizing contextual data to authenticate individuals and prevent security breaches are described herein. An example proxy engine may monitor interactions with a computing device to obtain contextual data unique to a user. The contextual data may be utilized to generate unique challenge questions in response to requests for access to a secure resource, and may eliminate the need for a user to remember credentials to access the resource. Challenge questions may be limited to a single use and vary in difficulty in proportion to the value of the resource. In response to correct responses to challenge question(s), the proxy engine may access a vault containing a credential authorizing access to the resource. The vault and proxy engine may be entirely contained on the computing device or they may be implemented on a remote apparatus accessed via an application or interface on the computing device. | 02-25-2016 |
| 20160057123 | PUSHING A VIRTUAL DESKTOP SESSION FROM AN AUTHENTICATED DEVICE USING IMAGE SCANNING - Image scanning and encoding technologies can be utilized to authenticate devices to virtual desktops and to transfer virtual desktop sessions between devices. One device (e.g., PC or laptop) may encode certain information into an image that is displayed on a display screen, while another mobile device equipped with a digital camera (e.g., mobile phone or tablet) can be used to scan the image on the display screen. Once the image is scanned, it can be decoded by the mobile device to get the information encoded in the image (e.g., device ID, session ID, etc.). The information obtained from the image can be used to authenticate a device or to transfer a virtual desktop session between the devices. | 02-25-2016 |
| 20160057124 | System and Method for Authentication in Distributed Computing Environments - The present invention relates to a method and system for managing profiles for use with touch systems. A user logs into a communal device using a pointer paired with a mobile device. The communal device is authenticated and retrieves the user's profile. The user profile is used to setup a workspace on the communal device. The workspace is granted access to the user's content on a content server. When the communal device has multiple users, each workspace may be shared or not depending on the user's requirements. Each pointer is individually identified to a particular user and workspace. | 02-25-2016 |
| 20160057127 | APPARATUS AND METHOD FOR SECURE AUTHENTICATION OF A COMMUNICATION DEVICE - A system that incorporates the subject disclosure may perform, for example, receiving a baseline credential and an external credential, mapping the external credential to the baseline credential in a secure element memory, receiving a request for an authentication from a secure device processor of the communication device where the request for the authentication includes a user credential inputted into the communication device, comparing the user credential with the baseline credential to verify the authentication, and providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device. Other embodiments are disclosed. | 02-25-2016 |
| 20160057129 | ADAPTIVE POLICIES AND PROTECTIONS FOR SECURING FINANCIAL TRANSACTION DATA AT REST - A system, method, and computer-readable medium for challenge-response authentication are provided. A plurality of codes is received over a communication network based on input provided by way of a user interface displaying a plurality of images. An alphanumeric string is generated based on the received plurality of codes and based on a table that associates each one of the plurality of codes with a respective one of the plurality of images and with a respective one of a plurality of alphanumeric characters. A determination is made as to whether to grant authorization based on whether the generated alphanumeric string matches an alphanumeric user identifier stored in a memory device in association with a user. | 02-25-2016 |
| 20160057137 | MULTI-FACTOR AUTHENTICATION TECHNIQUES - An authentication technique with a teaching phase and authentication phase. In the teaching phase, authentication information is collected for a user in at least two categories, wherein one category relates to measurable physical characteristics of the user, another category relates to communication resources available to the user; and a third category relates to knowledge possessed by the user. In the authentication phase, some of the collected authentication information is used to formulate challenge(s) for presentation to the user. Response(s) to the formulated challenge(s) is/are received from the user and correctness of the received response is determined based at least partially on comparison with at least a portion of the collected authentication information. A correctness metric is calculated for the response(s). The user is authenticated if the correctness metric meets or exceeds a first threshold value. | 02-25-2016 |
| 20160057138 | SYSTEM AND METHOD FOR DETERMINING LIVENESS - Systems and methods are provided for recording a user's biometric features and determining whether the user is alive (“liveness”) using mobile devices such as a smartphone. The systems and methods described herein enable a series of operations whereby a user using a mobile device can capture a sequence of images of a user's face. The mobile device is also configured analyze the imagery to identify and determine the position of facial features within the images and the changes in position of features throughout the sequence of images. Using the change in position of the features, the mobile device is further configured to determine whether the user is alive by identifying gestures and comparing the identified gestures to a prescribed combination of facial gestures that are uniquely defined for the particular user. | 02-25-2016 |
| 20160057154 | TECHNIQUES FOR MANAGING GROUPS ON A MOBILE PLATFORM - Techniques for managing groups on a mobile platform, comprising a mobile groups application. The mobile groups application including a groups management component to manage at least one group for a corresponding social networking application of a social networking system; and a groups rendering component to render a groups user interface (UI) view comprising at least one selectable group user interface element representative of the at least one group, the at least one selectable group UI element comprising a first selectable group UI element, wherein the first selectable group UI element is representative of a first group of the at least one group and the first group comprises at least one group member. | 02-25-2016 |
| 20160065539 | METHOD OF SENDING INFORMATION ABOUT A USER - The invention involves detecting or scanning of a personal characteristic of a user and then verifying the person's identity by means of that physical characteristic. If the identity is confirmed, then information is disclosed, as required. In the preferred embodiment, the method of sending information about a user includes the steps of: an entity issuing an electronic identifier; detecting a personal characteristic of a user; confirming an identity of said user by means of the personal characteristic; and sending a secure electronic transmission relating to the electronic identifier to the entity with information pertaining to that user. | 03-03-2016 |
| 20160065550 | DIFFERENT AUTHENTICATION PROFILES - A mobile device may include an authenticator and a processor. The authenticator may store one or more profiles associated with one or more keys to access one or more servers. The processor may embed one of the keys in data to be communicated to one of the servers to request access from the one of the servers. The authenticator may compare the one or more profiles to a set of parameters based upon at least one of a user's identification information, a selected program to request access, identification information of the one of the servers, identification information of an authentication register, to determine whether to select one of the profiles. If the authenticator selects one of the profiles, the authenticator may generate the one of the keys based on the selected one of the profiles. | 03-03-2016 |
| 20160065551 | SINGLE LOGIN AUTHENTICATION FOR USERS WITH MULTIPLE IPV4/IPV6 ADDRESSES - Disclosed in the authentication and authorization of a client device to access a plurality of resources, requiring a user of a client device to enter only one set of login information. Authentication and authorization of a client device to access a plurality of resources after an initial set of login information is received by a networked computing environment. After the initial set of login information is received, a series of steps are performed that may be entirely transparent to the user of the client device. | 03-03-2016 |
| 20160065555 | ACCESSING A CLOUD-BASED SERVICE PLATFORM USING ENTERPRISE APPLICATION AUTHENTICATION - Systems for managing user-level security in a cloud-based service platform. A server in a cloud-based environment is configured to interface with storage devices that store objects that are accessible over a network by two or more users. An enterprise entity is identified using an enterprise identifier associated with the enterprise, and an application service is associated with an application identifier. An application service request comprising a user identifier and the application identifier is received, and authentication is determined based on the combination of the user identifier and a pre-authenticated application identifier. Once the application service request is authenticated, then specific aspects of the service request are authorized. The integrity of the application identifier is confirmed by locating a secure association of the given application identifier to a pre-shared enterprise identifier. Logging, auditing and other functions can be performed at the user level using the user identifier for user-level tracking. | 03-03-2016 |
| 20160065558 | IDENTITY VERIFICATION FOR ONLINE EDUCATION - A method includes, in connection with a submission of a user's coursework in an online education course event, prompting the user to provide authentication information for a user authentication process, which includes any of (1) a social network account login authentication process, (2) comparing a geolocation of the first communication device on which the online education course is presented and a previously registered geolocation, (3) comparing the geolocation of the first communication device and a geolocation of a second communication device associated with the user, and (4) a personalized challenge-response authentication process. The method further includes comparing the authentication information received from the user to stored information associated with the user, and issuing a verified credential to the user based on the comparing and on completion of the user's coursework. | 03-03-2016 |
| 20160065569 | NEURAL AUTHENTICATION SYSTEM - In certain embodiments, a system receives a first request from a user to perform a function with an enterprise. The system communicates a second request for the user to provide a thought to facilitate authenticating the user with the enterprise. The system receives a string of characters corresponding to the thought. The string may be generated based at least in part upon electromagnetic signals, which the user generates by developing the thought. The system compares the received string to a stored string that corresponds to a thought of the user to authenticate the user. Based at least in part upon the comparison, the system determines whether the user is authenticated to perform the function. | 03-03-2016 |
| 20160065570 | AUTHENTICATION SYSTEM - A method for authenticating a user for performing a transaction comprises receiving unique knowledge of the user such as photoauthentication, and receiving a hardware profile associated with the user. The unique knowledge and the hardware profile are compared against previously stored data representing unique knowledge of the user and a hardware profile associated with the user. If both the received data representing the unique knowledge of the user and the received hardware profile are authenticated, the transaction is allowed to go forward. | 03-03-2016 |
| 20160065572 | Authentication Method and Apparatus Using Biometric Information and Context Information - The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A terminal is provided, which includes a sensing unit configured to collect authentication information; and a control unit configured to perform the authentication based on first authentication information and second authentication information, to control the sensing unit to collect third authentication information if it is determined that the authentication based on the first authentication information has succeeded and the authentication based on the second authentication information has failed, and to perform the authentication based on the third authentication information. Since the authentication is performed through a combination of biometric information and context information that are acquired from two or more terminals, reliability and security of the authentication can be heightened. | 03-03-2016 |
| 20160066184 | Pairing Computing Devices According To A Multi-Level Security Protocol - In an embodiment, an apparatus includes a security engine to operate in a trusted execution environment to perform security operations and to authenticate a user of the apparatus, and a pairing logic to receive an indication of discovery of a peer device and to determine whether the user of the apparatus corresponds to a user of the peer device, and if so to enable a pairing with the peer device according to a first security ring if the correspondence is determined, and to enable the pairing with the peer device according to a second security ring if no correspondence is detected and the user of the apparatus is authenticated. Other embodiments are described and claimed. | 03-03-2016 |
| 20160066187 | SYSTEMS AND METHODS FOR ENHANCED ENGAGEMENT - In some embodiments, a method comprises displaying a pre-registration invitation on a first digital device connected to a wireless network, determining one or more wireless network identifiers associated with the wireless network, generating a pre-registration code request, the request including the one or more wireless network identifiers, providing the pre-registration code request to a virtual network server, the server generating a pre-registration code in response to the pre-registration code request, the pre-registration code associated with the one or more wireless network identifiers, receiving the pre-registration code, providing a registration request from a second digital device, the registration request comprising the pre-registration code, and provisioning an account based on the registration request and the wireless network identifiers, the wireless network identifiers identified based on the pre-registration code. | 03-03-2016 |
| 20160070898 | USING BIOMETRIC USER-SPECIFIC ATTRIBUTES - Techniques are provided for determining two or more user-specific parameters that can be measured or obtained using various methods, and using values of the two or more user-specific parameters to uniquely identify or authenticate an individual. Examples of the user-specific parameters may include biometric parameters, textual-based parameters, a combination of biometric parameters and textual-based parameters, and the like. | 03-10-2016 |
| 20160072780 | MAPPING ACCOUNT INFORMATION TO SERVER AUTHENTICATION - An authorization prompt issued from a server is detected, and previously-entered account information, is accessed on a user device. A selectable display element corresponding to each set of entered account information is displayed. User selection or actuation of a given display element is received, and the corresponding account information is retrieved and used to log onto the server that issued the authentication prompt. | 03-10-2016 |
| 20160072782 | Publicly Available Protected Electronic Mail System - A secure messaging system provides a secure messaging exchange service to identified user. In one embodiment, the System comprises a User Record Server (URS) comprising a plurality of Private Electronic Mail (PEM) user accounts. A Secure Mail Delivery Agent (SMDA) provides a storage area for inbound sMail upon authentication via the URS that a Sender ID bundle in a message header of each incoming message matches the Sender ID of at least one of said plurality of PEM user accounts before delivering said incoming message. A first Secure Mail Transfer Agent (SMTA), coupled via a first encrypted connection to said SMDA and via a second connection to a public network, is configured to insert a Sender ID bundle into sMail headers when routing outbound sMail, and further configured to establish encrypted channels for the transmission of sMail over a public network. | 03-10-2016 |
| 20160072783 | A Node for Use by a Network, a System for Interconnecting Multiple Networks and Methods of Operating the Node and System - There is provided a method of operating a node ( | 03-10-2016 |
| 20160072788 | Method, Apparatus, and System for Sending Credentials Securely - A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment, a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed. | 03-10-2016 |
| 20160072789 | MOBILE CLOUD SERVICE ARCHITECTURE - Techniques are described for implementing a cloud computer system to facilitate communication between a computing device (e.g., a mobile computing device) and enterprise computer systems. In certain embodiments, the cloud computer system may receive, from a computing device, a request for a service provided by an enterprise computer system. The cloud computer system may determine security authentication of a user for the requested service. A security protocol may be determined for a requested enterprise computer system and a security token may be generated for the request according to the determined security protocol. The request may be sent to the requested enterprise computer system. In some embodiments, security authentication for a request to an enterprise computer system may be determined based on previous authentication. The cloud computer system may be configured to communicate with several different enterprise computer systems according to their supported protocols (e.g., communication protocol and/or security protocol). | 03-10-2016 |
| 20160072792 | VERIFICATION METHOD, APPARATUS, SERVER AND SYSTEM - Disclosed are a verification method, apparatus, server and system. The method includes: receiving a service request from a terminal; acquiring service data according to the service request received from the terminal; generating a verification question and a standard answer according to the service data; and interacting with the terminal according to the verification question and the standard answer to complete a verification process. The verification question and the standard answer are generated according to the service feature of the service requested by the terminal, and interaction is performed with the terminal according to the verification question and the standard answer to complete the verification process, thereby solving the problem that the network service security cannot be ensured using the verification code technology due to attacks launched by combining the machine and the manpower. | 03-10-2016 |
| 20160072800 | SYNTHETIC GENOMIC VARIANT-BASED SECURE TRANSACTION DEVICES, SYSTEMS AND METHODS - Various devices, systems, structures and methods are disclosed related to securely authorizing a transaction by synchronizing digital genomic data with associated synthetic genomic variants. An embodiment of the present invention utilizes digital genomic data associated with an entity, such as a person, who may utilize a genome-based security device to complete a transaction. In one embodiment, a person may use a genome-based security device to communicate with an external device over a wireless or other communication interface, synchronize digital genomic data and an associated synthetic variant received from the external device with digital genomic data and associated synthetic variant stored on the genome-based security device. | 03-10-2016 |
| 20160072803 | SYSTEM AND METHOD FOR AUTHENTICATION ACROSS DEVICES - An authentication approach simplifies the process of authentication across devices, while increasing security. An authentication code is supplied through non-traditional channels, such as audio and visual channels, allowing more complex codes to pass between two devices for authentication with increased security, while reducing user interaction. | 03-10-2016 |
| 20160072824 | SOCIAL NETWORKING BEHAVIOR-BASED IDENTITY SYSTEM - Disclosed are various embodiments for a social networking behavior-based identity system that employs social networking data that a user has elected to share through an opt-in procedure. First social networking data is stored in association with a user identity. An assertion of the user identity is received from a client after the first social networking data is stored. Second social networking data is received in response to receiving the assertion of the user identity. An identity confidence level as to whether the user identity belongs to a user at the client is generated based at least in part on a comparison of the second social networking data with the first social networking data. | 03-10-2016 |
| 20160072925 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, AND DEVICE CONTROL METHOD - An information processing system includes terminal devices of a first network; and an information processing device of a second network. A first terminal device includes a unit for retrieving device information of electronic devices and the information processing device of the second network; and a unit for transmitting an output request to the information processing device. A second terminal device includes a unit for retrieving device information of the electronic devices and the information processing device; and a unit for transmitting a retrieval request to the information processing device, and for retrieving electronic data. The information processing device includes a unit for retrieving the output request and the retrieval request; a unit for transmitting the output request and the retrieval request to the electronic device, and for receiving the electronic data; and a unit for providing the electronic data to the second terminal. | 03-10-2016 |
| 20160073257 | Console Display Terminal - The present invention comprises a console display terminal, comprising: a display screen configured to display a data item entered by a user, a transceiver configured to send and receive the data item to a network device, a sensing unit configured to detect and analyze an entry of the data item by the user, and a controller configured to verify the data item. The controller, upon detection and analysis of the data item, verifies the detected entry by evaluating the detected entry and identifying a display form for the data item. The controller further authorizes the display screen to display the data item in the determined display form in a list and authorizes the transceiver to send the data item to the network device. A system and a non-transitory computer readable storage medium having computer executable instructions are also provided to operate in conjunction with the console display terminal. | 03-10-2016 |
| 20160073262 | IDENTITY MANAGEMENT ON A WIRELESS DEVICE - A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider. | 03-10-2016 |
| 20160078211 | LOCATION SIGNATURES - In one implementation, a security management system accesses a trusted location signature and a candidate location signature to determine that the candidate location signature is correlated with the trusted location signature, and establishes a trusted state of an entity in response to determining that the candidate location signature is correlated with the trusted location signature. | 03-17-2016 |
| 20160080341 | MULTI-TENANT APPLICATION USING HIERARCHICAL BEAN FACTORY CONTAINER - Various embodiments provide on premise and cloud deployment support for components that may not be multi-tenant enabled. A single application in a highly non-intrusive way without effecting application functional logic. On premise deployments can run with fixed default tenant and no tenant information needs to be captured anywhere anytime. The application code accesses the hierarchical bean factory to get any tenant specific or shared resources seamlessly without knowledge of multi-tenancy in functional code anywhere. | 03-17-2016 |
| 20160080351 | SINGLE-SSID AND DUAL-SSID ENHANCEMENTS - A wireless local area network system establishes a PASSPOINT™ connection between a mobile station and a hotspot using an enhanced single SSID method or an enhanced dual SSID method. In the dual SSID method, an access point associates and authenticates a mobile device to a secondary SSID of the access point during enrollment and provisioning. After enrollment, the access point authenticates the mobile station to a primary SSID of the access point using the credential that the mobile station received from an online sign-up (“OSU”) server in connection with the secondary SSID. In the single SSID method, an access point performs two levels of authentication. During authentication, communications are limited to an 802.1x controlled port running on the mobile station and access point. After a first authentication, communications between the OSU server and the mobile station are unblocked. After the second authentication, all traffic from the mobile station is unblocked. | 03-17-2016 |
| 20160080355 | AUTHENTICATION OF API-BASED ENDPOINTS - A method includes detecting an incoming request from a first application to a second application. The method further includes performing an authentication that involves sending a challenge message to a first application. The challenge message may request an account of information associated with processed transactions between the first application and the second application during a particular period preceding the incoming request, a solution to a high-cost calculation associated with a high level of resource use, or a concatenated sequence of characters located at specific positions of a shared value. The authentication further involves receiving a challenge response to the challenge message from the first application, determining a verified response based on the challenge message, and determining whether the challenge response matches the verified response. The method includes authorizing the second application to process the incoming request in response to determining that the challenge response matches the verified response. | 03-17-2016 |
| 20160080357 | UTILIZING VEHICLE INFORMATION AS A SECURITY PIN/PASSKEY - A method for connecting a mobile device to a vehicle system of a vehicle. The method includes the following: generating a passkey based on at least one of vehicle information and an image accessible to an occupant of the vehicle; transmitting instructions for composing the passkey to the mobile device; and connecting the mobile device to the vehicle system subsequent to entry of the passkey at the mobile device. | 03-17-2016 |
| 20160080359 | AUTHENTICATION USING LIGHTS-OUT MANAGEMENT CREDENTIALS - A method includes upon receiving a request from a user to perform an operation on a device that is running under an operating system, authenticating the user on the basis of credential data that is retrieved from a data storage unit that is associated with a lights-out management (LOM) capability of the device. If authentication of the user is successful, the user is enabled to perform the operation. | 03-17-2016 |
| 20160080362 | VIRTUAL MASS RECOGNITION TOOL - A tool for administering virtual recognition of a group of users is provided. The group of users may be specifically identified or dynamically generated based on criteria selected by an administrative entity submitting a request to administer virtual recognition. The tool may be configured for generating user and badge recommendations based at least in part on the group of users identified to receive the virtual recognition. | 03-17-2016 |
| 20160080373 | Sensor Information Transparency System and Method - The present invention relates generally to the field of information transparency, and, more particularly, to a system and method for providing non-ambiguous sensor information transparency for deployed sensors within a highly geographically distributed, networked environment. | 03-17-2016 |
| 20160080381 | SYSTEMS AND METHODS FOR ONLINE THIRD-PARTY AUTHENTICATION OF CREDENTIALS - Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data. | 03-17-2016 |
| 20160080936 | SYSTEMS AND METHODS FOR DEVICE BASED AUTHENTICATION - In some embodiments, computer implemented methods, systems, and non-transitory computer readable media determine a first comparison value based on a first comparison between a first sensor signature associated with first set of sensor data of a first device in a first context and a second sensor signature associated with second set of sensor data of a second device. The first comparison is associated with a first authentication type. It is determined whether the first comparison value satisfies a first threshold. It is determined that a user should be authenticated on the second device based on satisfaction of the first threshold. | 03-17-2016 |
| 20160080941 | METHOD AND APPARATUS THAT FACILITATES A WEARABLE IDENTITY MANAGER - Various aspects directed towards a wearable identity manager system are disclosed. In a first aspect, an association status between a user and a wearable identity manager device is ascertained based on whether the wearable identity manager device is worn by the user, and motion data associated with a movement of the wearable identity manager device is monitored. Authentication data, which includes the motion data, is then transmitted based on the association status. In another aspect, an association status between a user and a wearable identity manager device is again determined based on whether the wearable identity manager device is worn by the user. Here, however, the wearable identity manager device is paired with a pairing device, and authentication data is transmitted to the pairing device based on the association status to facilitate a user authentication via the pairing device. | 03-17-2016 |
| 20160085564 | DYNAMIC MULTI-USER COMPUTER CONFIGURATION SETTINGS - In an approach for managing user profiles, a computer identifies a first user profile and one or more additional user profiles, wherein the first user profile is active on a computing device. The computer receives streaming data. The computer receives a trigger wherein the received trigger includes biometric data. The computer identifies a second user profile from the identified one or more additional user profiles that is associated with the received trigger. The computer compares biometric data from the second user profile with the biometric data in the received trigger. The computer determines whether the biometric data matches, within a defined tolerance level, the biometric data in the second user profile. | 03-24-2016 |
| 20160085565 | DYNAMIC MULTI-USER COMPUTER CONFIGURATION SETTINGS - In an approach for managing user profiles, a computer identifies a first user profile and one or more additional user profiles, wherein the first user profile is active on a computing device. The computer receives streaming data. The computer receives a trigger wherein the received trigger includes biometric data. The computer identifies a second user profile from the identified one or more additional user profiles that is associated with the received trigger. The computer compares biometric data from the second user profile with the biometric data in the received trigger. The computer determines whether the biometric data matches, within a defined tolerance level, the biometric data in the second user profile. | 03-24-2016 |
| 20160085947 | SHARING MEDIA CONTENT WITH MULTIPLE RECIPIENTS - A computing device may provide a credential related to a service. Responsive to a validation of the credential, an identification of the service may be added to a contact listing associated with the computing device. Thereafter, a user of the computing device may select the service from the contact listing in order to upload a content object to the service. Similarly, the user of the computing device may select one or more peer devices from the contact listing. Responsive to the peer device selections, the content object may be transmitted to the one or more peer devices. | 03-24-2016 |
| 20160085954 | METHOD AND SYSTEM TO VALIDATE IDENTITY WITHOUT PUTTING PRIVACY AT RISK - A method and system to verify identity while protecting private data. To locally verify identity without requiring communication with an external database or passing personal/identity information over network connections. To create a database and/or statistical model for later use to verify identify, private information from a first media is input to a device. Private information subsequently presented via a second media is then verified locally by comparing to the private information previously captured from the first media. If the resultant correlation score is sufficiently high the private information from the first media and from the second media are determined to belong to the same individual, and the user is authenticated or a desired action is approved. In case of a low correlation score, a notification may be sent to one or more entities alerting authorities of a security breach or identity theft. | 03-24-2016 |
| 20160085959 | PREVENTION OF CABLE-SWAP SECURITY ATTACK ON STORAGE DEVICES - Generally, this disclosure provides systems, devices, methods and computer readable media for prevention of cable swap security attacks on storage devices. A host system may include a provisioning module configured to generate a challenge-response verification key-pair and further to provide the key-pair to the storage device to enable the challenge-response verification. The system may also include a link error detection module to detect a link error between the host system and the storage device. The system may further include a challenge-response protocol module configured to initiate, in response to the link-error detection, a verification challenge from the storage system and to provide a response to the verification challenge based on the key-pair. | 03-24-2016 |
| 20160085960 | Securely Pairing Computing Devices - In an embodiment, an apparatus comprises a secure storage to store an entry having an identifier of a device to be paired with the apparatus and a master key shared between the apparatus and the device, and a connection logic to enable the apparatus to be securely connected to the device according to a connection protocol in which the device is authenticated based on the identifier received from the device and the master key. Other embodiments are described and claimed. | 03-24-2016 |
| 20160087955 | GENERIC SERVER FRAMEWORK FOR DEVICE AUTHENTICATION AND MANAGEMENT AND A GENERIC FRAMEWORK FOR ENDPOINT COMMAND DISPATCH - Methods, devices, and systems are described for enrolling a user's bring-your-own-device for secure connection to a company's enterprise computer network. From her mobile device, user clicks on a uniform resource locator (URL) to connect with the login web page on the enterprise network. After authentication, checks are performed to verify that the user has authorization to enroll the type of electronic device, and the profile is installed on the device. A notification is sent to the device by a server on the enterprise network, and a secure workspace application is pushed to the device along with configuration data that automatically links the workspace with the parent device enrollment. Once the user launches the secure workspace application the workspace access configuration data and initializes enrollment with the enterprise network, resulting in a linking of the secure workspace application with its parent device enrollment. The workspace is registered as a child of the parent device, and the lifecycle of the workspace is thus linked to that of the parent. | 03-24-2016 |
| 20160087960 | SHARED IDENTITY MANAGEMENT (IDM) INTEGRATION IN A MULTI-TENANT COMPUTING ENVIRONMENT - Techniques are disclosed for enabling tenant hierarchy information to be migrated directly between different multi-tenant system (e.g., from a shared IDM system to a Nimbula system, or vice versa). A corresponding new tenant is created in a Nimbula system based on a combination of the tenant information and the service information from the shared IDM system. The Nimbula system extracts the tenant name and the service name from a request and asks the shared IDM system to verify that the user actually is a member of the tenant identified by the extracted tenant name. Upon successful authentication of the user, the Nimbula system requests the IDM system for roles that are associated with both the user and the extracted service name. The Nimbula system enable access to the service upon determining whether the requested operation can be performed relative to the specified service based on the roles. | 03-24-2016 |
| 20160087961 | Techniques for Authenticating a Device for Wireless Docking - Examples are disclosed for a first device to wirelessly dock to a second device. In some examples, a first device may receive identification from the second device for wirelessly docking. The first device may determine whether the second device is allowed to wirelessly dock and if allowed an authentication process may be implemented. The first device may then wirelessly dock to the second device based on a successful authentication. Other examples are described and claimed. | 03-24-2016 |
| 20160087962 | METHOD AND SYSTEM FOR AUTHENTICATING USER IDENTITY - Embodiments of the present application relate to a method for authenticating user identity, a system for authenticating user identity, and a computer program product for authenticating user identity. A method for authenticating user identity is provided. The method includes generating a first verification code by a server, displaying the first verification code to a user in an application scenario of a service requiring user identity authentication, receiving a second verification code sent by the user via another application that is other than the application scenario, comparing the second verification code sent by the user and the first verification code generated by the server, and determining whether the user has passed identity authentication based on a result of the comparison. | 03-24-2016 |
| 20160087973 | DTCP CERTIFICATE AUTHENTICATION OVER TLS PROTOCOL - Authenticating devices utilizing Transport Layer Security (TLS) protocol to facilitate exchange of authentication information or other data to permit or otherwise enable access to services requiring authentication credentials, certificates, tokens or other information. The authentication may utilize Digital Transmission Content Protection (DTCP) certificates, Diffie-Hellman (DH) parameters or other information available to the authenticating devices, optionally without requiring device requesting authentication to obtain an X.509 certificate. | 03-24-2016 |
| 20160087981 | Method for Authentication, Server, Device and Data Carrier - The present invention relates to a method for authentication between a server process and a client process by means of multiple communication comprising at least a primary authentication communication and a secondary authentication communication, wherein the method comprises steps for:—the server process receiving from the client process an initiating communication of the primary authentication communication,—the server process initiating the secondary authentication communication between the server process and a client authentication process,—the server process receiving primary authentication information comprising an authentication code or an authentication result by means of the primary authentication communication,—the server process receiving secondary authentication information comprising an authentication code or an authentication result of the secondary authentication communication,—the server process establishing the authentication on the basis of the primary and second authentication information, wherein the primary authentication communication and the secondary authentication communication are separate communications and/or wherein the server process can automatically establish a secondary authentication on the basis of the secondary authentication communication. | 03-24-2016 |
| 20160087983 | USING CLOCK DRIFT, CLOCK SKEW, AND NETWORK LATENCY TO ENHANCE MACHINE IDENTIFICATION - Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data. | 03-24-2016 |
| 20160087992 | PROVIDING VIRTUAL DESKTOPS USING RESOURCES ACCESSED ON PUBLIC COMPUTER NETWORKS - A computer system supports hosting of virtual desktops using resources available in the cloud. Connections to various resources used by a desktop configuration are made dynamically using authentication information associated with the user assigned to the desktop configuration. In addition to using file storage, directory services and user management information on private resources on a private network, these resources may also be accessed through a public network. | 03-24-2016 |
| 20160088475 | CACHE-BASED WIRELESS CLIENT AUTHENTICATION - Methods and systems for caching of remote server MAC authentication to enable fast roaming are provided. According to one embodiment, a wireless network controller of a wireless local area network (WLAN) receives an authentication request relating to a wireless client device from a wireless access point (AP) managed by the wireless network controller. It is determined whether a prior authentication result associated with the client is present in a cache of the controller. The client is permitted to access the WLAN via the AP when the prior authentication result is present and indicates the client was previously successfully authenticated. The authentication request is issued to a remote authentication device associated with the WLAN to determine a current authentication status of the client. Responsive to receipt of the current authentication status, information regarding the current authentication status is stored by the controller within the cache. | 03-24-2016 |
| 20160094344 | MOBILE SECURITY USING CONTEXT PATTERNS - Examples of methods, systems, products, devices, and/or apparatus generally related to mobile security are described. An example method may include capturing a context pattern of a user device. The context pattern may be based, at least in part, on data from one or more sensors of the user device. The data may be acquired at multiple different times. The example method may further include generating at least one public-private key pair based, at least in part, on the context pattern. | 03-31-2016 |
| 20160094387 | DISCOVERY OF CLOUD-BASED ACCESS-POINT CONTROLLERS - In order to configure an access point, the access point requests information specifying an associated cloud-based controller when the access point is first turned on at a user location. In particular, the access point may provide, to a configuration device, a controller query requesting information specifying a unique network address of a cloud-based controller associated with the access point. This controller query may include an identifier of the access point (such as a serial number). Then, the access point receives, from the configuration device, the information specifying the unique network address of the cloud-based controller, such as a fully qualified domain name of the cloud-based controller. | 03-31-2016 |
| 20160094528 | Authenticating Redirection Service - A redirection service may receive a destination URI plus a set of conditions for reaching the URI. The conditions may include authentication conditions. The service may generate an intermediate URI which may direct to an intermediate service. The intermediate service may execute the various conditions, then redirect to the destination URI. In some cases, the intermediate service may pass data to the destination URI, and such data may include data gathered while executing the various conditions. The intermediate service may accessed through an Application Programming Interface (API). An example use scenario for the redirection service may be to generate publically publishable URIs for a private chat service, where an intermediate URI may be generated for a specific user or group of users, and may permit only those users to access a private chat room through the publically available URI. | 03-31-2016 |
| 20160094529 | Identifying Related User Accounts Based on Authentication Data - In some embodiments, upon detecting malicious activity associated with a user account, a content management system can identify other user accounts related to the malicious user account. The content management system can identify related user accounts by comparing authentication information collected for the malicious user account with authentication information collected for other user accounts. Authentication information can include IP address information, geographic information, device type, browser type, email addresses, and/or referral information, for example. The content management system can compare the content items associated with the malicious user account to content items associated with other user accounts to determine relatedness or maliciousness. After identifying related malicious user accounts, the content management system can block all related malicious user accounts. | 03-31-2016 |
| 20160094530 | AUTHORIZATION BASED ON ACCESS TOKEN - A mobile device may include an authenticator and a processor. The authenticator may generate an authorization request with a secure token to access a server. The processor may access the server using an authorization token, if the authenticator receives the authorization token in response to the authorization request. The authenticator may embed the authorization request with a plurality of parameters to allow the server to determine, based upon at least one of the plurality of parameters, if the authorization token should be given to the mobile device. | 03-31-2016 |
| 20160094531 | CHALLENGE-BASED AUTHENTICATION FOR RESOURCE ACCESS - Examples of the present disclosure describe systems and methods for authentication by an authentication component when a client attempts to access a secured resource(s). As an example, an access request is received from a client at an authentication component. The authentication component generates an authentication challenge including criteria to assist the client in selecting an appropriate authentication credential, a request for proof of possession of the authentication credential, and challenge-specific data for the client to return in a challenge response. A challenge response is received from the client. The authentication component evaluates the challenge response and determines whether to authenticate the client for access to a resource based on the evaluated challenge response. Other examples are also described. | 03-31-2016 |
| 20160094533 | AUTHENTICATION OF A SECURE ELECTRONIC DEVICE FROM A NON-SECURE ELECTRONIC DEVICE - The application relates in particular to a method for authentication of a secure electronic device (BNK_SRV) from a non-secured electronic device (PC, SP) comprising an input peripheral (KBD, MS, TS, CAM), an output peripheral (SCR, SPK, PRN) and a secure electronic circuit (TPM). | 03-31-2016 |
| 20160094537 | FACILITATING NETWORK LOGIN - A system and method for transmitting user credentials to another device. According to some embodiments, a method is described of receiving into a first portable electronic device a set of credentials from a user, the set of credentials to include a WLAN SSID and a network key, the set of credentials to allow the first device to connect to the WLAN. The set of credentials is used to connect the first device to the WLAN. The first device creates a message for wireless transmission, the message includes the set of credentials for accessing the WLAN and is adapted to be delivered to a second device. Finally, the first device transmits the message over the air, wherein the message is addressed to the second device. The second device receives the message and uses the credentials in the message to connect to the WLAN. Other embodiments are also described. | 03-31-2016 |
| 20160094539 | SYSTEMS AND METHODS FOR PERFORMING SINGLE SIGN-ON BY AN INTERMEDIARY DEVICE FOR A REMOTE DESKTOP SESSION OF A CLIENT - The present disclosure is directed to systems and methods for performing single sign on by an intermediary device for a remote desktop session of a client. A first device intermediary to a plurality of clients and a plurality of servers authenticates a user and establishes a connection to the user's client device. The device provides a homepage including links to one or more remote desktop hosts associated with the user. The device receives a request to launch an RDP session with a remote desktop host via the homepage and generates RDP content, including a security token, for the user. The device receives a second request that includes the security token to launch the RDP session. The device validates the user using the security token and establishes a connection to the remote desktop host. The device signs into the desktop host using session credentials. | 03-31-2016 |
| 20160094542 | ON-DEMAND SERVING NETWORK AUTHENTICATION - A method, an apparatus, and a computer program product for wireless communication are provided. A method includes transmitting a request to a serving network with a nonce and a signature request directed to a network function of the serving network, receiving a response to the request from the serving network, and authenticating the serving network based on the signature of the network function. The nonce may provide replay protection. The response may include a signature of the network function. The request sent to the serving network may include a radio resource control (RRC) message or a tracking area update (TAU) request. The serving network may be authenticated using a trusted third party to verify a certificate associated with the serving network. | 03-31-2016 |
| 20160094545 | NFC DEVICE, SOFTWARE INSTALLATION METHOD, SOFTWARE UNINSTALLATION METHOD, COMPUTER PROGRAM AND ARTICLE OF MANUFACTURE - There is disclosed an NFC device comprising an NFC communication unit and a memory unit; the NFC device being arranged to receive, through the NFC communication unit, a device identifier of a computing device and to store said device identifier in the memory unit; the NFC device further being arranged to send, upon or after storing said device identifier, at least one software installation key through the NFC communication unit to the computing device. Furthermore, a corresponding software installation method, software uninstallation method, computer program and article of manufacture are disclosed. | 03-31-2016 |
| 20160094547 | IMAGE CAPTURE CHALLENGE ACCESS - Aspects of image capture challenge access are described. In one embodiment, an access service of a computing device directs an imaging system to capture an image including facial fiducial features and determine whether the features correspond to an expected set of features. The access service may also issue a request for a response including, for example, a request to tilt or move the computing device, move an individual's face, or contort an individual's facial features. After the request for the response, the access service may capture a response image. The response image may include an adjustment to facial fiducial features. The access service may further determine whether the adjustment to the facial fiducial features corresponds to the request. Depending upon whether the adjustment corresponds to the request, the access service may permit or deny access to features of the computing device. | 03-31-2016 |
| 20160094550 | Biometric Device Pairing - A first electronic device is associated with a biometric sensor. Biometric data received by the biometric sensor is used to permit the first electronic device to pair with, unlock, and/or access a second electronic device. | 03-31-2016 |
| 20160094551 | Transaction Verification Through Enhanced Authentication - Methods, systems, and computer program products for providing transaction verification through enhanced authentication are provided. A method performed by a computer system may include receiving one or more credentials to authenticate an application programming interface request received from a second computer system based on a first level of authentication, generating an additional authentication challenge to further authenticate the application programming interface request in response to detecting a change associated with the second computer system, issuing the additional authentication challenge to the second computer system, and processing the application programming interface request based on a result of the additional authentication challenge. | 03-31-2016 |
| 20160094617 | DECLARATIVE AND ADAPTIVE CONTENT MANAGEMENT - A computer-implemented method for content management across multiple server computers includes receiving a request to transfer a file between a central server computer and a client device. A list of two or more local server computers is received, wherein the two or more local server computers transfer the file between the central server computer and the client device. Operational information is received that is associated with each of the two or more local server computers and a duration of connectivity between each of the two or more local server computers and the client device. A strategy is determined for the file across the two or more local server computers based, at least in part, on the operational information associated with each of the two or more local server computers. | 03-31-2016 |
| 20160098551 | OPTICAL AUTHENTICATION OF OPERATIONS FOR A MOBILE DEVICE - An operation at a mobile device is authenticated by using a random visual presentation displayed at the device for the authentication. The mobile device generates and displays the random visual presentation which is optically captured (e.g., by a camera) at a capturing device. The capturing device uses the captured random visual presentation to generate an authentication value (e.g., a hash) based on a defined security protocol. The authentication value is compared to an expected value and if the values match the mobile device executes the operation. | 04-07-2016 |
| 20160098552 | WEARABLE USER DEVICE AUTHENTICATION SYSTEM - Systems and methods for authenticating a user include a wearable user device receiving a first request to access a secure system. A plurality of authentication elements are then displayed on a display device to a user eye in a first authentication orientation about a perimeter of an authentication element input area. A user hand located opposite the display device from the user eye is then detected selecting a sequence of the plurality of authentication elements. For each selected authentication element in the sequence, the wearable user device moves the selected authentication element based on a detected movement of the user hand and records the selected authentication element as a portion of an authentication input in response to the user hand moving the selected authentication element to the authentication element input area. The user is authenticated for the secure system if the authentication input matches stored user authentication information. | 04-07-2016 |
| 20160099924 | USING CREDENTIALS STORED IN DIFFERENT DIRECTORIES TO ACCESS A COMMON ENDPOINT - A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint. | 04-07-2016 |
| 20160099926 | METHOD OF SEQUENTIALLY AUTHENTICATING CAN PACKETS USING DIVIDED MACS AND APPARATUS FOR IMPLEMENTING THE SAME - A method of transmitting K messages using divided message authentication codes (MACs) in a controller area network (CAN) includes: generating a MAC using a first message and a specific MAC, performing a first operation with respect to j using j-th messages subsequent to the first message and a second MAC part of the generated MAC, performing a second operation with respect to j using a result of the performed first operation and a j-th subblock subsequent to a first MAC subblock among K MAC subblocks obtained by dividing a first MAC part of the generated MAC, transmitting the first message along with the first MAC subblock, and transmitting K-1 j-th messages in an order of j, each of the j-th messages being transmitted along with a j-th result of the performed second operation. | 04-07-2016 |
| 20160099929 | USER AUTHENTICATION BASED ON SELF-SELECTED PREFERENCES - Embodiments of the invention are directed to a system, method, and a computer program product for a user authentication based on self-selected preferences. The system typically including a memory, a processor, and a module configured to receive a request to execute a user action from a user associated with an application, wherein the user action requires one or more authentication credentials; receive one or more authentication credentials from the user based on a user-selected preference; validate the one or more authentication credentials based on the user-selected preference; and execute the user action based on a successful validation of the one or more authentication credentials | 04-07-2016 |
| 20160099936 | BLUETOOTH LOW ENERGY HOSTLESS PRIVATE ADDRESS RESOLUTION - Conventional Bluetooth low energy (or like personal wireless network) controllers cannot resolve private addresses without some calculation from a host processor but leaving the host processor on or awaking it from a sleep each time a non-trusted device attempts to connect wastes power. Hostless private address resolution allows a host controller to enter a sleep state off while the Bluetooth controller advertises its device name, primary services, rejects connection requests from non-trusted devices with public and private addresses, and awakens the host controller upon a connection request from a trusted client device with a public or private address. Not only does this approach reduce power consumption by allowing the host processor to remain in the sleep state it simultaneously ensures security by allowing the private address resolution to remain active on the Bluetooth controller. | 04-07-2016 |
| 20160099950 | USER AUTHENTICATION - A method, system, server processing system and computer readable medium for authenticating a user attempting to access a secure environment is disclosed. In one aspect, the server processing system is configured to: receive an authentication request to authenticate the user attempting to access the secure environment; transfer, to the user or a user device associated with the user, an index corresponding to a selected key from a keymap; receive data indicative of a code which is based on the selected key presented by the user device and a personal identifier, and determine, using the code whether the user is authenticated. Advantageously, the server processing system never stores nor receives data directly indicative of the personal identifier such that no one else is able to determine the personal identifier, not even an employee of the secure environment which the user is attempting to access. | 04-07-2016 |
| 20160100311 | SECURE BROADCAST BEACON COMMUNICATIONS - Using various embodiments, methods and systems for secure Bluetooth Low Energy communications, in an unconnected state, are described herein. In one embodiment, conventional BLE transmitting device data can be supplemented with authentication information, including a message authentication field which enables receivers to determine if the received beacon/transmitted BLE peripheral data is genuine. In another embodiment, the authentication data can also include a time varying value field in order to prevent unintentional acceptance of transmitting device data from unauthorized replicated BLE peripherals. In one embodiment, the transmitting device computes an authentication tag using at least a secret key known to the receiving device and transmits the authentication tag to the receiving device. The receiving device can compute an authentication value using the secret key and other transmitting device information and determine if the transmitting device data is genuine by comparing the computed authentication value and the received the authentication tag. | 04-07-2016 |
| 20160103981 | UTILIZING MULTIPLE COMPUTING DEVICES TO VERIFY IDENTITY - A tool for identify verification using computing device collaboration. The tool generates a hash based, at least in part, on device specific information for one or more user owned devices. The tool determines whether a hash for the initial device matches the hash for at least one of the one or more user owned devices, and if so, sends, one or more challenge questions to the initial device, wherein the one or more challenge questions include at least one challenge question based on the device specific information for the one or more user owned devices. The tool determines whether each of one or more responses to the one or more challenge questions is correct. | 04-14-2016 |
| 20160103982 | CREDENTIAL VALIDATION USING MULTIPLE COMPUTING DEVICES - A tool for credential validation using multiple computing devices. The tool selects at least one challenge question. The tool selects one or more user owned devices, wherein selecting the one or more user owned devices includes querying a database for each user owned device associated with a user account. The tool selects at least one device order, based, at least in part, on a level of security desired in credential validation. The tool presents the at least one challenge question to the one or more user owned devices, wherein the at least one challenge question includes the at least one device order for returning at least one response. The tools determines whether the at least one response received from the one or more user owned devices is a correct response relative to the at least one challenge question and the at least one device order. | 04-14-2016 |
| 20160103986 | Method for Generating At Least One Derived Identity - The invention provides a method of generating at least one derived identity of an individual | 04-14-2016 |
| 20160105415 | DEVICE CONTROL METHOD, DEVICE MANAGEMENT SYSTEM, AND IN-HOUSE SERVER APPARATUS CONNECTED TO DEVICE MANAGEMENT SYSTEM - A method in the disclosure includes: receiving, from an information device, a device password which is used for controlling a target device via an in-house server apparatus and which is input on the information device using a setting screen; managing a device ID of the in-house server apparatus, a user ID, and the device password in association with one another; transmitting the device password to the in-house server apparatus to cause the in-house server apparatus to manage the device ID and the device password; transmitting, when login to an out-of-house server apparatus is authenticated, an authentication screen to the information device; receiving, from the information device, an input password that is input on the information device using the authentication screen; and when the received input password is identical to the device password that is associated with the user ID, approving a control of a target device by the information device. | 04-14-2016 |
| 20160105417 | COMPUTER NETWORK SECURITY MANAGEMENT SYSTEM AND METHOD - A computer network security management system is provided, in which a corporate computer network can be substantially separated from an external network because the external exposure of the corporate computer network is minimized, and a possibility that a hacker may get into a relay server or a central server can be fundamentally cut off. The computer network security management system is expected to further enhance the security level of a corporate computer network. | 04-14-2016 |
| 20160105424 | NETWORK-ASSISTED FABRIC PAIRING - Systems and methods for joining a device to a fabric using an assisting device include an indication to add a joining device to a fabric. If the joining device supports network-assisted fabric pairing, a first connection is established between a commissioning device and the assisting device. The assisting device also connects to a joining device. Through the assisting device, the commissioning device and the joining device establish a communication channel over which fabric credentials may be sent. | 04-14-2016 |
| 20160105428 | AUTHENTICATION FOR OVER THE TOP BROADCAST STREAMING USING AUTOMATED CONTENT RECOGNITION - An authenticator in a second user device captures a media sample comprising at least one of an audio portion, a video portion or an image portion. The media sample is played on a first user device. The authenticator compares at least a portion of the media sample to a reference media stream to determine whether the portion of the media sample matches the reference media stream. If the portion of the media sample matches the reference media stream, the authenticator determines that the second user device is authenticated and requests a media stream from a media streaming source. | 04-14-2016 |
| 20160105433 | INFORMATION PROCESSING DEVICE, WIRELESS COMMUNICATION SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - [Object] To propose an information processing device, wireless communication system, information processing method, and storage medium which can mutually authenticate communication partners simply and safely. | 04-14-2016 |
| 20160105434 | SECURE TWO-WAY AUTHENTICATION USING ENCODED MOBILE IMAGE - A digital authentication method, system, and related devices/media, the authentication method comprising displaying a web page comprising one or more website features on a first computing device, scanning the one or more website features with a second computing device, and sending information related to the one or more scanned website features from the second computing device to a processing system. The processing system uses the information to authenticate the web page on the first computing device and enable one or more web page components, with the information being related to the one or more scanned website feature. | 04-14-2016 |
| 20160105435 | SYSTEMS AND METHODS TO AUTHENTICATE IDENTITY FOR SELECTIVE ACCESS TO INFORMATION RELATING TO PROPERTY - Credential and/or location data included in data received by a networked system from a device that communicated the data to the networked system may be processed to determine if the credential data and/or location data validate an identity of a user (e.g., a guest, traveler, patron) and/or a location of the user based on a location of the device when the data is communicated. The data may be review data and the credential and/or location data may be included in review data. The device and/or the networked system may generate a location history database from location data from the device or other system that is periodically logged from multiple locations at different times during an event (e.g., a stay at a vacation rental). Data from the database may be used to determine if a location for a communication is with a threshold of an allowable distance from an allowable location. | 04-14-2016 |
| 20160105443 | RESOURCE ACCESS - An example method for accessing a target resource in accordance with aspects of the present disclosure includes retrieving a configuration from a local profile associated with a user on a device, automatically completing a login form for a web interface based on the configuration, identifying a target resource by parsing a list of resources received from a server in response to the completed login form, and automatically launching the identified target resource based on the configuration. | 04-14-2016 |
| 20160105798 | PROCESS FOR AUTHENTICATING AN IDENTITY OF A USER - The invention provides a process for authenticating an identity of a user accessing a location in a secure manner using a communications device that is in direct communication with an independent server and in secondary communication with a second server, the communications device having a user interface and an input module, the process including the steps of hosting device information on the independent server for validation; generating and sending a user prompt from the device to the independent server for validation, and if validated as correct, creating a device ID and transaction ID as indexes to identify the device on the database; generating a randomised keypad on the user interface; inserting and submitting a pass code by way of the randomised keypad; relaying said pass code to the second server; and generating a second validation at the second server, using the pass code and thereby authenticating both user and device. | 04-14-2016 |
| 20160110529 | METHODS, APPARATUS AND SYSTEMS FOR SECURELY AUTHENTICATING A PERSON DEPENDING ON CONTEXT - Methods, apparatus and systems are described for securely authenticating a person at an appropriate level of security depending on context without having to enter any passwords. In some embodiments, a meta-wallet processor receives a request for user authentication from a user device which includes a meta-wallet identifier, an entity identifier, a context identifier and user biometric data and/or user personal assets data, and/or user social media data. The meta-wallet processor determines that the user is registered meta-wallet user and is engaging in a predetermined type of activity, selects an authentication protocol, determines that the user biometric data and/or user personal assets data, and/or user social media data matches stored personal meta-wallet data and satisfies the authentication protocol, and then transmits a user authentication confirmation message to one of the user device and an entity computer associated with the entity identifier. | 04-21-2016 |
| 20160110531 | INFORMATION PROCESSING APPARATUS, TERMINAL APPARATUS AND INFORMATION PROCESSING METHOD - An information processing apparatus includes an information storage unit configured to store characteristic information representing a characteristic of authentication image data by being associated with user identifying information and a control unit. The control unit executes acquiring image data, the user identifying information and position indicating information from a requester making a request for a process with respect to the image data, extracting image data in position indicated by the acquired position indicating information, and determining whether the requester is identical with a self user identified by the acquired user identifying information by comparing characteristic information representing the characteristic of the extracted image data with the characteristic information stored in the information storage unit and executing the process requested by the requester with respect to the acquired image data when the requester is determined to be the self user identified by the acquired user identifying information. | 04-21-2016 |
| 20160110721 | METHODS, SYSTEMS AND APPARATUSES FOR SECURE TRANSACTIONS - The invention is directed towards methods, systems and apparatuses, see FIG. | 04-21-2016 |
| 20160112390 | Method, Apparatus, and System for Establishing a Virtual Tether between a Mobile Device and a Semiconductor Processing Tool - A method for establishing a virtual tether between a mobile device and a semiconductor processing tool, the method including: obtaining, by a mobile device, a unique key associated with the semiconductor processing tool; establishing a unique pairing between the mobile device and the semiconductor processing tool based on the unique key that is obtained by the mobile device; in response to successfully establishing the unique pairing, authenticating a user of the mobile device for access to the semiconductor processing tool; in response to successfully authenticating the user, performing resource arbitration on the semiconductor processing tool which includes reserving one or more resources associated with the semiconductor processing tool based on a level of access granted to the user; monitoring an activity level of the mobile device over a period of time; and comparing the activity level to a predetermined activity level threshold. | 04-21-2016 |
| 20160112393 | CAPTCHA SYSTEMS AND METHODS - Systems and methods for verifying human users through cognitive processes that computers cannot imitate are described herein. Human cognitive language processing techniques may be used to verify human users. Visual patterns and tests may be used to distinguish between humans and computers because computer-based visual recognition is fundamentally different from human visual processing. Persistent plugins and tests may be used to continuously verify human users. | 04-21-2016 |
| 20160112394 | SYSTEMS AND METHODS FOR IMPLEMENTING A PERSONALIZED PROVIDER RECOMMENDATION ENGINE - Techniques for making personalized provider recommendations in related categories include identifying a first entity category from a plurality of entity categories based on context information. A first category relationship is identified from a plurality of category relationships based on the first entity category. The first category relationship indicates that the first entity category and a second entity category are related. A first provider specific profile is identified from a plurality of provider specific profiles based on user profile data associated with a user account. The first provider specific profile is associated with the first entity category. A second provider specific profile associated with the second entity category is identified from the plurality of provider specific profiles based on the user profile data. A plurality of providers including a first provider associated with the first provider specific profile and a second provider associated with the second provider specific profile is displayed. | 04-21-2016 |
| 20160112403 | METHOD AND APPARATUS FOR BULK AUTHENTICATION AND LOAD BALANCING OF NETWORKED APPLIANCES - A new approach is proposed that contemplates systems and methods to support bulk authentication of an appliance associated with a user to all cloud-based services the appliance intends to access in one transaction instead of authenticating the appliance against each of the services individually. First, the appliance generates and transmits to an authentication service cluster an authentication request that includes its identification and authentication credentials in order to access to a plurality of services. Upon receiving the authentication request, the authentication service cluster authenticates the appliance for all of the services to be accessed based on the information in the authentication request. Once the appliance is authenticated, the authentication service cluster then retrieves entitlement information of the services to be accessed by the appliance, and identifies the service clusters/nodes that the appliance will connect to for the services with the fastest response time. | 04-21-2016 |
| 20160112414 | NETWORK AUTHENTICATION METHOD AND SYSTEM BASED ON EYE TRACKING PROCEDURE - A network authentication method and a system based on an eye tracking procedure are provided. An image capturing unit of a user terminal captures a face image sequence of a user, and transmits the face image sequence to a server terminal such that the server terminal executes an authentication procedure to return an authentication result. The user terminal executes an eye tracking procedure based an eye movement of the user. The user terminal transmits an emergency signal to the server terminal if the user terminal determines that an emergency mode is triggered during the eye tracking procedure. | 04-21-2016 |
| 20160112418 | SYSTEMS AND METHODS FOR INTERACTION AMONG TERMINAL DEVICES AND SERVERS - System and method are disclosed for providing authentication of a terminal device. One embodiment includes a method implemented by a first terminal device. The method may include receiving first location information and receiving a first predetermined signal. The method may also include transmitting status information and the first location information to a server upon receiving the first predetermined signal to allow the server to compare the first location information with second location information received from a second terminal device and to allow the server to transmit the status information to the second terminal device. The status information may indicate that the first terminal device is authenticated and the first location information may indicate a current location of the first terminal device. | 04-21-2016 |
| 20160112423 | SYSTEMS, METHODS AND APPARATUSES FOR BROKERING DATA BETWEEN WIRELESS DEVICES, SERVERS AND DATA RENDERING DEVICES - Provided are methods, systems, and apparatuses for data brokering between hand held wireless devices (WDs) and data rendering devices (DRDs). DRDs in the form of multimedia devices used for rendering data by printing (e.g., to a networked printer) or displaying video data (e.g., televisions, video monitors, and projectors) are provided with data for rendering at the DRD at the request of WDs. DRDs are capable of receiving data data from a network at the request of a WD and/or directly from a WD as the host and then rendering or displaying the data on devices capable of receiving and processing the data. DRD (e.g., printers and multimedia video devices) can also be controlled by the WD during display of the data and to control display of the data. | 04-21-2016 |
| 20160112430 | Enhanced Security for Electronic Communications - Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user. | 04-21-2016 |
| 20160112432 | IMPOSTER ACCOUNT DETECTION AND REMEDIATION IN A SOCIAL NETWORKING SYSTEM - When a request to connect a requesting user to a target user is received by the social networking system, information associated with the requesting user and with users connected to the target user is retrieved. A fraud probability score indicating a probability that the requesting user is impersonating a user connected to the target user is determined based on the information associated with the requesting user and with users connected to the target user. Based on the fraud probability score, a determination is made whether the requesting user is a suspected imposter and remedial action is taken if imposter is suspected. | 04-21-2016 |
| 20160112437 | Apparatus and Method for Authenticating a User via Multiple User Devices - A method includes forming, during access to a site, an association between a user and a first device. Contact information for a second device associated with the user is obtained. During a subsequent access to the site the first device is recognized. The user is prompted to authenticate without inputting identifying information. The user is authenticated at the site relying upon the association and a positively acknowledged message from the second device. | 04-21-2016 |
| 20160112497 | ON-DEMAND DELIVERY OF APPLICATIONS TO VIRTUAL DESKTOPS - A service provider system may include an application fulfillment platform that delivers desktop applications on demand to desktops on physical computing devices or virtual desktop instances. The applications may be selected for delivery from a catalog of applications, and may be required to be installed on the destination computing resource instance, or may be assigned to a customer's end user on whose behalf the resource instance was provisioned. A workflow for deploying a selected application may invoke services implemented on the platform. The desktop application may be delivered as a virtualized application package that is subsequently executed by a runtime engine installed on the end user's resource instance, without installing the selected application itself on the computing resource instance. A customer's IT administrators may create and populate the catalog, add customer-generated or customer-licensed applications, assign applications to users, apply constraints on application use, and monitor application usage. | 04-21-2016 |
| 20160119310 | AUTHENTICATION AND PAIRING OF A MOBILE DEVICE TO AN EXTERNAL POWER SOURCE - A mobile device communicates with an authenticator affiliated with a recharging facility, to identify itself. To confirm that the mobile device is connected to the correct facility, the authenticator instructs the mobile device to draw electrical charge according to an identifiable pattern. Upon detecting a charge being drawn according to that pattern, the authenticator has confirmation that the identified device is connected to the facility, and permits the charging to proceed. The amount of electricity drawn during the charging procedure can be metered, and then billed to a party associated with the identified mobile device. | 04-28-2016 |
| 20160119321 | FLEXIBLE AUTHENTICATION FRAMEWORK - A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety of sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be received at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries. | 04-28-2016 |
| 20160119325 | SINGLE SIGN ON PROXY FOR REGULATING ACCESS TO A CLOUD SERVICE - Embodiments disclosed herein provide systems, methods, and computer readable media for using a single sign-on proxy to regulate access to a cloud service. In a particular embodiment, a method provides receiving an authentication request from a user system directed to a SSO service and determining whether the authentication request satisfies at least one criterion for allowing access to the cloud service associated with the SSO service. Upon determining that the authentication request satisfies the at least one criterion, the method provides forwarding the authentication request to the SSO service. | 04-28-2016 |
| 20160119329 | DEVICE AUTHENTICATION FOR SECURE KEY RETRIEVAL FOR STREAMING MEDIA PLAYERS - Systems and methods are disclosed that authenticate devices or users, and enable playback of secured streaming content through a media player. In one embodiment, the invention is a system for receiving secure content over an unmanaged network, including a security application configured operate on a user device with access to a network, where the security application is configured to receive a request for playlist data from the media player, send a playlist request to a content server, receive playlist data from the content server, send playlist data to a media player, receive a security access request from the media player, send a security access request to a security server, receive security access data from the security server; and send security access data to a media player. | 04-28-2016 |
| 20160119330 | SMART ROUTER WITH ENHANCED SECURITY - A router receives, from a LAN-side client computing device, a request for a web resource served by a WAN side destination server, sent via an unsecure protocol. The router determines if the destination server supports a secure protocol. If it is determined that the destination server supports a secure protocol, then the router sends the request to the server via the supported secure protocol, receives a response in the server supported secure protocol, and forwards a payload of the response in an unsecure response to the unsecure request received from the client device. If it is determined that the destination server does not support the secure protocol, then the router sends the request to the destination server via the unsecure protocol. | 04-28-2016 |
| 20160119333 | SYSTEM AND METHOD FOR CROSS-CHANNEL AUTHENTICATION - A system includes a memory and processor. The memory stores a user account identifier associated with a user account. The processor receives at least one user credential and authenticates the user account based at least in part on the at least one user credential. The processor further receives a first request, from a device associated with the user account, to generate a one-time password and generates the one-time password in response to receiving the first request. The processor associates the one-time password to the user account and communicates the one-time password to the device associated with the user account. The processor further receives a second request, from a transaction device, the second request comprising an attempted one-time password, determines whether the attempted one-time password is valid, and communicates, to the transaction device, an indication that the attempted one-time password is valid in response to determining that the attempted one-time password is valid. | 04-28-2016 |
| 20160119337 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER BASED ON A BIOMETRIC MODEL ASSOCIATED WITH THE USER - Systems and methods as provided herein may create a biometric model associated with a user. The created biometric model may be used to generate challenges that are presented to the user for authentication purposes. A user response to the challenge may be compared to an expected response, and if the user response matches within a predetermined error of the expected response, the user may be authenticated. The systems and methods may further generate challenges that are adaptively designed to address weaknesses or errors in the created model such that the model is more closely associated with a user and the user is more likely to be the only person capable of successfully responding to the generated challenges. | 04-28-2016 |
| 20160119343 | Gateway, Client Device and Methods for Facilitating Communication between a Client Device and an Application Server - According to a first aspect, it is presented a method, executed in a gateway, the gateway being arranged to facilitate communication between a client device and an application server. The method comprises the steps of: receiving a client request from the client device, the client request comprising at least a portion being bound for the application server; sending an application server request to the application server; receiving an application server response from the application server, the application server response indicating a need to provide authentication; establishing at least one authentication credential using an authentication server for a connection between the client device and the application server; and sending a client response to the client device, the client response being based on the application server response and comprising the at least one authentication credential. An associated gateway, client device, vehicle, computer program and computer program product are also presented. | 04-28-2016 |
| 20160119344 | SYSTEM AND METHOD FOR WEB APPLICATION SECURITY - A system for detection and mitigation of client-side initiated security attack(s) to a web application is disclosed. A server component (SC) of the system is configured to intercept at least partially a web application code and/or data exchanged between a web server and one or more web browsers running on client devices respectively. The SC installs a script in the web application code intercepted from a web server before forwarding a transformed web application code to the a web browser. The CS when executed in a web browser of a client, causes the web browser to execute a loop which sweeps the document object model (DOM) structure of the webpage. Further, the CS sends a report containing the DOM structure and/or details on data to the SC. Using the received reports, SC concludes if tampering occurred at the client-side. | 04-28-2016 |
| 20160119363 | System and Method for 4D Signature with Intelligent Mobile Cloud Device - A system and its methods using 4D signature to verify ones' online transaction through mobile projector is disclosed for the first time; the purpose is to enhance the security of currently booming e-commence industry. By 4D, we mean a signature that is written in 3D space and 1D time. The speed and the force the writer used are all recorded in great details, and it becomes very hard to be forged. One sample implementation combined with a popular smart phone is described in details. Two mini projectors and two cameras are used in a coordinated way, with one catch even line, and the other catch odd line; and both catch the red green and blue in strictly defined time sequences. Pre-distortion, de-jitter, auto focus and background color compensation methods are also included. Finally, cloud sever is used to improve the authentication accuracy, through the data fusion. | 04-28-2016 |
| 20160125180 | Near Field Communication Authentication Mechanism - A computing device is described. The computing device includes input/output (I/O) circuitry to receive sensory data and a trusted execution environment to monitor the I/O circuitry to detect one or more context characteristics of the computing device and to authenticate user identity based on context characteristics. | 05-05-2016 |
| 20160127134 | USER AUTHENTICATION SYSTEM AND METHOD - A computer-implemented method and system are provided for authenticating the identity of a user registered with a computer system. The authentication method comprises generating a multi-dimensional array of elements that are addressable by respective sets of indices, generating a challenge code comprising a linear array of elements for addressing a first set of indices of the array of elements, transmitting the multi-dimensional array of elements and challenge code to at least one computing device associated with the user, receiving a response code from the user, and verifying the user's identity when the received response code matches a derived code obtained by retrieving elements from the multi-dimensional array at locations addressed by elements taken from the challenge code and a personal code stored at the computer system, wherein the personal code comprises a linear array of elements for addressing a different set of indices of the array of elements. | 05-05-2016 |
| 20160127339 | AGGREGATE SERVICE WITH ENHANCED CLOUD DEVICE MANAGEMENT - One embodiment provides a method, comprising: receiving, from a client device, a request by a user to access an aggregate service device; authenticating, at an aggregate service device, the user to provide access to a plurality of cloud storage accounts of the user hosted by a single cloud storage service; providing, by the aggregate service device, data analogous to data of the plurality of cloud storage accounts; receiving, by the aggregate service device, a selection of data accessible by the user from the plurality of cloud storage accounts of the user; and facilitating data transfer associated with the selection. | 05-05-2016 |
| 20160127340 | METHOD AND APPARATUS FOR CONNECTING A COMMUNICATION DEVICE TO A DEPLOYABLE NETWORK WITHOUT COMPROMISING AUTHENTICATION KEYS - A method and apparatus is provided for connecting a communication device to a deployable system. The deployable system obtains at least one deployable key derived on a fixed system for the deployable system based on an existing key stored on a database of the fixed system, wherein the existing key is used to authenticate a communication device. The deployable system stores the derived key. Subsequent to the storing, the deployable system is activated to provide communication resources to communication devices disconnected from the fixed system. The activated deployable system is not connected to the fixed system. The activated deployable system receives an authentication request from the communication device requesting connection to the deployable system; generates authentication vectors using the at least one derived deployable key; and authenticates an authentication response received from the communication device using the authentication vectors. | 05-05-2016 |
| 20160127342 | System and Method for Providing Security Monitoring - The present disclosure describes systems and methods for processing security sensor data that enhances the ability of a user to quickly and efficiently review portions of the sensor data streams. | 05-05-2016 |
| 20160127344 | PASSWORD-LESS AUTHENTICATION SYSTEM AND METHOD - A processor-implemented method for authenticating a login without a password. The method includes: receiving a request to authenticate a login, the request including a user identifier and excluding a password; based on the user identifier, identifying a device to be used to authenticate the login; and in response to determining that a login confirmation message has been received from the identified device, authenticating the login. | 05-05-2016 |
| 20160127345 | System And Method For Providing A Content Delivery Network Via A Motor Vehicle - A cache server disposed in a motor vehicle receives and caches content from a content distribution network when a load of a cellular link to the content distribution network is low. The cache server determines that the motor vehicle is turned off, broadcasts a wireless signal as part of a wireless network when the motor vehicle is turned off, and provides a device access to the content cached in the cache server via the wireless network. | 05-05-2016 |
| 20160127357 | Method for safeguarding a network - A method for safeguarding a network made up of at least one first device and one second device. The first device derives a first challenge from physical properties of a first communication channel between the first device and the third device. In addition, the first device transmits the first challenge to the second device via a second communication channel between the first device and the second device. The first device receives a first response, corresponding to the first challenge, from the third device via the first communication channel and receives a second response, corresponding to the first challenge, from the second device via the second communication channel. The first device compares the first response and the second response to one another to verify that the second device is communicating with the third device. | 05-05-2016 |
| 20160127360 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER BASED ON SELF-PORTRAIT MEDIA CONTENT - Systems, methods, and non-transitory computer-readable media can receive an indication that a user is attempting to authenticate as a particular identity. A media content item captured using a front-facing device camera can be acquired. The media content item can include graphical data representing the user. The graphical data can be analyzed, at least in part, to produce a confidence score representing a likelihood that the user corresponds to the particular identity. The user can be authenticated as the particular identity when the confidence score at least meets a specified authentication threshold. | 05-05-2016 |
| 20160127362 | AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND SERVICE PROVIDING SYSTEM - An authentication system comprising an authentication terminal and an authentication server is provided. The authentication terminal comprises an authentication apparatus authenticating an authentication subject, an artifact operating in accordance with an input signal and a signal processing section inputting an input signal without including information of the authentication subject designated by the authentication server in the artifact and outputting an output signal in accordance with an operation result of the artifact as an authentication result when the authentication result in the authentication apparatus is passed. The authentication server authenticates the authentication subject based on the output signal. | 05-05-2016 |
| 20160127370 | TECHNIQUES FOR CALL-BASED USER VERIFICATION - Techniques for call-based user verification are described. In one embodiment, for example, an apparatus may comprise a processor circuit and a storage component. The apparatus may further comprise a session component, an identification (ID) component, a mapping component, and a verification component. The session component may be operative on the processor circuit and configured to receive session data from a client device and store the session data in the storage component. The ID component may be operative on the processor circuit and configured to request ID data from a server, receive ID data from the server, and send the ID data to the client device. The mapping component may be operative on the processor circuit and configured to map the session data with the ID data. The verification component may be operative on the processor circuit and configured to receive a confirmation from the client device, request verification from the server, and upon receiving verification from the server, verify the client device. Other embodiments are described and claimed. | 05-05-2016 |
| 20160127380 | SYSTEM AND METHOD TO VERIFY PREDETERMINED ACTIONS BY A COMPUTER ON A NETWORK - A system, a method, and a computer program for identifying a device on a network that participates in communication sessions, where the device may rotate its IP address between communication sessions. A plurality of unauthorized communication sessions that are carried out on different IP addresses are captured, stored, and analyzed to determine whether the same device was used during the communication sessions. The communication sessions may be analyzed to verify whether a predetermined file was downloaded, uploaded, or otherwise offered for copying, sharing or distribution. | 05-05-2016 |
| 20160127384 | METHOD AND SYSTEM FOR GEOLOCATION VERIFICATION OF RESOURCES - A method of geolocation verification, including obtaining the geolocation of an operating system, generating a unique system ID for an installed operating system, and transmitting the geolocation of the operating system and a system ID to a data repository. The method further includes receiving a request to either initiate deployment of, or grant access to, a computer object associated with the operating system, identifying if the computer object requires geolocation verification, then identifying an object ID associated with the computer object and communicating each of the object ID, the geolocation of the operating system, and the system ID, to a domain controller for assessment. The method also includes searching the data repository to identify one or more geolocation object resource claims associated with the object ID, and comparing the geolocation resource claims with the communicated geolocation of the operating system. | 05-05-2016 |
| 20160127860 | Communication System Equipped with a Radio Beacon - A communication system comprising: a radio beacon suitable for sending identification messages to a personal electronic device; and a control unit suitable for controlling the radio beacon and for modifying at predetermined time intervals, the identification messages sent by the radio beacon. | 05-05-2016 |
| 20160127898 | METHODS AND SYSTEMS FOR VALIDATING MOBILE DEVICES OF CUSTOMERS VIA THIRD PARTIES - A method for authenticating a mobile device in real-time. The method includes detecting the mobile device, sending a text message containing a unique uniform resource locator (“URL”) to the mobile device, and detecting an access of the unique URL by the mobile device through a first communication path. In response to detecting the access of the unique URL, requesting and subsequently receiving, by the host system in real-time, a phone number and a subscriber identification ID associated with the mobile device through a second communication path distinct from the first communication path, and a device fingerprint of the mobile device through the first communication path. The method further includes initiating a risk analysis based on the phone number, the subscriber ID, and the device fingerprint and determining an authentication status of the mobile device based on the risk analysis. | 05-05-2016 |
| 20160127900 | DISTRIBUTING BIOMETRIC AUTHENTICATION BETWEEN DEVICES IN AN AD HOC NETWORK - One feature pertains to biometric authentication of a user between devices. In one aspect, an ad hoc personal wireless network may include a primary device and one or more secondary devices using grouping policies such proximity policies and other permissions. The primary device shares a biometric authentication value of a user with the one or more secondary devices. Each secondary device may then perform additional authentication of the same user using a relatively low reliability biometric sensor such as a digital camera for facial recognition, a microphone for voice recognition or an accelerometer for gesture recognition. The secondary authentication results may be combined with the biometric authentication score/level from the primary device to form a final authentication score/level of the secondary device, which is used to authenticate the user of the secondary device for one or more transactions such as consumer purchases, secure content access, or secure control. | 05-05-2016 |
| 20160127989 | Device, Method, and System for Starting Mobile Hotspot - Disclosed is a device for starting a mobile hotspot, including: a password sending module, configured to send a Bluetooth pairing password and a preset start password to a mobile terminal that previously accessed a mobile hotspot via WIFI; a working state detecting module, configured to: detect the working state of mobile hotspot; a sleep triggering module, configured to trigger the mobile hotspot to enter into a sleeping state when detecting that the mobile hotspot has no user access and/or no data service; a Bluetooth module, configured to establish a Bluetooth connection with the mobile terminal and receive a password sent by the mobile terminal when the mobile hotspot is in the sleeping state; a start controlling module, configured to compare the password with a locally stored start password and control the mobile hotspot to enter into the working state when the comparison result is that they are consistent. | 05-05-2016 |
| 20160134596 | Methods, Systems and Computer Program Products for an Application Execution Container for Managing Secondary Application Protocols - A virtual application container can manage a plurality of secondary applications using a graphical user interface (GUI). The secondary applications may be selectively downloadable by a user and/or provided by third-party external providers. The application execution container may include a common feature or services interface that is used by the secondary applications that are executed in the GUI, which may include user verification and/or authentication information. The application execution container may include security and control functions that may be used by external service providers to ensure that users are properly authenticated, and the ability to add and/or utilize individual secondary applications may be granted based on predetermined eligibility criteria. | 05-12-2016 |
| 20160134609 | USER AUTHENTICATION CONFIDENCE BASED ON MULTIPLE DEVICES - The present application is directed to user authentication confidence based on multiple devices. A user may possess at least one device. The device may determine a device confidence level that the identity of the user is authentic based on at least data collected by a data collection module in the device. For example, a confidence module in the device may receive the data from the data collection module, determine a quality corresponding to the data and determine the device confidence level based on the quality. If the user possesses two or more devices, at least one of the devices may collect device confidence levels from other devices to determine a total confidence level. For example, a device may authenticate the other devices and then receive device confidence levels for use in determining the total confidence level, which may be used to set an operational mode in a device or system. | 05-12-2016 |
| 20160134610 | PRIVACY DURING RE-AUTHENTICATION OF A WIRELESS STATION WITH AN AUTHENTICATION SERVER - Methods, systems, apparatuses, and devices are described for privacy during re-authentication of a wireless station with an authentication server. The wireless station may derive a first identifier from a re-authentication key and a sequence number. The re-authentication key may be derived at least in part from a first session key. The wireless station may transmit to an authenticator the first identifier and a domain name. The first identifier and the domain name may be transmitted during a first re-authentication of the wireless station with the authentication server. Transmission of a name of the first session key may be withheld during the first re-authentication. | 05-12-2016 |
| 20160134613 | Wireless Local Area Network WLAN Access Method, Terminal, and Server - A wireless local area network (WLAN) access method, a terminal, and a server implement intelligentization and simplify a user operation. The method includes sending, by the terminal, a request for querying an available wireless access point to a server; sending, by the server according to the query request, obtained information about the available wireless access point; then, receiving, by the terminal, wireless access point information returned by the server, and determining a specific wireless access point from the received wireless access point information; then, sending, by the terminal, an authentication information request of the specific wireless access point to the server; and when receiving the request, sending, by the server, authentication information corresponding to the specific wireless access point to the terminal, where the authentication information is used to connect the terminal to the specific wireless access point. | 05-12-2016 |
| 20160134614 | USER AUTHENTICATION BASED ON OTHER APPLICATIONS - The present invention includes a system for authenticating a second action based on a first action, wherein the system is configured to: receive a first request to execute a first action associated with a first application; determine that execution of the first action requires user authentication; request one or more authentication credentials from the user; receive a first authentication credential associated with the first action; validate the first authentication credential, thereby resulting in a successful validation of the received first authentication credential; in response to the successful validation, execute the first action; receive a second request to execute a second action associated with a second application; determine that execution of the second action requires user authentication; use the successful validation of the first authentication credential to validate a second authentication credential so that the second action may be executed. | 05-12-2016 |
| 20160134615 | Computer-Implemented Method for Mobile Authentication and Corresponding Computer System - In one embodiment of the present invention a computerized method includes receiving at a personal-mobile device a first communication, which includes information for requesting user verification for logging into an account of a user, via a computing device. The account is with a service provided by an application server. The method includes starting a personal-authentication application on the personal-mobile device in response to receiving the first communication, and receiving in the personal-authentication application a user verification for confirming logging into the account. The method includes logging into the account via the computing device based on receipt of the user verification. Embodiments of the present invention provide enhanced security for logging into an account that a user may have with a service by providing that a personal-mobile device, such as a mobile telephone, which is personal to a user, is configured as a security token for login to the account. | 05-12-2016 |
| 20160134630 | OPEN CONNECTION MANAGER VIRTUALIZATION AT SYSTEM-ON-CHIP - Resource and memory use by applications used by user equipment (UE) can be adaptively controlled. A UE comprises a connection-manager kernel (CMKC) that can be embedded at the SOC level to facilitate resource and memory control at SOC level. CMKC operates in conjunction with an operating system kernel. CMKC comprises functional blocks that provide network enabler functions and observability APIs for network enhancement, traffic flow monitoring and filtering, QOE executive routines, and traffic flow time shifting. CMKC performs or provides analytics, security and firewall tags, cache management at SOC level, and policy enforcement. CMKC and a trusted memory operate in a trusted zone environment to facilitate secure operation. CMKC adaptively collects information from control registers and analytics, and maps such information to the trusted memory, which can be accessible to trusted APIs to facilitate enabling trusted applications to have knowledge of contextual network information. | 05-12-2016 |
| 20160134639 | METHOD FOR USER AUTHENTICATION USING DNSSEC - This invention leverages DNSSEC to makes post-password technologies work against endpoints across the globe, rather than solely within company walls. It describes a system by which DS records are encoded in NS names, which traverse well from the customer to the registry. This invention also proposes a series of steps through which DNSSEC can be explored as a useful solution to real world problems. By creating and further developing a mirror of the real DNS, which grows by combination of true DNS record information with specially synthesized authentication keys, DNSSEC scales, providing greater security and less risk of corrupting or erroneous online material. This same technology also evaluates user activity to create a database of statistics regarding automated activity, as compared to human activity. This database assists in identification and prevention, or at least mitigation, of potential future attacks on any given client by automated bot-driven activity. | 05-12-2016 |
| 20160134644 | GEOLOCATION SAFETY AWARENESS - A method and/or technique for geolocation safety awareness is provided herein. When a user, having a client device, travels to a location, threats associated with that location may not be known to the user. To determine a safety of the location, the location of a client device may be determined. A search for safety information about the location may be performed, and a threat level may be determined based upon the safety information. When the threat level exceeds a threat threshold, a security operation may be performed. The security operation may comprise presenting a warning notice to the user and/or activating a security timer. | 05-12-2016 |
| 20160135050 | SYSTEMS, APPARATUSES, AND METHODS FOR SECURE BEACON AUTHENTICATION VIA MOBILE DEVICES - Systems, apparatuses, and methods for secure beacon authentication via mobile devices are disclosed. In some example embodiments, a verification element comprises: a memory storing a plurality of non-repeated verification codes; a wireless broadcast element; and a processing circuit electronically coupled to the memory and the wireless broadcast element, the processing circuit being configured to retrieve one of the non-repeated verification codes from the memory and to transfer the non-repeated verification code to the wireless broadcast element, the wireless broadcast element being configured to wirelessly broadcast the non-repeated verification code to a plurality of mobile devices for individual verification of the plurality of mobile devices, the non-repeated verification code being different than any other non-repeated verification code previously retrieved from the memory and used for individual verification of the plurality of mobile devices. | 05-12-2016 |
| 20160135053 | WI-FI PRIVACY IN AN ACCESS POINT USING MEDIA ACCESS CONTROL ADDRESS RANDOMIZATION - Methods, systems, apparatuses, and devices are described for access point privacy using media access control (MAC) address randomization. The access point may identify a MAC address for use with over-the-air (OTA) transmissions and a persistent MAC address for backend communications. The access point may communicate the OTA MAC address and the persistent MAC address to a wireless station. The access point and the wireless station may exchange data frames and perform MAC replacement techniques to map the OTA MAC address to the persistent MAC address. The persistent MAC address may provide for data routing, mobility management, etc., whereas the OTA MAC address may provide for privacy for the wireless transmissions. | 05-12-2016 |
| 20160140358 | TERMINAL DEVICE, METHOD FOR PROTECTING TERMINAL DEVICE, AND TERMINAL MANAGEMENT SERVER - A terminal device includes: a memory unit to store a lock program for locking the terminal device; a condition checking unit to determine whether the terminal device is in a state of a preset condition for terminal protection when the lock program is executed; a lock control unit to allow the terminal device to be locked by the lock program when the terminal device is determined to be in a state of the preset condition for terminal protection; and a information deleting unit to delete an unlock key for use in unlocking the locked terminal device from the memory unit after the terminal device is locked. | 05-19-2016 |
| 20160142392 | IDENTITY MANAGEMENT SYSTEM - There is described a system for authenticating a client device in a network having a plurality of IDM components. One or more of the IDM components subscribes (using the publish-subscribe message pattern) to authentication requests published by client devices. The client device publishes an authentication request into the network. The most appropriate IDM component to process the published authentication request is selected, and the authentication request forwarded to the selected IDM component. The selected IDM component is then operated to negotiate with and authenticate the client device. | 05-19-2016 |
| 20160142393 | Terminal Authentication Apparatus and Method - A terminal authentication apparatus and method. The method includes sending, by an authenticator, a media access control (MAC) address of a terminal to an authentication server, and authenticating, by the authentication server, the MAC address according to a preset MAC address list. When an authentication result indicates that the terminal does not belong to the preset MAC address list, the method includes detecting, by a security gateway according to a data stream of the terminal, whether the terminal is a trusted terminal. The method also includes instructing, according to a detection result, the authentication server to update the MAC address list; and after the MAC address list is updated, triggering the authenticator to re-authenticate the terminal. The present disclosure resolves a problem that normal monitoring is seriously affected due to the fact that a terminal that is not in a whitelist is directly not allowed to access a monitoring network. | 05-19-2016 |
| 20160142394 | STRONG AUTHENTICATION VIA DISTRIBUTED STATIONS - In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used—e.g., a hospital's emergency department. Each such station includes a series of authentication devices. Mobile device may run applications for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord a user access to the desired resource via a mobile device. | 05-19-2016 |
| 20160142395 | Ad Hoc Communications - Ad hoc communications are established between unknown contacts. For example, in today's mobile communications environment, there are many instances in which a user of smart phone may wish to send a message to an unknown user's smartphone. An ad hoc communication thus allows messaging with an unknown user. | 05-19-2016 |
| 20160142396 | End-to-End Trusted Communications Infrastructure - A method establishing a trusted end-to-end communication link is disclosed. The method comprises executing a communication application in a trusted security zone of a mobile access terminal. The method also comprises sending a message from the mobile access terminal to a trusted communication application executing in a trusted security zone of a trusted enterprise edge node. The method further comprises sending the message from the trusted enterprise edge node to a trusted cloudlet executing in a trusted security zone of a cloud based server. | 05-19-2016 |
| 20160142398 | Method of network identity authentication by using an identification code of a communication device and a network operating password - A method of network identity authentication uses an identification code of a communication device and a network operating password. The network operating password is generated by a password generator in the website server by capturing a partial portion or all of the identification code of a website, account, transaction or other services. The result of the network identity authentication for the identification code of a communication device and network operating password is directly sent back to the network identity authentication system, thereby eliminating the possibility of invasion by a “phishing scam” or “man-in-the-middle attack,” which can happen in the conventional “dynamic password” authentication method. | 05-19-2016 |
| 20160142403 | TERMINAL DEVICE AND METHOD FOR PROTECTING TERMINAL DEVICE, AND TERMINAL MANAGEMENT SERVER - A terminal device includes: a condition checking unit to monitor an operation state of the terminal device by executing a terminal managing program, and determine whether the terminal device is in a state of a preset condition for terminal protection; a communication control unit to control the communication unit to be connected to the terminal management server using the location information when the condition checking unit determines that the terminal device is in a state of the condition for terminal protection, and control the communication unit to send the identification information to the terminal management server; and a lock control unit configured to lock the terminal device by executing the terminal managing program when a lock command is issued by, and received from, the terminal management server. | 05-19-2016 |
| 20160142404 | IDENTITY ASSERTION BASED ON BIOMETRIC INFORMATION - A method and apparatus for providing a lifetime extension to an identity assertion is provided herein. During operation a user will authenticate to an identity management server (also known as an authorization server or an authentication server) to obtain an identity assertion. An identity assertion will be provided upon successful authentication. The lifetime of the identity assertion will be based on whether or not biometric information of the user will be used by the device to which the assertion is being issued to identify the user prior to allowing the use of the identity assertion. | 05-19-2016 |
| 20160142405 | AUTHENTICATING A DEVICE BASED ON AVAILABILITY OF OTHER AUTHENTICATION METHODS - An approach for authenticating a device is provided. The approach includes a computer implemented method for receiving a first stage biometric variable verification data for accessing the device. The approach further includes a computer-implemented method for computing a second stage binary authentication data for accessing the device. The approach further includes analyzing the received first stage biometric variable verification data and the second stage binary authentication data. The approach further includes receiving the second binary authentication data for accessing the device. The approach further includes generating a confidence score level using the analyzed first stage biometric variable verification data and second stage binary authentication data, wherein, if the first stage biometric variable verification data is verified as having a sufficient confidence level score, then a required password entry, for the second stage binary authentication data requires less than all the normal number of characters for accessing the device. | 05-19-2016 |
| 20160142406 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus includes an authenticating section, a detecting section, and a processor. The authenticating section authenticates a user. When the authenticating section has authenticated a first user, the detecting section detects a second user in the vicinity of the information processing apparatus. The second user is different from the first user. When the detecting section detects the second user, the processor performs a predetermined process. | 05-19-2016 |
| 20160149859 | Managing Authentication Requests when Accessing Networks - Techniques for managing authentication requests. At a gateway device to a network, packets of a message intended for said network are received. Fields within payloads of the packets which contain authentication or authorization information are read. The message is redirected to an authentication server. The authentication server determines that a requester who sent the message to the gateway device is authorized to access a target resource specified in the message and responds to the gateway device that the requester is authorized to access the target resource. The gateway device responds to the requester that the requester is authorized to access the target resource. The gateway device notifies a server hosting the target resource that the requester is authorized to access the target resource. If the gateway device receives a subsequent message from the requester to utilize the target resource, the gateway device forwards the message toward the server. | 05-26-2016 |
| 20160149881 | PROVIDING ACCESS TO A RESTRICTED RESOURCE VIA A PERSISTENT AUTHENTICATED DEVICE NETWORK - Providing access to a restricted resource via a persistent authenticated device network, including: authenticating a user; joining a persistent authenticated device network; iteratively, upon the expiration of a predetermined period of time, determining whether the user remains authenticated; responsive to determining that the user remains authenticated, determining whether a downstream computing device in the persistent authenticated device network is attempting to access a restricted resource; and responsive to determining that the downstream computing device in the persistent authenticated device network is attempting to access a restricted resource, providing user authentication information to the downstream computing device. | 05-26-2016 |
| 20160149883 | TEMPORAL MODIFICATION OF AUTHENTICATION CHALLENGES - A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device. | 05-26-2016 |
| 20160149889 | SECURE CONNECTION BETWEEN A DATA REPOSITORY AND AN INTELLIGENCE APPLICATION - Embodiments of the invention are directed to systems, methods and computer program products for establishing a secure connection between a data repository and an intelligence application. In one embodiment, a method includes receiving, from a user device and using a processing device, a request from the intelligence application, the request communicated from the intelligence application through a data virtualization application and for obtaining access to the data repository; responding, using the processing device, to the request comprising preparing and sending an authentication request through the data virtualization application to the intelligence application; receiving authentication credentials from the intelligence application through the data virtualization application, the authentication credentials associated with one or more users of a plurality of users authorized to access the data repository; determining that the authentication credentials are valid; and providing device, access to the data repository in response to validating the authentication credentials. | 05-26-2016 |
| 20160149892 | ELECTRONIC PASSWORD LOCK APPARATUS AND PASSWORD PROTECTION SYSTEM USING THE SAME - An electronic password lock apparatus includes a storage unit, an input unit, and a communication unit. The storage unit stores a unique identification number of the electronic password lock apparatus, the electronic password lock apparatus is associated with a portable electronic device via the unique identification number. The input unit triggers a locking signal and an unlocking signal. The communication unit sends the locking signal or the unlocking signal to the portable electronic device to lock or unlock the portable electronic device, respectively, and receives an acknowledgement (ACK) signal from the portable electronic device to determine whether the portable electronic device is in a locking state or an unlocking state. | 05-26-2016 |
| 20160149893 | STRONG AUTHENTICATION METHOD - The present invention relates to a method of authenticating, with an authentication server, a user having at his disposal a calculator storing at least one unique identifier specific to the calculator and one first secret key (KO) and calculating a non-invertible function (H); the method comprising: • reception of the unique identifier by the authentication server, which sends an item of information (challenge) and an action code; • reception by the authentication server of three results of the non-invertible function, • the first result (R | 05-26-2016 |
| 20160149894 | SYSTEM AND METHOD FOR PROVIDING MULTI FACTOR AUTHENTICATION - An authentication technique is disclosed that permits or denies access to content based on several factors. Such factors include a user ID, a user password, a device ID, and a unique dynamic password. The unique dynamic password is only valid for a particular request to access the content. The unique dynamic password may be based on a key shared between a user device of a user desiring access to the content and an authentication server that permits or denies access to the content based on the authentication factors. The authentication factors may include whether a current geolocation of the user device meets a defined permissible geolocation specified in a user authentication profile. The authentication technique may further include obtaining approval to access the content by an administrative user. Additionally, the access to the content may be restricted based on duration, content, or termination by administrative user. | 05-26-2016 |
| 20160149895 | Authentication Apparatus That Assists Input of User ID and Password Authentication Method, and Recording Medium - An authentication apparatus includes an authentication determination circuit, a partial determination circuit, and a combination determination circuit. The partial determination circuit determines whether or not any one of a first set or a second set exists. The first set is a set where only the input user ID matches the registered user ID. The second set is a set where only the input password matches the registered password. The combination determination circuit generates a new set by combining the input user ID of the existing first set and the input password of another set or a similar method. The authentication determination circuit executes a user authentication if, among the generated sets, the input user ID matches the registered user ID, and the input password matches the registered password. | 05-26-2016 |
| 20160149896 | FILE FORMAT AND PLATFORM FOR STORAGE AND VERIFICATION OF CREDENTIALS - In various embodiments, a computer-implemented method for generating and verifying officially verifiable electronic representations may be disclosed. The method may comprise receiving, by a credential database, a request for a credential action. The credential database may be configured to store one or more credentials comprising a status indicator. The method may further comprise determining, by the credential database, a response to the credential action based on the one or more user credentials stored in the credential database and transmitting, by the credential database, the response to a client device. | 05-26-2016 |
| 20160149911 | FACILITATION OF SEAMLESS SECURITY DATA TRANSFER FOR WIRELESS NETWORK DEVICES - Configuration and credential data associated with a wireless network can be stored by the wireless network or a by a gateway device associated with the wireless network. The configuration and credential data can be accessed via a user profile and pushed to unauthenticated wireless devices to authenticate the unauthenticated wireless devices for the wireless network. The configuration and credential data can be backed up via a manual, automatic, or semi-automatic back-up process. | 05-26-2016 |
| 20160149914 | User Consent for Generic Bootstrapping Architecture - It is disclosed a method and a bootstrapping client ( | 05-26-2016 |
| 20160149919 | TARGETED USER ACCESS CONTROL SYSTEM - A system includes a network interface, at least one processing device, and at least one memory device. The at least one memory device stores instructions that when executed result in initiating creation of a single-use targeted link that provides access to a restricted access data entry system and serves the single-use targeted link through the network interface to a computer system of a targeted user with a time validity constraint. An access request received at the restricted access data entry system through the single-use targeted link is verified as being received within the time validity constraint. A network traffic throttling control reduces network traffic volume received through the single-use targeted link based on determining that the network traffic volume exceeds a traffic volume threshold. An identity control at the restricted access data entry system is applied to confirm entry of at least one identifying characteristic that matches the targeted user. | 05-26-2016 |
| 20160149921 | TRUSTED PERIPHERAL DEVICE FOR A HOST IN A SHARED ELECTRONIC ENVIRONMENT - A trusted peripheral device can be utilized with an electronic resource, such as a host machine, in order to enable the secured performance of security and remote management in the electronic environment, where various users might be provisioned on, or otherwise have access to, the electronic resource. The peripheral can have a secure channel for communicating with a centralized management system or service, whereby the management service can remotely connect to this trusted peripheral, using a secure and authenticated network connection, in order to run the above-described functionality on the host to which the peripheral is attached. | 05-26-2016 |
| 20160149928 | SECURE GROUP CREATION IN PROXIMITY BASED SERVICE COMMUNICATION - A method of forming a secure group in ProSe communication includes requesting a service request to a ProSe server from a requesting device ( | 05-26-2016 |
| 20160149935 | DETERMINING A LEGITIMATE ACCESS POINT RESPONSE - A first request is sent from a station to an access point. The station receives a first response from the access point that includes a first sequence number, and stores the first sequence number. The station sends a second request to the access point and sets a waiting period for receiving a response from the access point. The station receives a second response from the access point and a third response from a second access point during the waiting period. The second response includes a second sequence number and the third response includes a third sequence number. The station determines that the second response is a legitimate response by comparing the second and third sequence numbers to the first sequence number. | 05-26-2016 |
| 20160150409 | Method of Access Point Connection - A method for a communication device in a wireless communication system is disclosed. The method comprises detecting a signal from an access point in the wireless communication system, wherein the signal indicates that the access point is passpoint enabled, transmitting a request message with credential information to the access point, and receiving a response message with an access point information, from the access point. | 05-26-2016 |
| 20160154953 | Online Pseudonym Verification and Identity Validation | 06-02-2016 |
| 20160156592 | NATIVE APPLICATION SINGLE SIGN-ON | 06-02-2016 |
| 20160156603 | Low Power Secure User Identity Authentication Ring | 06-02-2016 |
| 20160156607 | METHOD AND DEVICE FOR MANAGING PROFILE | 06-02-2016 |
| 20160156608 | DETERMINING USER AUTHENTICATION REQUIREMENTS BASED ON THE CURRENT LOCATION OF THE USER BEING WITHIN A PREDETERMINED AREA REQUIRING ALTERED AUTHENTICATION REQUIREMENTS | 06-02-2016 |
| 20160156609 | DETERMINING USER AUTHENTICATION REQUIREMENTS BASED ON THE CURRENT LOCATION OF THE USER BEING WITHIN A PREDETERMINED AREA REQUIRING ALTERED AUTHENTICATION REQUIREMENTS | 06-02-2016 |
| 20160156613 | PASS THROUGH SERVICE LOGIN TO APPLICATION LOGIN | 06-02-2016 |
| 20160156618 | AUTHENTICATION USING PHYSICAL INTERACTION CHARACTERISTICS | 06-02-2016 |
| 20160156619 | ONE-TIME-PASSWORD GENERATED ON READER DEVICE USING KEY READ FROM PERSONAL SECURITY DEVICE | 06-02-2016 |
| 20160156620 | METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT | 06-02-2016 |
| 20160156622 | SYSTEM AND METHOD FOR PROVIDING A SERVICE TO END TERMINAL THAT USES AUTHENTICATION INFORMATION OF ANOTHER MOBILE COMMUNICATION TERMINAL, SERVICE SERVER, MOBILE COMMUNICATION TERMINAL, END TERMINAL, AND STORAGE MEDIUM | 06-02-2016 |
| 20160156625 | Electronic Messaging Exchange | 06-02-2016 |
| 20160156634 | Subscription Media On Demand VII | 06-02-2016 |
| 20160156638 | SMART BEACON DATA SECURITY | 06-02-2016 |
| 20160156672 | METHOD FOR ACCESSING A DIGITAL NETWORK BY WAY OF ONE OR MORE INTERNET SERVICE PROVIDERS | 06-02-2016 |
| 20160156728 | METHOD AND APPARATUS FOR ACCESSING OTT APPLICATION AND PUSHING MESSAGE BY SERVER | 06-02-2016 |
| 20160162667 | FUNCTION SETTING METHOD - A method of setting function includes first to fourth steps. The first step connects a recording medium to a first electrical apparatus having an optional function either disabled or temporarily enabled, the recording medium containing license information to enable the optional function. The second step allows first electrical apparatus to authenticate the license information. The third step, subsequent to the second step, enables the optional function of the first electrical apparatus. The fourth step, subsequent to the third step, records the optional function as having been authenticated in the license information. | 06-09-2016 |
| 20160162672 | RHYTHM-BASED USER AUTHENTICATION - The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user. | 06-09-2016 |
| 20160164850 | LOCATION-BASED USER DISAMBIGUATION - Embodiments are directed to validating the identity of a user. In one scenario, a computer system determines that a login account has been created for a user, where the creation includes generation of a first identifier for the user based on a user's determined location at the time of account creation. The computer system next receives a login attempt from the user that includes a second, different identifier and one or more login credentials. The computer system then determines the location from which the login attempt was received and, using the second identifier and the determined login location, identifies the user account corresponding to the user. The computer system further authenticates the user upon determining that the second identifier and login location match the first identifier. | 06-09-2016 |
| 20160164853 | METHOD FOR OPERATING A NETWORK AND A NETWORK - A method for operating a network in which a Software-Defined Networking (SDN) functionality between at least some of a plurality of elements of the network is realized by at least one controller. The method includes providing a secure proof of at least one network property. The secure proof of the at least one network property is provided by the SDN functionality. | 06-09-2016 |
| 20160164856 | DYNAMIC ACTIVATION OF SERVICE INDICATORS BASED UPON SERVICE PERSONNEL PROXIMITY - Embodiments of the invention provide a method, system and computer program product for dynamic activation of service indicators based upon service personnel proximity. In an embodiment of the invention, a method for dynamic activation of service indicators based upon service personnel proximity is provided. The method includes receiving at an enclosure of different hardware devices in a data center, a message for personnel proximity based activation of a service indicator lamp and activating a presence sensor in response to receiving the message. The method also includes responding to presence sensing an individual by the presence sensor by activating the service indicator lamp of the enclosure. | 06-09-2016 |
| 20160164857 | USER AUTHENTICATION BASED ON HISTORICAL TRANSACTION DATA - Embodiments are directed to systems, methods and computer program products for providing user authentication based on transaction data. Embodiments receive from a user, a request to execute a user action associated with an application, wherein execution of the user action requires validation of authentication credentials; collect a transaction set of data comprising information related to transactions conducted by the user; collect a location set of data comprising information related to a physical location of the user; determine a transaction proximity score associated with the user and the transactions; determine a level of authentication associated with the determined transaction proximity score; determine which authentication types are associated with the level of authentication; request authentication credentials; receive authentication credentials from the user; validate the authentication credentials, thereby resulting in a successful validation of the authentication credentials; and, in response to the successful validation of the authentication credentials, execute the user action. | 06-09-2016 |
| 20160164861 | Methods for Fraud Detection - Method and systems for validating a client user in a secured network are provided. Upon authentication, a user is supplied a login cookie that includes verification data. When requesting access to a secured resource, the verification data is compared to the data in the request to confirm that the requestor is a legitimate user and not a user who has stolen the login cookie. | 06-09-2016 |
| 20160164862 | METHOD, SYSTEM, AND PROGRAM PRODUCT FOR REMOTELY ATTESTING TO A STATE OF A COMPUTER SYSTEM - A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications. | 06-09-2016 |
| 20160164864 | CONVENIENT WIFI NETWORK ACCESS USING UNIQUE IDENTIFIER VALUE - A WiFi network manager stores a unique identifier value such as a network address associated with a communication device as being a valid credential for the communication device to subsequently access a WiFi network including one or more access points. The WiFi network manager monitors use of the unique identifier value to access the WiFi network. In response to detecting misuse of the unique identifier value by two or more communication devices using the unique identifier value to use the WiFi network, the WiFi network manager at least temporarily prevents access to the WiFi network. | 06-09-2016 |
| 20160164868 | REMOTELY AUTHENTICATING A DEVICE - Remotely authenticating a device includes generating authentication data and secret key data in a controlled environment, sending the authentication data to a remote authentication engine, and sending the secret key data to a personalization engine to apply the secret key data to a device after sending the authentication data to the remote authentication engine such that the remote authentication engine has an ability to authenticate the device. | 06-09-2016 |
| 20160164869 | Actively Federated Mobile Authentication - To make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user's credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay. | 06-09-2016 |
| 20160164870 | USER AUTHENTICATION BASED ON FOB/INDICIA SCAN - Embodiments of the invention are directed to systems, methods and computer program products for receiving a request from a user for access to at least one function associated with a first application; determining that access to at least one function requires user authentication; initiating sensing of an authentication validating carrier comprising a first credential; determining the first credential based at least in part on the sensed authentication validating carrier; validating the first credential, thereby resulting in a first successful user authentication; and granting access to at least one function associated with the first application based on the validation of the first successful user authentication. | 06-09-2016 |
| 20160164883 | SECURE VIRTUAL TRANSFER OF SUBSCRIBER CREDENTIALS - To virtually transfer subscriber identity module (“SIM”) credentials from an active device to an inactive device in order to share carrier network access, temporary identifiers and SIM credentials are transferred using secure connections and an optional public-private key pair with encryption at the transport layer. In an example, a carrier identification (“ID”) server receives a temporary identifier, such as a temporary international mobile subscriber identity (“TIMSI”), from an inactive device via a carrier network. The carrier ID server authenticates the inactive device using the TIMSI by issuing a network challenge. Next, the carrier ID server verifies with an active device associated with the inactive device that the active device distributed the TIMSI. After authenticating and verifying with both devices, the carrier ID server activates the inactive device by allowing the TIMSI to behave as virtual SIM credentials on the carrier network. | 06-09-2016 |
| 20160164958 | DELIVERING PERSONALIZED CONTENT TO AUTHENTICATED USER DEVICES - Techniques for generated scannable coded images or user actionable-link with corresponding personalized content are described. In an example embodiment, the personalized content may only be accessed via the scannable coded image by authenticated user devices, wherein the permissions associated with the authentication are determined at the time the personalized content is generated. Responsive to a user device attempting to access the contents of a scannable coded image, the user device is first identified and authenticated. Only after the device is authenticated can the content corresponding to the scannable coded image be accessed by the user device or delivered to the user device. | 06-09-2016 |
| 20160165441 | ELECTRONIC DEVICE - An electronic device includes a display module, an NFC (Near-field Communication) module, a verification module and a control module. The display module is disposed on a first surface of the electronic device. The NFC module includes an antenna unit. The antenna unit is configured to transmit and receive a wireless signal from an outward direction of the first surface. The verification module is disposed on a second surface of the electronic device. The verification module is configured to generate an identification input data according to an operation of a user. The control module is configured to drive the verification module to generate the identification input data when the NFC module receives an identification requirement data, and configured to determine whether the identification input data is valid. | 06-09-2016 |
| 20160165447 | SELF-SELECTED USER ACCESS BASED ON SPECIFIC AUTHENTICATION TYPES - Embodiments of the invention are directed to a system, method, and a computer program product self-selected user access based on specific authentication types. The system typically including a memory, a processor, and a module configured to receive from a user, a user-selected preference, wherein the user-selected preference comprises one or more authentication types desired by the user; determine a level of authentication from a plurality of levels of authentication are associated with the one or more authentication types associated with the user-selected preference; initiate the presentation of a user interface that enables the user to select one or more application functions, wherein the one or more application functions are associated with the determined level of authentication; receive from a user, a selection of one or more application functions. | 06-09-2016 |
| 20160170980 | Single Cell Data Management and Analysis Systems and Methods | 06-16-2016 |
| 20160173466 | HTTP HEADER-BASED ADAPTABLE AUTHENTICATION MECHANISM | 06-16-2016 |
| 20160173476 | CREDENTIAL VALIDATION USING MULTIPLE COMPUTING DEVICES | 06-16-2016 |
| 20160173477 | PROVIDING AUTHENTICATION USING PREVIOUSLY-VALIDATED AUTHENTICATION CREDENTIALS | 06-16-2016 |
| 20160173478 | PROVIDING AUTHENTICATION USING PREVIOUSLY-VALIDATED AUTHENTICATION CREDENTIALS | 06-16-2016 |
| 20160173479 | Terminal Authentication Method, Apparatus, and System in Passive Optical Network | 06-16-2016 |
| 20160173480 | USER AUTHENTICATION USING UNIQUE HIDDEN IDENTIFIERS | 06-16-2016 |
| 20160173482 | CU LOGIN METHOD AND SYSTEM | 06-16-2016 |
| 20160173484 | USER AUTHENTICATION BASED ON OTHER APPLICATIONS | 06-16-2016 |
| 20160173489 | COMMUNICATION USING OVER-THE-TOP IDENTITIES WITHOUT CENTRALIZED AUTHORITY | 06-16-2016 |
| 20160173490 | TRUSTED SERVICE INTERACTION | 06-16-2016 |
| 20160173497 | USER AUTHENTICATION BASED ON SELF-SELECTED PREFERENCES | 06-16-2016 |
| 20160173504 | USER AUTHENTICATION BASED ON FOB/INDICIA SCAN | 06-16-2016 |
| 20160180048 | CLOUD-BASED MEDICAL INFORMATION RETRIEVAL METHOD AND SYSTEM THEREOF | 06-23-2016 |
| 20160180068 | TECHNOLOGIES FOR LOGIN PATTERN BASED MULTI-FACTOR AUTHENTICATION | 06-23-2016 |
| 20160180072 | SYSTEM AND METHODS FOR AUTHENTICATION USING MULTIPLE DEVICES | 06-23-2016 |
| 20160182477 | DEVICES AND METHOD FOR MTC GROUP KEY MANAGEMENT | 06-23-2016 |
| 20160182482 | APPARATUS AND METHOD FOR CONTROLLING DISPLAY IN ELECTRONIC DEVICE HAVING PROCESSORS | 06-23-2016 |
| 20160182502 | USER PROFILE SELECTION USING CONTEXTUAL AUTHENTICATION | 06-23-2016 |
| 20160182503 | CONTINUOUS AUTHENTICATION OF MOBILE DEVICE USERS | 06-23-2016 |
| 20160182506 | SYSTEM AND METHOD FOR GENERATING A BIOMETRIC IDENTIFIER | 06-23-2016 |
| 20160182507 | Wireless Pairing and Communication Between Devices Using Biometric Data | 06-23-2016 |
| 20160182511 | AUTOMATED SECURITY TOKEN ADMINISTRATIVE SERVICES | 06-23-2016 |
| 20160183090 | METHOD AND TECHNICAL EQUIPMENT FOR SHORT RANGE DATA TRANSMISSION | 06-23-2016 |
| 20160183092 | ONLINE ACCOUNT ACCESS CONTROL BY MOBILE DEVICE | 06-23-2016 |
| 20160188850 | NO-CAPTCHA CAPTCHA - A device generates parameters identifying selectively revealed un-obfuscated information associated with administering and assessing a Turing test. The device provides, to a client device, a challenge based on the parameters. The challenge directs the client device to selectively reveal the un-obfuscated information for presentation to a user associated with the client device. The device receives a response, to the challenge, from the client device and determines, based on the response and the parameters, whether the user associated with the client device is human. The device selectively performs an action based on determining whether the user associated with the client device is human. | 06-30-2016 |
| 20160188855 | Secure PIN Entry - In this invention, with the use of TouchTime, TimeGap, Repetitive TimeGap, Pressure Sensitivity, Fingerprint Detection and Position methods, the authorized persons ensure a secure entry of their PIN codes into keypads. These methods using accordingly the time that the keys are kept depressed, the wait time between pressing the keys and between inserting the keys repetitively, and the pressure of entry of the keys, enhance the security of their PIN numbers as they increase the level of difficulty for non-authorized persons to see and understand how each key was pressed or entered. The Fingerprint Detection method ensures the authentication of the authorized person's fingerprints based on fingerprint detectors. As for the Position method, there are locations used for pressing the buttons and the described five methods are being applied while performing the PIN Entry. | 06-30-2016 |
| 20160188861 | USER AUTHENTICATION SYSTEM AND METHOD - A user authentication system includes an augmented reality device with a gesture analyzer configured for recognizing a user's gestures. The augmented reality device also includes an object renderer in communication with the gesture analyzer. The object renderer is configured for (i) rendering a virtual three-dimensional object for display to the user (ii) modifying the shape of the virtual three-dimensional object based upon the recognized gestures. | 06-30-2016 |
| 20160188862 | Method and system of silent biometric security privacy protection for smart devices - An efficient, secured and robust system and method for information security and privacy protection of smart devices, by silent biometric authentication mechanism, is disclosed. The system includes a sensing module associated with biometric sensors, a client module associated with processing engine and an authentication module for silently identifying unauthorized users and managing device security without compromising users' device-experience. The system is also configured with a security action module for tackling an intruder, detecting the source of attack and notifying the authorized user of such an attack. | 06-30-2016 |
| 20160188864 | SECURITY INFORMATION CACHING ON AUTHENTICATION TOKEN - A method of operating a security token to authenticate a user in a multi-factor authentication system is disclosed. The method includes: monitoring user custody of the token, the token having an identifying characteristic representing a possession factor for use through possession factor authentication; during a period of continuous user custody of the token based on the monitoring, obtaining a knowledge factor from a user having the continuous user custody; caching the knowledge factor in a memory of the token; and in response to a second authentication request, retrieving the knowledge factor from the memory to demonstrate to an authentication system knowledge of the knowledge factor, during the period of the continuous user custody. | 06-30-2016 |
| 20160191333 | TECHNIQUES FOR PROVIDING SOFTWARE SUPPORT FOR A HARDWARE COMPONENT OF A COMPUTING DEVICE - Various embodiments are generally directed to techniques to provide software support for a hardware component incorporated into a computing device with a variety of processor components supporting different instruction sets and with a variety of operating systems. An apparatus may include a main processor component of a computing device; a network device simulator coupled to a hardware component of the computing device, and to provide a simulated network device; and a bus network interface controller (NIC) simulator to provide a simulated bus NIC, the bus NIC simulator and the network device simulator to present the hardware component to the main processor component as the simulated network device accessible to the main processor component through at least the simulated bus NIC and a simulated network that couples the simulated bus NIC to the simulated network device. Other embodiments are described and claimed. | 06-30-2016 |
| 20160191484 | Secure Inmate Digital Storage - A method for providing personal digital storage for residents of a secure facility includes receiving a resident's login information and verifying the login information. Upon successful verification, access to a personal digital storage area is provided that includes more than multiple sections wherein each section is accessible to the resident and wherein each section is further accessible to a different set of individuals than that of another section. | 06-30-2016 |
| 20160191486 | TRANSPARENT CLIENT AUTHENTICATION - A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key. If they correspond, then the client is authenticated. | 06-30-2016 |
| 20160191492 | METHOD AND DEVICE FOR TRANSFERRING RESOURCES - The present disclosure discloses a method and a device for transferring resources. The method for transferring resources includes: receiving a resource transfer request for transferring resources sent by a transfer account; detecting whether a physical characteristic collected by a mobile device bound to the transfer account is received; and if detecting that the physical characteristic collected by the mobile device bound to the transfer account is received, transferring the resources when the physical characteristic matches with a stored physical characteristic model of the transfer account. | 06-30-2016 |
| 20160191495 | PRIVILEGED SHARED ACCOUNT PASSWORD SANITATION - Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area. | 06-30-2016 |
| 20160191498 | USER AUTHENTICATION BASED ON PERSONAL ACCESS HISTORY - Methods and systems are provided for authenticating a user using data related to the historical interactions of the user with computer based applications. | 06-30-2016 |
| 20160191502 | DUAL LAYER TRANSPORT SECURITY CONFIGURATION - A system includes a first computer processor that receives a data transmission from a second computer processor. The data transmission includes a client certificate authentication and a user-based authentication. If the incoming information cannot be authenticated by the client certificate in a first layer of the system landscape, then there is no further data transmission to a second layer. If the first layer can authenticate the client certificate authentication, the system landscape transmits the data transmission to the second layer. If the second layer cannot authenticate the user-based authentication, the system prevents the data transmission from being processed at the second layer. If the second layer can authenticate the user-based authentication, the system processes the data transmission at the second layer. | 06-30-2016 |
| 20160191505 | CAPTCHA IMAGE SCRAMBLE - In one embodiment, a client computing device receives information regarding a Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA). The CAPTCHA includes an image file, a challenge, and code that is executable by a web browser to unscramble the received image file. The code includes instructions to divide the received image file into image sections, each image section having a unique identifier and grouped into either a first set or a second set. The code further contains instructions to transpose each image section in the first set into a new position, creating a new image. A web browser of the client computing device executes the code to create a second image from the received image file. The second image and the challenge are presented to a user of the client computing device. | 06-30-2016 |
| 20160191506 | Mobile Secure Login System and Method - A mobile secure login method comprises steps of 1) displaying a machine readable graphic form encoded with a sign in URL and a unique token on a browser, wherein the said machine readable graphic form comprises at least one of a 1D barcode, a 2D barcode, a PDF417, an QR code, a Data Matrix code, an Aztec code, and OCR symbol; 2) scanning the said machine readable graphic form using a mobile device; 3) transmitting the sign in credential with the said unique token to a server at the said sign in URL from the said mobile device, wherein the said sign in credential comprises at least one of a username, a password, and a PKI signed challenge; 4) authenticating the said sign in credential at the said server to enable the said browser login to a secure website automatically. | 06-30-2016 |
| 20160191511 | WEARABLE DEVICE AUTHENTICATION - A wearable device is used to authenticate a user into a user account at a user device of the user. In particular, the wearable device may include a sensor configured to detect a body chemistry of the user. The wearable device may send a signal, such as a short range wireless signal, Bluetooth Low Energy or the like, to the user device to communicate the detected body chemistry to the user device. The user device may authenticate the user based on the body chemistry condition detected at the wearable device. In an embodiment, the wearable device may include an olfactory sensor configured to detect certain smell or scent of the user. | 06-30-2016 |
| 20160191512 | PREDICTIVE USER AUTHENTICATION - In an example, a system and method for predictive user authentication is disclosed. The system may include proximity sensors, computer vision systems, and other provisions for monitoring users' movements throughout a facility. A predictive security engine may also be programmed with heuristic data to recognize such factors as a user's face, gait, or average appearance. When a user approaches a terminal, the system may preemptively compute a confidence score regarding the user's authenticity. Based on the confidence score, the system will determine how much additional authentication is necessary. The system may also provide context-sensitive data to the user based on location or activities. Thus, authentication to the system is made easier to the user, and the user receives more relevant data for his or her activities. | 06-30-2016 |
| 20160191517 | METHOD AND APPARATUS FOR AUTHENTICATING USER BASED ON BIOSIGNAL - A method and apparatus for authenticating a user are provided. An authentication apparatus includes a data set generator configured to generate an authentication data set by extracting waveforms from a biosignal of a user, a similarity calculator configured to match each of the extracted waveforms to registered waveforms included in a registration data set, and calculate a similarity between each of the extracted waveforms and the registered waveforms, and an auxiliary similarity calculator configured to extract a representative authentication waveform indicating a representative waveform of the extracted waveforms and a representative registration waveform indicating a representative waveform of the registered waveforms, and calculate a similarity between the representative authentication waveform and the representative registration waveform. | 06-30-2016 |
| 20160191518 | Online Pseudonym Verification and Identity Validation - Methods, systems, and computer program products for authenticating an online user. Authentication involves sending a code from a server to a user device equipped with a source of illumination and a camera capable of capturing video imagery of the online user. The user device receives the code, modulates the source of illumination in accordance with the code, and captures video imagery of the user while the source of illumination is being modulated according to the code. The captured video imagery of the online user is sent to the server where it is analyzed to detect evidence of changes in illumination that correspond to the code. If good correspondence is found, the user may be authenticated. Similar methods may be applied to other biometric data. Applications of the authentication include identify validation, pseudonym verification, and distinguishing human from non human access attempts. | 06-30-2016 |
| 20160191519 | COMPETENCY BASED DEVICE ACCESS - A system and method are provided to enable competency based device access. The ability for a user to use a particular device may require demonstration of a skill or competency. Access control can be provided for a device to limit user access and to configure the device based upon the user competencies to utilize or perform functions on the device. The competency of the user can be defined in a competency checklist used to determine the skill or certifications of a user maintained by a resource management system. | 06-30-2016 |
| 20160191520 | OFFLINE METHODS FOR AUTHENTICATION IN A CLIENT/SERVER AUTHENTICATION SYSTEM - A method for providing authentication of a user of a recipient unit when the recipient unit is off-line includes storing one or a plurality of one-time challenge-reply sets based on an on-line communication with a sender unit. In one example, each of the one-time challenge-reply sets includes at least a one-time challenge-reply pair for use in off-line authentication of the user for a particular resource available through the recipient unit. When the user is offline, the method includes selecting at least one of the plurality of stored one-time challenge-reply sets for off-line authentication of the user for the particular resource available through the recipient unit. The one-time challenge-reply sets may be associated with an article. | 06-30-2016 |
| 20160191529 | CAPTCHA CHALLENGE INCORPORATING OBFUSCATED CHARACTERS - A method for determining if a user of a computer system is a human. A processor receives an indication that a computer security program is needed and acquires at least one image depicting a first string of characters including at least a first and second set of one or more characters. A processor assigns a substitute character to be used as input for each of the second set of one or more characters. A processor presents the at least one image and an indication of the substitute character and when to use the substitute character to the user. A processor receives a second string of characters from the user. A processor determines whether the second string of characters substantially matches the first string of characters based on the substitute character assigned to each of the second set of one or more characters and determines whether the user is a human. | 06-30-2016 |
| 20160191628 | SAVING FILES FROM THIRD-PARTY SYSTEMS DIRECTLY TO A CLOUD STORAGE SYSTEM - A method for saving a file stored on a third-party system directly to a cloud storage system includes providing a third-party system with an embeddable user interface for saving a plurality of files stored on the third-patty system to a server hosting the cloud storage system. The method further includes receiving at the server a save request from a user on a client computer using the embeddable user interface to select the first file to be stored on the server, where the save request comprises information identifying a first file in the plurality of files. The method further includes authenticating the save request, downloading the first file from the third-party system directly to the server using the information identifying the first file, and saving the first file on the server. | 06-30-2016 |
| 20160192191 | METHOD AND DEVICE FOR REGISTERING AND CERTIFYING DEVICE IN WIRELESS COMMUNICATION SYSTEM - A gateway (GW) in a wireless communication system, according to the present disclosure is provided. The GW generates self-signed authentication information, allocates the self-signed authentication information to at least one device, transmits a registration request message for requesting registration of the at least one device to a server if a certificate channel with the at least one device is generated based on the self-signed authentication information, and transmits certificate information for the at least one device to the at least one device if the certificate information for the at least one device is received from the server. | 06-30-2016 |
| 20160195995 | METHOD AND SYSTEM OF PROVIDING A PICTURE PASSWORD FOR RELATIVELY SMALLER DISPLAYS | 07-07-2016 |
| 20160197905 | PRESENCE BASED NETWORK COMMUNICATION BLOCKING | 07-07-2016 |
| 20160197907 | PREVENTING UNAUTHORIZED ACCOUNT ACCESS USING COMPROMISED LOGIN CREDENTIALS | 07-07-2016 |
| 20160197912 | HEADER SECTION DOWNLOAD OF PACKAGE | 07-07-2016 |
| 20160197915 | SYSTEMS AND METHODS FOR AUTHENTICATION AND VERIFICATION | 07-07-2016 |
| 20160197917 | METHOD AND APPARATUS FOR AUTHENTICATING USER BY USING INFORMATION PROCESSING DEVICE | 07-07-2016 |
| 20160197921 | Secure Data Transmission System | 07-07-2016 |
| 20160197934 | SECURE DATA MANAGEMENT TECHNIQUES | 07-07-2016 |
| 20160197971 | Systems and Methods for Encoding and Sharing Content between Devices | 07-07-2016 |
| 20160203324 | PRICE MINING PREVENTION SYSTEMS AND RELATED METHODS | 07-14-2016 |
| 20160205087 | MANAGING SHARING OF WIRELESS NETWORK LOGIN PASSWORDS | 07-14-2016 |
| 20160205089 | PROXY AUTHENTICATION FOR SINGLE SIGN-ON | 07-14-2016 |
| 20160205090 | AUTHENTICATION SERVER TESTING METHOD AND SYSTEM | 07-14-2016 |
| 20160205091 | INFORMATION PROCESSING SYSTEM, CONTROL METHOD OF INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM | 07-14-2016 |
| 20160205092 | Utilizing X.509 Authentication for Single Sign-On Between Disparate Servers | 07-14-2016 |
| 20160205110 | TECHNIQUES FOR DATA SECURITY IN A MULTI-TENANT ENVIRONMENT | 07-14-2016 |
| 20160205551 | TRANSMIT/RECEIVE SYSTEM, TRANSMITTING DEVICE, RECEIVING DEVICE, AND CONTROL METHOD AND PROGRAM THEREIN | 07-14-2016 |
| 20160253199 | SESSION TRANSFER AND SUSPENSION IN A REMOTE ACCESS APPLICATION FRAMEWORK | 09-01-2016 |
| 20160253481 | CROSS-APPLICATION AUTHENTICATION ON A CONTENT MANAGEMENT SYSTEM | 09-01-2016 |
| 20160253486 | Authentication Server for a Probability-Based User Authentication System and Method | 09-01-2016 |
| 20160253487 | Wearable User Device for Use in a User Authentication System | 09-01-2016 |
| 20160253490 | MOTION-BASED IDENTITY AUTHENTICATION OF AN INDIVIDUAL | 09-01-2016 |
| 20160253513 | SHARED COMPUTERIZED DEVICE WITH DELETED USER FOOTPRINT | 09-01-2016 |
| 20160253641 | LICENSE MANAGEMENT FOR DEVICE MANAGEMENT SYSTEM | 09-01-2016 |
| 20160255059 | SECURE RANDOMIZED INPUT | 09-01-2016 |
| 20160255067 | METHODS, SYSTEMS, AND MEDIA FOR AUTHENTICATING USERS USING MULTIPLE SERVICES | 09-01-2016 |
| 20160255068 | CALIBRATING PROXIMITY DETECTION FOR A WEARABLE PROCESSING DEVICE | 09-01-2016 |
| 20160255076 | MULTI USER DEVICE MANAGEMENT SYSTEM | 09-01-2016 |
| 20160255088 | APPLICATION-ASSISTED LOGIN FOR A WEB BROWSER | 09-01-2016 |
| 20160255505 | SYSTEM AND METHOD OF NOTIFYING MOBILE DEVICES TO COMPLETE TRANSACTIONS AFTER ADDITIONAL AGENT VERIFICATION | 09-01-2016 |
| 20160255574 | TERMINAL DEVICE, INFORMATION PROCESSING DEVICE, AND INFORMATION PROVIDING DEVICE | 09-01-2016 |
| 20160378384 | DATA ACCESSING METHOD AND SYSTEM AND MEMORY STORAGE APPARATUS - A data accessing method and system for a memory storage apparatus are provided. The method includes: performing a near field communication between a memory storage apparatus and an electronic apparatus, and receiving a first password from the electronic apparatus by the memory storage device in the near field communication. The method also includes: recording the first password in a memory unit of the memory storage apparatus. The method further includes: when the memory storage apparatus is not connected to the electronic apparatus or a host in a predetermined time after the memory storage apparatus receives the first password, deleting the first password recorded in the memory unit; and when the first password recorded in the memory unit is the same as a second password in the memory storage apparatus, allowing the electronic apparatus or the host to access the memory storage apparatus by the memory storage apparatus. | 12-29-2016 |
| 20160378782 | VIRTUAL DESKTOP INFRASTRUCTURE PRIVATE CLOUD - Techniques presented herein provide an approach for sharing folders and files across devices. In one embodiment, folder redirection is employed to permit a device running a virtual infrastructure (VDI) client which connects to a remote agent to access folders and files shared by other devices. To enable such folder redirection, a folder redirection management module generates, for each shared folder, a redirection mapping that associates an original folder path with a uniform naming convention (UNC) scheme. When a device attempts to launch a remote desktop in a remote agent using the same username as that associated with other devices that share folders/files, the folder redirection management module transmits redirection mappings for those devices to the remote agent and opens permissions of the corresponding UNC schemes, the remote agent mounts the shared folders as virtual drives, and the shared folders are then accessible through folder redirection based on the redirection mappings. | 12-29-2016 |
| 20160378960 | Managing Grouped Student Devices With Timed Locks - Systems and methods presented herein can allow a teacher to manage student devices in a classroom setting by grouping student devices on a graphical user interface and using the interface to set locks with respect to the groups of student devices. Lock requests can be received and managed by a server, which can issue file locks, web locks, and application locks. These locks can restrict file access, website access, and application access, respectively, on the students' personal mobile devices. Additionally, the teacher device can allow the teacher to provide timing information in conjunction with the lock requests, which can control when to lock and/or unlock the student devices. | 12-29-2016 |
| 20160380988 | System and Method for Centralized Configuration and Authentication - A system and method for efficiently obtaining user configuration information for a given device. Multiple devices are deployed in an environment and may be storage appliances. A directory service and an authentication service may be used to determine whether a login session attempt on a deployed device is successful. An identity and access manager (IAM) is used to for this determination and to communicate with the directory service and the authentication service. A device of the one or more of the deployed devices does not store user configuration information. Responsive to an attempted login by a user, the device mimics the existence of the user and generates a request for directory lookup and authentication for the user which is conveyed to an external device. If a positive response is received in response to the request, the user is permitted to login to the device and a session is created for the user. | 12-29-2016 |
| 20160380992 | AUTHENTICATION SPECIFIC DATA - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for managing authentications and processing authenitcation specific data. In one aspect, a method includes instantiating an instance of a browsing application ; associating an authentication token with a browser session of the instance of the browsing application; requesting resources from publisher servers, each of the resources being a resource that provides authentication specific information specific to an authentication token, and each resource provides different authentication specific information for each different corresponding authentication token; for each publisher server, authenticating the authentication token for the browser session and receiving the authentication specific information in response; and associating the authentication specific information with only the authentication token; providing the authentication token and its associated authentication specific information to an indexer that indexes the authentication specific information, the resources, and the authentication token in an authentication specific corpus. | 12-29-2016 |
| 20160380993 | AUTHENTICATION APPARATUS THAT AUTHENTICATES USER - Provided is an authentication apparatus that performs user authentication, using a wearable terminal worn by a user, whereby allowing a high security to be achieved. It includes a storage part that stores a piece of authentication information in which a piece of terminal information that identifies the wearable terminal worn by the user is registered, a communication part that makes communication with the wearable terminal worn by the user to acquire a piece of terminal information, and an authenticating part that performs user authentication in the case where the same piece of terminal information as that registered in the authentication information has been acquired by the communication part. | 12-29-2016 |
| 20160380994 | SYSTEMS AND METHODS FOR AUTHENTICATING USING AIR-BLOW BY USER - The disclosure related generally to systems and methods for authenticating using air-blow by user. At least one input device receives one or more air-blows associated with one or more blow speeds. A pointer on a user interface is caused to move to at least one numeric character on at least one scale in response to each of the one or more blow speeds. The at least one numeric character is compared with a predetermined personal identification number (PIN) mapped to the at least one user. The user is granted access or access is denied based on the comparing. | 12-29-2016 |
| 20160380995 | ELECTRONIC DEVICE THAT EXECUTES OPERATION CORRESPONDING TO REQUEST FROM REMOTE LOCATION, ELECTRONIC DEVICE SYSTEM, AND RECORDING MEDIUM - An electronic device includes an operating device, a communication device, and a control section. The control section includes a login control section and an operation executing section. The login control section receives both of a login through the operating device and a login through the communication device. The operation executing section executes: an operation corresponding to a request only through the operating device out of the operating device and the communication device when the login through the operating device is successful; and an operation corresponding to a request only through the communication device out of the operating device and the communication device when the login through the communication device is successful. | 12-29-2016 |
| 20160381005 | TECHNOLOGIES FOR VIRTUALIZED ACCESS TO SECURITY SERVICES PROVIDED BY A CONVERGED MANAGEABILITY AND SECURITY ENGINE - Technologies for secure access to platform security services include a computing device having a processor and a security engine. The computing device establishes a platform services enclave in a virtual machine of the computing device using secure enclave support of the processor. The platform services enclave receives a platform services request from an application enclave via a first authenticated session and transmits the platform services request to a virtual security engine established by a host environment via a second authenticated session. The first and second authenticated sessions may be authenticated by report-based attestation and quote-based attestation, respectively. The virtual security engine transmits the platform services request to the security engine via a long-term pairing session established by the virtual security engine with the security engine. The security engine performs the platform services request using hardware resources shared with other platform services enclaves. Other embodiments are described and claimed. | 12-29-2016 |
| 20160381007 | METHOD, SYSTEM, AND PROGRAM PRODUCT FOR REMOTELY ATTESTING TO A STATE OF A COMPUTER SYSTEM - A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications. | 12-29-2016 |
| 20160381008 | METHOD, SYSTEM, AND PROGRAM PRODUCT FOR REMOTELY ATTESTING TO A STATE OF A COMPUTER SYSTEM - A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications. | 12-29-2016 |
| 20160381009 | Systems and Methods for Authenticating Devices Using Single Factor Dynamic Authentication - A computer-implemented method comprising: receiving, by a client device, a username, password and binding code from a user; transmitting, by the client device, a request for a session code from the server device; receiving, by the client device, the session code from the server device; providing and displaying, by the client device, a random pattern keypad based on the binding code and the session code; receiving, by the client device, a password input from the user via the random pattern keypad; generating, by the client device, a virtual one-time password based on the password input from the user; and transmitting, by the client device, the virtual one-time password to the server device to authenticate the client device and access services offered by the server device. | 12-29-2016 |
| 20160381012 | HUMAN BODY COMMUNICATION DEVICE WITH SECURE ACCESS - Systems, apparatuses, and methods may include a human body communication data storage device having at least first and second electrodes and a human body communication modem. A storage component communicating with the human body communication modem includes a first secure storage location provided with a user-specific authentication record and a second data storage location. | 12-29-2016 |
| 20160381014 | FOLDABLE DEVICE AND METHOD OF CONTROLLING THE SAME - A foldable device includes: a display; a touch panel configured to detect a touch input; a sensing interface configured to detect an angle of the foldable device; and a controller configured to activate the display unit when the angle detected by the sensing unit as the foldable device is unfolded is equal to or greater than a first angle, and activate the touch panel when the angle detected by the sensing unit is equal to or greater than a second angle. | 12-29-2016 |
| 20160381015 | Authentication for VLAN Tunnel Endpoint (VTEP) - A first network device configured as a first Virtual Local Area Network (VLAN) Tunnel Endpoint (VTEP) may receive a packet from a second network device. The first VTEP may determine that the second network device is a second VTEP and has not been established as a peer VTEP to the first VTEP. The first VTEP may maintain a status for the second network device as authentication pending, receive an authentication packet from the second network device and authenticating the second network device as a peer VTEP using the authentication packet. | 12-29-2016 |
| 20160381017 | MANAGEMENT SYSTEM, COMMUNICATION SYSTEM, DATA MANAGEMENT METHOD AND RECORDING MEDIUM - A management system includes an authentication information management unit configured to manage authentication information used in authentication of a request to participate in a session among communication terminals; a content data management unit configured to manage content data transmitted among the communication terminals in the session; a request acceptance unit configured to accept a request for the content data managed by the content data management unit; an authentication unit configured to perform authentication using the authentication information managed by the authentication information management unit; and a transmission unit configured to transmit the content data managed by the content data management unit to a communication terminal that is a request source of the content data, when authentication of the request for the content data by the authentication unit using the authentication information is successful. | 12-29-2016 |
| 20160381018 | TECHNIQUES FOR CALL-BASED USER VERIFICATION - Techniques for call-based user verification are described. In one embodiment, for example, an apparatus may comprise a processor circuit and a storage component. The apparatus may further comprise a session component, an identification (ID) component, a mapping component, and a verification component. The session component may be operative on the processor circuit and configured to receive session data from a client device and store the session data in the storage component. The ID component may be operative on the processor circuit and configured to request ID data from a server, receive ID data from the server, and send the ID data to the client device. The mapping component may be operative on the processor circuit and configured to map the session data with the ID data. The verification component may be operative on the processor circuit and configured to receive a confirmation from the client device, request verification from the server, and upon receiving verification from the server, verify the client device. Other embodiments are described and claimed. | 12-29-2016 |
| 20160381022 | END POINT REPUTATION CREDENTIAL FOR CONTROLLING NETWORK ACCESS - In an approach for controlling access to a resource a processor monitors a first set of traffic of a computing device. A processor calculates reputation based on the first set of traffic of the computing device. A processor associates the reputation with the computing device. A processor receives a request to access a resource from the computing device. A processor determines whether the computing device shall be granted access to the resource based on the reputation. | 12-29-2016 |
| 20160381038 | FRICTIONLESS MULTI-FACTOR AUTHENTICATION SYSTEM AND METHOD - A frictionless multi-factor authentication system and method (“FMFA system”) that facilitates verification of the identity of a website user, registrant or applicant. The FMFA system reduces or removes the burden on the user by eliminating the additional manual second step traditionally required by two-factor authentication methods, and replacing the second step with an automated authentication step based on the location of a mobile device that is associated with the user. The FMFA system may be utilized for authenticating users to access sensitive data on online accounts, applications and websites, download files, perform online transactions, store information through websites or data stores, or the like. The FMFA system allows registration information obtained from a previously-registered user to authenticate the user on subsequent visits or logins to the website. | 12-29-2016 |
| 20160381039 | METHOD, SYSTEM AND APPARATUS FOR GEO-VERIFICATION - A method, system and apparatus are provided for geo-verification for access to data stored in a memory of a server having a processor and a network interface connected to the memory. The method includes: storing, in the memory, access control data including an approved geographic area; receiving at the processor, from a client computing device via the network interface, a request for access to the data, the request containing a client location of the client computing device, the client location including global positioning system (GPS) coordinates; comparing, at the processor, the client location to the approved geographic area; when the client location is within the approved geographic area, permitting access to the data for the client computing device via the network interface; and when the client location is not within the approved geographic area, denying the request. | 12-29-2016 |
| 20160381556 | Multifunction Wireless Device - A communication device and system are disclosed for providing communication and data services to residents of a controlled facility. The device can be restricted to communicating only using an internet protocol so as to restrict the device communication to an internal intranet. Wireless access points may be disposed throughout the environment to route calls and data between the device and a central processing center. By converting a protocol of the communications received from the device to a protocol used by the central processing center, minimal modifications to the central processing center are needed to support a wireless communication infrastructure. Many restrictions and safeguards may be implemented within the phone and system in order to prevent improper use. | 12-29-2016 |
| 20170237722 | NETWORKED SCORE COMMUNICATIONS SYSTEM | 08-17-2017 |
| 20170237723 | UTILIZING A CUSTOMIZED DIGITAL FONT TO IDENTIFY A COMPUTING DEVICE | 08-17-2017 |
| 20170237726 | Mobile Secure Login System and Method | 08-17-2017 |
| 20170237731 | VALIDATING BIOMETRICS WITHOUT SPECIAL PURPOSE READERS | 08-17-2017 |
| 20170237734 | METHOD AND SYSTEM FOR AUTHENTICATING A USER | 08-17-2017 |
| 20170237744 | METHOD, APPARATUS, AND SYSTEM FOR CREATING SERVICE ACCOUNT | 08-17-2017 |
| 20170237772 | Systems, Methods and Apparatuses for Prevention of Relay Attacks | 08-17-2017 |
| 20170238176 | CONTEXT-AWARE CONTROLLING OF MULTIPLE SYSTEMS OF CONTROLLABLE DEVICES | 08-17-2017 |
| 20170238183 | MAC ADDRESS-BOUND WLAN PASSWORD | 08-17-2017 |
| 20180024851 | AUTOMATED DATA STRUCTURE-DRIVEN ORCHESTRATION OF COMPLEX SERVER PROVISIONING TASKS | 01-25-2018 |
| 20180024980 | MAPPING ACCOUNT INFORMATION TO SERVER AUTHENTICATION | 01-25-2018 |
| 20180025140 | Identity Assurance Method | 01-25-2018 |
| 20180026841 | Access-Point Controller Discovery via an Intermediary | 01-25-2018 |
| 20180026959 | Preventing Unauthorized Access to Secured Information Systems Using Tokenized Authentication Techniques | 01-25-2018 |
| 20180026970 | Preventing Unauthorized Access to Secured Information Systems Using Multi-Device Authentication Techniques | 01-25-2018 |
| 20180026971 | COMPUTING DEVICE WITH INTEGRATED AUTHENTICATION TOKEN | 01-25-2018 |
| 20180026972 | Authentication of a Client Device Based on Entropy from a Server or Other Device | 01-25-2018 |
| 20180026975 | DEVICE AND METHOD FOR TRANSMITTING MESSAGE | 01-25-2018 |
| 20180026976 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS | 01-25-2018 |
| 20180026981 | SECURE SENSOR DATA TRANSPORT AND PROCESSING | 01-25-2018 |
| 20180026985 | USAGE TRACKING IN HYBRID CLOUD COMPUTING SYSTEMS | 01-25-2018 |
| 20180026987 | SYSTEMS AND METHODS FOR PROVIDING SOFTWARE DEFINED NETWORK BASED DYNAMIC ACCESS CONTROL IN A CLOUD | 01-25-2018 |
| 20180027025 | HOTSPOT CONFIGURATION METHOD, ACCESS METHOD AND DEVICE IN WIRELESS LOCAL AREA NETWORK | 01-25-2018 |
| 20180027075 | SAVING FILES FROM THIRD-PARTY SYSTEMS DIRECTLY TO A CLOUD STORAGE SYSTEM | 01-25-2018 |
| 20180027413 | METHOD FOR AUTOMATIC POSSESSION-FACTOR AUTHENTICATION | 01-25-2018 |
| 20190147148 | AUTOMATED ABNORMALITY DETECTION IN SERVICE NETWORKS | 05-16-2019 |
| 20190149514 | Secure Single Sign On And Conditional Access For Client Applications | 05-16-2019 |
| 20190149535 | SECURE, CLOUD-BASED DATA COLLECTION TOOL | 05-16-2019 |
| 20190149536 | SECURE AUTHENTICATION SYSTEMS AND METHODS | 05-16-2019 |
| 20190149542 | AUTHENTICATING ACCESS TO A COMPUTING RESOURCE USING FACIAL RECOGNITION BASED ON INVOLUNTARY FACIAL MOVEMENT | 05-16-2019 |
| 20190149543 | FACE VERIFICATION METHOD AND DEVICE | 05-16-2019 |
| 20190149545 | Two-Factor Authentication in a Cellular Radio Access Network | 05-16-2019 |
| 20190149552 | Systems and Methods for Dynamic Authentication and Communication Protection Using an Ephemeral Shared Data Set | 05-16-2019 |
| 20190149667 | Multi-modem communication using virtual identity modules | 05-16-2019 |
| 20220138291 | RECURRING TOKEN TRANSACTIONS - A method is disclosed. The method includes receiving a communication comprising a real credential from a communication device and providing the real credential to a token computer. The token computer generates a token and a cryptogram, and the cryptogram is formed using a resource provider initiated transaction indicator. The method includes receiving, from the token computer, the token and the cryptogram, and transmitting, to a processing computer, an authorization request message comprising the token, the cryptogram, a resource provider identifier, and a transaction amount for a first transaction. The processing computer validates the cryptogram, exchanges the token for the real credential, stores the resource provider identifier, and forwards the authorization request message including the real credential, and the transaction amount to an authorizing entity computer. The method also includes receiving an authorization response message from the authorizing entity computer. | 05-05-2022 |
| 20220138293 | SYSTEM AND METHOD FOR USER AUTHENTICATION BASED ON PASSIVE BIOMETRICS - A computer-implemented method is disclosed. The method includes: receiving, via an input interface associated with an electronic device, a first user input; identifying a first device class based on a current usage mode of the electronic device and a first set of device property values associated with the current usage mode of the electronic device; obtaining normalized values of input features associated with the first user input, the input feature values being normalized based on representative device property values that are defined for the first device class; and performing authentication of a user of the electronic device based on the normalized input feature values associated with the first user input. | 05-05-2022 |
| 20220138298 | DEVICE AND SYSTEMS FOR STRONG IDENTITY AND STRONG AUTHENTICATION - Verifying identity of a person using remote communication (e.g., Internet) is difficult because images of identity documents can be fraudulent or copied and distributed to adversaries without the person's permission. A user device and a server use facial scanning to verify identity of a person and to provide strong authentication. The user device captures a scanned image of an identity document (e.g., a driver license, a passport, a credential document, etc.) extracts the photo of the person from the identity document. The user device also captures an image of the person's face (e.g., a selfie photo) and compares this image with the extracted photo from the identity document. If the faces match, then the person's identity is verified. The verification of the identity and a related action (e.g., registration of the person, logging into a system, etc.) are authenticated using strong authentication such as Fast Identity Online (FIDO) authentication. | 05-05-2022 |
| 20220138299 | AMBIENT COOPERATIVE INTELLIGENCE SYSTEM AND METHOD - A method, computer program product, and computing system for detecting the issuance of a verbal command by a requester to a virtual assistant; authenticating that the requester has the authority to issue the verbal command to the virtual assistant; if the requester is authenticated, allowing the effectuation of the verbal command to the virtual assistant; and if the requester is not authenticated, preventing the effectuation of the verbal command to the virtual assistant. | 05-05-2022 |
| 20220141658 | ONE-TIME WIRELESS AUTHENTICATION OF AN INTERNET-OF-THINGS DEVICE - Authentication of an Internet-of-Things (IoT) device comprises receiving, by a proxy application executing on a mobile device during a registration process, a device identifier associated with the IoT device. The proxy application transmits the device identifier to a router of the wireless network. The proxy application receives the device identifier from the router in response to the router receiving an authorization request with no network password from the IoT device for access to the wireless network, where the router forwards the device identifier to the proxy application. The proxy application prompts the user of the mobile device to enter the password, and transmits the entered network password to the router, such that the router validates the password and grants the IoT device access to the wireless network, the IoT device transmits the IoT device identifier to the router for subsequent network connection without a need for the mobile device. | 05-05-2022 |
