Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Intelligent token

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

713168000 - Particular communication authentication technique

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
713173000 Pre-loaded with certificate 16
Entries
DocumentTitleDate
20110191589PREVENTING THE USE OF MODIFIED RECEIVER FIRMWARE IN RECEIVERS OF A CONDITIONAL ACCESS SYSTEM - The invention enables the shared secret, which is used for encrypting the communication of CWs from a smartcard to a receiver, to cover at least a part of a binary image of firmware that is executing in the receiver. Preferably the shared secret covers the entire binary image of the firmware. Hereto, data from one or more predefined firmware memory locations are read, the set of data forming the shared secret.08-04-2011
20110197067SECURE TELEMETRIC LINK - A communications protocol is used to provide data privacy, message integrity, message freshness, and user authentication to telemetric traffic, such as to and from implantable medical devices in a body area network. In certain embodiments, encryption, message integrity, and message freshness are provided through use of token-like nonces and ephemeral session-keys derived from device identification numbers and pseudorandom numbers.08-11-2011
20100077216METHOD FOR ENHANCING NETWORK APPLICATION SECURITY - A method for securing communications between a server and an application downloaded over a network onto a client of the server is disclosed. A first request is received from the client, and in response a session credential security token is generated and sent to the client. A second request is received from the client to download the application and includes the value of the session credential security token. The server verifies that the value of the session credential security token is valid and, if so, generates a second security token that is tied to the session credential security token. The second token is embedded in application code and then the application code is sent to the client. A subsequent request for data from the application running on the client includes the value of the session credential security token and the value of the embedded security token. Verification of validity of the values of the session credential security token and the second security token received with the data request then occurs at least in part by determining that the values are cryptographically tied to one another. Upon verification, the requested data is sent to the client.03-25-2010
20120185695Methods and Systems for Scalable Distribution of Protected Content - A computerized device can implement a content player to access a content stream using a network interface, the content stream comprising encrypted content and an embedded license comprising a content key encrypted according to a global key accessible by the content player. The content player determines whether a token meeting an authorization condition is present and uses the global key to decrypt the content key only if such a token is present. The authorization condition may be evaluated at least in part based on data included in the content stream. The authorization condition can include presence of a token having a content ID matching a corresponding ID in the license; presence of a token with a correct device ID; presence of a token signed according to a digital signature identified in the licenses; and/or presence of a token that is unexpired, with expiration evaluated based on a time-to-live indicator in the token.07-19-2012
20130046987Apparatus and Method for Performing End-to-End Encryption - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may receive a first token indicating that a first form of encryption has been performed and determine, based at least in part upon the first token, at least one token-based rule. The apparatus may determine, based at least in part upon the token-based rule, that a second form of encryption should be performed. The apparatus may receive a second token indicating that the second form of encryption has been performed and determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed. The apparatus may then generate a decision token representing the determination that access to the resource should be granted and transmit the decision token.02-21-2013
20130061055Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones - A virtual smartcard and methods for creating the same are provided. A virtual smartcard is a set of computer-implemented processes, associated with an individual, which simulate the behavior of a physical smartcard or other authentication token containing a hardware security module. In one embodiment, a computer receives credential data derived from the physical credential and authentication data pertinent to the individual such as a biometric imprint, and creates a virtual smartcard by storing the credential data in association with the authentication data in a network storage. The credential data may later be used for identification and encryption purposes upon the individual providing the authentication data to the network storage, even if the physical credential itself has been lost. Thus, the virtual smartcard provides a network-based method for backing up a passport, driver's license, credit card, public transportation card, or other such identification card or device.03-07-2013
20090271629WIRELESS PAIRING CEREMONY - A security token is coupled to a computer and is available for use by both local and remote processes for on-demand response to a challenge. To minimize the security risk of an unattended session, the challenge may be issued to verify the presence of the token. When the token has a user interface, it may be used in conjunction with the computer to require that a user also participate in transferring displayed data between the token and computer. This helps to ensure that not only the token, but the user are both present at the computer during operation. For the most sensitive operations, such a confirmation may be required with each data submission.10-29-2009
20090013187Secure Storage Device For Transfer Of Digital Camera Data - A secure storage device with the external dimensions of a PCMCIA card, for securing digital camera data at the acquisition stage. Original digital camera data is saved in the memory of the secure storage device which has the capability of performing one or more security functions, including encryption, creation of an authentication file, adding data to the image data such as fingerprinting, and adding secure annotations such as separate data included in an image-header. The device prepares original authentication data from original digital camera data, and encrypts and stores both the original authentication data and the original image data. The use of the device includes downloading the original image data to a first computer, and encrypted original authentication data to a second computer. The second computer can be programmed with software whereby the encrypted original authentication data can be decrypted by a user having a key. The software then allows the user to prepare corresponding second authentication data from second image data of questionable authenticity. If the second authentication data is the same as the original authentication data, the questionable second image data is deemed to be an accurate copy of the original image data.01-08-2009
20110213981REVOCATION OF A BIOMETRIC REFERENCE TEMPLATE - A system, method and program product for generating a biometric reference template revocation message on demand. The method includes generating, using a biometric reference template revocation engine, a biometric reference template revocation message and loading the biometric reference template revocation engine onto a secure portable device for generating on demand of the individual the biometric reference template revocation message.09-01-2011
20120017089CRYPTOGRAPHIC TOKEN WITH LEAK-RESISTANT KEY DERIVATION - Methods and apparatuses for increasing the leak-resistance of cryptographic systems are disclosed. A cryptographic token maintains secret key data based on a top-level key. The token can produce updated secret key data using an update process that makes partial information that might have previously leaked to attackers about the secret key data no longer usefully describe the new updated secret key data. By repeatedly applying the update process, information leaking during cryptographic operations that is collected by attackers rapidly becomes obsolete. Thus, such a system can remain secure against attacks involving analysis of measurements of the device's power consumption, electromagnetic characteristics, or other information leaked during transactions. Transactions with a server can be secured with the token.01-19-2012
20100031045METHODS AND SYSTEM AND COMPUTER MEDIUM FOR LOADING A SET OF KEYS - The present technique relates to a method for authenticating a user of at least one electronic terminal. The method includes receiving a first unique value for loading into the at least one electronic terminal via an input module. The method includes storing internally the first unique value for authorizing the user of the at least one electronic terminal using a memory module. The method generates a second unique value for saving internally into the memory module using a random process module. The method generates an encrypted third unique value and sending to a host by encrypting the second unique value using the first unique value.02-04-2010
20090282254TRUSTED MOBILE PLATFORM ARCHITECTURE - In an embodiment, an apparatus includes one or more cryptographic units. The apparatus also includes a memory to store one or more data encryption keys and an associated header for the one or more data encryption keys. The associated header defines which of the one or more cryptographic units are to use the data encryption key.11-12-2009
20110173451METHOD AND SYSTEM TO PROVIDE FINE GRANULAR INTEGRITY TO DIGITAL DATA - A method and system to generate fine granular integrity to huge volumes of data in real time at a very low computational cost. The invention proposes a scalable system that can receive different digital data from multiple sources and generates integrity streams associated to the original data. This invention provides full guarantees for data integrity: order of data logged cannot be altered and content cannot be modified neither added nor deleted without detection.07-14-2011
20080282088AUTHENTICATED NONVOLATILE MEMORY SIGNING OPERATIONS - A wireless device includes a nonvolatile memory that handles the task of securely performing integrity checks that do not expose the authentication private key externally. The system security architecture installs and associates private keys with the nonvolatile memory to create a secure execution environment resistant to virus attack. The nonvolatile memory provides integrity checks of nonvolatile memory data and generates signatures for data provided by the memory.11-13-2008
20100146279METHOD AND SYSTEM FOR COMMUNICATION BETWEEN A USB DEVICE AND A USB HOST - A secure portable electronic device for providing secure services when used in conjunction with a host computer having a central processing unit use two hardware device protocols readily supported by computer operating systems. Other systems and methods are disclosed.06-10-2010
20090138717System and method for over the air communication authentication using a service token - A system and method are described for securing over the air communications between a service and a communication device. For example, one embodiment of a method for creating a security token on a communication device for communication between the communication device and a service includes combining a device identification of the communication device with a device capability to create a device information, the device capability known by the service. The method further includes encrypting the device information.05-28-2009
20100293381VERIFICATION OF PORTABLE CONSUMER DEVICES - Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.11-18-2010
20090199005AUTHENTICATION DEVICE, MOBILE TERMINAL, AND AUTHENTICATION METHOD - The security of an IC card is improved by managing success and failure in authentication individually for each terminal program. An IC card includes a random number generation section, a source authentication section, and a process execution section. Upon receipt of a message of type “1”, the random number generation section generates a random number n, and stores it in a random number storage section by associating the random number n with a source included in the message. Upon receipt of a message of type “2” from the source and in a case where the random number n corresponding to the source is stored, the source authentication section collates a value m calculated from an authentication key held by the IC card and the random number n with a value m included in the message of type “2”. When both values agree, upon receipt of a message of type “3” from the source, the process execution section executes a process in accordance with a type of the message.08-06-2009
20090199004SYSTEM AND METHOD FOR SELF-AUTHENTICATING TOKEN - A secure token, possibly in the form of a smartcard, has a smart window with smart materials such as an electrophoretic or an electrochromic layer or assembly. When authenticated, such as by using biometrics or a password, the smart window layer is electronically pulsed, thereby transforming the once opaque layer to transparent and revealing information printed under, on or over the layer, or vice versa, transforming once transparent laminate to opaque and obfuscating printed information. In another embodiment, when the smart window layer is electronically pulsed to transform the once opaque laminate to transparent, a timer is started. At the end of a certain amount of time, the smart window layer is pulsed a second time, thereby transforming the layer back from transparent to opaque.08-06-2009
20090199003SMART CARD AND METHOD FOR USING A SMART CARD - The invention provides as smart card, a secured client with a smart card and a method for use in a smart card. The smart card is configured for counting ECMs associated to a particular portion of the content stream and storing loyalty points on the smart card. This enables e.g. counting of ECMs related to advertisements. Watching advertisements results in earning loyalty points that can be used to watch television programs for free.08-06-2009
20120144201SECURE ELEMENT AUTHENTICATION - Secure element authentication techniques are described. In implementations, a confirmation is received that an identity of a user has been physically verified using one or more physical documents. One or more credentials that are usable to authenticate the user are caused to be stored in a secure element of a mobile communication device of the user, the secure element implemented using tamper-resistant hardware.06-07-2012
20090100265Communication System and Authentication Card - One of the objects of the present invention is to provide a communication system in which biometrics can be utilized without leaking to a third person so that a strict personal authentication can be conducted. The communication system includes, storing a correspondence table in a card, storing a reference password which is formed by converting a part of biometrics of an authorized user in the card by using the correspondence table, reading a part of biometrics of a user by the card, converting a part of the biometrics of the user into a password by the card using the correspondence table, and checking the password against the reference password by the card, wherein the card and the user are authenticated if a the password and the reference password match in the step of checking.04-16-2009
20100153729METHOD OF AUTHENTICATING PRINTER CONSUMABLE - A method for authenticating a printer consumable in which an encrypted random number and its first signature are passed from a printer authentication chip to a consumable authentication chip, in the consumable chip: the encrypted random number and first signature are decrypted; a second signature of the random number is calculated and compared with the first signature to produce a match at which a first number produced by encrypting the random number and a memory vector is passed to the printer chip, and in the printer chip, a second number is produced by encrypting the random number and memory vector and compared with the first number to produce a match and valid consumable chip, or a mismatch and invalid consumable chip. The memory vector comprises updatable consumable state data whose manner of updating is protected by requiring clearing of the memory vector when change of the updating manner is attempted.06-17-2010
20090282253NETWORK HELPER FOR AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A network helper is provided that assists verifiers in executing a puzzle-based protocol for authentication of a token. A token stores a secret key and one or more puzzle-generating algorithms. The helper stores a plurality of puzzles associated with a particular token. When requested to do so by a verifier, the helper provides a plurality of pseudorandomly selected puzzles for the token to a verifier. The puzzles are encoded with information that is used between the verifier and token to establish a secured symmetric key. The verifier selects one or a few of the encoded puzzles and breaks them by a brute force attack. Because the helper does not know which puzzles have been selected, it has to break all puzzles to attempt to figure out the symmetric key. However, if a large number of puzzles are utilized, say millions, then breaking all of them becomes a computationally prohibitive task.11-12-2009
20100161990IVR CALL ROUTING USING ENCRYPTED DATA - A token representing encrypted data is used to initiate a call routing strategy based on receipt of the token. The call routing strategy is configured to initiate a query. Decrypted data associated with the encrypted data may be accessed to determine a data relationship based on the query.06-24-2010
20100262830AUTHENTICATION DEVICE, AUTHENTICATION METHOD, AND PROGRAM BACKGROUND OF THE INVENTION - Provided is an authentication device which includes a register in which a first-bit or a second-bit different from the first-bit is stored, m first determination units for determining whether input information and authentication information match, and for storing the first-bit in the register if a result of the determination is TRUE and for storing the second-bit in the register if FALSE, (N−m) second determination units for determining whether input information and authentication information do not match, and for storing the first-bit in the register if a result of the determination is TRUE and for storing the second-bit in the register if FALSE, and an authentication determination unit for determining that an authentication is established, in case the first-bit is stored in the register by a determination process by every first determination unit and the second-bit is stored in the register by a determination process by every second determination unit.10-14-2010
20100191972Method and Apparatus for Providing Secure Document Distribution - A system for providing secure document distribution is disclosed. The system includes an application configured to: allow an author to create a document, allow the author to secure the document using an access code, wherein the access code is needed to gain access to the document, encrypt the access code, and forward a message to a recipient, wherein the message includes the document and the encrypted access code, a terminal configured to: allow the recipient to open the message, and generate an image, the image having information embedded therein, the embedded information including the encrypted access code, and a portable device configured to: allow the recipient to capture the image, store predetermined information, wherein the predetermined information is usable to decrypt the encrypted access code, capture input information from the recipient, the input information to be used to ensure that the recipient is authorized to use the portable device, extract the information embedded in the image, decrypt the encrypted access code using the predetermined information, and generate an output, the output including the access code. The terminal is further configured to receive the output generated by the portable device and evaluate the output to determine if the correct access code needed for access to the document is provided.07-29-2010
20100211791HARDWARE MULTIMEDIA ENDPOINT AND PERSONAL COMPUTER - A hardware multimedia endpoint is located on an adapter card of a personal computer system and comprises an interface for interfacing to the computer system and a processor for receiving cryptographic information from the computer, for processing the cryptographic information and for outputting cryptographic information to the computer. This exchange of cryptographic information is performed such that an authentication procedure with a third party, which is different from the computer, is established for the purpose of decrypting encrypted media content.08-19-2010
20100250945PRIVACY-ENHANCED E-PASSPORT AUTHENTICATION PROTOCOL - A passport authentication protocol provides for encryption of sensitive data such as biometric data and transfer of the encryption key from the passport to the authentication authority to permit comparison to a reference value.09-30-2010
20100250944INFORMATION PROCESSING APPARATUS, AUTHENTICATION DEVICE, AND RECORDING MEDIUM - An information processing apparatus includes a first signing unit which digitally signs device information and environment information, a first generator which generates a first digital envelope as data including the signed device information and the signed environment information, a second signing unit which digitally signs biometric authentication information and the first digital envelope, a second generator which generates a second digital envelope as data including the signed biometric authentication information and the signed first digital envelope, a transmitter which transmits the second digital envelope, and a receiver which receives authentication results.09-30-2010
20100250943METHOD FOR SECURITY IN ELECTRONICALLY FUSED ENCRYPTION KEYS - A method for electronically fused encryption key security includes inserting a plurality of inverters between a bank of security fuses and a fuse sense logic module. The method also includes sensing an activated set of the bank of security fuses and the plurality of inverters. The method further includes comparing the sensed activated set of the bank of security fuses and the plurality of inverters with a software key to determine whether at least a substantial match is made.09-30-2010
20090319793PORTABLE DEVICE FOR USE IN ESTABLISHING TRUST - A portable device for use in establishing trust including a communications module for communicating with a host machine; embedded trusted data; a virtual machine module for instantiating a virtual machine on the host machine; and a security module for including a secure application in the virtual machine to perform an attestation process using the embedded trust data to authenticate the host machine.12-24-2009
20100313027PIN Servicing - A smart card (12-09-2010
20110010552Authentication token with incremental key establishment capacity - The present invention relates to the field of strong authentication tokens and more specifically to methods and apparatus employing cryptographic key establishment protocols for such strong authentication tokens.01-13-2011
20110113251METHOD FOR IMPROVING NETWORK APPLICATION SECURITY AND SYSTEM THEREOF - The invention, related to information security field, discloses a method for improving network application security and a system thereof. The method comprises that client terminal application generates protocol message and disassembles the protocol message to plural IP packets and sends the plural IP packets; network filter driver receives and caches the plural IP packets and assembles the plural IP packets to obtain the protocol message and determines whether critical information is in the protocol message; if so, the network filter driver sends the protocol message to a smart key device; the smart key device analyzes the protocol message to obtain the critical information and sends the critical information to the user for confirming, if the user confirms that the critical information is correct, the network smart key device signs the protocol message and returns the signature data, the network filter driver generates new protocol message according to the signature data and the protocol message and disassembles the new protocol message to plural IP packets and sends the plural IP packets to the server via network card driver; if the user confirms that the critical information is not correct or no confirmation is received from user in predetermined time period, the smart key device performs exceptional operation. The system comprises a smart key device and network filter driver of client terminal computer. With compatibility and usability, the invention enhances network application security without modifying the client terminal.05-12-2011
20090031131Token-Based Management System for PKI Personalization Process - A system for token-based management of a PKI personalization process includes a token request and management system (TRMS) configured to gather request information from a requestor; and a token personalization system (TPS) configured to personalize a hardware token such that usage of the hardware token is constrained by the request information. A method for token-based management of a PKI personalization process includes: requesting a hardware token; personalizing a hardware token such that the hardware token is confined to operation within limiting parameters; binding the hardware token to a workstation which is configured receive the hardware token and use credentials within the hardware token to request and download PKI data from a PKI server, the workstation being further configured to personalize an end user product by loading the PKI data into internal memory contained within the end user product; and monitoring usage of the hardware token and the PKI data.01-29-2009
20090217046METHOD AND APPARATUS FOR THE SECURE IDENTIFICATION OF THE OWNER OF A PORTABLE DEVICE - An authentication system is provided that includes a portable device and a decryption node. An individual uses the portable device, such as a portable device like a cell phone to compute a challenge and a response. The challenge and response is sent to a decryption node. In response, the decryption node computes a presumed response and compares the presumed response to the response of the portable device, in order to authenticate the individual associated with the portable device.08-27-2009
20090217045PHYSICAL SECRET SHARING AND PROOFS OF VICINITY USING PUFS - The present invention relates to a method of creating challenge-response pairs, a method of authenticating a plurality of physical tokens, a system for creating challenge-response pairs and a device for authenticating a plurality of physical tokens. A basic idea of the invention is to interconnect a plurality of physical tokens (08-27-2009
20110154043SYSTEMS AND METHODS FOR CRYPTOGRAPHICALLY ENHANCED AUTOMATIC BLACKLIST MANAGEMENT AND ENFORCEMENT - Embodiments relate to systems and methods for the management and enforcement of blacklists of counterfeited, cloned or otherwise unauthenticated devices. In an embodiment, a system comprises an accessory comprising an authentication chip including data signed by a private verification key, the data including a unique identifier related to the accessory, and a device comprising a public verification key forming a verification key pair with the private verification key and an identifier list, the device configured to read the data from the authentication chip, compare the unique identifier with the identifier list, and reject the accessory if the unique identifier is found in the identifier list.06-23-2011
20100115280METHOD OF COMMUNICATIONS AND COMMUNICATION NETWORK INTRUSION PROTECTION METHODS AND INTRUSION ATTEMPT DETECTION SYSTEM - A method, system and computer readable medium for protecting a communications device connected to a communications system against an unauthorized intrusion, including providing a variable identifier to the communications device and entities authorized access thereto. The variable identifier is provided to a user address book and assigned with a permanent identifier and the permanent identifier, but not the variable identifier, is available to a user. The presence or absence of the correct variable identifier is sensed during an attempt to access the communications device for granting or denying access to the communications device. A new variable identifier is periodically provided to the communications device and to the authorized entities and to the user address book and assigned with the permanent identifier, wherein the permanent identifier, but not the new variable identifier, is available to the user.05-06-2010
20100058063FUZZY BIOMETRICS BASED SIGNATURES - The present invention relates to a method and a device of verifying the validity a digital signature based on biometric data. A basic idea of the invention is that a verifier attains a first biometric template of the individual to be verified, for instance by having the individual provide her fingerprint via an appropriate sensor device. Then, the verifier receives a digital signature and a second biometric template. The verifier then verifies the digital signature by means of using either the first or the second biometric template as a public key. The attained (first) biometric template of the individual is compared with the received (second) biometric template associated with the signature and if a match occurs, the verifier can be confident that the digital signature and the associated (second) biometric template have not been manipulated by an attacker for impersonation purposes.03-04-2010
20080229107Token-Based Dynamic Key Distribution Method for Roaming Environments - A method for establishing a new security association between a mobile node and a network source, the method comprising creating a first token comprising a security association between a network source and a mobile node, the first token being encrypted using a first key known to the mobile node and a first trust authority within a home network associated with the mobile node, and creating a second token comprising the same security association between the network source and the mobile node, the second token being encrypted using a second key known to the first trust authority and a second trust authority associated with the network source, wherein the first token and the second token are sent to the second trust authority using a chain of trust infrastructure.09-18-2008
20110055573SUPPORTING FLEXIBLE USE OF SMART CARDS WITH WEB APPLICATIONS - A web browser for communicating with an application at an application server, a smart card driver for accessing a smart card reader, a client agent monitoring events at the browser as a result of interaction between the browser and the application and a set of access profiles. The client agent is controlled by an access profile that defines a trigger event and an action to be performed by the client agent in response to an occurrence of the event.03-03-2011
20110055574LOCALIZED NETWORK AUTHENTICATION AND SECURITY USING TAMPER-RESISTANT KEYS - The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.03-03-2011
20100332837WEB APPLICATION SECURITY FILTERING - User inputs and/or Uniform Resource Identifier (URI), historically and popularly referred to as Universal Resource Locator (URL), requests in a content description language are passed through a security service (Web application firewall or a reverse Web proxy server) that is placed in front of Web application servers in order to protect the servers from hacking attempts. For validating Webform user inputs and/or URI requests and parameters the content description language is enriched by the security service with additional security tokens that are dynamically created based on the content being transferred. The user receives the information and returns input with the security tokens. The security service can then verify all provided user input data against the constraints described in the corresponding security token. As a result, the method may block the HTTP request or create log messages or notification events in reaction to violations of the user input data compared to the constraints in the security token.12-30-2010
20080201578Computer security using visual authentication - A physical token to the user in the form of a unique card having a grid of images thereon. Each column and row of images has a unique text string of text. In addition, each user knows a special image, not necessarily present on the token card, on which one particular point or zone functions as an extra authentication feature. Users may be queried for a username, then shown a random one of the images on their card, and asked for the row text string plus column text string identifying the image. Users are also prompted to select their particular point or zone within their known special image, which is displayed, among a jumble of other images, by the computer system requesting authorization, such display serving to authenticate the computer system to the user. The system may be combined with password protection and methods to identify a user's machine.08-21-2008
20080215887CARD AUTHENTICATION SYSTEM - A card authentication system. In one embodiment, the invention relates to a method for authenticating a data card having an intrinsic magnetic characteristic and recorded data on the data card, the method including reading information from the data card, the data card information including the intrinsic magnetic characteristic and the recorded data on the data card, encrypting the data card information, sending the encrypted data card information, receiving the encrypted data card information, decrypting a portion of the encrypted data card information, the portion including the intrinsic magnetic characteristic, generating a score indicative of a degree of correlation between the intrinsic magnetic characteristic of the data card information and a stored value, and determining an authenticity of the data card based at least in part on the score.09-04-2008
20110307699TOKEN FOR SECURING COMMUNICATION - In general, the invention relates to a method for performing a command on a token. The method includes receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender, and making a first determination that the sender is allowed to send commands to the token. The method further includes, based on the first determination, generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), making a second determination that the first CAMD and the second CAMD match, and based on the second determination, performing the command by the token.12-15-2011
20090044015SYSTEM AND METHOD FOR MANAGING SONIC TOKEN VERIFIERS - A hand-held token can be operated to generate an acoustic signal representing the digital signature generated by a private key of a public key/private key pair. Verifiers that might be located at, e.g. buildings, in vehicles, at bank ATMs, etc. receive the signal and retrieve the corresponding public key to selectively grant access authorization to components served by the verifiers. Methods and systems permit adding and removing a token from the access list of a verifier. Other methods and systems enable the token to be used with several verifiers that are nearby each other, such as might be the case with multiple vehicles owned by the same user and parked nearby each other, without more than one verifier being operated to grant access.02-12-2009
20120210135CLIENT-BASED AUTHENTICATION - Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed.08-16-2012
20110099378DIGITAL BROADCASTING SYSTEM AND METHOD OF PROCESSING DATA IN DIGITAL BROADCASTING SYSTEM - A method for controlling a DTV located in one independent space among physically-separated independent spaces includes receiving an AP-card WEP key value recorded in a storage of a compact wireless device, receiving the WEP key value corresponding to an AP card of the DTV from a management server, comparing the WEP key value from the compact wireless device with the WEP key value from the management server, transmitting first general wireless device ID from the general wireless device to the compact wireless device if the WEP key values are identical, receiving an Internet service accept packet from the compact wireless device if at least one second general wireless device ID recorded in the storage area of the compact wireless device is identical to the first general wireless device ID, and controlling the general wireless device to use an Internet service through the AP card of the DTV.04-28-2011
20110099377COMPACT SECURITY DEVICE WITH TRANSACTION RISK LEVEL APPROVAL CAPABILITY - The present invention relates to the field of securing electronic transactions and more specifically to methods to indicate and verify the approval of the risk level of a transaction and to apparatuses for generating transaction risk level approval codes.04-28-2011
20120124378METHOD FOR PERSONAL IDENTITY AUTHENTICATION UTILIZING A PERSONAL CRYPTOGRAPHIC DEVICE - A method for personal identity authentication utilizing a personal cryptographic device initially provides a personal cryptographic device storing a client key from a host system and a device serial number. Next, the personal cryptographic device is connected to the host system. Thereafter, unique user information is inputted via the personal cryptographic device. Then, the unique user information and the device serial number are encrypted and sent to the host system for authentication and for requesting key information. The personal cryptographic device receives and decrypts encrypted key information with the client key, and changes the client key using the key information.05-17-2012
20110185178COMMUNICATION METHOD OF AN ELECTRONIC HEALTH INSURANCE CARD WITH A READING DEVICE - The invention relates to a communication method of an electronic health insurance card (07-28-2011
20100017613DUAL USAGE SMART CARD OF CPU AND LOGICAL ENCRYPTION AND ITS DATA SYNCHRONIZATION METHOD - A dual usage smart card of CPU and logical encryption and its data synchronization method. Said method comprises that a CPU command processing module controls an accessing control module for the logical encryption storage region to read the data in the logical encryption storage region to a data format conversion module; said data format conversion module transmits the data to the CPU control storage region; the CPU command processing module controls the CPU control storage region again to transmit the data of CPU card to the accessing control module for the logical encryption storage region through the data format conversion module; and said accessing control module for the logical encryption storage region writes the data of CPU card into the logical encryption storage region.01-21-2010
20120221860METHOD AND APPARATUS FOR ENCODING AND DECODING DATA TRANSMITTED TO AN AUTHENTICATION TOKEN - Methods and apparatus for encoding and decoding data transmitted acoustically and/or optically to strong authentication tokens to generate dynamic security values are disclosed. The tokens may also include a selection mechanism to select either an acoustical or an optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device.08-30-2012
20120221859STRONG AUTHENTICATION TOKEN WITH ACOUSTIC DATA INPUT - Strong authentication tokens for generating dynamic security values having an acoustical input interface for acoustically receiving input data are disclosed. The tokens may also include an optical interface for receiving input data and may have a selection mechanism to select either the acoustical or the optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device. The acoustic signal received by the token may be modulated using a frequency shift keying modulation scheme using a plurality of coding frequencies to code the acoustical signal where each coding frequency may be an integer multiple of a common base frequency.08-30-2012
20120084565CRYPTOGRAPHIC DEVICE THAT BINDS AN ADDITIONAL AUTHENTICATION FACTOR TO MULTIPLE IDENTITIES - Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.04-05-2012
20110131416MULTIFACTOR VALIDATION OF REQUESTS TO THW ART DYNAMIC CROSS-SITE ATTACKS - An apparatus and a method for validating requests to thwart cross-site attacks is described. A user identifier token, a request identifier token, and a timestamp, are generated at a web application of a server. A Message Authentication Code (MAC) value is formed based on the user identifier token, the request identifier token, and the timestamp using a secret key of the web application. Names of the form elements are enciphered. Fake form elements can also be added to the dynamic form. The entire page also can be enciphered. The dynamic form is sent with the MAC value and the time stamp to a client. A completed form comprising a returned MAC value and a returned timestamp is received from the client. The completed form is validated at the server based on the returned MAC value and the returned timestamp.06-02-2011
20120324227System For Generating Fingerprints Based On Information Extracted By A Content Delivery Network Server - A dynamic multimedia fingerprinting system is provided. A user requests multimedia content from a Web cache server that verifies that the user is authorized to download the content. A custom fingerprint specific to the user is generated and dynamically inserted into the content as the content is delivered to the user. The custom fingerprint can be generated on the Web cache server or at the content provider's server. The system allows a content provider to specify where the custom fingerprint is inserted into the content or where the fingerprint is to replace a placeholder within the content.12-20-2012
20120324226TRANSACTION AUDITING FOR DATA SECURITY DEVICES - Data security devices are provided which store user data and interact with terminal devices to provide information about the stored user data. Security device has memory for storing user data, an interface for transmission of data communications connectable to a data communications network, and a controller. The controller processes a request from the terminal device for information about said user data by first generating a message. The message is generated to permit verification, using secret data, that the message was generated by the controller. The controller sends the message to the terminal device for communication to a publication entity for publication of the message. The controller then receives from the terminal device a cryptographic construction. The controller checks validity of the cryptographic construction for said message, and subsequent supply of the information requested about the user data to the terminal device is then dependent on said cryptographic construction.12-20-2012
20130013927Automated Entity Verification - Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code.01-10-2013
20130019101METHOD FOR CONFIGURING AND DISTRIBUTING ACCESS RIGHTS IN A DISTRIBUTED SYSTEM - The disclosure relates to a method and system for configuring and distributing access rights among intelligent devices within a distributed system. The distributed system includes a first intelligent device connected to further intelligent devices. Device-internal individual keys and a shared key are stored in the intelligent devices. A user account is created in the first device via a web client and is encrypted by the device-internal key of the first device and stored as a password file in the first device. Before being transmitted via the web client, the password file is encrypted by the shared key and the encrypted password file is transmitted to the further intelligent devices. The data stored in the encrypted password file are decrypted by the shared key. An encrypted storage of the password file is carried out by the device-internal key of the respective device.01-17-2013
20130019100INTELLIGENT REMOTE DEVICE - An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.01-17-2013
20130024694TRANSACTION AUDITING FOR DATA SECURITY DEVICES - Data security devices are provided which store user data and interact with terminal devices to provide information about the stored user data. Security device has memory for storing user data, an interface for transmission of data communications connectable to a data communications network, and a controller. The controller processes a request from the terminal device for information about said user data by first generating a message. The message is generated to permit verification, using secret data, that the message was generated by the controller. The controller sends the message to the terminal device for communication to a publication entity for publication of the message. The controller then receives from the terminal device a cryptographic construction. The controller checks validity of the cryptographic construction for said message, and subsequent supply of the information requested about the user data to the terminal device is then dependent on said cryptographic construction.01-24-2013
20080229108PRIVATE INFORMATION EXCHANGE IN SMART CARD COMMERCE - A method, system and computer program product for private information exchange in smart card commerce is disclosed. The method includes, in response to determining that an item of biometric data received on a biometric reader corresponds to an authorized user, unlocking a communication channel on a communication port, exchanging public keys between the user and authorized point of sale, receiving an information request from an external point of sale machine across the communication channel, decrypting an information request and parsing a data token. In response to determining that private data has been requested in the information request, a user is prompted for authorization to release the private information, and private information exchange in smart card commerce is performed by, in response to the user pressing a yes button on the smart card, placing an encrypted copy of the private data in the public area of the smart card for transmission across the communication channel to the external point of sale machine.09-18-2008
20110246777System and Method for Managing Security Key Architecture in Multiple Security Contexts of a Network Environment - A scheme for managing security key architecture in a network environment where a user equipment (UE) device can engage in multiple security contexts depending on the access technology. In one embodiment, when multiple security contexts are engaged and different sets of authentication vectors are created, an adapter component of the UE device manages potential interference that may be caused among the different sets of the authentication vectors as to where they are stored and which authentication vectors are used for service handovers.10-06-2011
20080222417Method, System, And Apparatus For Nested Security Access/Authentication With Media Initiation - The disclosure details a nested security access system that manages access points/verification requests to create a series of layered security applications for securing access/user identification data. The NSA system works in coordination with an access point/verification module to generate a series of instructions as a login/verification module that may be executed locally. The login/verification module is executed by the access point/verification module to create a system user access/verification data entry form. Depending on the implementation, the access point/verification module may be configured to accept typed text or clicked image access/verification data, token access/verification data or selected image sequence access/verification data. The process of selected image sequence access involves the system user selecting a series of images that represent individual elements of a password without having to type the information into a data entry form.09-11-2008
20100318802SYSTEMS AND METHODS FOR ESTABLISHING A SECURE COMMUNICATION CHANNEL USING A BROWSER COMPONENT - A system for providing a secure channel for communication comprises a client comprising a browser, a secure server and a browser component installed on the client that enables a user to establish a connection with the secure server, the browser component configured to generate a first token. The secure server is configured to generate a second token, and wherein the client is provided with access to the secure server upon verification of the first token and the second token.12-16-2010
20100318801METHOD AND SYSTEM FOR PROTECTING REAL ESTATE FROM FRADULENT TITLE CHANGES - A method of effecting secure communication over a network begins by interfacing a hardware token with a computer host. The hardware token includes security software and communication software stored thereon. The security software is stored in a memory of the hardware token. The computer host has a memory distinct from the hardware token memory. The authenticity of the security software is determined on the hardware token. Upon successful validation of the authenticity of the security software on the hardware token, the authenticity of the communication software is determined by loading the security software from the hardware token memory into the computer host memory and executing the loaded security software from the computer host memory. After successful validation of the authenticity of the communication software, the computer host facilitates communication between the hardware token and a remote computer by executing the communication software from the computer host memory.12-16-2010
20130159716METHOD FOR PERSONALIZING AN AUTHENTICATION TOKEN - An authentication token using a smart card that an organisation would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.06-20-2013
20110314288CIRCUIT, SYSTEM, DEVICE AND METHOD OF AUTHENTICATING A COMMUNICATION SESSION AND ENCRYPTING DATA THEREOF - Disclosed is a circuit, system, device and method for authentication and/or encryption, which is based on the characteristics and/or management of One Time Programming (OTP) Non Volatile Memory (NVM) that may prevent the ability to alter, modify, mimic or otherwise use an identification string/code for attaining false authentication and/or falsely decrypting encrypted data.12-22-2011
20130191640INFORMATION SYSTEM AND METHOD INCORPORATING A PORTABLE DIGITAL MEDIA DEVICE - A method of reading a readable element, such as a two dimensional bar code or an RFID chip, that has encrypted information with a portable device, such as a digital media device or RFID reader, includes storing a decryption key in the portable device, and scanning the readable element with the portable device. The method further includes communicating with a remote server storing a decryption key database, validating the decryption key stored in the portable device, and decrypting information from the readable element using the portable device. The decrypted information may then be displayed.07-25-2013
20130198519STRONG AUTHENTICATION TOKEN WITH VISUAL OUTPUT OF PKI SIGNATURES - A handheld authentication device comprising a data processor and a display is adapted to: generate an input value; submit the input value to an asymmetric cryptographic operation; obtain the result of said asymmetric cryptographic operation; generate an authentication message substantially comprising the result of the asymmetric cryptographic operation; encode the authentication message into one or more images; and display these images on the display. A method for securing computer-based applications remotely accessed by a user comprises capturing images displayed on the display of an authentication device of the user whereby these images have been encoded with an authentication message generated by the authentication device and whereby the authentication message comprises the result of an asymmetric cryptographic operation on an input value; decoding the images to retrieve the authentication message; retrieving the result of the asymmetric cryptographic operation from the authentication message; verifying the authentication message.08-01-2013
20120096271Remote Access to Hosted Virtual Machines By Enterprise Users - An end user of an enterprise is enabled to receive secure remote presentation access to the assigned virtual machines in a hosted public cloud through the cloud provider's virtualization hosts and remote presentation gateway. Thus an enterprise administrator may purchase computing capacity from the cloud provider and further sub-divide the purchased computing capacity among enterprise end users. The cloud provider need not create shadow accounts for each end user of the enterprise. The cloud provider AD and the enterprise AD do not need to trust each other. The cloud provider also need not expose host information to the tenants. Authorization may be provided by using a combination of a custom authorization plug-in at the terminal services gateway and an indirection listener component at the virtualization host. The host details may also be abstracted when the client connects to the remote presentation gateway so as to protect the fabric from attack and enabling the tenant virtual machines to freely move across the cloud provider's virtualization hosts.04-19-2012

Patent applications in class Intelligent token

Patent applications in all subclasses Intelligent token