Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Solely password entry (no record or token)

Subclass of:

713 - Electrical computers and digital processing systems: support

713182000 - SYSTEM ACCESS CONTROL BASED ON USER IDENTIFICATION BY CRYPTOGRAPHY

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
713183000 Solely password entry (no record or token) 89
20080276098ONE-TIME PASSWORD ACCESS TO PASSWORD-PROTECTED ACCOUNTS - Systems and methods facilitate secure one-time-password access to an account in a remote server from an untrusted client. The system consists of an intermediary component whose salient components are a proxy component, a webserver component, and an encryption/decryption component, and it preserves the characteristics of both the server and client. In a man-in-the-middle fashion, the proxy substitutes a one-time password entered at a login interface with a true password, and forwards it to the remote login server. True passwords are encrypted using a seed associated with user identifiers, and a list of one-time passwords is generated/updated and stored on media or transmitted to an electronic device. Substitution takes place by decrypting the one-time password with the seed used for encryption, ensuring the proxy avoids storing the true password.11-06-2008
20090193263Identifying and processing an unauthorized access request - The system reuses the classic User ID & Password combination for authentication and adds a third component called a USE code for additional authorization check, as an example. This method allows access to a system when it is requested with correct User ID and Password (i.e., with correct pass code) but with an unauthorized USE code, the system identifies it as an unauthorized access and triggers the proper security measures to minimize the damage and monitor the actions in a way not to alarm the unauthorized user who is using the owner's credential to access the system. The USE Code is an extension to the pass code to raise various alarms and have a stepwise access level control based on different inputted values.07-30-2009
20110202773Method of generating a password protocol using elliptic polynomial cryptography - The method of generating password protocols based upon elliptic polynomial cryptography provides for the generation of password protocols based on the elliptic polynomial discrete logarithm problem. It is well known that an elliptic polynomial discrete logarithm problem is a computationally “difficult” or “hard” problem.08-18-2011
20100077223AUTHENTICATION DEVICE, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, PROGRAM AND RECORDING MEDIUM - To prevent an input password from being stolen by an invalid authentication device. An authentication device 03-25-2010
20130086388CREDENTIALS MANAGEMENT - An encrypted file is decrypted to gain access to a stored hash value for a credentials setting component. A test hash value of the credentials setting component is formed. Before decrypting a set of encrypted credentials to form decrypted credentials, it is required that the test hash value of the credentials setting component match the stored hash value of the credentials setting component. The decrypted credentials are then passed to the credentials setting component to set credentials that instructions are to be executed under.04-04-2013
20130080787MEMORY STORAGE APPARATUS, MEMORY CONTROLLER AND PASSWORD VERIFICATION METHOD - A memory storage apparatus including a connector, a rewritable non-volatile memory module and a memory controller is provided. The memory controller receives a password to be verified, transforms the password into a data stream by using a first unit, generates a cipher text to be verified according to a predetermined data stream and the transformed data stream by using a second unit, and determines whether the cipher text to be verified is the same to a predetermined cipher text stored in the rewritable non-volatile memory module. When the cipher text to be verified is the same to the predetermined cipher text, the memory controller identifies that the password to be verified is validated. Accordingly, the memory storage apparatus can effectively verify a password input by a user, thereby protecting data stored in the rewritable non-volatile memory module.03-28-2013
20100042847METHOD FOR AUTHENTICATION USING ONE-TIME IDENTIFICATION INFORMATION AND SYSTEM - The present invention relates to a method and system that can safely and conveniently perform user authentication by a service provider server and at a public terminal using one-time identification information. According to the present invention, when user authentication is performed using a public terminal to receive an Internet service provided by a service provider, personal identity information to be provided to the service provider can be prevented from being leaked due to fishing or hacking while the personal identity information is input. Therefore, the user can be safely and conveniently authenticated by the service provider.02-18-2010
20090327740Securing a password database - An apparatus and a method for storing an encrypted username and password. In one embodiment, a username is encrypted. A password associated with the username is encrypted. A user identifier associated with the username is encrypted. The encrypted username, the encrypted password, and the user identifier are stored in one or more database.12-31-2009
20090307498USER-DEFINED PASSWORDS HAVING ASSOCIATED UNIQUE VERSION DATA TO ASSIST USER RECALL OF THE PASSWORD - An electronic device includes password protected functionality using a password that can be changed by the user. A user-specified password is stored in association with unique version data that is subsequently provided to help user recall of the password associated therewith.12-10-2009
20090113208WIRELESS NETWORK HAVING MULTIPLE COMMUNICATION ALLOWANCES - Multiple levels of wireless network resource granting. A user who has an authorized key, e.g., an encryption key or a key indicating that they have paid for service, gets a first, better level of access to the network resources. One without the key is granted lesser access, e.g., less total bandwidth, less bandwidth speed, no access to files or the like.04-30-2009
20120191981SECURITY METHOD AND APPARATUS - A method and apparatus for providing password security to an electronic device. Access rights to an electronic device are determined by decrypting and decoding an encrypted password given to one or more individuals. When an individual enters a given encrypted password into the electronic device, a decrypting function decrypts the password to generate an decrypted password. The decrypted password contains information as to whether access should be granted to the individual, and if so, to what extent. For example, the decrypted password may comprise a time and date field which indicates a date and time at which access will not be granted.07-26-2012
20120191980SYSTEM AND METHOD FOR A SECURE DATA COLLECTION SYSTEM - The system may provide for the collection of data in a heterogeneous network, long term secure storage of the data, and secure transfer of the data to an environment that may be secure and controlled for the purpose of controlled and secure selected viewing of all or parts of the data. The data stored may include core data of interest as well as any data that is associated with the core data. The core data and associated data may be stored. To do so, the system may identify and collect associated data at the point of release of all or part of the data. Further, the system may provide secure and controlled transfer of the data to a permanent and secure media. Lastly, the system may provide secure transfer of all or parts of the data from the media to a controlled and secure environment suitably constructed to provide for secure viewing of all or parts of the data under the control of the owner of the data.07-26-2012
20090006857METHOD AND APPARATUS FOR STARTING UP A COMPUTING SYSTEM - A computer system may be powered up or awakened from a power-saving state with one single user action. An authentication device may be used to detect a user action and to collect data from the user action. An authentication module may be used to authenticate a user based on the data collected by the authentication device. A controller may enable a user to access a non-volatile storage medium for user credentials necessary to power up or awaken the computer system.01-01-2009
20090006856ADAPTIVE AUTHENTICATION SOLUTION THAT REWARDS ALMOST CORRECT PASSWORDS AND THAT SIMULATES ACCESS FOR INCORRECT PASSWORDS - In the invention, incorrect authentication information for accessing at least one secured computing asset can be received. A similarity score between the incorrect authentication information and correct authentication information can be determined. One of many different access levels can be assigned to a computing session based upon the similarity score. Access consistent with the assigned access level can be granted. One access level can be an emulation access level that grants access to at least one simulated asset designed to mimic the secured asset. Access to the simulated asset can be provided in a fashion so that a user, who is likely an intruder, is unaware that they are not receiving the secured asset information. A tracking action can he optionally initiated against the intruder. Further, user behavior with the simulated session or a limited access session can be compared against a behavior profile to dynamically increase or decrease session permissions.01-01-2009
20080301460REMOTE PROVISION OF CONSISTENT ONE-TIME PASSWORD FUNCTIONALITY FOR DISPARATE ON-LINE RESOURCES - Consistent one-time password (OTP) functionality is provided from a presentation server to secure various on-line resources. A seed file can be provided to or created by a service provider for execution as part of a hosted page displayed at a client to a user. A presentation server receives a call from the seed file. A user interface widget can be initialized at the presentation server in response to the call from the seed file. The widget can be displayed as part of the remotely hosted Web page so that the user perceives the UI widget to be embedded in the page as viewed on the client computer system. Security for the interaction between the servers can be provided through use of security assertion markup language (SAML).12-04-2008
20100153735Entering an identifier with security improved by time based randomization of input steps based upon time - A secure method, apparatus or computer program incorporates a method for entering private information such as a user identifier, password or other secret code comprising at least one symbol or character. According to method in one illustrated embodiment, the user selects characters for input starting from presentation of an initial suggested character, moving under user control to presentation of a user's desired input character, and then followed by the selection by the user of that presented character as a character for data input. The method includes randomizing the timing of the display and/or reaction time to user input so that the number and timing of the key presses required to select any specific desired character for input is made unpredictable. This makes it difficult during entry of information to determine by covert means what specific information is being entered.06-17-2010
20100169660PUBLIC KEY INFRASTRUCTURE-BASED FIRST INSERTED SUBSCRIBER IDENTITY MODULE SUBSIDY LOCK - A method, telecommunication apparatus, and electronic device for securely creating an identity data block are disclosed. A secure memory 07-01-2010
20100169659GAMING CONSOLE-SPECIFIC USER AUTHENTICATION - Systems, methods, and computer program products are provided for user authentication required for conducting online financial institution transactions. The disclosed embodiments leverage the capabilities of platforms other than conventional personal computers and laptops, such as gaming consoles and wireless devices. Unique intrinsic user activities, such as controller motions or activities, built-in hardware signatures or other input data associated with a gaming console are used as the authentication mechanism, so as to provide a higher degree of security in the overall authentication process by lessening the likelihood of password replication or interception during network communication.07-01-2010
20110271118PASSWORD GENERATION METHODS AND SYSTEMS - Password generation and extraction is described. In one aspect, a user inputs multiple characters, including a user password, variable characters, and multiple terminator characters. Locations of the terminator characters are identified and used to extract the user password from the multiple characters input by the user.11-03-2011
20090150677TECHNIQUES FOR REAL-TIME ADAPTIVE PASSWORD POLICIES - Techniques real-time adaptive password policies are presented. Patterns for passwords are regularly analyzed along with other factors associated with the patterns to dynamically determine password strength values. The strength values can change over time based on usage statistics. When a strength value falls below an acceptable threshold, passwords associated with that particular pattern can be downgraded or rejected in real-time and existing policy can be adapted to reflect the undesirability of that pattern.06-11-2009
20100082999Wireless Communication Device, Method for Wireless Connection, and Computer Usable Medium Therefor - A wireless communication device to be wirelessly connected to a wireless network is provided. The wireless communication device includes a password obtainer to obtain a password designated by a user for connecting the wireless communication device to the wireless network, and a wireless connector to connect the wireless communication device to the wireless network with the use of the obtained password. The wireless connector sequentially selects one set from two or more sets, and sequentially attempts to connect the wireless communication device to the wireless network with the use of the sequentially selected one set. Each set of the two or more sets has an authorization method and an encryption method.04-01-2010
20090265559USER AUTHENTICATION BY LINKING RANDOMLY-GENERATED AUTHENTICATION SECRET WITH PERSONALIZED SECRET - This patent application discloses techniques, devices and systems for user authentication based on linking between a randomly generated authentication secret and a personalized secret.10-22-2009
20090089588METHOD AND APPARATUS FOR PROVIDING ANTI-THEFT SOLUTIONS TO A COMPUTING SYSTEM - A manageability engine (ME) may be used to authenticate a user for a computer system. A data collection module may be coupled to the ME to collect data (e.g., fingerprint image, facial images, speech, etc.) from a user. The ME processes the collected data to authenticate the user. If the authentication is successful, the system may boot, resume from a sleep state, or become re-accessible by the user; otherwise, the user is prevented from using the system or accessing data stored therein.04-02-2009
20090287936MANAGING PASSWORDS USED WHEN DETECTING INFORMATION ON CONFIGURATION ITEMS DISPOSED ON A NETWORK - Disclosed embodiments include a computer system for receiving an encrypted password from an ID management system. The computer system sends the encrypted password to a decryption system, where the decryption system decrypts the encrypted password. The decrypted password is then transmitted to the computer system, and the computer system transfers the decrypted password to a configuration item disposed on a network. Based on the password, the configuration item sends data concerning the configuration item to the computer system.11-19-2009
20080209221System, Method and Apparatus for Cryptography Key Management for Mobile Devices - A technique that binds encryption and decryption keys using a UID, a UDID, and a Pswd to a client mobile device in an enterprise. In one example embodiment, this is achieved by creating a new user account using the UID and the DPswd in an inactive state and communicating the UID and the DPswd to an intended user using a secure communication medium by an administrator. The intended user then logs into a cryptography key management system using the UID and the DPswd via a client mobile device. The UDID associated with the client mobile device is then hashed to create a H(UDID). The H(UDID) is then sent to the cryptography key management system by a local key management application module. The H(UDID) is then authenticated by the cryptography key management system. An encryption/decryption key is then assigned for the client mobile device.08-28-2008
20080250249Data access method against cryptograph attack - The present invention discloses a data access method accomplished by the following steps of: creating a predetermined password; generating a first encryption key; encrypting data based on the first encryption key; prompting for the predetermined password upon receipt of an access request; decoding a header of the NAND flash memory based on a user-entered password; examining the header to determine whether a mapping between the user-entered password and the first encryption key is defined; and decrypting and outputting the data by a decryption key when the mapping between the user-entered password and the first encryption key is defined.10-09-2008
20080276097Alternate to email for messages of general interest - This invention is an online system to forward and discuss messages of common interest among members of the system. The system is based on a central server that manages all member accounts, messages and message flow among the members. The system introduces the concept of private comments on a public message. While the message is open to all members of the system, each comment on the message is restricted to be viewed only by members to whom the comment is sent to. This allows an email like interface to forward and discuss the same message among different groups of people. The system also provides metrics related to the overall reach and popularity of the message.11-06-2008
20080313470MULTIPLE USER AUTHENTICATIONS ON A COMMUNICATIONS DEVICE - A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user.12-18-2008
20080229112ACCESS CONTROLLER - A deciding unit causes a database, by employing a table joining function, to join a plurality of real tables to generate a virtual table containing target data that can be provided to an authentic user, acquires the target data from the virtual table, and decides data to be displayed on a client device used by the authentic user based on the target data.09-18-2008
20120272067AUTHENTICATION METHOD - Method enabling a user to verify the operation of a personal cryptographic device, comprising the following steps: a) a user (10-25-2012
20090049306Method, Computer System, and Computer Program Product for Password Generation - The generation of a unique password using a secret key and an application name is disclosed. Other passwords may be generated for other applications using the same key. A user provides a key that is not easily able to be guessed by third parties. The user also inputs a name of an application for which a password is desired. The system utilises the application name and the secret key to generate a unique password for that application, using standard encryption techniques. The system generates the same password for that application and secret key combination every time. Alternate embodiments generate a user identifier from the same secret key and application name.02-19-2009
20090144554Two-way authentication with non-disclosing password entry - A method of two-way authentication between a user and a known host using a non-disclosing password entry system generates a matrix of characters having a random characteristic with random characteristics being selected from a set of custom symbols, pictures or patterns (rather than alpha-numeric characters) that only the user recognizes. When the user sets up an account with the known host, a subset of these characteristics is predetermined for use specifically by the user. One or more of these may additionally be used in the user's PIN or password for easy memorization, allowing the user to first authenticate the log-in screen before the user enters the PIN for user authentication to the known host. Alternatively, randomized alpha-numeric characters may be used, but with a predefined grouping or subset of the characters in a predefined position on the initial character matrix presentation. If the user doesn't see the predefined special characters or figures in the character matrix, or the particular alpha-numeric subset in the character matrix, then the log-in screen is recognized as a fake.06-04-2009
20090240949Identity authentication based on keystroke latencies using a genetic adaptive neural network - A system and method identify the person who is using a keyboard based on keystroke latencies as the person types certain key combinations. In some embodiments the latencies are monitored as the person types a password, while in others they are monitored as the person types other information and continues to use the computer. In some embodiments the identification yields a binary result (whether the latency profile matches the profile stored for a particular user), while in others a confidence level is given. A mismatch, or a confidence level below a particular threshold, results in a request for further identity verification, creation of a log entry, immediate notification of responsible personnel, or denial of access (or continued access). 09-24-2009
20090249077METHOD AND SYSTEM FOR AUTHENTICATING USERS WITH A ONE TIME PASSWORD USING AN IMAGE READER - A method and system to authenticate users with a one time password by using a visual communication channel. The method and system may include using a device to capture a sequence of images being displayed and decrypt an encrypted one time password contained in the sequence of images.10-01-2009
20100228987System and method for securing information using remote access control and data encryption - The invention relates to a system and method for enhancing the security of information by decoupling the user authentication from the data storage and access. User information, stored by a service provider, is encrypted using a hashed password and access to the encrypted user information is protected by a separate access control server. The access control server and service provider may be provided a uniquely hashed first and second password, respectively. The access control server uses the first hashed password to allow the user access to the service provider, and the service provider then decrypts the user information using the second hashed password. The system ensures that even if the malicious user manages to compromise either the service provider or the access control server the malicious user would remain unable to decrypt and access any stored user information.09-09-2010
20090327741SYSTEM AND METHOD TO SECURE BOOT UEFI FIRMWARE AND UEFI-AWARE OPERATING SYSTEMS ON A MOBILE INTERNET DEVICE (MID) - In some embodiments, the invention involves adding a capability for a platform owner or administrator to ensure that the firmware is only executed in an owner-authorized fashion, such as with signed components managed by a security processor. Embodiments may extend the Core Root of Trust for Measurement (CRTM), via use of a cryptographic unit coupled to the security processor in a mobile Internet device (MID) as a Root-of-Trust for Storage (RTS) Storage Root Key (SRK), into a unified extensible firmware interface (UEFI) Platform Initialization (PI) image authorization and boot manager. Other embodiments are described and claimed.12-31-2009
20090327742METHOD FOR MANAGING MULTIUSER DIGITAL PHOTO FRAME - A method for managing multiple users on a digital photo frame is disclosed. The method includes: adding a user account on the digital photo by a user inputting a username and a password, associating files with the username, prompting users to enter the username and password associated with the files to access the files and determining whether the username and password are correct, and if they are, allowing the user to access the files.12-31-2009
20090150678Computer and method for sending security information for authentication - The present invention provides a computer and a method of sending security information for authentication, which relate to transmission of data information in computers. The present invention solves the vulnerability of information when a user conducts network transaction activities by a terminal. The computer of the present invention comprises: a virtual system platform; a first guest operating system installed on the virtual system platform, which is for installing a service application module, wherein the service application module generates a security information input interface when it is being executed; a second guest operating system installed on the virtual system platform; the second guest operating system comprises: a dynamic password generation module for generating security information, the security information is input into the security information input interface and is sent to a network server for authentication. The security of network activities conducted by users can be enhanced.06-11-2009
20130138968GRAPHICAL ENCRYPTION AND DISPLAY OF CODES AND TEXT - The present invention provides an image-based encryption and decryption technique where the user uses pre-chosen image categories to create an encryption/decryption key. The encryption key can be used to encrypt alphanumeric strings such as a confirmation code or other information. The user uses the decryption key, i.e., knowledge of the chosen image categories) to decrypt and recover the original message. For example, upon presentation of a grid of images, the user selects certain images contained therein that match the pre-chosen image categories to recover the original message.05-30-2013
20100325440Method and System for Single Sign-on for Multiple Remote Sites of a Computer Network - A system and method links first and second computers of a network to implement a single sign on feature. The first computer generates a link request having a plaintext component and a hashed component. The plaintext component includes an identifier associated with the first network computer and information for locating a resource of the second network computer. The hashed component includes a first hash result formed by applying a hashing function to the plaintext component and a secret known to the first network computer and the second network computer. The second computer authenticates the link request without using a two-way encryption process by generating a second hash result by applying the hashing function to the plaintext component of the link request and the secret and comparing the first hash result with the second hash result.12-23-2010
20110029782Handling Expired Passwords - A method of operating a server comprises receiving an authorisation request comprising a password, accessing an expiry date for the password, transmitting a response comprising the expiry date, ascertaining whether the password has expired, and receiving a new password, if the password has expired. Optionally, the transmitted response further comprises a date representing the last use of the password and/or an integer value representing a retry parameter.02-03-2011
20110119495METHOD AND ARRANGEMENT RELATING TO ENCRYPTION/DECRYPTION OF A MEMORY UNIT - A memory unit is disclosed comprising a security driver application providing an interface, a storage arrangement and a driver application for activation when connected to a memory accessing arrangement. The driver application is configured, when accessed, to authenticate a user using a password whereby the interface is configured to secure and/or unsecure data transactions to and from the storage arrangement.05-19-2011
20100058066METHOD AND SYSTEM FOR PROTECTING DATA - A method and a system for protecting data are provided. When a computer system is powered on, a verification code is compared with a predetermined verification code. If the verification code matches the predetermined verification code, an encrypted configuration data stored in a configuration data block of a storage device is decrypted with the verification code to obtain an original configuration data of the storage device. Thereby, data loss is effectively prevented and a data protection mechanism is provided.03-04-2010
20110154047USER-DEFINED PASSWORDS HAVING ASSOCIATED UNIQUE VERSION DATA TO ASSIST USER RECALL OF THE PASSWORD - An electronic device includes password protected functionality using a password that can be changed by the user. A user-specified password is stored in association with unique version data that is subsequently provided to help user recall of the password associated therewith.06-23-2011
20110060912PASSWORD INPUTTING SYSTEM AND METHOD THEREOF - A method for inputting password with a touch sensitive display is provided. The method includes displaying a password array comprising a plurality of characters on a touch sensitive display, the plurality of characters being arranged in a first order, detecting if a permuting signal is received, generating a new password array comprising the a plurality of the characters when a permuting signal is received, the plurality of characters being arranged in a second order different from the first order, and displaying the generated new password array on the touch sensitive display to replace the displayed password array. A password inputting system using the method is also provided.03-10-2011
20130166918Methods for Single Signon (SSO) Using Decentralized Password and Credential Management - A method for single sign-on (SSO) that provides decentralized credential management using end-to-end security. Credential (and other personal user information) management is decentralized in that encryption is performed locally on the user's computer. The user's encrypted credentials may be stored by the login server and/or a plurality of distributed servers/databases (such as a cloud). The login server never has access to the user's credentials or other personal information. When the user wants to use single sign-on, he enters his password into his browser and the browser submits the encrypted/hashed password to the login server for validation. Upon validation, the browser receives the user's encrypted credentials. The credentials are decrypted by the browser and provided to relevant websites to automatically log the user in.06-27-2013
20120151218Methods, Systems, And Computer Program Products For Entering Sensitive And Padding Data Using User-Defined Criteria - Disclosed are methods, systems, and computer program products for identifying sensitive data from a user-entered input sequence based on user-defined criteria. According to one method, user-defined criteria for identifying sensitive data within user-entered input sequences that include sensitive data and padding data are received. A request for sensitive data from a requesting agent is presented. A user-entered input sequence that includes sensitive data and padding data is received in response to the request for sensitive data. Sensitive data is identified within the user-entered input sequence using the user-defined criteria. The identified sensitive data is provided to the requesting agent in response to the request for sensitive data.06-14-2012
20090019289NEGATIVE AUTHENTICATION SYSTEM FOR A NETWORKED COMPUTER SYSTEM - The disclosed invention is a method for screening access to a computer system using a negative authentication system. Input login requests are compared against a set of detectors comprising anti-passwords and only allowed further access if they do not match any of the anti-passwords. A method of generating a set of detectors comprising anti-passwords is also disclosed.01-15-2009
20080250248Identity Management System with an Untrusted Identity Provider - This invention describes an Identity Management system, in which the User uses the same set of credentials to log into multiple Web Service Providers (WSPs). However, unlike in traditional systems, none of the WSPs have to rely on assertions issued by the Identity Provider (IdP). The Identity Provider itself remains agnostic of User's credentials and User's personal information (the Identity). A 3-way cryptographic protocol is employed between the User, the WSP and the IdP that allows credentials re-use without exposing the IdP to any sensitive information.10-09-2008
20120066505SYSTEM AND METHOD FOR REMOTE RESET OF PASSWORD AND ENCRYPTION KEY - A method and system are provided for resetting a password using a first device and a second device. The second device stores data encrypted using a content protection key, which itself is stored in encrypted form using the password, and is also stored in encrypted form using a key encryption key. The first device receives a public key from a second device. The first device uses the public key and a stored private key to generate a further public key. The further public key and a new password are sent to the second device. The second device uses the further public key to generate the key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key is created, and encrypted using the new password.03-15-2012
20110055585Methods and Systems to Create Big Memorizable Secrets and Their Applications in Information Engineering - Main invention is methods and systems to create big and yet memorizable secret, which are later applied into many novel and innovated applications in information engineering. Among the big secret creation methods are (i) self-created signature-like Chinese character, (ii) two-dimensional key (2D key), (iii) multilingual key, (iv) multi-tier geo-image key, (v) multi-factor key using software token, and their hybrid combinations. Multihash key using hash iteration and hash truncation is further used to increase number of created secret for multiple offline and online accounts. Besides, multihash signature using multiple hash values of a message from different hash iteration provides object-designated signature function. The object may be recipient, action, feature, function, meaning, etc., as representation. Also, random space steganography using stego-data with random noise insertion is proposed. The main application of big memorizable secret is MePKC (Memorizable Public-Key Cryptography) using fully memorizable private key. Here, 160- to 512-bit MePKC can be realized.03-03-2011
20110055584METHOD AND APPARATUS FOR ACCESS CONTROL TO INSTALLATION CONTROL SYSTEMS OF WIND ENERGY INSTALLATIONS - A method for access control to installation control systems of wind energy installations. The method includes receiving a requested user name and a requested password, wherein authorizations and checking information are coded in the requested password. The method further includes decoding the authorizations and the checking information from the requested password, checking the requested user name on the basis of the decoded checking information, checking the decoded authorizations if the check of the requested user name on the basis of the decoded checking information has a positive result, and allowing access to an installation control system of a wind energy installation when the decoded authorizations are sufficient. A wind energy installation for implementing the method includes an installation control system and a decoding unit.03-03-2011
20110119496Methods, Systems, And Computer Program Products For Entering Sensitive And Padding Data Using User-Defined Criteria - Disclosed are methods, systems, and computer program products for identifying sensitive data from a user-entered input sequence based on user-defined criteria. According to one method, user-defined criteria for identifying sensitive data within user-entered input sequences that include sensitive data and padding data are received. A request for sensitive data from a requesting agent is presented. A user-entered input sequence that includes sensitive data and padding data is received in response to the request for sensitive data. Sensitive data is identified within the user-entered input sequence using the user-defined criteria. The identified sensitive data is provided to the requesting agent in response to the request for sensitive data.05-19-2011
20100017616WEB BASED SYSTEM THAT ALLOWS USERS TO LOG INTO WEBSITES WITHOUT ENTERING USERNAME AND PASSWORD INFORMATION - Systems and methods for securely managing Internet user passwords are presented herein. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website.01-21-2010
20080307235METHOD OF PRESENTING FEEDBACK TO USER OF CHANCES OF PASSWORD CRACKING, AS THE PASSWORD IS BEING CREATED - A method, system and computer program product for automatically displaying the potential risk associated with cracking a password. While creating or modifying a password, feedback is provided describing the risk associated with cracking the password. Risk assessment may be presented as a percentage, accompanied by an explanation of why the value was ascertained. Risk feedback during password creation provides an opportunity to improve computer, document, and file security.12-11-2008
20110154048Dynamically Mitigating A Noncompliant Password - Techniques are disclosed for dynamically mitigating a noncompliant password. The method comprises obtaining a password; generating one or more quality scores for the password using a password policy for an authentication and authorization service; determining whether the password has sufficient score quality; in response to determining that the password does not have sufficient score quality, granting to the user a different level of access to the service than if the password meets the quality criteria; wherein the method is performed by one or more computing devices.06-23-2011
20110307709MANAGING SECURITY OPERATING MODES - A storage device that supports Trusted Computer Group (TCG) security allows management of TCG security features by a Basic Input/Output System (BIOS) using non-TCG security commands supported by the BIOS. In one implementation, a BIOS that does not support TCG security but does support ATA security can use ATA drive unlock to invoke TCG drive unlock on the storage device. Further, the storage device can be transitioned among multiple security operating modes (e.g., Undeclared, ATA security or TCG security).12-15-2011
20110307710Tokenized Payment Processing Schemes - A payment processing system for accepting manually-entered payment-card numbers. Rather than entering a payment-card account number into an application module, the card number is instead captured and stored within a tokenizer prior to being sent to the application module. The tokenizer then returns a random token to the calling application as a pointer to the original payment-card number. The token has no algorithmic relationship with the original payment-card number, so that the payment-card number cannot be derived based on the token itself. Since the token is not considered cardholder data, the token may be used in an application module without the module or its connected hardware from being subject to regulatory standards compliance. Some embodiments involve browser-based schemes, and some embodiments involve PIN-entry device-based schemes.12-15-2011
20110307708ENABLING ACCESS TO REMOVABLE HARD DISK DRIVES - A method, apparatus, and computer program product for accessing a device. The device receives a key from an operating system in response to the device in a locked state being connected to a data processing system after the operating system for the data processing system is running. The device compares the key received from the operating system with a set of keys stored in the device. The key is based on a system identifier for the data processing system and a password. The device determines whether a match is present between the key and the set of keys. The device changes the device from the locked state to an unlocked state in response to a determination that the match is present.12-15-2011
20120066504METHODS, APPARATUS AND SYSTEMS FOR SECURING USER-ASSOCIATED PASSWORDS USED FOR IDENTITY AUTHENTICATION - Methods, apparatus and systems for securing user-associated passwords used in transactions are disclosed. The methods include a user computing device receiving a user-associated password such as a PIN from a user, where the user-associated password is operable to authenticate an identity of a user. The user-associated password may be received in response to the user receiving a request for the user-associated password from a third party such as a merchant. The user computing device may generate a temporary password such as a one-time password, dynamic password, or the like, and encrypt the user-associated password using the temporary password. The encrypted user-associated password may then be communicated to the third party in lieu of the user-associated password received by the user.03-15-2012
20090172408METHOD AND SYSTEM FOR MANAGING THE DISPLAY OF SENSITIVE CONTENT IN NON-TRUSTED ENVIRONMENTS07-02-2009
20090172407VIRTUAL SMART CARD SYSTEM AND METHOD - A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user's virtual smart card to obtain the user's private key.07-02-2009
20090172406METHOD AND SYSTEM FOR PROTECTING PATIENT DATA - A method for a medical system to transmitting patient information to an external USB storage device includes checking the validity of the USB storage device according to the registered information therein, generating a new identification file according to a new times of using value that is incremented each time the validity checks are passed, and a unique ID number of the USB device, and writing the new identification file into the USB storage device to replace the old identification file.07-02-2009
20080282091Systems and Methods of Securing Resources Through Passwords - Disclosed is a method of authorizing access to an item that maintains a lockout count and blocks access to the item if the lockout count exceeds a predetermined value. One feature is that the invention “variably” increments the lockout count if the presented password fails to exactly match the stored password. In this process the invention increments the lockout count different amounts depending upon how closely the presented password matches the stored password. The invention also provides a methodology that allocates a plurality of the same passwords to a plurality of users who share the same userid. The invention allows continuous operation of the item being accessed by providing that each of the passwords has a different expiration date. Also, when dealing with situations where a plurality of users who share the same userid also share the same password, the invention maps information associated with the users to the password in a data file and periodically updates the data file.11-13-2008
20120159180Server-side Encrypted Pattern Matching - Server-side encrypted pattern matching may minimize the risk of data theft due to server breach and/or unauthorized data access. In various implementations, a server for performing the server-side encrypted pattern matching may include an interface component to receive an encrypted query token. The server may further include a query component to find a match for the encrypted query token in the encrypted data string. The query component may find such a match without decrypting the encrypted data string and the encrypted query token by using an encrypted dictionary that includes information on the edges of the encrypted suffix tree.06-21-2012
20110099383METHOD FOR TRANSMITTING DATA AND PREVENTING UNAUTHORIZED DATA DUPLICATION FOR HUMAN-MACHINE INTERFACE DEVICE USING MASS STORAGE CLASS OPERATING ON UNIVERSAL SERIAL BUS - A method for transmitting data and preventing unauthorized data duplication for human-machine interface device (HID) using Mass Storage Class (MSC) operating on Universal Serial Bus (USB) simulating the HID as an external USB storage device to make data connection to an external computer thus driver installation is not required when the operating system used by the external computer is not compatible with the operating used by the HID. The method encrypted the transmitted data via a dynamic password and does not write the data to the File Allocation Table (FAT) therefore the transmitted data is not under threat of unauthorized data duplication by a third party.04-28-2011
20090132827DEBUGGING PORT SECURITY INTERFACE - The present invention provides a secure JTAG interface to an application-specific integrated circuit (ASIC). In the preferred embodiment the invention operates through the combined efforts of a Security Module (SM) comprising a state machine that controls the security modes for the ASIC, and a Test Control Module (TCM) which contains the JTAG interface. The TCM operates in either a restricted mode or an unrestricted mode, depending on the state of the SM state machine. In a restricted mode, only limited access to memory content is permitted. In an unrestricted mode, full access to memory content is permitted.05-21-2009
20120216046System and Method for Decrypting Files - In accordance with particular embodiments, a computer-implemented method for execution by one or more processors includes intercepting a communication comprising a message. The method also includes identifying words from within the message. The method further includes storing in a dictionary words from within the message of the communication and one or more parameters of the communication for each of the words. The dictionary comprises a plurality of words from a plurality of intercepted text-based communications. The method also includes receiving an encrypted file that is configured to be decrypted using a password. The method additionally includes identifying words from the dictionary to be used to attempt to decrypt the encrypted file. The identified words are identified based on at least one parameter associated with the encrypted file and the one or more parameters stored in the dictionary. The method further includes attempting to decrypt the encrypted file using at least a portion of the identified words from the dictionary as the password for decrypting the encrypted attachment.08-23-2012
20110185185METHOD AND APPARATUS FOR PARENTAL CONTROL OF WIRELESS BROADCAST CONTENT - A method comprises detecting zapping to or from one or more services; determining whether the zapping includes termination of a password-protected service; and sending a trigger message (07-28-2011
20120324234FLEXIBLE METHOD OF USER AUTHENTICATION - A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorisation methods each requiring data only from available user information entry devices. The user then selects one of the determined authorisation methods for use in user authorisation. Optionally, each authorisation method is associated with a security level relating to user access to resources. Once the authorisation method is selected, the user provides user authorisation information in accordance with a determined user authorisation method and registration proceeds.12-20-2012
20120226912PASSWORD-BASED OPERATION OF A LOCKED COMPUTING DEVICE - The present application relates to performing operations on a computing device having a restricted mode of operation and an unrestricted mode of operation. A first input sequence comprising a correct authentication code and a command code is obtained while in the restricted mode of operation. The device executes one or more special operations associated with the command code while the device remains in the restricted mode of operation. The device transitions to the unrestricted mode of operation upon obtaining a second input sequence comprising a correct authentication code, and in the unrestricted mode of operation the device may execute one or more regular operations.09-06-2012
20100011221Secured storage device with two-stage symmetric-key algorithm - A secured storage device uses a user key set by user to encrypt a primary key that is for encryption or decryption of user data, to produce a first encrypted data. In the secured storage device, neither the primary key nor the user key is stored, but the first encrypted data, and a secondary key and a second encrypted data produced from the secondary key encrypted with the user key for verifying the password inputted by user are stored. Therefore, even though a storage medium in the secured storage device is detached and read, the primary key and the user key cannot be obtained by a third party for reading out any encrypted user data from the secured storage device.01-14-2010
20120254623Information Processing Apparatus and Data Protection Method - According to an embodiment, an information processing apparatus includes a first storage unit, a second storage unit, a power supply state control unit, a cryptographic key movement unit, a communications unit, an information input determination unit, a communications state determination unit, and a cryptographic key control unit. The cryptographic key movement unit is configured to move at least part of the cryptographic key data stored in the first storage unit to the second storage unit before a shift from a power-on state to another power supply state. In the other power supply state, the cryptographic key control unit returns the cryptographic key data from the second storage unit to the first storage unit if it is determined that there is an input of information which matches the information stored in the second storage unit and it is determined that communications are enabled between the communications unit and a base-station apparatus.10-04-2012
20120254622Secure Access to Electronic Devices - A device may select a password and encrypt it utilizing a public key. The device may provide the encrypted password when an access request is received from a client. The client may obtain an unencrypted version of the password by submitting it to a private key server (which utilizes the private key to decrypt the password) and return the password to the device. When the device receives the unencrypted password from the client, the device may allow access. The device may generate the password once during operation. However, in some implementations, the device may generate a new password for each access request and may only respond to the most recently issued password. The device may generate, encrypt, and transmit a single password. However, in various implementations the device may generate, encrypt, and/or transmit a number of different passwords to support different access configurations.10-04-2012
20110004769PASSWORD INPUT SYSTEM USING AN ALPHANUMERIC MATRIX AND PASSWORD INPUT METHOD USING THE SAME - The present invention relates to a password input algorithm, more particularly to a password input system and method using an alphanumeric matrix. An aspect of the invention can provide a password input system and method that can defend against keylogging attacks and shoulder surfing attacks, by having the final password inputted by way of certain alphanumeric matrix letters which are separated by a particular distance from the letters forming the password in the alphanumeric matrix. Also, an aspect of the invention can provide a password input system and method that can further increase the probability of defending against keylogging attacks and shoulder surfing attacks, by having the final password inputted by way of certain alphanumeric matrix letters which are separated by a particular distance from the letters forming the password in the alphanumeric matrix, but with the alphanumeric matrix rotated every time a letter is inputted.01-06-2011
20120278630DEBUGGING PORT SECURITY INTERFACE - The present invention provides a secure JTAG interface to an application-specific integrated circuit (ASIC). In the preferred embodiment the invention operates through the combined efforts of a Security Module (SM) comprising a state machine that controls the security modes for the ASIC, and a Test Control Module (TCM) which contains the JTAG interface. The TCM operates in either a restricted mode or an unrestricted mode, depending on the state of the SM state machine. In a restricted mode, only limited access to memory content is permitted. In an unrestricted mode, full access to memory content is permitted.11-01-2012
20120089848Apparatus and Method for Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.04-12-2012
20120102331Method, System And Device For Securing A Digital Storage Device - Method of securing a digital storage device, wherein a host is connected to the storage device, the host digitally locks the storage device so that unauthorized data access to the storage device is denied, the host sets the encryption conditions of the storage device in one of a condition wherein encryption of data on the storage device is enabled, and a condition wherein encryption of data on the storage device is disabled.04-26-2012
20130013929PROJECTOR SYSTEM - A projector system includes an information processing apparatus and a projector. The projector includes a device connection unit which enables communication between the information processing apparatus and the projector, a password generating unit which generates a password, and an encryption unit which encrypts the password and outputs the encrypted password to the information processing apparatus through the device connection unit. The information processing apparatus includes a device connection unit which enables communication between the projector and the information processing apparatus, a decryption unit which decrypts the encrypted password input through the device connection unit of the information processing apparatus using a decryption key, and a password determining unit which has functions of determining whether the decrypted decryption password is correct and outputting a signal directing to start the process for projection to be performed by the information processing apparatus in a case where the decrypted password is correct.01-10-2013
20130019103SYSTEM AND METHOD FOR GENERATING AND MANAGING ADMINISTRATOR PASSWORDS - A password management system and method for securing networked client terminals and mobile devices is provided. More specifically, the present invention provides a system and method for encrypting randomly generated administrator-level passwords and providing a means for decrypting the randomly generated passwords for single-use unrestricted access to a designated terminal or mobile device. When unrestricted access to the terminal or mobile device is required, the encrypted administrator-level password is decrypted using a shared symmetric key, which is generated during encryption of the administrator password, to reveal the administrator-level password for the terminal or mobile device. The administrator-level password is a single-use password, wherein upon use of the administrator-level password a new administrator-level password may be automatically generated for the corresponding terminal or mobile device.01-17-2013
20130019102System and method for encrypted smart card pin entry - A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.01-17-2013
20100235645APPARATUS AND METHOD FOR LIMITING ACCESS TO MODEL SPECIFIC REGISTERS IN A MICROPROCESSOR - A microprocessor having a control register to which the manufacturer of the microprocessor may limit access. The microprocessor includes a manufacturing identifier that uniquely identifies the microprocessor and that is externally readable from the microprocessor by a user. The microprocessor also includes a secret key, manufactured internally within the microprocessor and externally invisible. The microprocessor also includes an encryption engine, coupled to the secret key, configured to decrypt a user-supplied password using the secret key to generate a decrypted result in response to a user instruction instructing the microprocessor to access the control register. The user-supplied password is unique to the microprocessor. The microprocessor also includes an execution unit, coupled to the manufacturing identifier and the encryption engine, configured to allow the instruction access to the control register if the manufacturing identifier is included in the decrypted result, and to otherwise deny the instruction access to the control register.09-16-2010
20130097428ELECTRONIC APPARATUS AND ENCRYPTION METHOD THEREOF - An electronic apparatus includes a secure unit to store public key information, an input unit to receive user authentication information and a data searching word, a user authenticating unit to perform user authentication with the inputted user authentication information, an encryption generating unit to generate a searching word encryption to use in data search, and a control unit to control generating the searching word encryption using the previously-stored public key information, the inputted user authentication information, and the data searching word.04-18-2013
20130145170CROSS SYSTEM SECURE LOGON - A cross system secure logon in a target system by using a first authentication system and a second authentication system. A correct password may be valid on the first authentication system and the second authentication system. An aspect includes receiving an input password, generating a first hash key by using the first authentication system, and/or generating a second hash key by using the second authentication system, wherein each authentication system uses a system unique non-collision free hash algorithm. Further, in one aspect, comparing the first hash key with a first predefined hash key of the correct password stored in the first authentication system, and/or comparing the second hash key with a second predefined hash key of the correct password stored in the second authentication system. Furthermore, granting access to the target system based on at least one of the comparisons.06-06-2013
20110314295Storage Device and Method for Communicating a Password between First and Second Storage Devices Using a Double-Encryption Scheme - A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device.12-22-2011
20120011370PERSONAL IDENTIFICATION CODE ENTRY DEVICE AND METHOD THEREFOR - A data entry device for entering characters of a personal identification code comprising a pattern of chambers containing a character of a personal identification code which is required to be selected, said chambers being displayed in different lines on said pattern and each chamber containing a character therein; and a plurality of selection buttons each selection button being capable of selecting a sole line of said lines on said pattern.01-12-2012
20100180126SECURE REMOTE PASSWORD VALIDATION - A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process.07-15-2010
20100174912UNIQUE ACCOUNT IDENTIFICATION - A synchronization system includes a first account assigned a first unique identifier. Access to the first account is contingent on validation of a shared access credential. The synchronization system also includes a second account assigned a second unique identifier. Access to the second account is contingent on validation of the shared access credential. The synchronization system further includes a library of account operations. One or more account operations are configured to utilize the first unique identifier when addressing the first account, and one or more account operations are configured to utilize the second unique identifier when addressing the second account.07-08-2010
20130212401METHODS AND DEVICES FOR AUTHENTICATION AND DATA ENCRYPTION - A storage device comprises a non-volatile storage media and a processor that is operative to receive, via an interface with one or more host devices, a first entered password needed for accessing data stored in the non-volatile storage media, generate a first number, combine the first entered password and the first number, generate a cryptographic key based on the combination of the first entered password and the first number, encrypt the received first entered password using the cryptographic key, and store the encrypted first entered password and the first number in the non-volatile media. The processor may be further operative to receive a request for authentication; provide a reply comprising the first number; receive a second number calculated based on a cryptographic combination of the first number and a second entered password, and authenticate the host device if the second number successfully decrypts the encrypted first entered password.08-15-2013

Patent applications in class Solely password entry (no record or token)