Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Using record or token

Subclass of:

713 - Electrical computers and digital processing systems: support

713182000 - SYSTEM ACCESS CONTROL BASED ON USER IDENTIFICATION BY CRYPTOGRAPHY

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
713186000 Biometric acquisition 136
Entries
DocumentTitleDate
20100011223METHOD FOR MAKING SMART CARDS CAPABLE OF OPERATING WITH AND WITHOUT CONTACT - The invention concerns a method for making smart cards capable of operating with or without contact called mixed cards and contactless smart cards. In order to avoid the risk of deteriorating the antenna the method consists in producing an antenna comprising at least two turns, on a support sheet, said antenna having its turns located outside the connecting pads, and in providing an insulating bridge so as to connect each of the antenna ends to a connection pad respectively. 01-14-2010
20130086389Security Token and Authentication System - Techniques are provided for entering a secret into a security token using an embedded tactile sensing user interface with the purpose of verifying the secret against a stored representation of the same secret. In particular, an embodiment of the security token according to the invention comprises a tactile sensing user interface being arranged to receive a user-encoded secret, a decoding unit being arranged to generate a decoded secret by decoding the user-encoded secret, a comparison unit being arranged to compare the decoded secret with a copy of the secret stored in the token in order to verify the authenticity of a user. Thereby, the security token provides on-card matching functionality.04-04-2013
20090049307System and Method for Providing a Multifunction Computer Security USB Token Device - The invention discloses a small token device, ideally about the size of a key, which can plug into the USB interface of a host computer, which need not be fully trusted, and handle a variety of different security functions. The device is capable of serving as a secure USB hub, and thus can function on a host computer that only has one available USB port. Among the multiple functions that the device can perform include communicating through the internet in a secure manner, storing data in a secure manner, and access secure information through public key (PKI) methods. The invention also allows secure USB peripherals to maintain security while being hooked up to either a non-secure host computer or other non-secure USB peripherals.02-19-2009
20100042849Device and method for generating digital signatures - For the secure creation of digital signatures and/or for the secure authentication of users with a chip card, an apparatus is plugged into a computer and the PIN is input. The computer operating system activates the autorun function of a read drive in the apparatus and loads an http responder program into the computer. A standard http protocol is used to send a signature request containing all the signature data to the http responder, which writes these data to the interface memory area of a read/write drive in the apparatus, and said interface memory area is read by the internal software in the apparatus, which interprets the data and uses configuration data to check the admissibility of the instruction. If appropriate, the signature request is then forwarded via a chip card read/write apparatus to the chip card, and the signature created by the card is written to the interface memory area, from where it is read by the http responder and is made available to the application as an http response.02-18-2010
20120216047 DIGITAL KEY FEATURING ENCRYPTION AND WEB GUIDE - The present invention targets at providing a digital key featuring encryption and web guide. When users electrically connect the digital key to a computer, the computer can automatically execute to activate a browser program and automatically key in (simultaneously read) a specific web address and specific log-on data without users' operation so as to prevent the attack tricks of unscrupulous persons from stealing information at user end and secure digital information security at user end. Additionally, users don't need to memorize specific log-on data and won't forget or lose log-on information, thereby rendering sufficient convenience.08-23-2012
20080313471ELECTRONIC SYSTEM AND DIGITAL RIGHT MANAGEMENT METHODS THEREOF - An electronic system is provided, in which a smart chip, a smart chip controller, a processor, a system memory, and an access management module is provided. The smart chip controller communicates with the smart chip. The processor performs a mutual authentication with the smart chip. The system memory is accessible to the smart chip and the processor. The access management module is coupled between the processor and the smart chip controller. The access management module prevents the processor accessing a certain range of the system memory according to a block command from the smart chip controller, in response of that the mutual authentication between the processor and the smart chip is failed.12-18-2008
20090271633Data Access and Identity Verification - A user access interface for a processor device comprises a control program adapted to receive a first access data indicative of a first access key, so that upon receiving the first access data the control program causes the database to be interrogated, thereby obtaining a first verification data that is indicative of access verification for one or more accessible services associated with the first access data, the physical access key and a respective registered first user.10-29-2009
20090265560Numbering Method, Numbering Device, and Laser Direct Drawing Apparatus - An object is to give an identification number which is hard to guess from the previous and next identification numbers without overlap, to give an identification number by using a simple program, or to generate rapidly an identification number without using a memory medium having large capacitance. An integer obtained as a set of ciphertexts through bijective mapping from a set of integers which is a plaintext is used as an identification number. In specific, a set of integers without overlap is used as a plaintext space and encryption thereof is performed, so that an element of a ciphertext space obtained from the set of the plaintext space is used as an identification number. As the encryption, a bijective encryption method is employed; for example, RSA cryptosystem or ElGamal cryptosystem can be employed.10-22-2009
20090006858Secure seed provisioning - A method is used for secure seed provisioning. Data is derived from inherent randomness in an authentication device. Based on the data, the authentication device is provisioned with a seed.01-01-2009
20100153736METHOD FOR ISOLATING SPECIAL FUNCTIONALITIES IN FIELD DEVICES USED IN AUTOMATION TECHNOLOGY - A method for activating special functionalities in field devices used in automation technology uses an activation code, encrypted with a private key and containing an activation option and field-device-specific information transferred to a field device. Decrypting of the activation code occurs with a public key stored in the field device. Then, the field-device-specific information contained in the activation code is compared with information stored in the field device. If these two pieces of information, match, then the activation option in the activation code is ascertained, and the corresponding special functionality is activated. This method makes it possible to activate special functionalities securely in field devices.06-17-2010
20110283111Apparatus for Verifying and for Generating an Encrypted Token and Methods for Same - Embodiments show an apparatus for verifying a validity of an encrypted token associated to a product, wherein the apparatus has a decryptor for decrypting an encrypted token using a decryption key to obtain a decrypted token having information bits related to the product and structure bits. The apparatus further has an evaluator for evaluating whether the structure bits fulfill a predetermined condition, wherein the encrypted token is verified to be valid when the predetermined condition is fulfilled or is not verified to be valid when the predetermined condition is not fulfilled. Further embodiments show an apparatus for generating an encrypted token associated to a product, wherein the apparatus has a plain token generator and an encryptor for encrypting the plain token using an encryption key to obtain an encrypted token.11-17-2011
20110296194SECURE AUTHENTICATION AT A SELF-SERVICE TERMINAL - A method of providing secure authentication of a service user at a self-service terminal is described. The method comprises: detecting attempted access by the service user to a restricted function on the self-service terminal; ascertaining if a removable storage device is in communication with the self-service terminal; in the event that a removable storage device is not in communication with the self-service terminal, denying access to the restricted function; in the event that a removable storage device is in communication with the self-service terminal, prompting the service user to enter login credentials. The method further comprises comparing the entered login credentials with access details stored on the removable storage device; denying access to the restricted function if the entered login credentials do not comply with the access details; permitting access to the restricted function if the login credentials do comply with the access details; and storing details relating to the access.12-01-2011
20100228989ACCESS CONTROL USING IDENTIFIERS IN LINKS - Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.09-09-2010
20090282259NOISY LOW-POWER PUF AUTHENTICATION WITHOUT DATABASE - The present invention relates to a method of authenticating, at a verifier (11-12-2009
20100037063METHOD, SYSTEM AND PROGRAM PRODUCT FOR SECURING DATA WRITTEN TO A STORAGE DEVICE COUPLED TO A COMPUTER SYSTEM - A method, system and program product for securing data written to a storage device coupled to a computer system. The method includes providing a detachable data security key device for controlling access to data written to a storage within a computer system and attaching the security key device to the computer system for enabling access to the data written to the storage. Further, the method includes detaching the security key device from the computer system for disabling access to the data written to the storage, wherein removal of the security key device from the computer system renders the data written to the storage unreadable. In an embodiment, the security key device includes an encryption key module coupled to the security key device for encrypting the data written to the storage and includes a decryption key module coupled to the security key device for decrypting the data written to the storage.02-11-2010
20120110339Security Software For Vector File Format Data - Systems and/or methods where a file requires an associated token to be accessed (see DEFINITIONS section) by the software used to access the file and that the token effectively requires that: (i) a particular authorized copy (or subset of authorized copies) of the software is being used to access the file; and (ii) that the authorized software is being run on an authorized hardware set (for example, organizational server computer). In at least some preferred embodiments, the files are specifically vector file format data files (“vffdf's”). In at least some preferred embodiments: (i) the token associated with the file is called a public token; (ii) the authorized software copy includes a private token; (iii) the file is encrypted; and (iv) the public and private tokens must sufficiently correspond in order for the file to be decrypted and thereby accessed. In at least some preferred embodiments, files that have an associated token cannot be accessed unless each licensing condition of a set of licensing (see DEFINITION of “license”) conditions, including at least one licensing condition is met, such that the use of the software on the file bearing the token is considered to be authorized. If the licensing conditions are not all met, then the software may or may not still be allowed to process files that do not bear a token according to the present invention.05-03-2012
20090249078OPEN ID AUTHENTICATION METHOD USING IDENTITY SELECTOR - Provided is an Open ID authentication method using an identity selector, which can simplify the authentication of an open ID and reduce phishing and hacking risks by automatically performing an open ID-based login process without the need to manually input an open ID uniform resource locator (URL) to a login window.10-01-2009
20100100746SECURE AUTHENTICATION USING HARDWARE TOKEN AND COMPUTER FINGERPRINT - A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.04-22-2010
20110197073METHOD AND APPARATUS FOR SECURE DISTRIBUTION OF DIGITAL CONTENT - A method and apparatus for secure distribution of digital content is provided. In accordance with at least one embodiment, an intermediate device maintains an authorized content sink list which it uses to allow reauthorization of a first content sink for access to first content from a first content source when the first content sink has a first content sink entry on the authorized content sink list. In accordance with at least one embodiment, reauthorization is conditioned upon a first content sink entry currency status having not yet expired. In accordance with at least one embodiment, the intermediate device allows authentication of the first content sink by the first content source when no first content sink entry exists on the authorized content sink list or when the first content sink entry currency status has expired.08-11-2011
20080209225METHODS AND SYSTEMS FOR ASSIGNING ROLES ON A TOKEN - An embodiment relates generally to a method of assigning roles to a token. The method includes determining a first role for a first participant on a token and providing exclusive access to a first section of the token for the first participant base on the first role. The method also includes determining a second role for a second participant on the token and providing exclusive access to a second section of the token for the second participant based on the second role.08-28-2008
20080209223TRANSACTIONAL VISUAL CHALLENGE IMAGE FOR USER VERIFICATION - A method and a system generate a transactional visual challenge image to be presented to a user thereby to verify that the user is human. For example, an image module generates a visual challenge to be presented to a user as part of a challenge-response to verify that the user is human. A transactional background image module identifies a transactional background that is associated with a specific transaction and a combiner image module combines the visual challenge and the transactional background into an image which is to be presented to the user during transaction authorization, the transactional background associating the visual challenge with the particular transaction.08-28-2008
20090287937IDENTITY VERIFICATION - The invention provides a method for verifying the identity of an entity to a computerised system. The entity is in possession of a personal identification device (PID) having a PID ID and storing a Codec that can be used to encode and decode data. The computerised system holds data associated with the entity including the PID ID of the entity's PID, the Codec and a password associated with and known to the entity. The method involves transmitting an encoded Challenge from the computerised system to the PID, calculating a Reply using the Challenge and the password entered by the user, and transmitting the Reply from the PID to the computerised system. The transmitted Reply is compared with a reply calculated by the computerised system and the identity of the entity is verified if the comparison determines that Replies are the same.11-19-2009
20090177892PROXIMITY AUTHENTICATION - A security token is coupled to a computer and is available for use by both local and remote processes for on-demand response to a challenge. To minimize the security risk of an unattended session, the challenge may be issued to verify the presence of the token. When the token has a user interface, it may be used in conjunction with the computer to require that a user also participate in transferring displayed data between the token and computer. This helps to ensure that not only the token, but the user are both present at the computer during operation. For the most sensitive operations, such a confirmation may be required with each data submission.07-09-2009
20090144556GENERIC ELECTRONIC KEY PROVIDED WITH A CUSTOMIZED SMART CARD - A portable electronic device has a case including: a smart chip, an application which is stored in the smart chip, at least one interface for a user, and a microcontroller which controls the smart chip and the interface. The aforementioned microcontroller is configured to execute the primitive functions of the electronic key in order for the interface to be used, while the smart chip is configured to execute the application. The application is configured to generate calls to the primitive functions in order to communicate with the user by means of the interface.06-04-2009
20110145590SECURE DATA EXCHANGE BETWEEN DATA PROCESSING SYSTEMS - A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.06-16-2011
20110145589OBLIVIOUS TRANSFER WITH ACCESS CONTROL - A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record.06-16-2011
20080263364System and method for providing access to a computer resource - There is provided a device and method for providing access to a computer resource. An exemplary device that is adapted to provide access to a computer resource comprises a Universal Serial Bus (USB) security token having a pressure sensor that is adapted to detect pressure applied to the USB security token, and a structure that is adapted to create authentication information to be provided to the computer resource in response to a detection of pressure by the pressure sensor. An exemplary method of providing access to a computer resource comprises detecting an application of pressure to a USB security token, and providing authentication information to the computer resource in response to the detection of the application of pressure to the USB security token.10-23-2008
20080263365INTEGRATING LEGACY APPLICATION/DATA ACCESS WITH SINGLE SIGN-ON IN A DISTRIBUTED COMPUTING ENVIRONMENT - The present invention provides methods, systems, computer program products, and methods of doing business whereby legacy host application/system access is integrated with single sign-on in a modern distributed computing environment. A security token used for signing on to the modern computing environment is leveraged, and is mapped to user credentials for the legacy host environment. These user credentials are programmatically inserted into a legacy host data stream, thereby giving the end user the look and feel of seamless access to all applications/systems, including not only modern computing applications/systems but also those residing on (or accessible through) legacy hosts. In addition to providing users with the advantages of single sign-on, the disclosed techniques enable limiting the number of user identifiers and passwords an enterprise has to manage.10-23-2008
20100217999METHOD AND SYSTEM FOR SECURE AUTHENTICATION - A system and method configured to provide secure Personal Identification Number (PIN) based authentication is disclosed. A passcode or PIN associated with a customer value card can be securely authenticated by an issuer prior to authorizing payment. An Access Control Server (ACS) can receive the PIN or passcode from a customer via a secure connection over a public network. The ACS can generate an encrypted PIN and can communicate the encrypted PIN to a remote issuer for authentication. The ACS can use one or more hardware security modules to generate the encrypted PIN. The hardware security modules can be emulated in software or implemented in hardware. The system can be configured such that the PIN is not exposed in an unencrypted form in a communication link or in hardware other than the originating customer terminal.08-26-2010
20100228991Using Hidden Secrets and Token Devices to Control Access to Secure Systems - A system for using an encrypted version of a password or access code which is stored in the open on a computer or other device, which utilizes a hardware token to decrypt the password or access code utilizing a secure secret which is stored inside the device, and which never leaves the device, to allow the owner of the device to have access to the Secure System. The system also provides means whereby the holder of a Master token and the holder of a Grand Master token may also have access to the Secure System as long as the user token was previously registered to the Master token and the Master Token was previously registered to the Grand master token before the secured resource was locked by the user token. Also the system allows members of user groups so designated at the time the resource is locked, to be able to have access as long as their token was previously registered with the same Master Token as the user that locked the resource and as long as the token locking the resource was also a member of the authorized user group.09-09-2010
20100228990Using Hidden Secrets and Token Devices to Create Secure Volumes - A system for encrypting Secure Volumes using an encryption key which is saved in the open after being encoded inside a hardware token device utilizing a secure secret which is stored inside the device, and which never leaves the device. The encrypted volume can be accessed again only after a hardware token has decoded this encryption key. The system also provides means whereby the holder of a Master token and the holder of a Grand Master token may also have access to the volume as long as the user token was previously registered to the Master token, and the Master Token was previously registered to the Grand master token before the secured volume was encrypted. Also, the system allows members of user groups so designated at the time the volume is encrypted, to be able to have access to the volume as long as their token was previously registered with the same Master Token as the user that encrypted the volume and as long as the token encrypting the volume was also a member of the authorized user group.09-09-2010
20100211797SECURELY PROVIDING A CONTROL WORD FROM A SMARTCARD TO A CONDITIONAL ACCESS MODULE - Various embodiments of the invention provide a method, a smartcard, a conditional access module (CAM) of a receiver and a receiver, such as e.g. a set-top box, for securely providing a control word from the smartcard to the CAM. In various embodiments, diversification data from the smartcard and the CAM is used to make the encryption key and decryption key to encrypt and decrypt the control word in the smartcard and CAM, respectively, dependent on a user interaction with the receiver, such as e.g. selecting a service in the set-top box.08-19-2010
20100241867SYSTEM AND METHOD FOR ENCRYPTED SMART CARD PIN ENTRY - A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.09-23-2010
20100241866Computer System and Method for Storing Data - A method is provided for generating a first key to encode and/or decode data and a first pointer, with said data stored and/or storable on a first data processing system in a memory area identified by said first pointer, comprising the following steps: recursive generating of said first key from a second key, recursive generating of said first pointer from a second pointer, with the number of recursions for implementing the recursive generating of said first key and said first pointer determined by an index value.09-23-2010
20100250956METHOD AND SYSTEM FOR FACILITATING DATA ACCESS AND MANAGEMENT ON A SECURE TOKEN - A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.09-30-2010
20100250955Brokered information sharing system - A brokered information sharing system including a primary broker configured with software to store cards of a principal, to transmit the cards when requested by the principal, to authenticate the principal, and to provide a master authentication of the principal to at least one issuing party. A selector is used by the principal and is configured with software to provide authentication of the principal to the primary broker, and to request and receive cards from the primary broker.09-30-2010
20100205449Image forming apparatus, method for validating IC card holder, and computer program product thereof - A disclosed image forming apparatus includes a validating unit validating a holder of an IC card having a first security information set, login information set and first identifier information set, based on the first security information set; a login unit performing a login process for the IC card holder to log in based on the login information set; and a storage unit storing the first security information set as a second security information set and the first identifier information set as a second identifier information set obtained when the login process performed is successful. In the image forming apparatus, the validating unit validates, provided that first identifier information set from the IC card matches the second identifier information set in the storage unit, the holder of the IC card by reusing the second security information set in the storage unit when the first security information is requested using the IC card.08-12-2010
20090070591Grid Mutual Authorization Through Proxy Certificate Generation - A mechanism for mutual authorization of a secondary resource in a grid of resource computers is provided. When a primary resource attempts to offload a grid computing job to a secondary resource, the primary resource sends a proxy certificate request to the user machine. Responsive to a proxy certificate request, the user machine performs authorization with the secondary resource. If authorization with the secondary resource is successful, the user machine generates and returns a valid proxy certificate. The primary resource then performs mutual authentication with the secondary resource. If the authorization with the secondary resource fails, the user machine generates and returns an invalid proxy certificate. Mutual authentication between the primary resource and the secondary resource will fail due to the invalid proxy certificate. The primary resource then selects another secondary resource and repeats the process until a resource is found that passes the mutual authorization with the user machine.03-12-2009
20100306549METHOD AND DEVICE FOR MANAGING ACCESS CONTROL - In a method for managing access control with locking units, particularly locks, and electronic keys, wherein access authorizations are stored and managed in a central processor, the keys are programmed with authorization information for a pregiven selection of locking units as a function of the respective access authorization, the authorization information is wirelessly sent from a key to a locking unit in the event of an access request, and the access authorization is determined in the locking unit as a function of the received authorization information, the programming of a key comprises the sending of the authorization information via a wireless telecommunication network to a wireless mobile telecommunication device and the transmitting of the authorization information received by the mobile telecommunication device to a memory of the key.12-02-2010
20130145172TOKEN ACTIVATION - Systems and methods for activating a token to enable a user to enter a transaction based on information received from a recovery key and a passcode are described herein.06-06-2013
20110131418METHOD OF PASSWORD MANAGEMENT AND AUTHENTICATION SUITABLE FOR TRUSTED PLATFORM MODULE - A password management and authentication method suitable for an electronic device with a trusted platform module (TPM) is provided. An authentication code is automatically generated according to a TPM password, and the authentication code is stored into an authentication device selected by a user. The authentication device storing the authentication code is directly served as an electronic key of the TPM so that the user needs not to memorize any password and can access data or a hard disk (HD) encrypted by the TPM by simply connecting the authentication device to the electronic device. Thereby, it is very convenient to the user.06-02-2011
20110113255SYSTEM AND METHOD FOR PROVIDING USER MEDIA - An identification system includes at least one user medium, which is equipped to store a derived key and authenticate itself using the same with respect to a write and/or read device. Furthermore, at least one key dispensing medium is present, which comprises a monolithic first integrated circuit having storage means and processor means, wherein the first integrated circuit is equipped to store a source key and derive therefrom the derived key and to pass it on for storage in the user medium, wherein the user medium is enabled neither directly nor by way of aids to read the source key from the key dispensing medium and/or the user medium is not enabled to calculate a derived key.05-12-2011
20110119497SMART CARD AND ACCESS METHOD THEREOF - A smart card and an access method thereof for use with a smart card management system are provided. The smart card management system comprises a smart card access apparatus and a card server. The smart card access apparatus is electrically connected to the smart card. The smart card is configured to store a plurality of application data and management information corresponding to the application data. The smart card access apparatus may transmit a modification signal of a user to the smart card. The smart card may modify the management information according to the modification signal to generate modified management information when the smart card access apparatus is disconnected from the card serve. Therefore, the contents of the smart card may be managed when the smart card access apparatus is disconnected from the card server.05-19-2011
20100146290TOKEN CACHING IN TRUST CHAIN PROCESSING - A method, system, and computer usable program product for token caching in a trust chain processing are provided in the illustrative embodiments. An information in a token associated with a first request is mapped. A determination is made whether a requester of the first request has provided a constraint in the first request, the constraint concerning the token, the constraint forming a client constraint. The client constraint is stored. The information and the mapped information is stored, forming stored information. The token is received in a second request. The stored information is reused if the client constraint allows reusing the stored information. A further determination may be made whether a target system receiving the mapped information has provided a server constraint, the second constraint concerning the mapped information, the second constraint forming a server constraint. The stored information may be reused if the server constraint allows reusing the stored information.06-10-2010
20110213985TWO FACTOR AUTHENTICATION SCHEME - An improved method is provided for generating an authentication factor for authenticating a user. The method includes: assigning a unique identifier to a user of the computing resource; determining a value for a challenge to the user, where the value is determined by a random determination method; concatenating the identifier with the value to form an input string; encrypting the input string using a one-way hash function to yield an output string of characters; and selecting a subset of characters from the output string to serve as the authentication factor for the user. This improved method may be used to generate grids used in a grid authentication scheme.09-01-2011
20110087891METHOD FOR PRODUCING, ALLOCATING AND CHECKING AUTHORIZATION APPROVALS - In a method for producing, allocating and checking authorization approvals that are required in order to fulfill tasks specified by an action plan through performance, by a service technician, of actions defined by the tasks on a device or component of a distributed structure on-the-fly generation and distribution of authorization approvals for service technicians is enabled as a function of necessary actions or measures which are to be performed in the form of tasks and are defined as part of an action plan which is contained or recorded in a work schedule.04-14-2011
20090313479Method and System for Restricted Service Access - A method and system for restricted service access is described. To access adult content, the user has to enter an administrator personal identification number into a mobile device. Upon receipt of the administrator personal identification number, an access code is generated, which is provided to a content provider. The content provider can calculate a valid time window and/or request an acknowledge message from a central server. If the current usage is within the valid time window or otherwise verified, access to the content is allowed. Thus, children are prevented from accessing adult content, while adult access is permitted.12-17-2009
20110154049SYSTEM AND METHOD FOR PERFORMING DATA BACKUP OF DIGITAL VIDEO RECORDER - A system and method for performing data backup of a digital video recorder determines if a second safe mechanism key stored in a secure digital (SD) card is valid when the SD card is detected by the digital video recorder, and changes a data storage path from a first hard disk of the digital video recorder to the SD card if the safe mechanism key stored in the SD card is valid. The system and method further changes the data storage path from the SD card to a second hard disk when the second hard disk is installed, and copies backup data stored in the SD card to the second hard disk.06-23-2011
20110016326Chip Lockout Protection Scheme for Integrated Circuit Devices and Insertion Thereof - A system for implementing a chip lockout protection scheme for an IC device includes an on-chip password register that stores a password externally input by a user; an on-chip security block that generates a chip unlock signal, depending on whether the externally input password matches a correct password; an on-chip false data generator; an input protection scheme configured to gate the external data inputs to functional chip circuitry upon entry of the correct password; and an output protection scheme in communication configured to steer true chip data to external outputs of the IC device upon entry of the correct password, and to steer false data generated by the false data generator to the external outputs upon entry of an incorrect password. The false generated by the false data generator is deterministic and based upon external data inputs, thereby obfuscating whether or not the correct password has been entered.01-20-2011
20100325441PRIVACY-PRESERVING FLEXIBLE ANONYMOUS-PSEUDONYMOUS ACCESS - Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.12-23-2010
20100262835METHOD AND SYSTEM FOR OBTAINING A PIN VALIDATION SIGNAL IN A DATA PROCESSING UNIT - The present invention relates to a method for obtaining a PIN validation signal in a data processing unit, the method including the steps of receiving a PIN in the data processing unit, submitting it to a first portable object for verifying it and obtaining a validation signal. The method further includes the steps of catching or receiving an entered PIN directly in said first portable object for verifying it; transmitting a fake PIN to the data processing unit, the fake PIN being seen by the data processing unit as a PIN to submit to the first portable object for verifying it, and returning a validation signal in case the entered PIN is verified successfully in the first portable object. The invention relates also to corresponding system and secure portable object.10-14-2010
20080235514SAFEGUARDING ROUTER CONFIGURATION DATA - Systems for safeguarding router configuration data are described herein. Some illustrative embodiments include a system that includes a network router, a configuration device comprising configuration data used to configure the network router, and a connector capable of detachably coupling the configuration device to the network router and further capable of detachably coupling a second device to the network router (the connector routes electrical power provided by the network router to a coupled device). The electrical power is set to a voltage level usable to operate the configuration device, while capable of rendering the second device inoperative.09-25-2008
20110179283INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.07-21-2011
20100287382Two-factor graphical password for text password and encryption key generation - This invention details systems, methods, and devices for providing a two-factor graphical password system to a user so that the user may obtain access to a restricted resource. A first previously selected image (previously selected by the user) is presented to the user to enter his password by sequentially selecting predetermined areas on the first image. The user's input is used to create an encryption/decryption key which is used for communicating between a user application and a device. If the user has entered the correct password, then the device can communicate with the user application. Once the device can communicate with the user application, a second previously selected image (previously selected by the user) is presented to the user from the device. The user enters his second password and the user's input is sent to the device. The device then creates the user's alphanumeric password or another encryption key from the user's input and sends this to the user application. The user application then transmits the password or key to the system which restricts access to the restricted resource.11-11-2010
20100287381AUTOMATED PASSWORD AUTHENTICATION - A method of automated password authentication by pattern matching regions of screen pixels against a repository of previously captured regions, and submitting a username and a password stored with the regions of the screen pixels for authentication includes triggering an autorunnable application to startup by inserting a memory stick by a user, challenging the user for a master password to access an encrypted database held on the memory stick, running the autorunnable application as a background task following a successful authorization of the user, and checking whether the user has triggered the autorunnable application by a pre-defined key sequence. If the user has triggered the autorunnable application, then the method proceeds with prompting the user to highlight at least one rectangle around a text or an image which uniquely identifies a login panel, capturing a username and a password when entered by the user, and returning the autorunnable application to a background task. If the user has not triggered the autorunnable application, then the method proceeds with monitoring a screen buffer for a matching signature based on the rectangle drawn by the user.11-11-2010
20110083017METHOD AND APPARATUS FOR USING CRYPTOGRAPHIC MECHANISMS TO PROVIDE ACCESS TO A PORTABLE DEVICE USING INTEGRATED AUTHENTICATION USING ANOTHER PORTABLE DEVICE - A method and system for providing authentication of a user to a first peripheral device connected to a host computer using an authentication of the user on a second peripheral device, thereby allowing the user access to both devices through a single authentication. A security function on the second peripheral device is used to create an authorization phrase. Subsequent accesses to the first peripheral device requires the second peripheral device to re-create the same authorization phrase thereby demonstrating that the same second peripheral device is being used to access the first peripheral device and that a user was successfully authenticated to the second peripheral device. Other systems and methods are disclosed.04-07-2011
20090292927METHODS AND SYSTEMS FOR SINGLE SIGN ON WITH DYNAMIC AUTHENTICATION LEVELS - Method and systems for single sign on with dynamic authentication levels is described. The method include receiving a data request for access to a second application, where the user is already authenticated to the first application at a first authentication level. Application information about the authentication level necessary to access the second application is retrieved. In response to a request, the user provides the further authentication data for accessing the second application. The type of the further authentication data required is based on the first authentication level and the minimum authentication level necessary to access the second application. The user is then authenticated to the second application at the minimum authentication level necessary to access the second application.11-26-2009
20120042170DEVICE AND METHOD FOR ESTABLISHING SECURE TRUST KEY - The invention relates to an electronic device configured for encrypted data transfer with a smart card under a trust key. The electronic device comprises at least one secured portion, wherein the electronic device is configured for performing a key exchange algorithm with the smart card for establishing the trust key for the encrypted data transfer between the electronic device and the smart card and wherein the electronic device is configured for storing the trust key in the secured portion of the electronic device.02-16-2012
20130185567Method or process for securing computers or mobile computer devices with a contact or dual-interface smart card - A method or system providing for the persistence of a computer session upon removal of a contact or dual-interface smart card from a smart card reader and locking, logging off, or disconnecting from the session when the contact or dual-interface smart card is re-presented to the smart card reader.07-18-2013
20120210137SECURE ID CHECKING - A cost-effective system that provides for the efficient protection of transmitted non-public attribute information may be used, for example, to control access to a secure area. Encryption of the attribute information may be performed using symmetric encryption techniques, such as XOR and/or stream cipher encryption. A centralized database that stores and transmits the encrypted attribute information may generate the encryption/decryption key based on selected information bytes, for example, as taken from a card inserted into a handheld device used at the secure area. The selected information to generate the encryption key stream may be varied on a periodic basis by the centralized database. Information as to which selected bytes are to be used for a particular access authorization request may be transmitted to the handheld unit or may be input through action of a user of the handheld unit, for example by entry of a PIN code.08-16-2012
20090013190SECURE MEMORY DEVICE FOR SMART CARDS - A secure memory device which can be used for multi-application smart cards for secure identification in data transfer, or for component verification in a computer system, without the requirement of an internal microprocessor. The secure memory device features a dual authentication protocol in which the memory and host authenticate each other. The secure memory device also includes an encrypted password feature, as well as using stream encryption to encrypt the data.01-08-2009
20080209224METHOD AND SYSTEM FOR TOKEN RECYCLING - Embodiments of the present invention provide for recycling a locked token in an enterprise. A secure connection can be established between a locked token and a server and a security process activated to determine an identity of an authorized user of the locked token. An unlock procedure can be activated to unlock the locked token upon receipt of an out-of-band parameter associated with a requester of the unlock procedure to produce an unlocked token. The out-of-band parameter can be provided by the requester of the unlock procedure in an independent communication to an enterprise agent associated with the security server so as to verify that the requester is the authorized user of the locked token. A password reset process associated with a new password for the unlocked token can be activated to provide an assigned password or a password entered by the requester.08-28-2008
20090132828CRYPTOGRAPHIC BINDING OF AUTHENTICATION SCHEMES - Methods and apparatus cryptographically bind authentication schemes to verify that a secure authentication sequence was executed for access to sensitive applications/resources. Users execute two login sequences with a strong authentication framework. Upon completion of the first, the framework generates an unencrypted token from underlying data, later hashed into an authentication token. With a private key corresponding to the first sequence, the authentication token is encrypted and passed to the second sequence where it is encrypted again with a private key corresponding to the second sequence. Upon access attempts to the sensitive applications/resources, verification of execution of the two login sequences includes recovering the authentication token from its twice encrypted form and comparing it to a comparison token independently generated by the application/resource via the underlying data. An audit log associated with the application/resource stores the data, the recovered authentication token, etc., for purposes of later non-repudiation.05-21-2009
20100205451Method and Computing Device for Interfacing with a Memory Device in Operations - A method for interacting with a memory device is provided. In this method, a cryptographic communication application is registered to be associated with a protocol type in a web browser. A message encapsulated in the protocol type from the web browser is received and thereafter transmitted to the memory device. Here, the message is associated with a cryptographic operation.08-12-2010
20100205448DEVICES, SYSTEMS AND METHODS FOR SECURE VERIFICATION OF USER IDENTITY - In one embodiment, devices, systems, and methods provide authentication of a user using two-factor authentication to enhance security. In such embodiment, a user presents login information and a valid token, wherein the token may be generated by a portable authentication device that comprises a processor, a memory, and/or an activation interface.08-12-2010
20100205450VEHICLE DIAGNOSTIC TOOL WITH COPY PROTECTION AND AUTOMATIC IDENTIFICATION OF VEHICLE ECUS AND FAULT DISPLAY - A diagnostic tool for a vehicle configured to automatically identify different communication protocols used by Electronic Control Units (ECUs) on-board the vehicle. The diagnostic tool includes a connector connectable to a data port of the vehicle; a data processor and a data storage device configured to store a list of different communication protocols. The data processor automatically initiates communications with the ECUs on-board the vehicle using a first communication protocol and if the data processor receives a response comporting to the first communication protocol, the data processor determines that at least one ECU on-board the vehicle is using the first communication protocol. Additionally, the data processor automatically initiates communications with the ECUs on-board the vehicle using a second communication protocol and if the data processor receives a response comporting to the second communication protocol, the data processor determines that at least one ECU on-board the vehicle is using the second communication protocol.08-12-2010
20100017617RADIO FREQUENCY IDENTIFICATION (RFID) SECURITY APPARATUS HAVING SECURITY FUNCTION AND METHOD THEREOF - Disclosed are a radio frequency identification (RFID) security apparatus and a method thereof. According to the RFID security method, a secure tag reader performs determining an AES key using security information received from a secure tag and generating an output key using the determined AES key, decrypting AES data received from the secure tag using the output key, and encrypting data to be transmitted to the secure tag using the output key and transmitting the data, and a secure tag performs generating an output key using an AES key and security information, and transmitting the security information to a secure tag reader, encrypting data to be transmitted to the secure tag reader using the output key, and transmitting the encrypted data to the secure tag reader, and decrypting data received from the secure tag reader using the output key.01-21-2010
20120185697Universal Authentication Token - A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory.07-19-2012
20100005313PORTABLE TELECOMMUNICATIONS APPARATUS - Portable telecommunications apparatus having one or more functionalities including providing user access to a telecommunications network, the portable telecommunications apparatus comprising integrated circuit card (ICC) reader circuitry, storage circuitry and processing circuitry, wherein the ICC reader circuitry is configured to communicate with one or more network-access ICCs; the storage circuitry is arranged to comprise a list of at least one network-access ICC authorised for use with the apparatus; and wherein the processing circuitry is arranged to undertake an authentication process on removable storage circuitry in communication with the apparatus to determine whether or not the security circuitry is authenticated for use with the apparatus; to allow the authorisation of network—access ICCs in the storage circuitry according to whether authenticated security circuitry is in communication with the apparatus; and to permit a user access to the one or more functionalities of the apparatus according to whether an authorised network-access ICC is in communication with the ICC reader circuitry.01-07-2010
20080301463Method for Documenting Property or Possession and Transfer of Property or Possession of a Merchandise - In order to provide a method wherein, by using a storage medium arranged on goods, it is possible to distinctly register a conveyance of ownership or title on this storage medium, and wherein only the current owner or proprietor and possibly also an independent verifying agency has access to the storage medium, the following method is proposed:12-04-2008
20120265997PRIVACY-PRESERVING FLEXIBLE ANONYMOUS-PSEUDONYMOUS ACCESS - Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.10-18-2012
20100199100Secure Access by a User to a Resource - A method for securing interface access via visual array patterns in combination with hidden operations improves the security of computer systems and dedicated terminals. A hint display is generated in at least a quasi-random fashion that may be an array of numerical digit values. A user input token is received that represents selection of a pattern of elements chosen from the hint display and combined in an algorithm using one or more mathematical, relational and/or logical operations. A pre-defined pattern and algorithm are used to generate a token from the hint display that is compared with the user input to verify that the user knows the pattern and algorithm. Further ease of use can be provided by dividing a hint display array into sub-arrays while providing a clue such as color to indicate each sub-array to the user.08-05-2010
20120151219SECURITY USB STORAGE MEDIUM GENERATION AND DECRYPTION METHOD, AND MEDIUM RECORDED WITH PROGRAM FOR GENERATING SECURITY USB STORAGE MEDIUM - The present invention relates to a security USB storage medium generation and decryption method, and a medium having the record of a program for the generation of a security USB storage medium. The generation method of the present invention is for a USB host constituted by a USB connection port, an input interface, an output interface, a storage unit and a host control unit to code a USB storage medium constituted by a USB interface, a storage region and a USB control unit so as to generate a security USB storage medium, the method comprising the steps of: in the host control unit, outputting through the output interface information that requests for the input of a 1st user password to be set, when the connection of the USB interface to the USB connection port is detected; generating a random key and a disk key based on a 1st user password that is input from the input interface in response to the request for the input of the 1st user password; hashing the 1st user password and the random key after the random key and the disk key are generated, so as to generate a 1st encryption and decryption key; and generating a security volume header by dividing the storage region into a header and a body using the 1st encryption and decryption key, encrypting a 1st data and then storing the data in the header, and also generating a security volume body by encrypting a 2nd data using the disk key and then storing the data in the body. In this manner, no one is allowed to read the content stored in the USB storage medium through a disk dump for example without inputting a user password that was input during the generation of security volume, thereby increasing the security of the USB storage medium.06-14-2012
20080235513Three Party Authentication - A trust provider uses established relationships with a client device and a server of an e-commerce merchant or service provider to assure the identity of each to the other. The e-commerce merchant can request an encrypted token from the client. The client may use a trust-provider key to generate the encrypted token. The server then passes the token to the trust provider, who only accepts tokens from known, authenticated entities. The trust provider then verifies the token and returns a response to the server. The response may include a client verification for use by the server and an encrypted server verification that is forwarded by the server to the client. In this fashion, both the server and client may be authenticated without prior knowledge of each other.09-25-2008
20130185568INFORMATION PROCESSING SYSTEM - An information processing system includes an information processing device and a portable terminal. The information processing device includes a card processing section that communicates with an IC chip of an IC card (card IC chip), and when security is satisfied between the information processing device and the card IC chip, performs information processing function of the card IC chip. Authentication processing between an IC chip (terminal IC chip) of the portable terminal and the card IC chip is performed through the card processing section, and secure communication is provided between the terminal IC chip and the card IC chip through the card processing section when the authentication processing is successful. Information input on the portable terminal is transmitted to the card IC chip through the secure communication. In this way, high user convenience can be achieved and increased security can also be achieved for the entire system.07-18-2013
20080222425System and Method for Expressing and Evaluating Signed Reputation Assertions - A method for expressing and evaluating signed reputation assertions is disclosed. In one embodiment, a first entity receives a request to generate a signed assertion relating to a piece of content. The first entity generates a reputation statement about a second entity from reputation-forming information (RFI) about the second entity available to the first entity. The first entity then generates a signed assertion from the reputation statement and the piece of content at least in part by binding the piece of content to the reputation statement and signing a portion encompassing at least one of the bound piece of content and the bound reputation statement. The signed assertion is then transmitted to a receiving entity.09-11-2008
20130097429Method and System for Secure Authentication of a User by a Host System - A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which a user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of an application server by an encryption applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server.04-18-2013
20130103950SYSTEM AND METHOD FOR SECURELY CREATING MOBILE DEVICE APPLICATION WORKGROUPS - Presented are systems and methods for providing moderator control in a heterogeneous conference including activating a secure workgroup sharing system between an organizing mobile device and one or more invitee mobile devices, such that activating the secure workgroup sharing system generates a secure workgroup invitation. The secure workgroup sharing system sends the secure workgroup invitation and a security key to one or more invitees associated with the one or more invitee mobile devices. The secure workgroup sharing system receives a security key, matching the sent security key, and an acceptance of the secure workgroup invitation from at least one of the one or more invitee mobile devices, and establishes a peer-to-peer workgroup allowing direct secure communications between the organizing mobile device and at least one of the one or more invitee mobile devices.04-25-2013
20130145173TOKEN MANAGEMENT - Systems and methods for generating replacement tokens are described herein.06-06-2013
20130179693Providing Integrity Verification And Attestation In A Hidden Execution Environment - In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.07-11-2013
20110314296Host Device and Method for Communicating a Password between First and Second Storage Devices Using a Double-Encryption Scheme - A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device.12-22-2011
20120066506METHODS, APPARATUS AND SYSTEMS FOR ONSITE LINKING TO LOCATION-SPECIFIC ELECTRONIC RECORDS OF LOCATE OPERATIONS - Providing access at a jobsite to an electronic record of a locate operation. Data related to the locate operation is acquired by locate equipment and transmitted to a data repository for storage in the electronic record of the locate operation. A site-specific access mechanism is provided that establishes a link to the electronic record of the locate operation. In one example, the site-specific access mechanism is a physical mechanism, such as a printout of a website address, a barcode, or an RFID tag. In another example the site-specific access mechanism is a virtual mechanism, such as geographic location information provided by a location tracking system (e.g., GPS apparatus) and/or derived from information available to a wireless communications system or WiFi network. In one aspect, the access mechanism may be configured for use at the jobsite only by a person particularly authorized to access the electronic record of the locate operation.03-15-2012
20130212402TECHNIQUES FOR CALIBRATING MEASURING DEVICES - Techniques for calibrating measuring devices are provided. A universal serial bus (USB) drive is inserted into a USB port on a device of a checkout system. A key in the USB drive initiates a calibration sequence on one or more weighing devices (measuring devices) of the checkout system. Audit information is captured during the calibration and usage of the weighing devices. When a command is recognized to communicate the audit information, the audit information is audibly communicated from speakers associated with the checkout system.08-15-2013

Patent applications in class Using record or token

Patent applications in all subclasses Using record or token