Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


ACCESS CONTROL OR AUTHENTICATION

Subclass of:

726 - Information security

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
726003000 Network 5188
726016000 Stand-alone 796
726021000 Authorization 181
Entries
DocumentTitleDate
20130031603SECURITY METHOD FOR ENGINEERING TOOLS AND INDUSTRIAL PRODUCTS, AND SECURITY SYSTEM - The invention includes a read-restriction setting step of setting read restriction on a program stored in hardware of an industrial product in response to a read restriction request, and a read requesting step of transmitting a read request for the program to the industrial product from an engineering tool that is a read request source. In the read-restriction setting step unique individual information retained in the hardware of the industrial product or unique individual information retained in hardware for executing an engineering tool that is a read-restriction request source is registered as registration individual information, and in the read requesting step, unique individual information retained in hardware for executing the engineering tool that is the read request source or unique individual information retained in the hardware of the industrial product is compared with the registration individual information.01-31-2013
20080276298SECURE TIME/DATE VIRTUALIZATION - A system is provided that includes a processor and a system memory coupled to the processor, the system memory stores at least one application for execution by the processor. The system also includes logic coupled to the processor, the logic providing a secure time reference. The processor selectively accesses the secure time reference to generate a virtual time reference for the at least one application.11-06-2008
20090037979Method and System for Recovering Authentication in a Network - Described is a system and method for recovering authentication of a mobile unit in a network. The method includes performing an attempt to authenticate a mobile unit based on a first profile; determining, if the attempt is unsuccessful, a number of attempts to authenticate based on the first profile including the attempt; performing, if the number of attempts is less than or equal to a predefined number, a further attempt to authenticate the mobile device based on the first profile; performing, if the number of attempts is greater than the predefined number, a profile roam to a second profile; and performing an additional attempt to authenticate the mobile unit based on the second profile.02-05-2009
20130212643TRANSMISSION APPARATUS, ELECTRONIC APPLIANCE, RECEPTION APPARATUS, AND AUTHENTICATION SYSTEM - There is provided a transmission apparatus including a terminal electrically connected to a terminal of another apparatus, a body information acquiring unit acquiring body information of a user holding the transmission apparatus, and a transmission unit operable, by carrying out load modulation in accordance with the terminal contacting or being positioned close to the terminal of the other apparatus, to transmit, via the terminal, information on which the body information acquired by the body information acquiring unit is superimposed.08-15-2013
20090193500NEAR FIELD COMMUNICATION ACTIVATION AND AUTHORIZATION - A method of activation and authorization of a near field communication (NFC) enabled device comprising: receiving login information from an NFC enabled device; sending packet data via a network in response to receiving the login information from the NFC enabled device; and receiving corresponding data from the NFC enabled device in response to the sending of the packet data, the sending of the packet data and the receiving of the corresponding code facilitates the activation and authorization of the NFC enabled device, and the subsequent activation of the NFC device via a NFC link without further authorization of the NFC enabled device, is described herein.07-30-2009
20090193499METHOD FOR APPLICATION-TO-APPLICATION AUTHENTICATION VIA DELEGATION - Apparatus, methods, and computer program products are disclosed that present a delegated-right to a delegation system by a service-application provisioned with the delegation system. The delegated-right enables the service-application to perform an operation/access on behalf of a delegator-user. The method then attempts to perform the operation/access.07-30-2009
20080256600Device, System and Method for Determining Authenticity of an Item - This invention relates to physical uncloneable function (PUF) devices for determining authenticity of an item, systems for determining authenticity of a physical item, and methods for determining authenticity of an item. A PUF pattern of the PUF device is damaged when using the item for the first time.10-16-2008
20080256598SYSTEM AND METHOD FOR AUTHENTICATING A POWERED DEVICE ATTACHED TO A POWER SOURCING EQUIPMENT FOR POWER PROVISIONING - A system and method for authenticating a powered device attached to a power sourcing equipment for power provisioning such as power over Ethernet (PoE) enabled device communicating with a PoE enabled switch. Powered devices such as computing devices, security cameras, VoIP phones, wireless access points, or the like, can be detected by a PoE switch upon connection. Power applied to the powered device is restricted until information received from the powered device is authenticated.10-16-2008
20080256596SYSTEM AND METHOD FOR MARKETING IN A DEVICE DEPENDENT RIGHTS PROTECTION FRAMEWORK - A system and method for marketing in a device dependent rights protection framework where digital property is protected through the binding of at least one unique client device identifier with the digital property in the creation of a protected content file. Decryption at a client device would be based on a comparison of the unique client device identifier that is extracted from the protected content file with a unique client device identifier of the device that is seeking to access the digital property. If such a comparison indicates that access is unauthorized, marketing information is provided based on information extracted from the protected content file.10-16-2008
20100077446CENTER APPARATUS, TERMINAL APPARATUS, AND AUTHENTICATION SYSTEM - The present invention provides a system and a method, in which after authenticating a device, the user authentication methods are switched and used. Specifically, in performing user authentication via a terminal apparatus, the terminal apparatus is authenticated first and then based on this authentication result, a practical use of the terminal apparatus is determined, and the user authentication methods are switched so as to suit this practical use and the resultant method is implemented.03-25-2010
20130086633METHOD AND SYSTEM FOR PROVIDING SECURE, MODULAR MULTIMEDIA INTERACTION - An approach is provided for the secure exchange of multimedia content through a mobile telephony device. A docking station receives a control signal from a media headset, and in response thereto determines to establish a communication link. The docking station selects one of a plurality of communication options corresponding to different networks based on the type of the communication link. The docking station initiates an authentication procedure for the communication link according to the selected communication option. Subsequent to successful authorization, the docking station receives multimedia content over the authenticated communication link, and transmits the received media signal to the media headset.04-04-2013
20130081106BUS MONITORING SECURITY DEVICE AND BUS MONITORING SECURITY SYSTEM - A bus monitoring security device is connected to a bus, which includes a tool side bus having a tool connection terminal and an ECU side bus. The ECU side bus is coupled with an ECU, and the tool side bus is coupled with a tool capable of communicating with the ECU via the tool connection terminal. The tool side bus and the ECU side bus are separately coupled with the bus monitoring security device. The bus monitoring security device includes: a controller for determining whether the tool being to access the ECU is connected to the ECU side bus, and for restricting transmission and reception of data between the tool and the ECU when the controller determines that the tool is connected to the ECU side bus.03-28-2013
20100043055METHODS AND SYSTEMS FOR ONLINE FRAUD PROTECTION - This disclosure describes, generally, methods and systems for certifying user identities (IDs). The method includes receiving, from a customer, a certification request for a user ID. The method then identifies the user ID's owner and collects information about the owner. The information may include financial information, personal information, biographical information, etc. The method then analyzes the collected information to generate a risk score associated with the user ID, and based on the risk score exceeding a threshold, the method certifies the user ID.02-18-2010
20100043057METHOD FOR DYNAMIC SECURE MANAGEMENT OF AN AUTHENTICATED RELATIONAL TABLE IN A DATABASE - Method for the dynamic secure management of an authenticated relational table forming part of a database; the method comprises the following steps: store the authenticated relational table in a secondary memory’ with a high storage capacity and a slow data access time; maintain an authenticated skip list within the authenticated relational table in order to create an authentication superstructure; determine a signed hash or basis value which characterises the entire authenticated relational table; authenticate the presence or otherwise of a set of elements belonging to the skip list via a root path suitable for calculating a check hash value comparable to the signed hash value which characterises the entire authenticated relational table; and validate the result of the authentication step by checking that the check hash value calculated by means of the root path is equal to the signed hash value that characterises the entire authenticated relational table.02-18-2010
20100043056PORTABLE DEVICE ASSOCIATION - A technique that enables a portable device to be automatically associated with a plurality of computers. Information that a computer can use to authenticate a portable device and establish a trusted relationship prior to creating an association with the portable device is created and stored in a data store that is accessible by a plurality of computers and is associated with a user of the portable device. When a computer discovers such a portable device with which it is not yet associated, the computer can identify a user logged into the computer and use information identifying the user to retrieve authentication information that is device independent and is expected to be presented by the portable device to authenticate it and allow automatic association.02-18-2010
20100043054AUTHENTICATION OF USER DATABASE ACCESS - A database system and method combines the ability to concurrently utilize LDAP based authentication and operating system-based authentication. The database authentication tries both methods of authentication, both at the database layer and at the application layer. Security authentication of the user then occurs by whichever mechanism is first to return a successful result. Database administrators can, if desired, configure the system to prefer one mechanism (LDAP or operating system) over the other. With the present invention, a large end user population can be managed using standard LDAP tools, in an automated, administered, or “self-service” manner, as preferred. Thus, system accounts, such as the database owner, can remain within the operating system, easing installation and maintenance of the database product itself.02-18-2010
20090158391Method and Apparatus for Handling Files Containing Confidential or Sensitive Information - A method, apparatus, and computer instructions for managing files in a data processing system. An attribute for a file is specified as having a special designation. The file with the attribute having the special designation is processed, by the operating system, in a different manner from other files when performing operations, such as, for example, copying the file to a removable media, printing the file, or sending the file over a network.06-18-2009
20090158389COMPUTER METHOD AND APPARATUS FOR AUTHENTICATING UNATTENDED MACHINES - An unattended computer-based machine is authenticated by the present invention method, system or apparatus. The subject machine may be an auto-restarted machine or similar machine configured to be unattended. Upon receipt of initializing input from a user at a subject computer-based machine, a working process authenticates the user and generates resulting credentials. The working process stores the generated credentials in a memory area of the subject machine. Separate from and independent of the working process is a security monitor of the present invention. A monitoring module of the present invention monitors user activity on the subject machine and upon detecting suspect activity destroys the stored credentials of the working process. Suspect activity includes any activity raising a suspicion of compromise.06-18-2009
20090158388Ethernet Connectivity Fault Management With User Verification Option - An access node (e.g., DSLAM, OLT/ONT) is described herein that implements a trust verification method comprising the steps of: (a) filtering an up-stream message initiated by a non-trusted device (e.g., CPE); (b) intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message (e.g., LB message, LBR message, CC message); (c) inserting a trusted identification into the intercepted up-stream message; and (d) outputting the intercepted up-stream message with the inserted trusted identification. Thereafter, a trusted device (e.g., BRAS) receives and analyzes the outputted up-stream message with the inserted trusted identification message to ascertain a trustworthiness of the non-trusted device (e.g., CPE). Several different ways that an access network (e.g., IPTV network) can implement the trust verification method are also described herein.06-18-2009
20100107219AUTHENTICATION - CIRCLES OF TRUST - Within a surface computing environment users are provided a seamless and intuitive manner of modifying security levels associated with information. If a modification is to be made the user can perceive the modifications and the result of such modifications, such as on a display. When information is rendered within the surface computing environment and a condition changes, the user can quickly have that information concealed in order to mitigate unauthorized access to the information.04-29-2010
20100107218SECURED COMPARTMENT FOR TRANSACTIONS - Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment.04-29-2010
20090119748System management mode isolation in firmware - A system, method, and computer-readable medium with instructions for capturing a system management interrupt instruction by trusted system management mode code running in a system. The system management interrupt instruction is dispatched to other system management mode code, which may be untrusted. In response to an attempt to access a protected resource of the system by the other system management mode code, a determination is made whether the second system management mode code is authorized to access the protected resource. If the second system management mode code is not authorized to access the protected resource, access to the protected resource by the other system management mode code is prevented. Other embodiments are described and claimed.05-07-2009
20100024002Authentication system - An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one.01-28-2010
20130047209AUTHENTICATION PROCESSING METHOD AND APPARATUS - A physical unclonable function (PUF) device, and a PUF reader which extracts PUF parameters required to calculate a response output from a challenge input by analyzing an operation of the PUF device. Operation parameters characterizing an operation state are obtained by observing a power waveform, an electromagnetic waveform, or a processing time of the PUF device at that time. Authentication of the PUF device is based on the extracted parameters. The PUF reader executes authenticity determination as to whether or not the PUF device is a valid PUF device by monitoring an operation of the PUF device during response generation based on the operation parameters.02-21-2013
20120167170METHOD AND APPARATUS FOR PROVIDING PASSIVE USER IDENTIFICATION - A method for providing passive user identification may include causing selective processing of data indicative of characteristics of a user of a device by aggregating one or more modality specific biometric classification processes conducted in background operation of the device, comparing the selectively processed data to a profile of a currently logged in or default user to determine a likelihood that the user corresponds to the currently logged in or default user, and selectively implementing an active authentication process based on a result of the determining. A corresponding apparatus and computer program product are also provided.06-28-2012
20120167172INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING MEDIUM AND PROGRAM - The present invention relates to an information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner.06-28-2012
20090328139NETWORK COMMUNICATION DEVICE - A disclosed network communication device having plural addresses includes an address obtaining unit configured to obtain plural addresses corresponding to a name or an identifier of another network communication device by address resolution, and an address specifying unit configured to specify one or more of the obtained addresses as security communication addresses with which security communications can be performed by comparing the obtained addresses to a setting of the security communications.12-31-2009
20090328142Systems and Methods for Webpage Verification Using Data-Hiding Technology - A system for webpage verification comprises an authentication module configured to authenticate a user identifier if the user identifier is unique in the system, the user identifier being related to the identity of a user, a data-hiding module configured to generate a first data-hidden object based on a unique user identifier, at least one webpage identifier and a base object in accordance with a data-hiding algorithm, each of the at least one webpage identifiers being related to the identity of one of at least one webpage of the user, a memory module to store at least one of the said user identifier, the at least one webpage identifier, the base object, and the required parameters of data-hiding algorithm, and a verification module configured to retrieve the first data-hidden object from one of the at least one webpage based on one of the at least one webpage identifier, retrieve a user identifier and all of the webpage identifiers from the memory module based on the one webpage identifier, generate a second data-hidden object based on the retrieved webpage identifiers, the retrieved user identifier and the base object, and compare the first data-hidden object with the second data-hidden object.12-31-2009
20090307748METHOD AND ARRANGEMENT FOR USER FRIENDLY DEVICE AUTHENTICATION - The present invention relates to fraud prevention and authentication of a device to a user. The method of authenticating a personal device according to the invention comprises a set up sequence, wherein at least a first preferred output format is selected by the user, and a device configuration verification sequence. In the device configuration verification sequence a checksum is calculated and converted to a user friendly output format based on the user selected preferred output format. In addition the checksum may be calculated based on variable, and user selectable, keying material. The personal device, after being authenticated according to the above, may be used to authenticate a second device.12-10-2009
20120192250Device, System, And Method For Registering And Authenticating Handwritten Signatures And Archiving Handwritten Information - There is provided an electronic pen device configured to be used with a remote secure server for registering handwritten signatures, the secure server comprising an authentication database storing authentication information in connection with pre-registered users and a signature registration database for registering handwritten signatures, the electronic pen device comprising: an input/output (I/O) interface; a memory; a tip and capturing means connected thereto for capturing handwritten signatures; a network interface adapted to be connected to a data network, and a processing unit connected to the I/O interface, to the capturing means, to the memory and to the network interface. As another aspect of the invention, there is further provided a system for registering handwritten signatures. As another another aspect of the invention, there is further provided a method of authenticating handwritten signatures. As a further aspect of the invention, there is provided a method of signing a document by a plurality of contracting user. As a further further aspect of the invention, there is provided an electronic pen device configured to be used with a remote server for archiving handwritten information.07-26-2012
20120192249VERIFIABLE SERVICE POLICY IMPLEMENTATION FOR INTERMEDIATE NETWORKING DEVICES - Various embodiments are disclosed for a services policy communication system and method. In some embodiments, an intermediate networking device acts as a service intermediary or intermediate connection between a network and one or more communications devices; implements a service policy set for assisting control of the intermediate networking device use of a service set on the network, the service policy set including one or more service policies associated with the intermediate networking device or one or more communications devices connected to the intermediate networking device, the service set being one or more network services used by the intermediate networking device or one or more communications devices; and monitors use of the service set based on the first service policy set, in which the implementation of the service policy set is verified.07-26-2012
20090094676METHOD FOR REDUCING THE TIME TO DIAGNOSE THE CAUSE OF UNEXPECTED CHANGES TO SYSTEM FILES - A method for monitoring access to a file within a file system includes steps or acts of: monitoring a plurality of requests for access to files; intercepting the requests; and analyzing metadata located in the file. If the metadata includes a directive entry, the method includes these additional steps: identifying information about any application requesting access to the file, including a sequence of function calls that preceded the file access request; and logging the information to generate an action trail of the application. A mechanism for monitoring file access includes the following: a file system configured for monitoring accesses to any file residing within it; an access control mechanism which can execute pre-defined actions when an unauthorized file access occurs; and a tool to specify the list of files to be monitored.04-09-2009
20130074148METHOD AND SYSTEM FOR COMPILING A UNIQUE SAMPLE CODE FOR SPECIFIC WEB CONTENT - Methods for compiling a unique sample code for specific web content. Methods for providing specific web content with such a unique sample code. Methods for gaining access to specific web content provided with such a unique sample code. Methods for indexing web content in a search engine. Methods of processing an Internet search query using a search engine having indexed web content, Related index repositories. Methods for gaining access to specific web content provided with a unique sample code by using a searching engine having indexed web content.03-21-2013
20110067086Using Metadata In Security Tokens to Prevent Coordinated Gaming In A Reputation System - To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client.03-17-2011
20090271844SAFE AND EFFICIENT ACCESS CONTROL MECHANISMS FOR COMPUTING ENVIRONMENTS - Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g., a trusted) access controlling (or monitoring) system (or component) can control access to resources of a computing environment. For example, a trusted access monitoring system can be provided in a secure and trusted operating environment utilizing Mandatory Access Control (MAC) capabilities of a secure operating system (e.g., SELinux Operating System).10-29-2009
20090064276Analytical Instrument with Automatic Lockout against Unauthorized Use - An analytical instrument includes a contactless memory reader, such as an RF-ID reader. Each person authorized to use the instrument carries a contactless memory, such as an RF-ID tag in an identification (ID) badge. The instrument scans for a contactless memory containing information identifying an authorized user prior to performing an analysis or prior to operating in a predetermined mode, thus preventing unauthorized persons from operating the instrument or from operating the instrument in an unauthorized mode.03-05-2009
20090055895Method and Apparatus for a Non-Revealing Do-Not-Contact List System - A method and apparatus for a non-revealing do-not-contact list system in which a do-not-contact list of one-way hashed consumer contact information is provided to a set of one or more entities. The set of entities determine whether certain consumers wish to be contacted with the do-not-contact list without discovering actual consumer contact information.02-26-2009
20090055894METHOD AND SYSTEM FOR PROVIDING ONLINE RECORDS - A method for providing a user with the ability to access and collect legal records associated with the user includes assigning a phone number to the user for fax and voice communications from a legal services provider, associating access information with the user for the user to use to access a secure web site, providing the user with a document to provide to the legal services provider exercising rights of the user for access to the legal records, the document requesting the legal services provider to send the legal records to the phone number, receiving a private fax communication comprising a legal record associated with the consumer for which the consumer has requested and given permission to the legal services provider to send, converting the private fax communications into an image file format, storing the legal services record encoded in the image file format, and providing the user with secure access to the web site using the access information and providing on the web site an interface to the legal records of the user for the user to access the legal record.02-26-2009
20090055892AUTHENTICATION METHOD AND KEY DEVICE - The present invention discloses an authentication method and a key device and relates to the information security field. The authentication method comprises initiating user authentication, generating a dynamic code and then a first verification code on the basis of the dynamic code, and outputting the dynamic code, by a key device; and receiving a second verification code entered by a user via a host, and collating the second verification code with the first verification code, by the key device, and if a match is found, the user access is authorized to the key device; otherwise, the user access is prohibited. The key device comprises a trigger module, a generator module, an output module, a communication module, a collator module, a controller module and a security module. According to the present invention, better security is achieved by reducing the possibility of sensitive information disclosure and misuse in case of password theft for the key device.02-26-2009
20120227084Handling of Public Identities - The invention relates to a subscriber data entity, method and a computer program product for defining a first record including a wildcarded public user identity covering plurality of public user identities of users, defining a second record including a public user identity of a user, wherein the public user identity belongs to the plurality of public user identities which the wildcarded public user identity covers and assigning the first record and the second record to the same registration set, wherein the registration set includes public user identities to be registered together.09-06-2012
20120117619SECURE NETWORK CONNECTION ALLOWING CHOICE OF A SUITABLE SECURITY ALGORITHM - The invention provides for a method for use in a mobile radio communications device network connection procedure and including the step of, at a network, sending to a mobile radio communications device a list of a plurality of security algorithms supported in the network and so as to allow choice of a suitable algorithm irrespective of the degree of update that the device may have experienced.05-10-2012
20120117618METHOD FOR CALIBRATING A TEMPERATURE FLOAT OF A ONE TIME PASSWORD TOKEN AND A ONE TIME PASSWORD TOKEN THEREOF - A method for calibrating a temperature float of a one time password token and a device thereof are provided in the invention relating to the information security field. The method includes steps: the one time password token measures a current ambient temperature at intervals of a first predetermined time, retrieves a data table for a characteristic value relating to the measured temperature, and calibrates a current time value inside the token according to the characteristic value at intervals of a second predetermined time. The one time password token includes a timer module, a measuring module, a retrieving module, a table storing module, a calibrating module, a triggering module, a generating module and a displaying module. The invention calibrates time differentiation of the one time password token caused by the temperature float.05-10-2012
20130067534COMPUTER MOTHERBOARD HAVING PERIPHERAL SECURITY FUNCTIONS - A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.03-14-2013
20130067533GENERATING A TEST LICENSE FOR A DEVELOPER APPLICATION - One or more techniques and/or systems are disclosed for generating a test application license for a developer application, such as to test a licensing portion of the developer application on a developer machine. An application identifier (appID) can be created that is particular to the developer application. Developer binding data associated with an authenticated developer of the developer application can be created that is particular to the developer. The appID and developer binding data are combined to create bound application developer data. The test application license is generated for the developer application based at least upon an authenticated developer certificate and the bound application developer data. The generated test application license provides for the licensing portion of the developer application to be tested on the developer machine.03-14-2013
20090235327SELECTABLE CAPTCHAS - A system for displaying a set of selectable CAPTCHAs produces a first set of CAPTCHAs whose images are based at least partially on an alphanumeric sequence, where a respective CAPTCHA in the first set is associated with a CAPTCHA property. The system also produces a second set of CAPTCHAs whose images are based at least partially on an alphanumeric sequence, where a respective CAPTCHA in the second set is not associated with a CAPTCHA property. Next, the system displays the first and second sets of CAPTCHAs. Finally, the system makes respective CAPTCHAs in the first and second sets of CAPTCHAs selectable, thereby allowing a user to pass a CAPTCHA challenge by distinguishing the first set of CAPTCHAs from the second set of CAPTCHAs without typing the words associated with the images.09-17-2009
20090235326SYSTEM AND METHOD FOR UPDATING USER IDENTIFIERS (IDs) - Provided are a system and method for updating a user identifier (ID). The user ID updating method includes: (a) collecting unauthorized access attempt information for a user ID; (b) creating a user ID update policy for an encoded user ID obtained by encoding the user ID, according to the unauthorized access attempt information collected in operation (a); (c) storing the user ID update policy created in operation (b); (d) loading the user ID update policy stored in operation (c) and determining whether or not to update the user ID; and (e) creating a new user ID if it is determined in operation (d) that the user ID should be updated, and changing the user ID to the new user ID. Therefore, it is possible to ensure security for user IDs, by dynamically creating and updating user IDs according to security environments.09-17-2009
20090013379METHODS AND APPARATUS FOR VERIFYING ELECTRONIC MAIL - A computer extracts the header information from an electronic mail, including an originality guarantee. The computer generates a header characterization for the header information subject to originality guarantee, and extracts message body information from the electronic mail and generates a body characterization for the message body information as well. The generated characterization set applies the header characterization and the body characterization, combined. The verification information is added to the generated characterization set for applying a signature, and characterization set is linked to electronic mail.01-08-2009
20080295152Safety management system11-27-2008
20080295150METHOD FOR IMPROVING APPLICATION PERFORMANCE AND USER DIRECTORY INTEGRITY11-27-2008
20110016511METHOD AND SYSTEM FOR MONITORING USER INTERACTION WITH A COMPUTER - A system is provided to monitor a user's interaction with a computer. The system may comprise a random reference data generator to generate a random reference string, an image generator to create an image including the random reference string, a modification module to iteratively modify the image until a distortion criterion is satisfied, and a communications module to communicate the image to a client computer for display to a user. The random reference string comprises a plurality of alphanumeric characters.01-20-2011
20080263631USER PROFILE, POLICY, AND PMIP KEY DISTRIBUTION IN A WIRELESS COMMUNICATION NETWORK - An authentication server may be adapted to (a) authenticate an authentication peer seeking to establish communications via a first network access node; (b) retrieve user profile information associated with the authentication peer; and/or (c) send the user profile information to a network gateway node that facilitates communication services for the authentication peer. A PMIP network node may be adapted to (a) provide wireless network connectivity to an authentication peer via a first network access node; (b) provide a PMIP key to both ends of a PMIP tunnel between the first network access node and a PMIP network node used to provide communications to the authentication peer; (c) provide the PMIP key to a first authenticator associated the first network access node; (d) receive a request at the PMIP network node from a requesting entity to reroute communications for the authentication peer; and/or (e) verify whether the requesting entity knows the PMIP key.10-23-2008
20100088745METHOD FOR CHECKING THE INTEGRITY OF LARGE DATA ITEMS RAPIDLY - The embodiments read, by a computer, target data and divide the target data into chunks. Initial digest values for each chunk of the target data are maintained. Digest values for a subset of the chunks, based upon the target data, is obtained. And a computer compares the obtained subset of digest values of the target data with corresponding subset of maintained initial digest values and verifies integrity of the target data according to the comparison.04-08-2010
20110302627USER AUTHENTICATON - A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database. This improves security, since a password database would be vulnerable to malicious code.12-08-2011
20120090016Method and apparatus for registering agents onto a virtual machine monitor - A method for managing an agent includes verifying an integrity of the agent in response to a registration request. Memory protection is provided for the agent dining integrity verification. An indication is generated when registration of the agent has been completed. According to one aspect of the present invention, providing memory protection includes having a virtual machine monitor limit access to the agent. Other embodiments are described and claimed.04-12-2012
20090282461METHOD OF AND SYSTEM FOR CONTROLLING ACCESS TO AN AUTOMATED MEDIA LIBRARY - A method of controlling access to an automated media library receives a request for access to the library from an individual having an identity. Access may include importing media to the library, exporting media from the library, and opening a locked door to a cabinet containing the library. If the access includes the importing media, the method moves a robotic media handler to a locked import/export station. If the access includes exporting media, the method moves the requested media to the locked import/export station. If the access includes the opening the door, the method takes a first inventory of the media in the library. The method authenticates the identity of the individual and determines an access level associated with the individual. If the access level is insufficient for the requested access, the method denies the requested access and issues an alert. If the access level is sufficient for the requested access, the method determines if the requested access requires a second authentication. If a second authentication is required, the method prompts the individual to perform the second authentication. If the second authentication is verified, the method logs the access by the individual and grants the access. If the access is granted and the access is importing or exporting media, the method unlocks the import/export station. If the access is granted and the access is opening the door, the method unlocks the door. The method closes and locks the import/export station a predetermined length of time after unlocking the import/export station. The method locks the door a predetermined length of time after unlocking the door and takes a second inventory of the media. The method issues an alert if the second inventory differs from the first inventory.11-12-2009
20100005508USER AUTHENTICATION APPARATUS AND METHOD THEREOF - A user authentication apparatus includes an information collection unit which collects user information from a plurality of personal portable devices of a user within a predetermined distance, and a control unit which identifies the user as a user corresponding to the collected information based on the amount of user information collected. Accordingly, user authentication can be easily performed using portable devices of a user, resulting in increased user convenience.01-07-2010
20090183231USER TERMINAL WITH SECURITY FUNCTION AND SECURITY-CONTROL METHOD - A user terminal apparatus with a security function and a security-control method are provided, which may prevent unauthorized use of the user terminal apparatus without requiring a user to lock up the user terminal apparatus. The user terminal apparatus includes an input sensing unit which senses a user's input to the user terminal apparatus, an information collecting unit which collects information regarding an input state, which is determined based on the user's input, and a transition of the determined state, and a security-control unit which determines whether the user is valid based on the collected information and controls a security function.07-16-2009
20120090015DEVICE AND METHOD FOR AUTHENTICATING BIOLOGICAL INFORMATION - An biological-information authentication device includes, a biological-information reading section configured to read biological information; a comparing section configured to compare biological information read by the biological-information reading section with registered biological information to determine whether they match; a registration section configured to register biological information; a biological-information-input-operation extraction section configured to extract input operation data indicating an input operation of biological information read by the biological-information reading section. The device further includes an approval-input-operation determination section configured to determine whether the input operation data of the biological information extracted by the input-operation extraction section matches approval input operation data indicating an input operation for approval that is stored in advance when the comparing section determines that the biological information is unregistered biological information and that biological information input next to the unregistered biological information matches the registered biological information of an administrator having approval authority.04-12-2012
20100269150USAGE METERING BASED UPON HARDWARE AGING - Techniques are generally disclosed for using an operating entity, including a method, apparatus, and/or system to control usage of the operating entity. In various embodiments, an in-use signal generator may be configured to generate at least one in-use signal, with the at least one in-use signal having a signal duration representative of at least one usage episode of the operating entity. An aging circuit may be coupled to the in-use signal generator and configured to output at least one age-affected signal in response to the at least one in-use signal. A metering module may be coupled to the aging circuit and, in response to the at least one age-affected signal, and configured to measure a signal characteristic of the at least one age-affected signal and translate the signal characteristic into a generated quantity of accumulative usage of the aging circuit.10-21-2010
20100031313RELAY DEVICE, AUTHENTICATION SERVER, AND AUTHENTICATION METHOD - A relay device includes a security information reception unit, a security information processing unit, and a security information transmission unit. The security information reception unit receives, from a terminal device, first security information containing a user ID and user authentication information of a user of the terminal device. The security information processing unit adds a relay device ID and relay device authentication information to the first security information to generate second security information. The security information transmission unit transmits the second security information to an authentication server.02-04-2010
20080216152PASSWORD GENERATOR, SYSTEM AND USE THEREOF - A password generator for use with a detector and a verifier in an encapsulated system is provided, as is a system for generating and verifying passwords. The password generator comprises a support, a sensor for detecting a signal from the detector, a data transmitter for transmitting binary data as pulses, a processor that is initialized by the verifier and that controls the data to be sent, a controller for activating the processor and a connector to releasably connect the password generator with the verifier. The system employs a mouse as the detector.09-04-2008
20100269151MIGRATION ACROSS AUTHENTICATION SYSTEMS - A system, method, program product and a method for deploying a system for providing migration across authentication systems are disclosed. A system is provided that includes a login system that collects information from a user during a login process, a migration list check system that compares the information to a migration list to determine if the user is selected for migration, and a migration logic system that migrates the user from the existing authentication system to the new authentication system during the login process if the user is selected.10-21-2010
20120110639STORAGE DEVICE, AND AUTHENTICATION METHOD AND AUTHENTICATION DEVICE OF STORAGE DEVICE - An authentication method of a storage device includes requesting an EID (Encoded IDentifer) to the storage device by an authentication device for authenticating the storage device, receiving the EID by the authentication device, restoring original ID information by decoding the received EID, and verifying individual ID information corresponding to use of the storage device included in ID information by using ID authentication information received from the storage device, wherein the ID information includes multiple pieces of individual ID information corresponding to the use of the storage device.05-03-2012
20090150974DIGITAL CABLE SYSTEM AND METHOD FOR PROTECTION OF SECURE MICRO PROGRAM - Provided is a digital cable system and method for protecting a secure micro (SM) client, and more particularly, a digital cable system and method for protecting an SM program that can improve the security of an SM program through authentication of a host and integrity verification of the SM program. A method of protecting an SM program includes: receiving host authentication information associated with a host from a trusted authority; verifying validity of the secure micro program based on the host authentication information; and sending, to an authentication proxy, a HostStateInformation message that includes host state information associated with validity verification information of the SM program.06-11-2009
20100125892SWITCHING APPARATUS, AUTHENTICATION SERVER, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND COMPUTER PROGRAM PRODUCT - A switching apparatus includes an authentication client unit that requests user authentication to a user authentication server that performs user authentication of the switching apparatus, and, when the requested user authentication is successfully performed, receives from the user authentication server, information of success of the user authentication and setting information used when terminal authentication of a terminal to be connected to the switching apparatus is relayed to a terminal authentication server that performs terminal authentication; an authentication setting unit that sets the setting information to an authentication relay unit that relays terminal authentication; and a control unit that allows the authentication relay unit to relay the terminal authentication when the setting information is set to the authentication relay unit.05-20-2010
20110107395METHOD AND APPARATUS FOR PROVIDING A FAST AND SECURE BOOT PROCESS - An apparatus for providing a fast and secure boot process may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus to perform at least performing a first security check on critical security software during a boot sequence of a device, powering down or resetting the device in response to failure of the first security check, performing a second security check on at least a first portion of general critical software in response to the first security check passing, enabling operation of the device with respect to general critical software that passes the second security check, and disabling functionality associated with general critical software that fails the second security check.05-05-2011
20120036555INFORMATION SHARING DEVICE, INFORMATION SHARING METHOD AND INFORMATION SHARING SYSTEM - The load of setting and managing the access rule for access control is large. Provided is an information sharing system comprising an information gathering means, a transportable storage device for storing at least first information and second information, a certified acquisition request generation means, and a certified acquisition request processing means, sheering the information gathering means gathers the first information and the second information from the transportable storage device, the certified acquisition request generation means transmits a certified acquisition request including certification information comprising at least part of the second information, and the certified acquisition request processing means determines, on the basis of the result of checking whether or not the certification information included in the received certified acquisition request matches any part of the first information, whether or not to transmit the first information to a device equipped with the certified acquisition request generation means that is a transmission source of the certified acquisition request.02-09-2012
20090094677METHOD FOR EVALUATING AND ACCESSING A NETWORK ADDRESS - The invention relates to a method for evaluating or accessing a network address, comprising the steps of: receiving a network address (04-09-2009
20110197259METHOD AND SYSTEM FOR PROCESSOR OR WEB LOGON - A system is for a proof of knowledge enrollment or authentication. The system includes a processor having an input, an output and a routine; and a display having an image from the output of the processor. The routine is structured to input from the input of the processor a plurality of different position selections and/or a plurality of different path selections on the image. The routine is further structured to authenticate the proof of knowledge as a function of the plurality of different position selections and/or the plurality of different path selections on the image.08-11-2011
20090260058Validity checking system, validity checking method, information processing card, checking device, and authentication apparatus - OBJECTIVE A user is prevented from inadvertently inputting authentication information to an unauthorized authentication system. In this manner, authentication information leakage is certainly avoided.10-15-2009
20090288137Distributed Digital Rights Management System and Method - A digital rights management system includes an authentication module and a decryption module. If desired, the modules can be implemented in separate integrated circuits. The authentication module retrieves authentication information for protected content and powers down after the authentication information is retrieved. The decryption module decrypts the protected content based on the authentication information while the authentication module is powered down.11-19-2009
20090254973SYSTEM AND METHOD FOR SOURCE IP ANTI-SPOOFING SECURITY - A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets.10-08-2009
20090178113APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING PORTABLE COMMUNICATION IDENTITY SERVICES - Apparatus, methods, and computer program products for providing portable communication identity services are provided. A request is received to access a portable communication identity from a communications device. User information is received that is input by a user of the communications device, and the user information is authenticated. Capabilities of the communications device are accessed, and the portable communication identity is transmitted in accordance with the capabilities of the communications device.07-09-2009
20090144804METHOD AND APPARATUS TO SUPPORT PRIVILEGES AT MULTIPLE LEVELS OF AUTHENTICATION USING A CONSTRAINING ACL - Embodiments of the present invention provide systems and techniques for creating, updating, and using an ACL (access control list). A database system may include a constraining ACL which represents a global security policy that is to be applied to all applications that interact with the database. By ensuring that all ACLs inherit from the constraining ACL, the database system can ensure that the global security policy is applied to all applications that interact with the database. During operation, the system may receive a request to create or update an ACL. Before creating or updating the ACL, the system may modify the ACL to ensure that it inherits from the constraining ACL. In an embodiment, the system grants a privilege to a user only if both the ACL and the constraining ACL grant the privilege.06-04-2009
20100088744System For Online Compromise Tool - An Activity Access Control (AAC) utility controls access to applications and devices by allowing an administrator to set terms of use/access regarding a applications and/or devices for a group of users, whose activity are monitored. The AAC utility also enables administrator and user access to a compromise facility via a centralized access point to establish or request changes to the terms of use/access. The AAC utility allows the administrator to dynamically update information and set terms based on real-time information collected during activity monitoring. Dynamic updates may also occur based on the monitored user's request, the priority of the requesting user(s), historical data, occurrence of a special event, completion of other internal or/external tasks, and/or pre-set limitations or thresholds. In addition, the AAC utility facilitates the real-time display or publishing of the terms of use, status information, and statistical information to users and the administrator.04-08-2010
20090144805INFORMATION TRANSFER APPARATUS AND CONTROL METHOD THEREOF - According to one embodiment, when a power source of an information transfer apparatus is turned off, information indicating termination of authentication with an AV apparatus externally connected is stored and whether or not the AV apparatus is set in a disconnected state in a power-off period is detected. Then, in a case where it is detected that the AV apparatus is not set in the disconnected state in the power-off period when the power source is turned on, a digital signal is transferred with respect to the AV apparatus based on the stored information indicating termination of authentication.06-04-2009
20090100502PROTECTING AGAINST COUNTERFEIT ELECTRONIC DEVICES - An embodiment of the invention includes a method of authenticating a second device connected to a first device. The method includes transmitting a first data string from the first device to the second device and receiving a second data string at the first device from the second device. The method also includes generating a third data string using an alteration key at the first device and comparing the third data string and either the first data string or the second data string. The method further includes authenticating the second device if the compared data strings match.04-16-2009
20090089858METHOD OF MANUFACTURING AN ELECTRONIC KEY WITH USB CONNECTOR - A method of manufacturing an electronic key with USB connector comprises the making of a key body 04-02-2009
20080209513Systems and methods for preventing an attack on healthcare data processing resources in a hospital information system - A system comprising a switching entity disposed between healthcare data processing resources and non-healthcare data processing resources. The switching entity is capable of operation in a first state in which an end user device is communicatively coupled to the healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to the non-healthcare data processing resources to support a non-healthcare session. If the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a memory purge at the end user device. Attacks on the healthcare data processing resources, both from the non-healthcare resources directly and via the end user device, are thus prevented.08-28-2008
20080209512AUTHENTICATION METHOD FOR PHARMACEUTICAL PRODUCTS HAVING SYMMETRICALLY CODED PACKAGING - A method for authenticating a pharmaceutical product, the pharmaceutical product being associated with packaging having disposed thereon or therein coded data including a number of coded data portions, each coded data portion being indicative of an identity of the pharmaceutical product and at least part of a digital signature of at least part of the identity. The method includes, using a sensing device to sense at least one coded data portion. A processor then determines the identity at least one determined signature part, and uses these to authenticate the pharmaceutical product. The coded data is arranged in accordance with a n-fold rotationally symmetric layout. The layout encodes data comprising a sequence of an integer multiple m of n-symbols. Each encoded symbol is distributed at n-locations about a centre of rotational symmetry such that decoding the symbols produces n-representations of the data each comprising a different cyclic shift of the data.08-28-2008
20080209511AUTHENTICATION METHOD FOR PHARMACEUTICAL PRODUCTS HAVING CODED PACKAGING - A method for authenticating a pharmaceutical product, the pharmaceutical product being associated with packaging having disposed thereon or therein coded data including a number of coded data portions, each coded data portion being indicative of an identity of the pharmaceutical product and at least part of a digital signature of at least part of the identity. The method includes, using a sensing device to sense at least one coded data portion. A processor then determines the identity at least one determined signature part, and uses these to authenticate the pharmaceutical product. The coded data is arranged in accordance with at least one layout having n-fold rotational symmetry, where n is at least two. The layout includes n identical sub-layouts rotated 1/n revolutions apart about a centre of rotation. At least one sub-layout includes rotation-indicating data that distinguishes that sub-layout from each other sub-layout08-28-2008
20080209509APPARATUS AND METHOD FOR PROCESSING DIGITAL DOCUMENT AND COMPUTER PROGRAM - A digital document processing apparatus stores a digital document, an application program used for editing the digital document, where the application program runs on an application platform, and a filter program used for restricting a function executed by the application program. The digital document processing apparatus includes a function determination unit configured to determine whether a function executed by the application program is restricted by the filter program, and a function restricting unit configured to restrict the function executed by the application program using the filter program if the function determination unit determines that the function executed by the application program is restricted by the filter program.08-28-2008
20090288139INTERFACE FOR ACCESS MANAGEMENT OF FEMTO CELL COVERAGE - Access management of femto cell service through access control list(s), or “white list(s)” is disclosed. Such white list(s) can be configured via a networked interface which facilitates access management to a femto cell. White list(s) includes a set of subscriber station(s) identifier numbers, codes or tokens, and can also include additional fields for femto cell access management based on desired complexity. Various interfaces and user profiles are associated with granting different levels of access to requesting UEs.11-19-2009
20090288138Methods, systems, and apparatus for peer-to peer authentication - Peer-to-peer authentication involves generating an authenticatable, globally unique, peer-to-peer identifier to associate a device with a user identity. The user identity is associated with one or more peer devices of a user. The peer-to-peer identifier, together with authentication credentials of a legacy Internet service, is sent to an infrastructure authentication service. The legacy Internet service is capable of verifying the user identity based on the authentication credentials. Based on verification of the authentication credentials, a list of authenticatable, globally unique, peer-to-peer identifiers that bind the peer devices to the user identity is received from the infrastructure authentication service. A peer-to-peer identifier that binds the selected peer device to the user identity is received from a selected one of the peer devices, and the selected peer device authenticated as associated with the user identity based on receiving the respective peer-to-peer identifier.11-19-2009
20090070856Image forming apparatus and utilization limiting method - An image forming apparatus and a utilization limiting method enable flexible limitation of utilization of resources. The image forming apparatus includes a utilization condition managing unit for managing utilization condition information including a utilization condition for a resource; a resource utilization unit for enabling the resource to be utilized based on the utilization condition included in the utilization condition information in response to a user request; a privilege information managing unit for managing privilege information that defines the presence or absence of privilege of the user to the resource; and a determination unit for determining whether utilization of the resource should be granted based on the privilege information. The determination unit grants utilization of the resource based on the utilization condition information when the user has no privilege to the resource.03-12-2009
20080276299WIRELESS TERMINAL APPARATUS AND METHOD OF PROTECTING SYSTEM RESOURCES - A wireless terminal apparatus is provided, which includes a domain unit having a first domain which drives a first application and a second domain, separated from the first domain, which drives a second application; a system resource unit composed of hardware of the wireless terminal apparatus; and a control unit which controls an operation of the domain unit that accesses the system resource unit.11-06-2008
20080244699IDENTIFICATION MEANS AND METHOD FOR THE LOGICAL AND/OR PHYSICAL ACCESS TO A TARGET MEANS - A means for the secure personalized identifying and allowing or prohibiting of a logical and/or physical access to a target means. The means comprises a portable identification means for outputting an authorization signal comprising at least one biometric sensor, at least one output elemental, a processor having a memory and a software as well as a sending- and receiving electronic for the wireless data exchange. The identification medium is configured in such a manner that upon successfully authentifying by an authorized user, an authorization signal is output over the output element. The portable identification medium is arranged at a wristband to be fixed at a user's wrist. The means comprises at least one security means which is configured to interrupt and/or prohibit the outputting of the authorization signal in case the wristband is opened and/or disconnected and/or the removing of the means from the user's wrist.10-02-2008
20080244700METHODS AND SYSTEMS FOR GRAPHICAL IMAGE AUTHENTICATION - Systems and methods for providing authentication using an arrangement of dynamic graphical images, which may display a popup element while a pointing device indicator is over a graphical image. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.10-02-2008
20080256599APPARATUS AND METHOD FOR PROTECTING SYSTEM IN VIRTUALIZED ENVIRONMENT - Provided is an apparatus and method for protecting a system in a virtualized environment. The apparatus includes a domain unit including a plurality of domains, each having one or more device drivers; a system resource unit forming hardware of the system; a direct memory access (DMA) driver; and a control unit including an access control module which controls the access of the domain unit to the system resource unit in the virtualized environment.10-16-2008
20090265759INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING SAME, AND STORAGE MEDIUM - An information processing apparatus which is capable of ensuring mutual security in cases where security information is displayed in a state in which an image displayed on a display is open to the outside. A display displays an operation screen of the apparatus. An input section receives an operation instruction to the apparatus, and a network interface receives an operation instruction to the apparatus from an external device. A control section determines whether an instruction for displaying an operation screen containing security information is received from the input section or via the network interface. When determining that the instruction is received via the network interface, the control unit cause screen data for displaying the operation screen to be transmitted to the external device, and the operation screen containing the security information to be prevented from being displayed on the display.10-22-2009
20090265758ATTACH DETECTION WITH COATING PUF - The present invention relates to a method of authenticating a physical token (10-22-2009
20090064275DOCUMENT MANAGEMENT SYSTEM, MANAGEMENT DEVICE, RECORDING MEDIUM STORING DOCUMENT MANAGEMENT PROGRAM, DOCUMENT MANAGEMENT METHOD AND DATA SIGNAL - A document management system, which includes a management section that manages identification information corresponding to a component included in a document; a setting section that sets the identification information managed by the management section to the component included in the document; and a history management section that manages history information of the component corresponding to the identification information that is set to the component by the setting section.03-05-2009
20080235763System and method of providing security for a multimedia timeline - Systems and methods of providing security for a multimedia timeline are disclosed. A first set of multimedia items may be provided to a visual display to obtain access to a multimedia timeline. A first selection of at least one of the first set of multimedia items may be received. Access may be provided to the multimedia timeline when the first selection matches a first key.09-25-2008
20080289002Method and a System for Communication Between a User and a System - The present invention relates to a method of communication (11-20-2008
20100275243SECURING WAKEUP NETWORK EVENTS - In an embodiment, a method is provided. The method of this embodiment provides receiving a packet having a wake-up pattern, and waking up if the wake-up pattern corresponds to one of a number of dynamically modifiable passwords on a pattern wake list, each of the dynamically modifiable passwords being based, at least in part, on a seed value10-28-2010
20090007232Information processing system and information processing apparatus - A disclosed information processing system includes an authentication information acquisition unit that acquires first authentication information and second authentication information different from the first authentication information. An authentication reference information storage unit stores first authentication reference information for authentication of the first authentication information and second authentication reference information for authentication of the second authentication information. A first authentication determination unit determines success or failure of first authentication using the first authentication information and the first authentication reference information. A second authentication determination unit determines success or failure of second authentication using the second authentication information and the second authentication reference information. An authentication information control unit stores the second authentication reference information and the first authentication information in the authentication reference information storage unit so as to correspond to each other when the first and second authentications are successful.01-01-2009
20090007230RADIO-TYPE INTERFACE FOR TUNING INTO CONTENT ASSOCIATED WITH PROJECTS - A user can receive content relating to a common topic, such as a project, through a radio-type interface. A frequency or other indicator associated with the project can be selected on a user device. The common topic can be presented to the user, based on the selected frequency and/or an authentication. Presented information can also be provided in a common format requested by the user or as a function of the rendering device. The common format can be facilitated by a conversion component that can change information from a first format to at least a second format. The information can also be presented in more than one format.01-01-2009
20080209510Memory Device - A memory device that has a function used to continue or disrupt a supply of electric power used to retain data stored in a recording medium or a supply of operating electric power of a circuit used to read out data stored in a storage medium, using personal identification information is provided. When the recording medium is formed of a volatile memory, this memory device has a power supply used to manage a supply of electric power that is used for retention of the stored data using the personal identification information and to retain or erase stored data by continuation or disruption of a supply of electric power by use of the personal identification information.08-28-2008
20080209508Digital Pen System - A digital pen system comprising a pen 08-28-2008
20100146587AUTHENTICATION OF CONTROLLED DOSING PROCESSES - Authentication of products dispensed in an automated chemical dispensing system occurs via electronic communication of product information. The dispensing system includes a plurality of dispense stations, each of which is configured to dispense a corresponding specified chemical product. A product container includes an electronically readable label or tag that includes product information that identifies the chemical product in the container. A product dispenser reads the product information and automatically determines whether the specified product has been loaded onto or into the dispense station. If the product is thus “authenticated,” the system may permit dispensing of the chemical product. If the product is not authenticated, the system may prevent dispensing of the chemical product and/or generate an error message.06-10-2010
20080271115Method and System for Authentication of a Low-Resource Prover - A method is presented for enabling authentication of a prover in a Radio Frequency Identification system comprising the prover and a verifier, the method comprising the steps of: the prover sending a prover identifier and a parent identifier to the verifier, the verifier sending a verifier identifier to the prover, the prover calculating a first common secret by means of a prover polynomial, where an unknown in the prover polynomial is substituted by a result calculated using a function of at least the verifier identifier, and the verifier calculating the first common secret by means of a first verifier polynomial, wherein a first unknown in the first verifier polynomial is substituted by the prover identifier and a second unknown in the first verifier polynomial is substituted by the parent identifier, the prover creating a first message by modulating a first core secret with regard to at least the first common secret, aid prover sending the first message to the verifier, and the verifier creating a first candidate for the first core secret by demodulating the first message with the first common secret, whereby the candidate for the first core secret is for use in the authentication. This allows the verifier and prover to independently create a common secret, used for modulating the core secret. Furthermore, no pre-registration of the prover with the verifier is required and calculation using polynomials requires little processing power. A corresponding system, prover and verifier are also presented.10-30-2008
20080271116SYSTEM AND METHOD FOR ENROLLING IN A BIOMETRIC SYSTEM - The present invention is a system and method of enrolling potential system users for a biometric system for identity verification. Potential system user information is entered into the system, either by the user or a system operator, and is stored as a partially-enabled user record. The user of a partially-enabled user record fully enables the record by presenting information previously stored in the user record and presenting the remainder of user information necessary to complete record activation. Enrollment data is used to authenticate the system user's identity and authorize related transaction accesses in a biometric system for identity verification.10-30-2008
20090158390METHOD, SYSTEM AND APPARATUS FOR AUTHENTICATION - An authentication method disclosed herein includes a requester sending an authentication request to an authenticator, the authenticator returning a response message which carries a source MAC address and a destination MAC address, the requester comparing the source MAC address between at least two authenticators and selecting an authenticator as a specified authenticator according to the set address selection rule to perform authentication with the requester. Further, the present disclosure discloses an authentication system. The present disclosure supports 802.1x authentication in a scenario with one requester and multiple authenticators. The disclosure also discloses a requester and an authenticator.06-18-2009
20090183229License Authentication Device and License Authentication Method - A user-specific information is generated from unique information of an external device. A determination is made as to whether an entered license key has been generated based on the user-specific information. As a result of the determination, if the license key has been generated based on the user-specific information, the entered license key is authenticated as a correct license key.07-16-2009
20090165086RANDOM NUMBER GENERATION THROUGH USE OF MEMORY CELL ACTIVITY - Systems and/or methods that facilitate security of data are presented. A random number generation component generates random numbers based in part on electron activity in a select memory cell(s) to facilitate data security. Sensor components that are highly sensitive can be employed to sense activity of the select memory cell(s) and/or reference memory cell in a noise margin associated with respective memory cells in the memory component. The activity of the select memory cell is compared to the reference memory cell(s) to facilitate generating binary data. The binary data is provided to the random number generation component where the binary data is evaluated to determine whether a predetermined level of entropy exists in the binary data. The binary data, or a portion thereof, can be processed to generate random numbers that are utilized in cryptographic processes and/or as a physical signature to facilitate data security.06-25-2009
20090125979COMMUNICATION SYSTEM, AUTHENTICATION METHOD, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND BATTERY - An authenticating system according to the present invention has a characteristic structure of which an authenticating section 05-14-2009
20080256597MEDIA AUTHENTICATION VIA PHYSICAL ATTRIBUTES OF A MEDIUM - An optical disc is authenticated by measuring physical attributes of the disc. A challenge is presented to the drive comprising the disc. The challenge includes locations on the disc to be used for authentication. The locations are determined each time the disc is to be authenticated. No restriction is placed on the locations on the medium, and no restriction is placed on the number of locations. Locations on the disc are accessed and an answer to the challenge is calculated in accordance with a physical attribute pertaining to the locations. The answer can include an angle between the locations, the physical separation between the locations, an amount of time elapsed between detection of the locations, an amount of time taken to read data between written between the locations, or a number of rotations occurring between detection of the locations. The answer is analyzed to determine the validity of the disc.10-16-2008
20090172775MOBILE ANTI-PHISHING - A method for inhibiting phishing can include sending information from a mobile network device to a website server, generating a one time password at the mobile network device from the information, generating a one time password at the website server from the information, sending the one time password generated at the website server to the mobile network device when the mobile network device subsequently accesses the website, and comparing the one time password generated at the website server to the one time password generated at the mobile network device. In this manner, the website can be authenticated such that the occurrence of phishing is substantially mitigated.07-02-2009
20090178114EDUCATIONAL LOG-ON METHOD - An example method of accessing a computer includes receiving identification information from a user and receiving an answer to an educational query. The educational query is based on the identification information. The method limits access to a computer based on the answer, the time spend answering queries, or both.07-09-2009
20090178115Receiving an access key - In an embodiment, a secure module is provided that provides access keys to an unsecured system. In an embodiment, the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment, the access keys are sent to the unsecured system after receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. Each of these embodiments may be used separately.07-09-2009
20090199269ACCESS PROVISIONING VIA COMMUNICATION APPLICATIONS - Described herein is technology for, among other things, provisioning access to shared resources. It involves various techniques for creating accounts for recipients of communications with shared resources. Further, the resources may available by an easy to find permanent location (e.g., URL). Such a provisioning process facilitates the growth of the network as recipients are given fully featured accounts. Therefore, the technology avoids the sign up process that users would otherwise have to go through in order to access the shared resource.08-06-2009
20090199270IMAGE FORMING APPARATUS, IMAGE FORMING METHOD, AND STORAGE MEDIUM - A disclosed image forming apparatus includes an authentication information unit including login information of a user and an authentication key; an authentication key providing unit including the authentication key; functional units; and a functional-unit authentication unit including authentication information of the functional units and a first verification unit configured to determine whether the functional units are authenticated. Each of the functional units includes an authentication key obtaining unit for obtaining the authentication key from the authentication key providing unit if the first verification unit determines that the functional unit is authenticated. The authentication information unit further includes a second verification unit for determining whether the authentication key obtained by the authentication key obtaining unit matches the authentication key in the authentication information unit, and a login information providing unit for providing the login information to the functional unit if the second verification unit determines that the authentication keys match.08-06-2009
20090064278Techniques for Entry of Less than perfect passwords - A technique of allowing entry of the password which is not 100% correct. This password would be used to verify identity and/or login information in low security techniques. The password is scored relative to the correct password. The scoring can take into effect least mean squares differences, and other information such as letter groups, thereby detecting missed characters or extra characters, as well as shift on the keyboard.03-05-2009
20090064274Dual non-volatile memories for a trusted hypervisor - In one embodiment, the present invention includes a method for executing a first code portion of a pre-boot environment from a first non-volatile memory, authenticating a trusted hypervisor in the first non-volatile memory using the first code portion, executing the trusted hypervisor if the trusted hypervisor is authenticated, and authenticating a basic input/output system (BIOS) present in a second non-volatile memory with the trusted hypervisor and transferring control from the trusted hypervisor to the BIOS if the BIOS is authenticated. Other embodiments are described and claimed.03-05-2009
20120198518OBSERVABLE MOMENT ENCRYPTION - A method, system and apparatus for encrypting a consumer identification number contained in a portable consumer device by gradually changing a consumer identification number when an observable moment is observed is disclosed. Observable moments can be exposure to light or an electromagnetic field, use of the portable consumer device or a change in temperature. A pattern or history of how the consumer identification number is gradually changed is used to authenticate the portable consumer device or the consumer.08-02-2012
20090083834ACCESSORY AUTHENTICATION FOR ELECTRONIC DEVICES - Improved techniques to control utilization of accessory devices with electronic devices are disclosed. The improved techniques can use cryptographic approaches to authenticate electronic devices, namely, electronic devices that interconnect and communicate with one another. One aspect pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect pertains to provisioning software features (e.g., functions) by or for an electronic device (e.g., a host device). Different electronic devices can, for example, be provisioned differently depending on different degrees or levels of authentication, or depending on manufacturer or product basis. Still another aspect pertains to using an accessory (or adapter) to convert a peripheral device (e.g., USB device) into a host device (e.g., USB host). The improved techniques are particularly well suited for electronic devices, such as media devices, that can receive accessory devices. One example of a media device is a media player, such as a hand-held media player (e.g., music player), that can present (e.g., play) media items (or media assets).03-26-2009
20080263629METHODS AND SYSTEMS FOR COMPLETING, BY A SINGLE-SIGN ON COMPONENT, AN AUTHENTICATION PROCESS IN A FEDERATED ENVIRONMENT TO A RESOURCE NOT SUPPORTING FEDERATION - A system for distributed authentication includes a client machine, in a first domain in a federation, that receives from a user a first set of authentication credentials. The system also includes an intermediate machine in a second domain in the federation, a server, also in the second domain, a password management program executing on the server and a non-federated resource. The intermediate machine authenticates the user responsive to receiving the first set of authentication credentials and identifies a second set of authentication credentials. The server in the second domain authenticates the user, responsive to the second set of authentication credentials. The password management program, executing on the server, retrieves a third set of authentication credentials associated with the user. The non-federated resource authenticates the user, responsive to receiving, from the password management program, the third set of authentication credentials.10-23-2008
20090064277INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM - A method for controlling an information processing apparatus includes storing identification information to identify a type of authentication information which is necessary to use each of a plurality of files stored in a memory unit from among a plurality of types of authentication information, and causing a display unit to display the plurality of files stored in the memory unit and the stored identification information in association with each other.03-05-2009
20090165087Media registration and validation service to protect against unauthorized media sharing - A Media Registration and Validation Service (“MRVS”) facilitates protection against unauthorized media sharing. In the media registration function, the MRVS receives, registers and stores one or more samples of media content defining source content. In the media evaluation function, the MRVS receives samples of media content (“examination content”) submitted for examination relative to the source content. The MRVS searches the database to determine instances of source content corresponding to the examination content, yielding corresponding content; and produces a report including indicia of the corresponding content. Protection against media sharing is thereby accomplished in one aspect by providing notice of registered source content to one or more prospective disclosers of corresponding content (including, without limitation, the submitters of examination content); and in another aspect, the prospective disclosers can rely on the notice to decide whether or not to disseminate their corresponding content.06-25-2009
20090007229TIME-BASED METHOD FOR AUTHORIZING ACCESS TO RESOURCES - Upon receiving a request for access to a resource, a current clock value is determined. Based on information including the resource, the identity of the user requesting the access, and the current clock value, the system identifies applicable access controls. If the applicable access controls indicate that the user can be granted access to the resource at the current time, the request is granted. Otherwise, the request is denied.01-01-2009
20090007231Secured systems and methods for tracking and management of logistical processes - A method is provided for providing access to data relating to a plurality of processes associated with a supply chain network. The method may include identifying a user from a plurality of users. The method may also include identifying data from a plurality of data, wherein the identified data includes a subset of the plurality of data. The method may further include providing the user with access to the identified data. Providing the user with access to the identified data may include defining a user profile by establishing at least one permission associated with the identified data. The established permission may allow the user to access the identified data, and the user profile may be based on one of employee characteristics, work assignments, or geographical locations.01-01-2009
20090210925Authentication control apparatus and authentication control method - An authentication control apparatus is disclosed that includes plural authentication units that perform authentication for an operator with different authentication methods; a corresponding information management unit that manages corresponding information between the mode of an authentication request and the authentication unit to be used; and an authentication control unit that determines the authentication unit corresponding to the mode of the authentication request based on the corresponding information in response to the authentication request from the operator and causes the determined authentication unit to execute the authentication for the operator.08-20-2009
20090210924METHOD AND APPARATUS FOR ADAPTING A CHALLENGE FOR SYSTEM ACCESS - A method and apparatus for accessing a device via an adaptive challenge is provided herein. During operation, the challenging device will determine a user's context. The challenge used to access the system (08-20-2009
20090222886UNIT USING OS AND IMAGE FORMING APPARATUS USING THE SAME - A chip mountable on a customer replaceable unit monitoring memory (CRUM) unit used in an image forming job includes a central processing unit (CPU) with its own operating system (OS), which operates separately from an OS of the image forming apparatus, to perform authentication communication with a main body of the image forming apparatus using the OS of the CPU. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented.09-03-2009
20090276829SYSTEM FOR COPYING PROTECTED DATA FROM ONE SECURED STORAGE DEVICE TO ANOTHER VIA A THIRD PARTY - A third party is configured to establish a virtual secure channel between a source SSD and a destination SSD via which the third party reads protected digital data from the source SSD and writes the protected digital data into the destination SSD after determining that each party satisfies eligibility prerequisites. An SSD is configured to operate as a source SSD, from which protected data can be copied to a destination SSD, and also as a destination SSD, to which protected data of a source SSD can be copied.11-05-2009
20080313706Method of Verifying an Object - A method of verifying an object using a computer system which receives a verification request indicative of an identity of the object and at least one signature fragment, the signature being a digital signature of at least part of the identity. The method includes determining the identity, and using this to determine at least one criterion relating to the verification from a database. The verification request is compared to the at least one criterion allowing the object to be verified if the criterion is satisfied.12-18-2008
20090249442ENABLING SELECTED COMMAND ACCESS - A method, medium and implementing processing system are provided for enabling access to specific privileged commands that are required to successfully execute tasks within an application only to individuals assigned a predetermined role to perform such tasks. In one example, the system administrator defines roles that contain the authorizations needed in order to provide the granularity of security that the users' company has defined. Once the system administrator defines the roles and assigns them to the users, then each user will have the authorizations needed in order to authenticate with the console and perform the system management tasks that they have been assigned. Thus, a web console consisting of a collection of web applications is enabled with the functionality to restrict access to privileged commands necessary to perform selected system management tasks.10-01-2009
20090249443METHOD FOR MONITORING THE UNAUTHORIZED USE OF A DEVICE - The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a device monitors its use, its local environment, and/or its operating context to determine that the device is no longer within the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. Additional embodiments also address methods and systems for gathering forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device.10-01-2009
20100162353TERMINAL AUTHENTICATION APPARATUS AND METHOD IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - A terminal authentication apparatus and method in a Downloadable Conditional Access System (DCAS) is provided. The terminal authentication method may determine whether terminal authentication information, received from a DCAS terminal, is valid by referring to a database, may transmit DCAS image information and pairing information about the terminal authentication information to a user terminal, when the terminal authentication information is valid, and thereby may enable the DCAS terminal to set the user terminal based on the pairing information.06-24-2010
20090260057Method for distributing a list of certificate revocations in a vanet - In a vehicle-to-vehicle wireless communication system utilizing certificates to verify trustworthiness of received communications, a method for distributing a list of certificate revocations to vehicles in the communication system. At least one main station transmits a list of certificate revocations to at least one vehicle and the vehicle thereafter transmits the list of certificate revocations to other vehicles in the communication network. Each of the other vehicles in the communication network updates its list of certificate revocations in response to the receipt of the list of certificate revocations from another vehicle in the system. The other vehicles thereafter transmit their updated list of certificate revocations to other vehicles in the system.10-15-2009
20080307496Video receiving apparatus and broadcast receiving apparatus - An video receiving apparatus which reduces waiting time till image is displayed on a monitor include: a plurality of authentication executing units which perform respectively an authentication process to the external devices connected to each of the plurality of input terminals; a terminal selecting unit which selects one of the plurality of input terminals as a video input terminal based on an operation input from outside; an video receiving unit which receives the video information through one of the authentication executing units corresponding to the selected input terminal from the external devices connected through the selected input terminal; and a display control unit which outputs the received video information to a monitor.12-11-2008
20080307495Memory device with circuitry for improving accuracy of a time estimate used in digital rights management (DRM) license validation - A memory device with circuitry for improving accuracy of a time estimate used in digital rights management (DRM) license validation is disclosed. In one embodiment, a memory device receives a request to validate a DRM license stored on the memory device, wherein the DRM license is associated with a time stamp update policy (TUP) that specifies when a new time stamp is needed. Before attempting to validate the DRM license, the memory device determines if a new time stamp is needed based on the TUP associated with the DRM license. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to validate the DRM license using a time estimate based on the new time stamp. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.12-11-2008
20090083832Modal and linear techniques for access control logic - Access control logic may use logical constructs such as “says” and “speaks for”, and may be translated to modal logic. The modal logic may be used to determine the truth or falsehood of formulas in access control logic, which may be used in access control decisions. The modal logic may be S03-26-2009
20100162356Hierarchical Trust Based Posture Reporting and Policy Enforcement - A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.06-24-2010
20090094678Mulimode device - A mode indexing table is used for listing the available modes in a multimode device. From information in the mode indexing table, a host recognizes the modes as listed in the table. The host has a mandatory initialization mode using a known technique, such that the device can enter into an initialization mode directly or via a boot function. During initialization, the host receives the remaining part of the table from the multi-mode device and recognizes the functionality of each of the listed modes in the table. Among the available modes, some modes are allowed to access data of other modes according to the level of access. The multimode device has some commands that can be used for direct mode switching.04-09-2009
20100192198CACHING OF PRIVATE DATA FOR A CONFIGURABLE TIME PERIOD - A computer implemented method, apparatus, and computer program product for generating cookies. A cookie value is retrieved in response to receiving the request. An expiration for the cookie value is set based on a time period in which the request is received. A set of unique identifiers, including the expiration, are added to the cookie value and a cookie name to form a cookie. A response to the request is sent to an intermediate server. The response includes data responsive to the request and the cookie. The validity of the data for the response is related to the expiration.07-29-2010
20100192197Context-Sensitive Confidentiality within Federated Environments - Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.07-29-2010
20090100501Content Providing System, Content Providing Method, and Optical Disk - A terminal transmits disk identification information and user information to a content delivery server for purchase of initial content in the case where the content to be stored in an optical disk is provided to a user. The user information and the content delivered by the content delivery server are written on the optical disk. The optical disk storing the initial content is set in the terminal for purchase of additional content. The terminal transmits, to the content delivery server, disk identification information, the user information and content information. The content delivery server determines whether or not the purchase of the additional content is authorized. When the content delivery server determines that the purchase of the additional content is authorized, the content delivery server delivers the additional content to the terminal. The terminal writes the additional content on the optical disk. It is therefore possible to prevent content from being copied and obtained in an unauthorized manner and provide content based on preferences and characteristics of the user.04-16-2009
20090077630AUTHENTICATION DEVICE AND AUTHENTICATION CONTROL METHOD - An authentication device and method of a semiconductor chip which sends and receives authentication information, performs a login process for permitting an input to the semiconductor chip and an output from the semiconductor chip, controls acquisition of the authentication information and controls installation or uninstallation of a loadable program, assignment of a session to the loadable program unit, and use of the loadable program unit based on the session.03-19-2009
20090077628HUMAN PERFORMANCE IN HUMAN INTERACTIVE PROOFS USING PARTIAL CREDIT - A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs a partial credit algorithm in order to allow a user to make one or more mistakes during consecutive HIP challenges and still be identified as a human. The algorithm assigns a user partial credit based upon getting part of the challenge incorrect. The partial credit is tracked and if during one or more consecutive subsequent challenges the same user gets a portion of the challenge incorrect again, they can still be identified as human.03-19-2009
20100162355TRANSCRIPTION DATA SECURITY - A computer program product for use with dictated medical patient information resides on a computer-readable medium and comprises computer-readable instructions for causing a computer to analyze the dictated information, identify likely confidential information in the dictated medical patient information, and treat the likely confidential information disparately from likely non-confidential information in the dictated medical patient information.06-24-2010
20100162354TRANSCRIPTION DATA SECURITY - A computer program product for use with dictated medical patient information resides on a computer-readable medium and comprises computer-readable instructions for causing a computer to analyze the dictated information, identify likely confidential information in the dictated medical patient information, and treat the likely confidential information disparately from likely non-confidential information in the dictated medical patient information.06-24-2010
20100281517System, Apparatus, Program, and Method for Authentication - According to an aspect of the invention, a management of each authentication subprocess assures the each authentication subprocess, and assurance contents can be verified by verification side, so that trustworthiness of the whole authentication process can be improved. An authentication system includes authentication entity devices which separately execute authentication subprocesses P11-04-2010
20100211990Packet Detection Method for Wireless Communication Device and Related Device - A packet detection method for a wireless communication device includes receiving a wireless communication signal and demodulating the wireless communication signal into a packet signal; comparing the packet signal according to an access code to generate a comparison result; estimating energy distribution of the packet signal to generate an estimation result; and determining whether the packet signal belongs to the wireless communication device according to the comparison result and the estimation result.08-19-2010
20100122319INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - A system includes a web server and an apparatus with a web browser configured to display an operation screen provided by the web server. The apparatus authenticates a user and transmits authentication information to the web server when the user is authenticated and requests the operation screen which is to be displayed on the web browser. The web server determines whether the authentication information has been received from the apparatus when the operation screen is requested and transmits the operation screen to the apparatus when it is determined that the authentication information has been received from the information processing apparatus as a result of the determination.05-13-2010
20080295151METHOD AND SYSTEM FOR ANONYMOUS INFORMATION VERIFICATION11-27-2008
20100162352FALSIFICATION DETECTING SYSTEM, FALSIFICATION DETECTING METHOD, FALSIFICATION DETECTING PROGRAM, RECORDING MEDIUM, INTEGRATED CIRCUIT, AUTHENTICATION INFORMATION GENERATING DEVICE AND FALSIFICATION DETECTING DEVICE - A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 06-24-2010
20090328141AUTHENTICATION, IDENTITY, AND SERVICE MANAGEMENT FOR COMPUTING AND COMMUNICATION SYSTEMS - Improved techniques for obtaining authentication identifiers, authentication, and receiving services are disclosed. Multiple devices can be used for receiving service from a servicing entity (e.g., Service Providers). More particularly, a first device can be used to authenticate a first entity (e.g., one or more persons) for receiving services from the servicing entity, but the services can be received by a second device. Generally, the first device can be a device better suited, more preferred and/or more secure for authentication related activates including “Identity Management.” The second device can be generally more preferred for receiving and/or using the services. In addition, a device can be designated for authentication of an entity. The device releases an authentication identifier only if the entity has effectively authorized its release, thereby allowing “User Centric” approaches to “Identity Management.” A device can be designated for obtaining authentication identifiers from an identity assigning entity (e.g., an Identity Provider). The authentication identifiers can be used to authenticate an entity for receiving services from a servicing entity (e.g., a Service Provider) that provides the services to a second device. The same device can also be designated for authentication of the entity. The device can, for example, be a mobile phone allowing a mobile solution and providing a generally more secure computing environment than the device (e.g., a Personal Computer) used to receive and use the services.12-31-2009
20100037294METHOD AND APPARATUS FOR PROVIDING A HIERARCHICHAL SECURITY PROFILE OBJECT - A hierarchical security policy that can be imposed by a policy maker upon a class of entities in an interactive television environment. A general policy is defined for a class of entities. A specific policy may also be defined for any subclass of entities, such as the grouping of advertisements or programs. A specific policy may be defined for any given entity, such as a specific television program as an exception to a class.02-11-2010
20090007233System and methods for defending against root - A method is disclosed for securing sensitive material on a computer system comprising a network of computers from unauthorized access by a root level user of the computer system, the method including the steps of: limiting access to the sensitive material to one or more authorized users; controlling the operation of one or more system functions to prevent unauthorized access to the sensitive material.01-01-2009
20090288140ACCESS CONTROL LISTS AND PROFILES TO MANAGE FEMTO CELL COVERAGE - System(s) and method(s) provide access management to femto cell service through access control list(s) (e.g., white list(s), or black list(s)). White list(s) includes a set of subscriber station(s) identifier numbers, codes, or tokens, and also can include additional fields for femto cell access management based on desired complexity. White list(s) can have associated white list profile(s) therewith to establish logic of femto coverage access based on the white list(s). Values of attribute fields that determine white list(s), black list(s), or white list profile(s) can be generated through various sources. An access list management component facilitates generation and maintenance of white list(s), black list(s), or white list profile(s). Values for identifier attribute field(s) available for inclusion in a white list are validated prior to inclusion therein. Various example aspects such as white list(s) management, maintenance and dissemination; automatic population or pre-configuration; and inclusion of wireless device(s) or subscriber(s) are also provided.11-19-2009
20090328144MOBILE APPLICATION REGISTRATION - A method of registering an application on a mobile terminal in a mobile network with an application server, said mobile terminal comprising an identity module, said method comprising the steps of: receiving at the application server a first message for registering the application, said first message comprising a telephone number associated with the identity module; generating by the application server a unique identifier and associating the unique identifier with the telephone number; sending a second message from the application server to the mobile terminal, said second message comprising the unique identifier; and generating and storing at the mobile terminal a data block comprising the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal.12-31-2009
20090328143METHOD OF SELF-AUTHENTICATING A DOCUMENT WHILE PRESERVING CRITICAL CONTENT IN AUTHENTICATION DATA - An improved document authentication method in which critical content, such as signatures, is preserved at a high-resolution in the authentication data carried on the self-authenticating document. When generating authentication data, signatures are compressed without down-sampling to preserve their resolution and quality. The compressed signature data (a bit string) is embedded in an image segment on the document. For example, each bit of the bit string is stored in the low bits of one or more image pixels. A hash code is calculated from the bit string and stored in a barcode printed on the document. To authenticate a scanned-back document, the bit string is recovered from the image segment. A hash code is calculated from the recovered bit string and compared to the hash code extracted from the barcode. The signatures re-generated from the recovered bit string are compared to the signatures in the scanned document.12-31-2009
20090328140ADVANCED SECURITY NEGOTIATION PROTOCOL - This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).12-31-2009
20090320095OBTAINING DIGITAL IDENTITIES OR TOKENS THROUGH INDEPENDENT ENDPOINT RESOLUTION - A federated identity provisioning system includes relying parties, identity providers, and clients that obtain tokens from identity providers for access to a relying party's services. When a client contacts a new relying party, the relying party provides information that the client can independently resolve and evaluate for trustworthiness. For example, the relying party provides a generic domain name address. The client can then resolve the domain name address over various, authenticated steps to identity an endpoint for a digital identity provisioning service. The client can further interact with and authenticate the provisioning service (e.g., requiring digital signatures) to establish a trust relationship. Once determining that the client/user trusts the provisioning service, the client/user can then provide information to obtain a digital identity representation. The client can then use the digital identity representation with the corresponding identity provider to obtain one or more tokens that the relying party can validate.12-24-2009
20090320096MANAGING ACCESS TO A HEALTH-RECORD - A method to regulate access to a health record of an individual includes receiving a request from an application, the request identifying an item in the health record to which access is requested. The method further includes presenting the request to a marshal of the health record via a user interface and receiving a response from the marshal of the health record via the user interface, the response indicating whether access to the item is authorized or withheld. The method further includes granting the application access to the item if the response indicates that access to the item is authorized, and denying access to the item from the application if the response indicates that access to the item is withheld.12-24-2009
20120246699DISPLAY APPARATUS, CONTROL METHOD THEREOF AND CONTROL METHOD OF EXTERNAL DEVICE - A display apparatus, a control method thereof and a control method of an external device are provided. The display apparatus includes a contents processing unit which reproduces contents, a communication unit which communicates with an external device which reproduces contents, and a control unit which receives reproduction information of the contents reproduced in the external device from the external device through the communication unit, and controls the contents processing unit to reproduce contents corresponding to the contents reproduced in the external device, based on the received reproduction information.09-27-2012
20090106820SYSTEM AND METHOD FOR USER AUTHENTICATION BASED ON ODOR RECOGNITION - A system for a user authentication includes an odor sensor unit for sensing an odor of a user's body to generate an odor biometric information vector, and a learning unit for performing an initial learning using the odor biometric information vector to generate a comparative odor biometric information vector. An authentication unit performs the user authentication by comparing an odor biometric information vector of the user's body to be authenticated from the odor sensor unit with the comparative biometric information vector if the user authentication is required. The authentication unit further performs an incremental learning of the comparative odor biometric information vector using the odor biometric information vector used in the authentication to create an incrementally learned odor biometric information vector. The comparative odor biometric information vector is updated with the incrementally learned odor biometric information vector.04-23-2009
20090037978SELF-ADAPTIVE MULTIMODAL BIOMETRIC AUTHENTICATION METHOD AND SYSTEM FOR PERFORMANCE THEREOF - A method for authentication of an individual based upon biometric mode and biometric instance data comprising the steps of: storing at least a first biometric data having at least one biometric data mode and at least two biometric data instances capable of identifying an individual associated with the first biometric data; creating an at least second biometric data having the at least one biometric data mode and the at least two biometric data instances capable of identifying a specific individual associated with the second biometric data; determining which of said at least one biometric data mode and said at least two biometric data instances are to be compared; in accordance with predetermined rules; and comparing the at least second biometric data to said at least first biometric data to determine whether the selected biometric data mode and selected biometric data instances of the at least first biometric data corresponds to the selected at least one of biometric data mode and selected at least two biometric data instances of the at least second biometric data.02-05-2009
20090037981Authentication system, image forming apparatus, and authentication server - An authentication system includes an authentication information input device to which a user inputs authentication information, an authentication server, and at least one image forming apparatus, all connected via a network. The authentication server acquires the authentication information input via the authentication information input device and performs user authentication based on the authentication information. The authentication server includes a transmitter to transmit a result of the user authentication indicating whether or not the user authentication is successful and information of the user identified by the authentication information to at least one of the image forming apparatuses. The image forming apparatus includes a receiver to receive the result of the user authentication and the user information transmitted from the authentication server, and an apparatus controller to switch the image forming apparatus from an unusable state to a usable state according to the result of the user authentication and the user information.02-05-2009
20090037980DOCUMENT PROCESS SYSTEM, IMAGE FORMATION DEVICE, DOCUMENT PROCESS METHOD AND RECORDING MEDIUM STORING PROGRAM - A document process system, which includes: an authentication section that authenticates an operator of an operation target document; an extraction section that extracts specific information for setting operation restriction information of the document; a setting section that sets the operation restriction information of the document based on authentication information of the operator authenticated by the authentication section and the specific information extracted by the extraction section; and a generation section that generates a protected document to which the operation restriction information is set by the setting section based on the operation target document.02-05-2009
20090070855INFORMATION PROCESSING APPARATUS, AUTHENTICATION CONTROL METHOD, AND AUTHENTICATION CONTROL PROGRAM - An information processing apparatus includes a user information managing part that manages registered user information, an authentication part that performs user authentication using the registered user information managed by the user information managing part, an external authentication part that controls an external computer to perform authentication on user information input via an input interface and acquires authenticated user information from the computer when the input user information is successfully authenticated by the computer, and a registration part that registers the authenticated user information acquired by the external authentication part in the user information managing part as the registered user information.03-12-2009
20100306819INTERACTIVE PHISHING DETECTION (IPD) - Systems and methods for use with a client device and a server provide interactive phishing detection at the initiation of the user. Detection of phishing is based on the user's comparison of a visual indicator sent from the server to the client device with a another identical looking visual indicator displayed, for example, on a trusted website. Several security measures may be employed such as changing the visual indicator periodically, generating the visual indicator in a random manner, and authenticating the client device to the server before the server will transmit the visual indicator to the client device. User comparison of the website-displayed visual indicator with the user's client device user interface-displayed visual indicator may facilitate user verification of authenticity of a software application.12-02-2010
20100325694CENTRALIZED IDENTITY AUTHENTICATION FOR ELECTRONIC COMMUNICATION NETWORKS - A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user's identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user's identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users.12-23-2010
20100333173System and Method of User Authentication in Wireless Communication Networks - Methods and systems taught herein provide for authentication information for authenticating a user terminal to be shared between a network entity that supports IMS-AKA authentication of the user terminal and a network entity that supports GBA-AKA authentication of the user terminal. Sharing authentication information between these entities allows all or part of the authentication information generated for IMS-AKA authentication of the user terminal to be used subsequently for GBA-AKA authentication of the user terminal, or vice versa.12-30-2010
20110010756VIRTUAL APPLICATION PROGRAM SYSTEM, STORING DEVICE, METHOD FOR EXECUTING VIRTUAL APPLICATION PROGRAM AND METHOD FOR PROTECTING VIRTUAL ENVIRONMENT - The present invention relates to a virtual application program system, a storage device, a method of executing a virtual application program, and a method of protecting a virtual environment. The virtual application program system includes an execution control module for executing a virtual application program, and a virtual environment protection module loaded by the execution control module and configured to block non-permitted application programs from accessing a virtual environment accessed by the virtual application program. Accordingly, the virtual environment can be protected from a host application program, etc., and independency and security of a task using a virtual application program can be guaranteed.01-13-2011
20110010755INTERACTION BETWEEN SECURED AND UNSECURED ENVIRONMENTS - A method comprising: receiving a data structure including an identifier identifying a process for performance by a secured environment; and identifying to an unsecured environment the process identified by the data structure.01-13-2011
20110035784METHOD AND APPARATUS FOR DETECTING CYBER THREATS - A method and apparatus for detecting cyber threats using reinforced cookies, which include HTTP cookies, history cookies, cache cookies and/or other types. A history cookie comprises an entry for a particular web page in a browser's navigation history. A cache cookie comprises an entry for a particular object (e.g., an image file) within a browser's cache. Upon a client's first visit to a web server, an identifier record is generated comprising data such as a user ID, a client device ID, an age (e.g., a counter), a cookie type, an authentication field, etc. From the unique identifier, one or more types of reinforced cookies are generated and stored with the client browser. On a subsequent visit, the client's cookie configuration is examined to determine whether the client may be the perpetrator or victim of a cyber attack. Cookies may be updated or replaced on some or all visits.02-10-2011
20100024000Method for improving accuracy of a time estimate used in digital rights management (DRM) license validation - A method for improving accuracy of a time estimate used in digital rights management (DRM) license validation is disclosed. In one embodiment, a memory device receives a request to validate a DRM license stored on the memory device, wherein the DRM license is associated with a time stamp update policy (TUP) that specifies when a new time stamp is needed. Before attempting to validate the DRM license, the memory device determines if a new time stamp is needed based on the TUP associated with the DRM license. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to validate the DRM license using a time estimate based on the new time stamp. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.01-28-2010
20090077629INTEREST ALIGNED MANUAL IMAGE CATEGORIZATION FOR HUMAN INTERACTIVE PROOFS - A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs images from a large private database of manually categorized images to display as part of a Turing test challenge. The private database contains a sufficient quantity of images, such that the more economical manner to pass the HIP is to employ a human to take the challenge. The owner of the private database makes the database available to the presenter of the HIP due to an alignment of interests between both parties. The HIP is displayed with ads on behalf of the owner of the private database and the presenter of the HIP gains access to a large quantity of private manually categorized images.03-19-2009
20090100500Scalable distributed web-based authentication - Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol.04-16-2009
20090031397USE MANAGEMENT SYSTEM - A use management system includes: a facility equipment which includes a use control unit for executing control of switching the facility equipment between a usable state and a disabled state; a portable storage medium which stores identification information; a portable storage medium reading device which reads the identification information from the portable storage medium; and an information management device which is connected to and communicates with the facility equipment and the portable storage medium reading device. The information management device includes: a use authority information database which is associated with the identification information, and which registers individual information of a person having the portable storage medium and use authority information of the facility equipment; a determination unit which determines existence or nonexistence of a use authority of the facility equipment based on the identification information received from the portable storage medium reading device and the use authority information registered in the use authority information database; and a unit which transmits an instruction signal to make the facility equipment usable to the facility equipment when it is determined in the determination unit that the use authority exists.01-29-2009
20100058437GRAPHICAL SYSTEM AND METHOD FOR USER AUTHENTICATION - System and method for graphical user authentication using compact collages of regions of images. Image corpus is constructed by selecting similar quality images and filtering to further homogenize image quality. Regions are detected within the images and scored according to similarity and neighborhood information. Regions with lower scores provide less information about other regions and are more secure secrets. During enrollment, user selects secret images; decoy images are chosen by the system accordingly. Regions from secret images are selected as secrets according to the scoring of regions and regions from decoy images are selected as decoys. A collage is formed with secrets and decoys. Compact rendering enhances security and is suitable for small displays of mobile devices. Several rounds of challenge, requiring identification of secrets, are presented to the user. User is authenticated if a certain number of correct identifications of secrets within a number of rounds are achieved.03-04-2010
20090313677Mathematical definition of roles and authorizations in RBAC system - A process, apparatus and program product create a new role in a Role Based Access Control (RBAC) system by using mathematical operators with either one or more authorizations, or one or more existing roles, or a combination thereof.12-17-2009
20090313678AUTHENTICATING SERIALIZED COMMODITIES - A system for authenticating a serialized commodity is presented. A fixed identification, serial number, and authentication code are received for a serialized commodity to be checked for authenticity. A reference table is searched for an entry that matches the received fixed identification. In response to finding an entry in the reference table that matches the received fixed identification, a fixed identification key is retrieved from the reference table that is associated with the received fixed identification. A recreated authentication code is generated for the serialized commodity using the retrieved fixed identification key, the received fixed identification, and the received serial number. Then, it is determined whether the recreated authentication code matches the received authentication code. In response to determining that the recreated authentication code does match the received authentication code, an authentication code match message is outputted to authenticate the serialized commodity.12-17-2009
20100058439INFORMATION MANAGEMENT METHOD, INFORMATION MANAGEMENT SYSTEM, COMPUTER-READABLE MEDIUM AND COMPUTER DATA SIGNAL - An information management method includes: receiving a request for certain operation of certain electronic information associated with operation right information that defines permitted operation for each user; determining as to whether or not at least one of (i) a history of previous operations, executed by the user, of the certain electronic information and (ii) a history of previous operations, executed by the user, of a location associated with the certain electronic information meets a predetermined condition, and if it is determined that the at least one of (i) the history of previous operations, executed by the user, of the certain electronic information and (ii) the history of previous operations, executed by the user, of the location associated with the certain electronic information meets the predetermined condition, starting to execute the certain operation.03-04-2010
20100037293Systems and Methods for Security in a Wireless Utility Network - Methods and systems a provided for security in a wireless utility network. The methods and systems use different levels of trust to securely enroll new nodes into a network through other nodes acting as proxies. A node's security state with respect to another node in the network is categorized into one of several trust levels. A node responds to certain requests, actions or messages depending based on its trust level with the other entity. Initially, a node is not trusted. A first trust level is established based on a digital certificate that is stored in a node when the node is manufactured. A second trust level is established based on a second digital certificate obtained from a certifying authority while a node is in the first trust level. A node with a verified second certificate can be fully enrolled in the network and participate as a network node with minimal or no constraints.02-11-2010
20090217349IMAGE FORMING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM STORING INFORMATION PROCESSING PROGRAM - An image forming apparatus having plural program runtime environments in which a program can be added to at least one of the plural program runtime environments is disclosed. The image forming apparatus includes a storage unit in which usage acceptance information showing whether a resource of the image forming apparatus can be used by the program is stored in each of the program runtime environments, and a determining unit which determines whether the resource of the image forming apparatus can be used by the program to be executed in one of the plural program runtime environments based on the usage acceptance information.08-27-2009
20090217348Methods and Apparatus for Wireless Device Registration - Disclosed are a system and methods for associating a “generic” wireless device, i.e., a device that is not pre-programmed with subscription credentials corresponding to a particular operator, with a Home Operator designated by the device's owner. The disclosed system and methods further facilitate the automatic linking of a newly activated M2M device to an appropriate server for downloading the subscription credentials for the Home Operator. The disclosed system includes a registration server for maintaining electronic registration data for a plurality of wireless devices and for directing newly activated wireless devices to a server for downloading “permanent” subscription credentials, such as a downloadable USIM. The disclosed system further includes a subscription server for updating registration server entries to reflect an association between a first wireless device and its corresponding home network. In some embodiments, the subscription server may be further configured for downloading subscription credentials to subscribing wireless devices.08-27-2009
20100071032Techniques for Authenticated Posture Reporting and Associated Enforcement of Network Access - Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.03-18-2010
20100064343OPERATION SUPPORTING APPARATUS AND OPERATION SUPPORTING METHOD - There is provided an operation supporting technique by which an operation environment which is set in an apparatus for each user can be more easily reflected in another apparatus. An operation supporting apparatus includes an authentication section to authenticate a user by acquiring authentication information from a storage medium to store the authentication information used for user authentication and specific information about a location of setting information about setting contents of an operation environment of the user, a specific information acquisition section to acquire the specific information from the storage medium from which the authentication information is acquired, a setting information acquisition section to acquire, when the authentication section succeeds in the authentication of the user, the setting information by using the specific information acquired by the specific information acquisition section from the storage medium from which the authentication information of the user is acquired, and a setting reflection section to cause setting contents based on the setting information acquired by the setting information acquisition section to be reflected in the operation environment of the user.03-11-2010
20100058438SIMPLE VISUAL AUTHENTICATION OF DOCUMENTS EXCHANGED IN COMMERCE - Verifying the integrity of a received binary object by calculating a first displayable authenticator derived from an input binary object. The first authenticator is then attached to the input binary object, producing a first composite binary object, which is sent to a remote receiver. A second composite binary object is received back from the remote receiver, wherein the second composite binary object includes a received binary object, a received first displayable authenticator, and a second displayable authenticator. A third displayable authenticator is calculated, derived from the second composite binary object, then a display of the first displayable authenticator is compared to a display of the third displayable authenticator, and verification of the integrity of the received binary object is indicated by an exact match between displays of the first and third displayable authenticators.03-04-2010
20100071030METHOD AND SYSTEM FOR SECURELY IDENTIFYING COMPUTER STORAGE DEVICES - In a private network setting in which various computers can be attached, the confidential or sensitive data within the various devices on the private network is vulnerable. The ability to copy such confidential or sensitive data to a storage device communicatively coupled to a client computer on the network is governed and controlled. Only devices that include an authentic stamp or digital certificate can be accessed by client computers. If a device does not have a valid stamp or the stamp has been black listed, then the access to the device can be prevented or greatly limited.03-18-2010
20100071031MULTIPLE BIOMETRIC SMART CARD AUTHENTICATION - Techniques for multiple biometric smart card authentication are provided. At least two biometric readings are obtained from a requesting user. Both biometric readings are verified before access to resources of a smart card are made available to the requesting user.03-18-2010
20110154436Provider Management Methods and Systems for a Portable Device Running Android Platform - A provider management method conforming to an Android platform is provided. An authentication procedure is performed between a consumer and a provider, wherein the authentication procedure is performed via a binding unit, and the binding unit is an interface enabling inter-process communication conforming to the Android platform.06-23-2011
20120304254Systems and Methods for Identifying Devices by a Trusted Service Manager - Embodiments of the invention provide systems and methods for identifying devices by a trusted service manager. According to one example embodiment of the invention, a method for identifying communications is provided. The method can include receiving, by a service provider from a device, a message comprising card production life cycle (CPLC) information associated with a secure element incorporated into the device; and evaluating, by the service provider, the received CPLC information in order to identify the secure element.11-29-2012
20110083160APPARATUS AND METHOD FOR SECURE CONFIGURATION OF SHARED POWERLINE DEVICES - Client adapter and method simplify security deployment in an EPN, including the shared services electrical power lines of a premises. With direct coupling, piggybacked adapter receives network signals and electrical from EPN-connected first adapter through a shared medium port. An authenticating adapter exchanges security management services and information with supplicant adapter. Two or more adapters may be piggybacked. Piggybacked adapters exchange security management service information without rogue intrusion. Exchanged information, stored, is later used to communicate securely. Defined adjacency (neighborhood) information can be exchanged, and a neighborhood established on an EPN, where one authorized neighbors securely communicate.04-07-2011
20130014215SECURITY MEMORY ACCESS METHOD AND APPARATUS - Various embodiments comprise apparatuses and methods to allow access to a memory device by an external device. A method includes receiving, at the memory device, a request from the external device to access a storage area of the memory device and performing an unlock procedure of the storage area. The unlock procedure includes sending a first code from the memory device to the external device, and receiving a second code at the memory device from the external device. The second code is to be generated by a first encryption process performed on the first code to obtain the second code. The storage area is temporarily unlocked to allow the external device to access the storage area based on a determination that the received second code has a predetermined relationship to the first code. Additional apparatuses and methods are described.01-10-2013
20130160077INFORMATION PROCESSING APPARATUS, METHOD FOR RELEASING RESTRICTION ON USE OF STORAGE DEVICE, AND STORAGE MEDIUM - An information processing apparatus includes an authentication information storage unit that stores authentication information for releasing restriction on use of a storage device, a release unit that releases the restriction on use of the storage device based on the authentication information, a generation unit that generates new authentication information for releasing the restriction on use of the storage device, and a setting unit that, after the restriction on use of the storage device is released, set the new authentication information in the storage device.06-20-2013
20110035785INFORMATION PROCESSING SYSTEM, CONTROL METHOD THEREOF AND STORAGE MEDIUM - This invention provides an information processing system which allows an application on a Web server to execute authentication processing of a user in an information processing apparatus and a control method thereof. To accomplish this, in an information processing system of this invention, a Web application of a Web server requests a service provider of an MFP to execute authentication processing. The service provider instructs a login application to execute an authentication function, and transmits generated authentication information to the Web application.02-10-2011
20120204223SYSTEM FOR MANAGING DIGITAL INTERACTIONS - A system for managing digital interactions comprising an identity module for creating an identity, wherein the identity includes a unique identifier associated with a first party and a plurality of proposed terms for a relationship with a second party; and a relationship module, in communication with the identity module, for receiving and evaluating the plurality of proposed terms, including accepting or rejecting the plurality of proposed terms and, if accepted, for allowing the first party to communicate with the second party in accordance with the plurality of proposed terms.08-09-2012
20100115583METHOD FOR FAULT-TOLERANT USER INFORMATION AUTHENTICATION - A method for user information authentication which includes setting user information for a user account, such user information being the set user information; inputting user information by a user for the user account into a device, such user information being the input user information; evaluating the input user information for correspondence with the set user information according to fault-tolerant user information rules, wherein such rules evaluate the input user information for content and closeness to the set user information and noting if the input user information is a valid user information, a fault-tolerant user information, or an invalid user information; authorizing access to the user account if the input user information is a valid user information. In one embodiment of the invention, the method includes incrementing an invalid user information counter only if the user information is an invalid user information. In another embodiment of the invention, the method includes providing a message to the user if the user information is a fault-tolerant user information, the message being descriptive of the input user information's correspondence with the fault tolerant user information rules.05-06-2010
20100005507ENGINE CONTROL UNIT - Provided is an engine control unit, which supports an antitheft system outputting, when a key ID registered in a portable device matches an authentication-purpose key ID registered in a receiver, a receiver status signal that contains information indicating that the portable device has been authenticated, and which is initiated in response to an initiating instruction has not been issued from an external, includes: starting control unit for controlling a starting operation of an engine in response to a start permission signal; storage unit registered with an authentication-purpose receiver ID for authenticating the receiver; and antitheft function install/non-install judging unit for judging whether or not the antitheft function is installed to the moving object, in which, when the authentication-purpose receiver ID is not registered in the storage unit and the receiver status signal is not entered, the antitheft function install/non-install judging unit judges that the antitheft function is not installed, and outputs the start permission signal to the starting control unit.01-07-2010
20090222887SYSTEM AND METHOD FOR ENABLING DIGITAL SIGNATURES IN E-MAIL COMMUNICATIONS USING SHARED DIGITAL CERTIFICATES - A system and method for digitally signing an email communication using a shared digital certificate. The system includes a means for selecting a digital certificate and a matching private key, a header-field editor for populating a sender-field of the digital message with an address associated with the authentication means, and a means for digitally signing the digital message with the private key matching the digital certificate.09-03-2009
20080320557BATCH VERIFICATION DEVICE, PROGRAM AND BATCH VERIFICATION METHOD - Realization of batch verification having both high security and high efficiency.12-25-2008
20080320554SECURE DATA STORAGE AND RETRIEVAL INCORPORATING HUMAN PARTICIPATION - A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.12-25-2008
20090183230SYSTEMS AND METHODS FOR SERVER AIDED PROCESSING OF A SIGNED RECEIPT - A method for processing security communication protocol compliant signed receipts at a mobile communication device linked to a host system is provided. The host system receives an email message linked to a digital signature, and a signed receipt. The host system redirects the signed receipt to the mobile communication device. The host system determines if the email message is available at the mobile communication device, and if not, the host system retrieves the email message and redirects the email message to the mobile communication device. The mobile communication device can then verify the signed receipt based on the email message. Optionally, rather than the email message, the host system retrieves and/or recalculates data elements associated with the email message and required to verify the signed receipt, and redirects these data elements to the mobile communication device. A related system is provided, as well as server computer program for the host system, and device computer program for the mobile communication device.07-16-2009
20080307494Memory device with circuitry for improving accuracy of a time estimate used to authenticate an entity - A memory device with circuitry for improving accuracy of a time estimate used to authenticate an entity is disclosed. In one embodiment, a memory device receives a request to authenticate an entity. Before attempting to authenticate the entity, the memory device determines if a new time stamp is needed. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to authenticate the entity using a time estimate based on the new time stamp. In another embodiment, the memory device comprises a plurality of different time stamp update policies (TUPs) that specify when a new time stamp is needed, and the determination of whether a new time stamp is needed is based on a TUP associated with the entity. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.12-11-2008
20110179465APPARATUS, AND AN ASSOCIATED METHOD, FOR FACILITATING SECURE OPERATIONS OF A WIRELESS DEVICE - An apparatus, and an associated method, facilitates security at a wireless device, such as a wireless device comprising a mobile computing platform. A security decision engine is provided that monitors for an event necessitating a security decision. When a security decision is required, request is made of a knowledge fetcher, provided by a trusted third-party, installed at the wireless device for the security decision. The knowledge fetcher obtains the security decision, such as by obtaining the security decision from a remote, trusted third-party server, and provides the security decision to the decision engine. Use is made of the security decision pursuant to a setting for which the security decision is needed.07-21-2011
20080313705Systems And Methods For Added Authentication In Distributed Network Delivered Half-Duplex Communications - In half-duplex communications over a wireless network, a user from a private organisation sends the request for half-duplex communication through a private server controlled by the private organisation. The private server sets up a private account with the wireless carrier and the user communicates via the private account.12-18-2008
20080313704Electronic Message Authentication - This invention concerns electronic message authentication, such as email messages, to ensure valuable messages are reliably delivered to the recipient, while reducing the delivery of unwanted messages. The invention involves: Receiving an electronic message addressed to a recipient. Rejecting messages sent to unknown recipients, from compromised machines or otherwise found invalid. Testing the messages to valid recipients to determine whether the status of the sender of the message can be categorised as trusted or not-trusted. If the status of the sender cannot be categorised either way, then automatically sending a challenge message, and holding the received message pending receipt of a reply. If an acceptable reply is received, categorising the sender as trusted. And, if the sender is categorised as trusted, delivering the message to the recipient.12-18-2008
20080313703Integrating Security by Obscurity with Access Control Lists - Aspects of the subject matter described herein relate to providing and restricting access to content. In aspects, information (e.g., a URL) that identifies content and a user is provided to a user. In conjunction with providing the information to a user, a data structure (e.g., an access control list) is updated to indicate that the user has access to the content. The user may use the information to access the content and/or may send this information to other users. The other users may use the information (e.g., by pasting it into a browser) to access the content and may be added to the data structure so that they may subsequently access the content without the use of the information. Access to the content via using the information may be subsequently revoked.12-18-2008
20080289003Security Between Electronic Components of a Portable Secured Electronic Unit - A portable secured electronic unit includes at least two electronic components, one of which is embodied in the form of a primary electronic component and the second in the form of an interface electronic component, wherein the two electronic components are interconnected by communication elements and at least one electronic component includes security elements for securing the communication thereof the other electronic component.11-20-2008
20080320558CONTENT VIEWING SYSTEM, CONTENT VIEWING APPARATUS, AND VIEWING APPROVAL APPARATUS - Disclosed herein is a content viewing system including a content viewing apparatus, and a viewing approval apparatus used by a viewing approval party to perform an approval process. The content viewing apparatus includes: a viewing approval requesting section that transmits a viewing approval request to the viewing approval apparatus when it has been determined that approval for viewing of a content is necessary; and a content viewing control section that receives, from the viewing approval apparatus, an approval/disapproval response, and, if the approval/disapproval response indicates that the viewing of the content has been approved, enables the viewing of the content. The viewing approval apparatus includes: an output section that outputs information concerning the viewing approval request; an input section that accepts input of the approval/disapproval response; and an approval/disapproval response notification section that notifies the content viewing apparatus of the approval/disapproval response.12-25-2008
20110055891DEVICE SECURITY - Security of a device, such as a mobile device, is maintained via a heartbeat signal. As long as the heartbeat signal is detected, the device is allowed to perform operations. If the heartbeat signal is not detected, appropriate action is taken. Appropriate action can include powering down the device, restricting access to files, erasing files, erasing the contents of a disk on the device, preventing access to designated files, reporting the location of the device, and/or preventing the device from being turned on after it is turned off. In an example configuration, the heartbeat signal is a low-power consuming, low data rate, signal allowing for processing of the heartbeat signal to be accomplished, at least in part, via the SIM of the device.03-03-2011
20080244698Authorized Content Verification Method, Content Transmission/Reception System, Transmitter, and Receiver - In a system which attaches update information required to create a content key used for content encryption/decryption to encrypted content and transmits the encrypted content, there is used an authorized content verification method including a verification request step of, by a receiver, transmitting an authorization verification request including update information received from a transmitter, an update information check step of, by the transmitter, checking whether the update information included in the received authorization verification request is predetermined update information, a message-of-acceptance transmission step of creating a message of acceptance using the update information and an exchange key shared between the transmitter and the receiver and transmitting the message of acceptance if the update information matches the predetermined update information, and an authorized content determination step of, by the receiver, determining that content is authorized content on the basis of reception of the message of acceptance.10-02-2008
20120311668PROJECTOR PROJECTING PASSWORD - A projector system of the present invention includes a projector 10 and a personal computer PC as an information terminal, which communicate with each other via a network connection. The projector 10 generates a password required for establishment of the network connection and projects the password on a screen SC. A user of the personal computer PC inputs the password projected on the screen SC. The password is used for authentication of the network connection between the projector 10 and the personal computer PC and cipher communication therebetween. This arrangement of the present invention enhances the convenience of the projector that is capable of establishing a network connection with the information terminal, while ensuring secrecy of communicating data.12-06-2012
20120311667AUTHENTICATION APPARATUS, AUTHENTICATION METHOD AND COMPUTER READABLE INFORMATION RECORDING MEDIUM - An authentication apparatus authenticates an information processing apparatus in cooperation with an external authentication apparatus. The authentication apparatus responds to a request from the information processing apparatus to carry out authentication and obtain item values, and carries out authentication for a required account; responds to the authentication being carried out, and obtains from the external authentication apparatus an item value corresponding to an item name that is set as an item to be synchronized each time; updates an item value in a local database by the obtained item value; obtains a set of item values including the updated item value; and returns to the information processing apparatus a result of the authentication having been carried out and the obtained set of item values.12-06-2012
20110138443SYSTEM AND METHOD FOR VALIDATING A LOCATION OF AN UNTRUSTED DEVICE - In a system of mobile agents operating in a region of interest, it may be necessary to validate the position of an untrusted device prior to allowing the untrusted device to perform agent functions within the region of interest. Trusted mobile agents within the region of interest may activate wireless access points with randomly generated identifiers. The untrusted device may be instructed to provide a list of identifiers of visible wireless access points to confirm that the untrusted device is within the ROI.06-09-2011
20110093918SECURE METHOD OF ACCESSING AN INFORMATION SYSTEM OF AN AIRCRAFT - In the method of accessing an information system of an aircraft the system receives an authenticator request from a connector of the aircraft; the system determines whether the connector presents a predetermined characteristic; and in the event that the system determines that the connector does indeed present the predetermined characteristic, the system sends an authenticator to the connector. Provision is also made for: the system receives an authenticator the system determines whether the authenticator is valid; and in the event that the system determines that the authenticator is indeed valid, the system authorizes access to the system from a connector of the aircraft from which the authenticator was sent.04-21-2011
20110083161VEHICLE, MAINTENANCE DEVICE, MAINTENANCE SERVICE SYSTEM, AND MAINTENANCE SERVICE METHOD - The vehicle includes electronic control units, and performs an authentication process to judge the validity of an external device outside the vehicle, e.g. a maintenance device, which tries accessing the electronic control unit. Based on the result of the judgment, the vehicle decides a range in which the maintenance device can access the electronic control unit. In the authentication, e.g. both the maintenance device and the vehicle use authentication microcomputers respectively. According to the invention, an external device outside the vehicle can be inhibited from making an unwanted access to the electronic control unit of the vehicle.04-07-2011
20120151557Progressive Consent - A consent management system is described which manages an entity's consent to consume application functionality on a per-feature level of granularity. To perform this task, the consent management system maintains consent information which describes a plurality of use conditions associated with the features of the application functionality. In one case, the consent information has a hierarchical data structure that identifies a hierarchy of application features. In operation, the consent management system accesses the content information whenever an entity seeks to access a particular application feature; it grants or denies access to the feature based on the consent information. The consent management system also includes a consent maintenance module that allows an administrator (or other entity) to cancel or modify any use condition in the consent information.06-14-2012
20090300717HARDWARE ACCESS AND MONITORING CONTROL - Various embodiments described and illustrated here include one or more of systems, methods, software, and data structures that may be used to implement policies for hardware access and monitoring control. One embodiment includes obtaining device property data from each device coupled to a system and determining if each device is a device authorized for use with the system. Such embodiments may further include allowing only devices authorized for use with the system to be accessed by processes of the system.12-03-2009
20090293102REMOTE DOM ACCESS - A method for protecting a browser from malicious processes, comprises providing at least one process-proxy object and at least a browser-proxy object, interposed between the browser and a process, such that when the process invokes one of the DOM entry points, the process-proxy object isolates it from the real browser implementation and executes the process-proxy object's code instead.11-26-2009
20110265143SLICE RETRIEVAL IN ACCORDANCE WITH AN ACCESS SEQUENCE IN A DISPERSED STORAGE NETWORK - A method begins by a processing module receiving a data retrieval request to retrieve data stored as a plurality of sets of encoded data slices in a dispersed storage network memory. The method continues with the processing module determining an access sequence for retrieving the plurality of sets of encoded data slices in accordance with the access sequence, entering a loop to produce recovered decoded data that includes sending a slice retrieval message for a set of encoded data slices of the plurality of sets of encoded data slices, receiving at least a decode threshold number of encoded data slices of the set to produce received encoded data slices, dispersed storage error decoding the received encoded data slices to produce the recovered decoded data, and exiting the loop when a set of encoded data slices is not requested in accordance with a system maintained access sequence.10-27-2011
20100031312METHOD FOR POLICY BASED AND GRANULAR APPROACH TO ROLE BASED ACCESS CONTROL - A method includes receiving input parameters comprising a user identifier, a sensitive command name, and a filename; setting a return code to a default of success; and checking for a global (ANYUSER) entry in a sensitivity database. If there is a global entry in the sensitivity database, the following are performed: comparing the received sensitive command name to a sensitive command in the global entry in the sensitivity database; if the received sensitive command name matches a sensitive command in the global entry, checking for an allow flag or not allow flag; if a not allow flag is found, setting the return code to failure. A check is made for a userID entry in the sensitivity database matching the received user identifier. If the user identifier matches the userID entry, a check is made for an allow flag or not allow flag. The return code is output.02-04-2010
20100017852Electronic board provided with security functions and method for ensuring electronic board security - To prevent being able to capture sensitive signals between electronic circuits placed on an electronic card, these circuits are arranged in a protected zone in such a manner so as not be distant from each other by more than a determined distance. The circuits of the protected zone comprise at least one control circuit. The electronic card further comprises another zone defining a non-protected environment; the circuits of this zone do not need to comply with the distance constraint. The communication between the circuits of the protected zone and the non-protected environment is carried out by means of a communication circuit allowing or not allowing the electrical signals to pass. The passage of the electrical signals in the communication circuit is conditioned by an electrical control signal sent by the control circuit. The invention also relates to a method allowing the control circuit to be blocked if the electrical status of the signal controlling the passage of the signals does not correspond to the status imposed by the control circuit.01-21-2010
20100017851System and process for registering and later confirming a written or printed document is genuine and unaltered, while mitigating the risk of its loss - A method for authenticating a document including: radio frequency scanning at least a portion of the document; optically scanning the document; generating a document data dependently upon the radio frequency scanning and optical scanning; comparing the generated data to stored data, the stored data being previously generated dependently upon a prior radio frequency scanning of the portion of the document and prior optical scanning of the document; and providing an output indicative of the document being authentic if the generated data is sufficiently identical to the stored data as determined by the comparing.01-21-2010
20100017850METHODS AND SYSTEMS TO FINGERPRINT TEXTUAL INFORMATION USING WORD RUNS - The present invention provides methods and systems to enable fast, efficient, and scalable means for fingerprinting textual information using word runs. The present system receives textual information and provides algorithms to convert the information into representative fingerprints. In one embodiment, the fingerprints are recorded in a repository to maintain a database of an organization's secure data. In another embodiment, textual information entered by a user is verified against the repository of fingerprints to prevent unauthorized disclosure of secure data. This invention provides approaches to allow derivative works (e.g., different ordering of words, substitution of words with synonyms, etc.) of the original information to be detected at the sentence level or even at the paragraph level. This invention also provides means for enhancing storage and resource efficiencies by providing approaches to optimize the number of fingerprints generated for the textual information.01-21-2010
20100017849THIRD-PARTY SOFTWARE PRODUCT CERTIFICATION - According to one general aspect, a method of software certification comprising establishing a host application server software (HASS) on a system. The method further comprising installing, on the system, an third-party software product (TPSP) that uses the HASS. In various embodiments, the method may also comprise verifying that the TPSP functions to at least a predefined standard. In some embodiments, the method may also include uninstalling the third-party software product. The method also including testing that the HASS functions to at least a predefined standard once the TPSP has been uninstalled.01-21-2010
20100017848VERIFYING CERTIFICATE USE - A method, system, and computer usable program product for verifying certificate use are provided in the illustrative embodiments. A secure data communication is directed to a certificate use verification application. A test certificate that may be stored in a data storage associated with a data processing system is presented to an originator of the secure data communication. The test certificate includes an identity, and the identity identifies an entity other than the intended party to the secure data communication as being the holder of the test certificate. A determination is made whether the originator responds to continue the secure data communication when presented with the test certificate. If the originator responds to continue the secure data communication, a report is made that the originator does not perform a verification of the identity from the test certificate.01-21-2010
20090300718SYSTEM AND METHOD FOR LOST DATA DESTRUCTION OF ELECTRONIC DATA STORED ON A PORTABLE ELECTRONIC DEVICE WHICH COMMUNICATES WITH SERVERS THAT ARE INSIDE OF AND OUTSIDE OF A FIREWALL - A data security system and method protects stored data from unauthorized access. According to one aspect of the invention, a client computing device communicates periodically with a server. If communications is note established between the client and the server for a selected activation interval and a subsequent grace period, the data is determined to be lost, and programmed security rules are automatically executed. The server with which the client computer device communicates includes one server located inside the firewall of a particular organization, or a mirror server located outside the firewall, and thereby allow for the re-setting of the activation interval when the client is properly outside of the firewall through communication with the mirror server, as well as the to provide command an control over a lost or stolen client by pushing updated rules if communication is subsequently attempted with the mirror server.12-03-2009
20090172778Rule-based security system and method - A rule-based security system and method that uses an environmental access control software program (EAC) loaded into the working memory of an electronic device to prevent unauthorized usage of selected hardware components, the operating software program or data files stored on the electronic device. The EAC includes a filter driver, a rules database, an environmental detection engine, a rules application engine, key generator, and a rules menu interface generator. During setup, the rules menu interface generator creates a menu that allows the administrator to select one or more environmental rules that are linked or coupled to various environmental factors on or connected to the electronic device. Some or all of these factors are assigned to a key share value. When accessed to a protected resource is requested, the environmental rule for the resource is determined and the key shares values associated with the resources recite in the environmental rule are combined to create a master access key or a temporarily access key that is compared to a stored master access key so that access to the resource is provided.07-02-2009
20090172777SYSTEM AND METHOD FOR TRACKING DOCUMENTS - Systems and methods for tracking documents are described. In certain examples, systems and methods for authenticating and tracking physical documents through a multiple party work flow across a geographically dispersed area using digital pens and RFID tags are described.07-02-2009
20090172776Method and System for Establishing and Managing Trust Metrics for Service Providers in a Federated Service Provider Network - A system for issuing, validating, and managing trust between two or more entities authenticated to operate in a federated network includes one or more servers for issuing trust certificates based on one or more trust metrics, and one or more servers for validating issued trust certificates. Entities operating through a communications interface may be issued trust certificates pursuant to evaluation relative to certain trust metrics, the certificates accompanying communications between entities the certificates subject to validation at communication end points of interaction.07-02-2009
20080320556METHOD FOR RECOGNIZING INFORMATION FLOW AND DETECTING INFORMATION LEAKAGE BY ANALYZING USER'S BEHAVIORS - A method for analyzing user's behaviors is provided. API function call patterns occurring when operations on various objects are performed on a computer system are configured with contexts. User's behaviors are recognized as associations between the contexts and systematically expressed. Information flow occurring in the user's behaviors (i.e., associations between the contexts) is tracked. The information flow chain is divided into a source and a destination. When the information flow a confidential object to a leakage point occurs, the information leakage is rapidly detected and blocked. By exactly recognizing behaviors belonging to the corresponding information flow chain, user's behaviors related to the information leakage can be detected. Furthermore, the behavior expression based on the contexts configured with the API function call patterns with respect to the system object can be achieved by naturally connecting the API function call occurring on the system as an abstract behavior.12-25-2008
20120042357Secure one-way data transfer system using network interface circuitry - Network interface circuitry for a secure one-way data transfer from a sender's computer (“Send Node”) to a receiver's computer (“Receive Node”) over a data link, such as an optical fiber or shielded twisted pair copper wire communication cable, comprising send-only network interface circuitry for transmitting data from the Send Node to the data link, and receive-only network interface circuitry for receiving the data from the data link and transmitting the received data to the Receive Node, wherein the send-only network interface circuitry is configured not to receive any data from the data link, and the receive-only network interface circuitry is configured not to send any data to the data link. The network interface circuitry may use various interface means such as PCI interface, USB connection, FireWire connection, or serial port connection for coupling to the Send Node and the Receive Node.02-16-2012
20120042356MANAGEMENT DEVICE OF EMISSION AMOUNT OR REDUCTION AMOUNT OF GREENHOUSE GASES, AND MANAGEMENT METHOD - A management device of the emission amount or reduction amount of greenhouse gases including: a communication unit that performs communication with an IC card on which an ID and history information on activities outside of a designated area are recorded; a control unit that performs authentication by the read ID via the communication unit, and in a case when authentication is successful, reads the history information via the communication unit, and obtains information relating to the emission amount or reduction amount of greenhouse gases from the read history information; and a display unit that displays the information relating to the emission amount or reduction amount of greenhouse gases.02-16-2012
20120210393RESPONSE DETERMINATION APPARATUS, RESPONSE DETERMINATION METHOD, RESPONSE DETERMINATION PROGRAM, RECORDING MEDIUM, AND RESPONSE DETERMINATION SYSTEM - The present invention includes: acquiring a question including text information and a correct answer to the question; converting part of a character string or character in the question into a different character string or character, and generating a character-converted question (08-16-2012
20120047557Method and System for Device Integrity Authentication - Device integrity authentication is performed by receiving, at a second device, a measured integrity value from a first device. The measured integrity value of the first device is compared at the second device to an embedded integrity value associated with the second device. A level of trust for the first device is determined by the second device based on the comparison. Application of a policy to the first device is facilitated by the second device based on the comparison.02-23-2012
20120011565SYSTEM AND METHOD FOR STORING AND PROVIDING ACCESS TO SECURED INFORMATION - The embodiments of the present invention relate to an electronic transfer and storage system implemented in a medical records environment or application using a card with memory capabilities and biometric (includes finger, palm, iris, facial photo, scent, voice recognition and other biometric attributes) data to authenticate the account holder (patient, nurse, Doctor, Pharmacist, EMS or EMT). With such a card, reader and system, a patient is able to be enrolled with a physician using biometric input for authentication.01-12-2012
20120011564Methods And Systems For Graphical Image Authentication - Systems and methods for providing authentication using an arrangement of dynamic graphical images. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.01-12-2012
20120159570PROVIDING A SECURITY BOUNDARY - In order to enable potentially conflicting applications to execute on the same computer, application programming interface (API) calls are intercepted when an application attempts to access a computer system's resources. During a learning mode of operation, a security monitor stores data in a security monitor database identifying which applications are allowed to access the computer system resources. At runtime of an application, the security monitor operates in an enforcement mode and utilizes the contents of the security monitor database to determine if an application is permitted to access system resources. If data associated with the application is located in the security monitor database, the application is allowed to access computer system resources, if data associated with the application is not located in the security monitor database, the application is not allowed to access computer system resources.06-21-2012
20090055893METHOD AND SYSTEM FOR IMPLEMENTING A DYNAMIC VERIFICATION VALUE - A method is disclosed, which includes receiving a message including an account identifier and a first verification value. The method uses the account identifier to select a dynamic verification value process from at least two dynamic verification value processes. Then, using the selected dynamic verification value process, a second verification value is determined. Next, the method determines if the first verification value and the second verification value match or are within an expected range.02-26-2009
20120023548APPARATUS, AND AN ASSOCIATED METHOD, FOR IMPLEMENTING A PARENTAL CONTROL FEATURE AT A WIRELESS DEVICE - An apparatus, and an associated method, facilitates implementation of a parental control feature at a mobile station. A parental authority selects a parental control feature to be implemented at the mobile station and by way of a user interface at a computer workstation or a master mobile station. Detection is made of the selection, and a control signal is generated that includes identification of the selection. The control signal is sent to the affected mobile station. Once received at the mobile station, the control signal is detected, its contents ascertained, and the parental control feature is implemented at the mobile station.01-26-2012
20120023549CAPTCHA AND reCAPTCHA WITH SINOGRAPHS - A method for inviting a challenged entity to provide input concerning a sinograph includes displaying, to the challenged entity, a first region having an image of a challenge sinograph; displaying at least a first event-sensitive region, the first event-sensitive region having an image of a real root of the challenge sinograph; and displaying at least a second event-sensitive region. The second event sensitive region has an image of a faux root of the challenge sinograph.01-26-2012
20110072491AUTHENTICATION METHOD EMPLOYED BY PORTABLE ELECTRONIC DEVICE, ASSOCIATED CONTROLLER, HOST COMPUTER HAVING STORAGE MEDIUM STORING ASSOCIATED COMPUTER PROGRAM, AND MACHINE-READABLE MEDIUM STORING ASSOCIATED COMPUTER PROGRAM - An authentication method employed by a portable electronic device includes: generating first data; deriving reference data according to the first data; receiving a second data from a host computer; and determining whether the host computer is permitted to access the portable electronic device according to the reference data and the second data.03-24-2011
20110107396AUTHENTICATION METHOD, INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM - An information processing apparatus acquires user name information contained in user authentication information transmitted from an authentication server. Then, the information processing apparatus describes the acquired user name information according to a predetermined format which the printer driver can refer to, and stores it in a storage area which the printer driver can refer to. The printer driver, if the user name information is stored in the storage area, and the user name information satisfies a condition described in the format, transmits the user name information added to the print data to a printer apparatus.05-05-2011
20090133099METHODS AND SYSTEMS FOR TRANSPARENT SOFTWARE LICENSE SUSPENSION - Methods and systems for license sharing in a computing system that include receiving a request for a license being currently used by a process in execution, pausing the execution of the process, and releasing the license to a shared pool.05-21-2009
20120167173Context-Sensitive Confidentiality within Federated Environments - Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.06-28-2012
20120167169METHOD, SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR AUTHENTICATING A COMPUTING DEVICE - A method, system, and computer-readable storage medium for authenticating a computing device are provided. According to embodiments of the invention, a first computing device generates a message using first secret data and second secret data, the first secret data for authenticating to a second computing device, the second secret data for authenticating to a third computing device. The first computing device sends the message to the second computing device. In some embodiments, challenge-response authentication is implemented. For example, the first computing device receives a challenge from the second computing device and generates the message based at least in part on the challenge. The second computing device compares local information with information received from the first computing device. The first computing device can thereby be authenticated to the second computing device. Furthermore, the first computing device can be authenticated to the third computing device by a similar process.06-28-2012
20120167171Voice-capable system and method for authentication query recall and reuse prevention - A system and method for use with a voice-capable system, includes but is not limited to a method including receiving an authentication request by the voice-capable system from a user computationally networked to the voice-capable system, and determining an authentication session in response to the authentication request, the determining the authentication session including identifying a series of questions associated with the user, the series of questions determined via consulting a predetermined period of time configured to prevent one or more questions from the series of questions from being reused until the predetermined period of time has elapsed.06-28-2012
20120216250IMAGE FORMING APPARATUS, IMAGE FORMING METHOD, AND AUTHENTICATION PROGRAM PRODUCT - An image forming apparatus provided with a document transport unit that transports a document placed thereon, a confirmation unit that confirms whether a detachable recording medium is connected and whether the document is placed, an authentication control unit that controls an authentication and, when the authentication is succeeded, switches an authentication status from a non-authenticated mode to an authenticated mode, and a function execution unit that executes a function, while the authentication status is the authenticated mode. The authentication control unit controls a switching of the authentication status from the authenticated mode to the non-authenticated mode, on the basis of a status indicating whether the recording medium is connected and a status indicating whether the document is placed during the non-authenticated mode, as well as a status indicating whether the recording medium is connected and a status indicating whether the document is placed during the authenticated mode.08-23-2012
20100180320ACCESS MANAGEMENT METHOD - The invention relates to a data transmission system that includes the step of a first user or at least one second user accessing a resource. The novel feature of the invention is the fact that access to said resource is inhibited as long as said first and second users have not requested access thereto.07-15-2010
20120174187SYSTEMS AND METHODS FOR PROVIDING PHYSICAL LAYER SECURITY - The present invention describes systems and methods for providing physical layer security. An exemplary embodiment of the present invention provides a method of providing physical layer security involving receiving message data at a pre-processing device in a wireless transmission device. Furthermore, the method of providing physical layer security involves pre-processing the message data into channel data with the pre-processing device and transmitting the channel data from the wireless transmission device over a wireless transmission link having a path loss. Subsequently, the method of providing physical layer security involves receiving the channel data at a post-processing module in a reception device. Additionally, the method involves post-processing the channel data into the message data with the post-processing module, such that an unauthorized reception device is unable to post-process the channel data when a path loss experienced over the transmission link is greater than a predetermined value.07-05-2012
20100050233VERIFICATION ENGINE FOR USER AUTHENTICATION - Computer-implemented system and methods for authenticating the identity of a person, for example a customer (02-25-2010
20120174188REMOVABLE DEVICES - Methods and removable devices are provided. Some such removable devices may include a secure partition and a public partition. The secure partition is not accessible by an operating system of a host for some embodiments. The secure partition is configured to store information so that formatting/reformatting does not alter the stored information for other embodiments.07-05-2012
20100024001Securing Blade Servers In A Data Center - Securing blade servers in a data center, the data center including a plurality of blade servers installed in a plurality of blade server chassis, the blade servers and chassis connected for data communications to a management module, each blade server chassis including a chassis key, where securing blade servers includes: prior to enabling user-level operation of the blade server, receiving, by a security module, from the management module, a chassis key for the blade server chassis in which the blade server is installed; determining, by the security module, whether the chassis key matches a security key stored on the blade server; if the chassis key matches the security key, enabling, by the security module, user-level operation of the blade server; and if the chassis key does not match the security key, disabling, by the security module, operation of the blade server.01-28-2010
20100011413METHOD FOR AND APPARATUS FOR RETRIEVING USERNAME AND PASSWORD IN AN AUTHENTICATION PROTOCOL - Disclosed is a computer implemented method and apparatus to retrieve authentication records required for user validation and creation of authentication credentials from an authentication sever to be passed to the user. The method is comprised of the authentication server storing a first authentication record, then generating a first authentication credential based on the first authentication record. The authentication server associates the first authentication record with a first credential expiration time. The authentication server stores a second authentication record. The authentication server generates a second authentication credential based on the second authentication record, wherein the second authentication credential is associated with a second credential expiration time. Next, the authentication server associates the second authentication credential with a second credential expiration time. The authentication server determines that the first credential expiration time is earlier than the second credential expiration time and caches the first authentication record to cache.01-14-2010
20110107394AUTHENTICATION METHODS AND DEVICES - Embodiments of the device have a plurality of authentication slots for authenticating users, a port configured to receive an authentication request from a user, a memory, a queue maintained in the memory, and a processing engine configured to monitor the port and the authentication slots such that if an authentication request from a user is received and no authentication slots are available, an identifier associated with the user is enqueued on the queue, and wherein if one of the authentication slots is or becomes available and the queue is not empty, an identifier is dequeued from the queue and the associated user is authenticated using one of the available authentication slots.05-05-2011
20120185916APPARATUS AND METHOD FOR STATISICAL USER AUTHENTICATION USING INCREMENTAL USER BEHAVIOR - Provided are an apparatus and method for statistical user identification that improves a user's convenience while ensuring security. The apparatus may store a confidence value that statistically represents whether a user is identified as a user that has permission to use a terminal, based on a user event that occurs when the user manipulates the terminal. The apparatus may determine whether to execute a user requested application by comparing the confidence value of the user with a reference value that is defined for the requested application.07-19-2012
20090019520Systems and Methods for Efficiently Authenticating Multiple Objects Based on Access Patterns - Techniques for efficiently authenticating multiple objects and clustering objects based on access patterns are provided. For example, in an illustrative aspect of the invention, a technique for generating and/or reading authentication information, wherein the authentication information provides evidence that a plurality of objects were one of generated and sent by an entity, comprises using one or more object access patterns indicative of whether at least two of the plurality of objects are accessed within a similar time period to group objects together to reduce an overhead for at least one of generating and reading the authentication information.01-15-2009
20090019519Authentication device and method using electronic certificate files having hierarchical relationship - This authentication device includes: a volatile memory; a non-volatile memory which stores a plurality of electronic certificate files; a unit which refers to the non-volatile memory upon start-up, and which stores a hierarchical relationship between the plurality of electronic certificate files in the volatile memory; a unit for searching for a desired electronic certificate file based upon the hierarchical relationship between the plurality of electronic certificate files in the volatile memory; and an authentication unit which performs authentication using the electronic certificate file which has been found by the search unit.01-15-2009
20120233658GENERATING LOG WITH LOCATION AND ACCELEROMETER HISTORY - A method and system for generating a log with location and accelerometer history and verifying the authenticity of the user based on the log. A stroke and capture module captures stroke data from a user. A location identifier module identifies the portable computing device's location. An accelerometer determines the portable computing device's acceleration. A logging module generates metadata that includes the location and accelerometer history. A verification module receives the location and the accelerometer history. The verification module determines the user's mode of transportation based on the accelerometer history. The location and the mode of transportation are compared with information from an authority. If the data matches, the verification authenticates the document.09-13-2012
20080320559Limiting access to publicly exposed object-oriented interfaces via password arguments - Limiting access to publicly exposed object-oriented interfaces is disclosed. A system includes inter-related first objects that share a predetermined password. First object-oriented interfaces define methods supported by the first objects. The first objects publicly expose the first interfaces, which are queryable by the first objects and second objects. Each first interface includes a password argument to limit access to the first objects. The system may also include second object-oriented interfaces that define methods supported by the first objects that publicly expose the second interfaces, which are queryable by the first and the second objects. The second interfaces are required by specification, such as that for the Common Information Model (CIM), and correspond to the first interfaces. The second interfaces lack password arguments to limit access, and the methods defined thereby return “not implemented” messages when invoked. Each second interface is a non-implemented and password-free version of a first interface.12-25-2008
20080301768METHOD FOR ISSUING ATTRIBUTE CERTIFICATE FROM AN LDAP ENTRY - A method and apparatus for issuing an attribute certificate for attributes of a Light Weight Directory Access Protocol (LDAP) entry stored in an LDAP repository. In one embodiment, the method includes receiving a request for an attribute of an LDAP entry. The method further includes, in response to the request, sending a reply that includes an attribute value of the requested attribute and a digital signature to authenticate the attribute value.12-04-2008
20080301771ELECTRONIC DEVICE, APPLICATION AUTHENTICATION METHOD, APPLICATION EXECUTION SYSTEM, AND COMPUTER READABLE MEDIUM CONTAINING EXECUTABLE PROGRAM INSTRUCTION - The present invention claims and discloses an electronic device comprising a storage part for storing a license check processing program for checking a license in order to execute a processing function of an application program, license setting information containing location information where the license check processing program is executed within the application program; and an application program execution part for executing the application program by associating the license check processing program with a location preset in the application program based on the license setting information stored in the storage part. The present invention further teaches performing a license check processing by the license check processing program associated with the location, and when the license is not properly authenticated, the program in accordance with the present invention will skip the processing function corresponding to the license check processing program to execute a subsequent processing function.12-04-2008
20080301772Authentication system and method, identification information inputting method and apparatus and portable terminal - An authentication system in which unauthorized acquisition of the private information by a third party in the course of authentication of a user by a service provider is rendered difficult. In an authentication system in which a card 12-04-2008
20080301769LDAP GROUPING FOR DIGITAL SIGNATURE CREATION - A method and apparatus for grouping Light Weight Directory Access Protocol (LDAP) entries for signature generation. In one embodiment, the method includes grouping attributes of one or more repository entries to form a collection of values based on a pre-determined grouping policy. The method further includes generating a digital signature for the collection to authenticate any of the values in the collection.12-04-2008
20080301770Identity based virtual machine selector - A method and apparatus for allowing an authenticated user to select and access a virtual machine (VM) over the network. In one embodiment, the method includes maintaining a map to associate a user with a list of VMs. The VM runs a guest operating system for providing a computing environment for the user when loaded onto a physical machine. The method further includes receiving a request identifying the user, and sending a reply indicating locations of the VMs to the physical machine for selection by the user.12-04-2008
20080301767Techniques for Detecting, Analyzing, and Using Visible Authentication Patterns - Improved techniques for making copy detection patterns and using them to detect copying relationships between digital representations. The techniques include techniques for including a message in a copy detection pattern without altering the copy detection patterns entropy and reading the message, techniques for using a copy detection pattern on an analog form to determine whether the analog form is an original analog form without reference to a digital representation of the original of the analog form's copy detection pattern, techniques for increasing the sensitivity of copy detection using copy detection patterns by modifying one of two copy detection patterns that are being compared to take into account alterations resulting from the copying process, techniques for distributing a copy detection pattern across a document, and techniques for using the entropy of a copy detection pattern to locate the copy detection pattern. Also disclosed are applications of copy detection patterns with copying that involves transformations between the digital and analog forms and with digital-to-digital copying.12-04-2008
20080282322Authentication Medium, Authenticable Substate, Authentication Medium Label, Authentication Medium Transfer Sheet, Authenticable Sheet, and Authenticable Information Recording Medium - The invention relates to an authentication medium capable of eliminating problems with the formation of an authentication portion with and embossed hologram, for instance, difficulty with which fabrication time is cut down, and difficulty with which an authentication pattern is changed due to an increased step counts at the time of embossing mold fabrication. A thin-film layer(11-13-2008
20120324535STATELESS HUMAN DETECTION FOR REAL-TIME MESSAGING SYSTEMS - Stateless human detection for real-time systems allows a real-time message system to challenge incoming messages suspected of being generated by an automated application. When a suspect message is detected, a challenge is presented to a sender of the message. The challenge is designed to require human intervention to provide a correct answer to the challenge. A challenge packet is sent with the challenge and includes a challenge answer and, possibly, a server identifier, a challenge identifier and/or a time stamp that can be used to prevent attacks on the challenge. The challenge packet is encrypted so that the sender cannot access the contents thereof. When the sender provides a response to the challenge, the sender returns the challenge packet. The challenge packet is decrypted and the challenge answer is compared to a sender answer. If the answers match, the sender is allowed subsequent access to the messaging system.12-20-2012
20120324534METHOD AND SYSTEM FOR AUTOMATICALLY CHECKING THE AUTHENTICITY OF AN IDENTITY DOCUMENT - The process comprises a data-acquisition phase with the creation of a database of multicomponent digital signatures constituting fingerprints of identity documents, linked to a central server relocated relative to a primary database comprising variable textual data and images of reference identity documents.12-20-2012
20110239272NON-NUMERIC PERSONAL IDENTIFICATION - Various methods and systems are provided for allowing a user to select a non-numeric PIN or password and use that to access content instead of a conventional numerical PIN. A series of visual, textual, and/or audio “digits” form the PIN, where each succeeding digit may be related to one or more of the preceding digits.09-29-2011
20090165085VECTOR GENERATION DEVICE, VECTOR GENERATING METHOD, AND INTEGRATED CIRCUIT - An object of the invention is to provide a vector generation apparatus, a vector generation method, and an integrated circuit for generating data (vector) as a basis for authentication processing such as biometric authentication while protecting information that can be authenticated at high speed using the resources of a server and should be handled as secrete information typified by a biometric template against secondary use.06-25-2009
20110321125AUTHENTICATION DEVICE, AUTHENTICATION METHOD AND PROGRAM FOR CAUSING COMPUTER TO EXECUTE THE SAME - Provided is an authentication device and an authentication method of, even in the case of selecting correct images for authentication from among the displayed images to perform authentication, making hard to be read by others and improving security, and a program for causing a computer to execute the same. A main control portion 12-29-2011
20110321124Enterprise Evidence Repository - A controller is configured to generate and propagate instructions to an execution agent which, in turn, is configured to collect and deposit collected artifacts into a repository. Write access to a location in the repository for collected artifacts that are to be deposited into a specified location is granted to the execution agent. Once the execution agent deposits the collected artifacts in the specified location in the repository, a summary of collected artifacts is propagated to the controller. The controller manages appropriate levels of access to the collected artifacts, while the repository enforces the level of access. The controller can grant read only access to the collected artifacts or it can allow for controlled changes to be made to the metadata associated with the collected artifact. An agent processes the data and generates additional metadata that can be associated with the collected artifacts and then saved in the repository. A system can have more than one repository, where the controller allocates storage in an appropriate repository and issues instructions to the execution agent with the location in an appropriate repository. The summary of the actual collections is then propagated to the controller from the repositories.12-29-2011
20120291093COMMUNICATION DEVICE, COMMUNICATION METHOD, AND PROGRAM - There is provided a communication device including a determination unit for determining whether authentication information presented to a user of another communication device is consistent with comparison information transmitted from the other communication device capable of obtaining and transmitting the authentication information, and an authentication unit, when it is determined that the authentication information is consistent with the comparison information, for authenticating the other communication device as an opposite communication party.11-15-2012
20090083833AUTHENTICATION WITH PHYSICAL UNCLONABLE FUNCTIONS - Physical Unclonable Functions (PUFs) for authentication can be implemented in a variety of electronic devices including FPGAs, RFIDs, and ASICs. In some implementations, challenge-response pairs corresponding to individual PUFs can be enrolled and used to determine authentication data, which may be managed in a database. Later when a target object with a PUF is intended to be authenticated a set (or subset) of challenges are applied to each PUF device to authenticate it and thus distinguish it from others. In some examples, authentication is achieved without requiring complex cryptography circuitry implemented on the device. Furthermore, an authentication station does not necessarily have to be in communication with an authority holding the authentication data when a particular device is to be authenticated.03-26-2009
20130014214System Security Process Method and Properties of Human Authorization Mechanism - A system and method for automatically determining if a computer user is a human or an automated script. Human interactive proofs (HIPs) are currently used to deter automated registration for web services by automated computer scripts. Unfortunately, whilst every endeavor is made to obscure the HIPs from such automated processes, the presentation of current HIPs leaves systems very much open to malicious attack from automated computer scripts and processes such as optical character readers (OCR). Those HIPs that have proven more successful in foiling malicious attacks have proved difficult for humans to decipher. The system and method of the invention in one embodiment provides a Pseudo-Isochromatic challenge or puzzle or any other visual illusion generated on the basis of Pseudo-Isochromatic imagery (PICPVI), to be employed within a challenge generator, the invention is created in such a way as to make it extremely difficult for an automated process to read, decipher or otherwise interpret the PICPVI but relatively easy for the human end user to successfully complete. In one embodiment the end user issues a request to a service provider for access to services, the service provider requests HIP by generating a PICPVI. The PICPVI is generated for the user and the response can be provided as the whole or part of the access to service request, making it extremely difficult for an automated process to access services unlawfully or maliciously.01-10-2013
20130014213VEHICLE CONTROL SYSTEM AND AUTHENTICATION METHOD - A vehicle control system has a plurality of electronic control devices that are included in a vehicle, a radio wave transmitting body that transmits operation information operating a device included in the vehicle and unique radio-wave-transmitting-body identification information using a radio signal, a first electronic control device that transmits and receive the radio signal to and from a second electronic control device and the radio wave transmitting body, and the second electronic control device that transmits and receive the radio signal to and from the first electronic control device and the radio wave transmitting body. The first electronic control device includes a first storage in which the radio-wave-transmitting-body identification information on the radio wave transmitting body or identification information on the second electronic control device is stored, and a first transmitting/receiving unit that transmits and receives the radio signal.01-10-2013
20130019278CAPTCHA IMAGE AUTHENTICATION METHOD AND SYSTEMAANM SUN; HUNG-MINAACI Hsinchu CityAACO TWAAGP SUN; HUNG-MIN Hsinchu City TWAANM YEH; CHUN-HAOAACI New Taipei CityAACO TWAAGP YEH; CHUN-HAO New Taipei City TWAANM CHEN; YAO-HSINAACI New Taipei CityAACO TWAAGP CHEN; YAO-HSIN New Taipei City TW - The present disclosure relates to a Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) image authentication method and system. The CAPTCHA image authentication method comprises the steps of: collecting a plurality of first objects; defining a plurality of variables so as to be used as basis for classifying and dividing the plural first objects into M groups accordingly while allowing each group in the M groups to correspond to at least one variable selected from the plural variables; selecting at least one group from the M groups while further grading and dividing the first objects in the selected group into subgroups of N grades based upon a standard unit of the variable corresponding to the selected group; sorting and storing the subgroups of N grades; and selecting a plurality of authentication objects from the subgroups of N grades to be used in an authentication process.01-17-2013
20110162041METHOD AND APPARATUS FOR PROVIDING SOFTWARE SECURITY - A method and apparatus for providing software security is provided. In the software security method, an installation file of software that includes at least one execution file and at least one data file which are stored in a user terminal is executed. Accordingly, at least one virtual execution file corresponding to the at least one execution file and at least one virtual data file corresponding to the at least one data file are installed in a user area of the user terminal, and the at least one execution file, the at least one data file, and a controller for controlling the at least one virtual execution file and the at least one execution file are installed in a security area of the user terminal.06-30-2011
20080244701CONFIGURATION SYSTEM AND METHOD - An authentication method includes determining that a unique overt identifier is associated with a product; detecting that a random covert identifier is associated with the product, wherein the covert identifier includes at least one taggant particle, the unique overt identifier is combined with the random covert identifier, and the unique overt identifier is not a function of the random covert identifier; and comparing the unique overt identifier and the random covert identifier respectively to a unique overt number and a random covert number stored in a database.10-02-2008
20080235766APPARATUS AND METHOD FOR DOCUMENT CERTIFICATION - A method and apparatus for authenticating documents is described. A document from a client is processed to determine if it is authentic and then tags are generated to indicate that a document is authentic or not. The tags can be added to the document before it is sent to a recipient. The document is also stored and made available to the sender, recipient or third party together with a certificate of authenticity.09-25-2008
20080235765INFORMATION PROCESSING APPARATUS, ACCESS CONTROL METHOD, ACCESS CONTROL PROGRAM PRODUCT, RECORDING MEDIUM, AND IMAGE FORMING APPARATUS - A disclosed information processing apparatus to which an application can be added determines whether access to a resource attempted by the application is allowable, based on access control information defining whether the application is given access authority to access the resource. Information regarding the attempted access is saved in a log file in the event that the application attempts to access the resource.09-25-2008
20080235764Resource authorizations dependent on emulation environment isolation policies - A system, method, computer program product, and carrier are described for obtaining a resource authorization dependent upon apparent compliance with a policy of causing an emulation environment to isolate a first software object type from a second software object type and signaling a decision whether to comply with the policy of causing the emulation environment to isolate the first software object type from the second software object type.09-25-2008
20080235762Pressure Map Based Fingerprint Authentication Method and System - A fingerprint system (09-25-2008
20080222699System and Method for Extensible Lobby Services - A server comprising a transceiver configured to support communications from a user terminal and a processor configured to maintain a virtual lobby having one or more variables associated therewith, the processor being further configured to receive from the user terminal one or more variables, and allow the user terminal access to the virtual lobby if each of the one or more variables received from the user terminal match the one or more variables associated with the virtual lobby.09-11-2008
20130179940Protection of Safety Token Against Malware - Security token for the authentication of access to a self-service terminal, comprising an interface for a connection to the self-service terminal, comprising authentication information, characterized by a second interface that allows a connection of a memory stick the contents of which are made available to the self-service terminal, wherein access to the memory stick is dependent on the authentication information.07-11-2013
20080216151Electronic data authenticity assurance method and program - The present invention provides an electronic document authenticity assuring method in which a series of procedures concerning redactable signature are divided into procedures dependent on a document to be signed and procedures dependent on a redactable signature method. Further, the present invention provides program codes that realize the divided procedures and a system comprising apparatuses for implementing those program codes. According to the present invention, even when type of electronic document to be signed is changed or added to, it is sufficient to add a procedure dependent on a document to be signed, without changing procedures dependent on redactable signature methods. Similarly, even when a redactable signature method is to be changed or added, it is sufficient to add a procedure dependent on the redactable signature method without changing procedures dependent on document to be signed.09-04-2008
20130091545DELIVERY OF CUSTOMIZED CONTENT FOR UNIQUELY IDENTIFIED MEMORY DEVICES - In particular embodiments, customized content is determined and provided to a user based on a unique identifier stored on a memory device. In one embodiment, a method of delivering content can include: accessing a unique identifier from a memory device that is removably coupled to a computing device, where the memory device includes the unique identifier and preloaded content; using the unique identifier to determine personalized information about a user of the memory device; authenticating the memory device by using the unique identifier from the memory device; determining customized content for the user if the memory device is authenticated, where the customized content is based on the unique identifier; and providing the customized content for presentation to the user along with the preloaded content and the personalized information.04-11-2013
20130097668METHOD AND APPARATUS FOR OPERATING MOBILE TERMINAL - A method and apparatus for easily restricting a use right and improving use convenience in a mobile terminal are provided. The method includes displaying a profile list for selecting a set operation mode of the mobile terminal from the displayed profile list; setting an operation mode of the mobile terminal as the selected operation mode, when the set operation mode is selected from the displayed profile list; and displaying a screen associated with the selected operation mode, wherein the set operation mode includes an open mode to use all functions of the mobile terminal and a limited mode to use only set functions.04-18-2013
20130125204SYSTEMS AND METHODS OF DEVICE AUTHENTICATION INCLUDING FEATURES OF CIRCUIT TESTING AND VERIFICATION IN CONNECTION WITH KNOWN BOARD INFORMATION - A method and system for authenticating a device, board, assembly or system includes obtaining or processing test/scan information provided via extraction of ECID or other unique identifying information regarding a board.05-16-2013
20130133031Retention Based Intrinsic Fingerprint Identification Featuring A Fuzzy Algorithm and a Dynamic Key - A random intrinsic chip ID generation employs a retention fail signature. A 105-23-2013
20130145424SECURE PROVISION OF A DIGITAL CONTENT PROTECTION SCHEME - Methods, apparatuses and storage medium associated with securely provisioning a digital content protection scheme are disclosed. In various embodiments, a method may include forming a trust relationship between a media application within an application execution environment of a device and a security controller of the device. The application execution environment may include an operating system, and the operating system may control resources within the application execution environment. Additionally, the security controller may be outside the application execution environment, enabling components of the security controller to be secured from components of the operating system. Further, the method may include the security controller in enabling a digital content protection scheme for the media application to provide digital content to a digital content protection enabled transmitter within the application execution environment for provision to a digital content protection enabled receiver. Other embodiments may be disclosed or claimed.06-06-2013
20100275242METHOD OF CONTROLLING APPLICATIONS INSTALLED ON A SECURITY MODULE ASSOCIATED WITH A MOBILE TERMINAL, AND AN ASSOCIATED SECURITY MODULE, MOBILE TERMINAL, AND SERVER - The invention relates to a method of controlling applications installed in a security module associated with a mobile terminal and adapted to increment at least one transaction value during a transaction effected by an application and, if that transaction value reaches an associated predetermined value, sending at least one connection command to a management server and blocking at least one application if the command fails. The invention also relates to a method of managing such applications adapted to receive a connection command, verify the user rights and update at least one transaction value and/or block at least one application as a function of the verification result. The invention further relates to a management server, a mobile terminal and a security module that can be used with a mobile terminal.10-28-2010
20110214158WIRELESS COMMUNICATIONS SYSTEM PROVIDING MOBILE DEVICE AUTHENTICATION BYPASS BASED UPON USER-WEARABLE SECURITY DEVICE AND RELATED METHODS - A wireless communications system may include a user-wearable device including a clasp having open and closed positions, a first wireless security circuit (WSC), and a first controller coupled to the clasp and the first WSC. The system may further include a mobile wireless communications device including a portable housing, an input device(s), a second WSC carried by the portable housing and configured to communicate with the first WSC when in close proximity therewith, and a second controller carried by the portable housing and coupled to the second WSC and the input device(s). The second controller may be configured to enable mobile wireless communications device(s) function based upon a manual entry of an authentication code via the input device(s), and bypass the manual entry and enable the mobile wireless communications device function(s) based upon a communication from the user-wearable device and a position of the clasp.09-01-2011
20080201764METHOD AND SYSTEM FOR CONTROLLING THE SMART ELECTRIC APPLIANCE - The present invention discloses a method for controlling the smart electric appliance by connecting a key device to a smart electric appliance and performing control operations on the smart electric appliance in accordance with the control settings for the key device after positively authenticating the internal device descriptor of the key device. Also, the present invention discloses a system according to the method mentioned above, including a smart electric appliance comprising a USB interface module, an authentication module, an execution module and a general control module, and a key device comprising a smart storage module. By introducing the key device, authenticating the key device before allowance of use of the smart electric appliance, and setting different control operation levels for different users of the smart electric appliance, it becomes very secure to use the smart electric appliance, while it becomes more flexible to use the same.08-21-2008
20120284772DATA STORAGE DEVICE AUTHENTICATION APPARATUS AND DATA STORAGE DEVICE INCLUDING AUTHENTICATION APPARATUS CONNECTOR - An authentication apparatus includes a data storage unit for storing authentication apparatus identification information, an interface unit for connecting to a host device through a first interface, and an authentication processor that executes an authentication process using the authentication apparatus identification information stored in the data storage unit. The authentication processor executes the authentication process upon receipt of an authentication request signal from the host device through the interface unit, and outputs an authentication response signal including data indicative of a result of the authentication process to the host device via the interface unit. The authentication request signal is for requesting authentication of a data storage device connected to the host device through a second interface.11-08-2012
20130160078USER AUTHENTICATION APPARATUS AND METHOD THEREOF - A user authentication apparatus includes an information collection unit which collects user information from a plurality of personal devices of a user within a predetermined distance, and a control unit which identifies the user as a user corresponding to the collected information based on the amount of user information collected. Accordingly, user authentication can be easily performed using devices of a user, resulting in increased user convenience.06-20-2013
20130185764FILE SYSTEM ACCESS FOR ONE OR MORE SANDBOXED APPLICATIONS - Methods, systems, and machine-readable storage medium are described wherein, in one embodiment, identifiers, such as bookmarks, are used to allow access to files or folders in a sandboxed environment. One or more applications are restricted by an access control system, which can be, for example, a trusted software component of an operating system. In one embodiment, the bookmarks or other identifiers allow an application to have access to a file even if the file is renamed or moved by a user while the application has been terminated. In one embodiment, a resource manager, or other trusted access control system, can interact with an application to allow for the use of bookmarks in an environment in which a sandbox application controls access to the files such that each application must make a request to the sandbox application in order to obtain access to a particular file or folder.07-18-2013
20110314515INTEGRATED PHYSICAL AND LOGICAL SECURITY MANAGEMENT VIA A PORTABLE DEVICE - Integrated physical and logical security management is extended to a mobile device, such as a portable wireless device or radio The Mobile-IMPACT solution extends the reach of authonzed users to hand-held devices for momtoπng, managing and/or controlling of IT/network and physical security Allowing authorized users to view and control access events while not in their office and logged into their console, mobility within and outside of a facility or campus organization no longer requires a laptop computer With new handheld technologies more widely accessiable and dropping in mice while still gaining additional functionality, a chief security officer and their security staff can now monitor access to their building/doors/control zones, look-up user and card information, trigger queries/reports, set new alarm conditions and monitor sensors or a perimeter from a handheld device anywhere in the world using an electronic communication medium.12-22-2011
20110314514METHOD AND APPARATUS FOR PROVIDING SCAN CHAIN SECURITY - A scan chain security capability is provided herein. The scan chain security capability enables secure control over normal use of a scan chain of a system, e.g., for purposes such as testing prior to deployment or sale of the system, in-field testing after deployment or sale of the system, in-field modification of the system, and the like. The scan chain security capability enables secure control over normal use of a scan chain by enabling control over interruption of a scan chain and re-establishment of an interrupted scan chain. A scan chain security component is configured for removing an open-circuit condition from the scan chain in response to a control signal. The control signal may be generated in response to validation of a security key, in response to successful completion of a challenge-based authentication process, or in response to any other suitable validation or authentication. The scan chain security component also may be configured for creating an open-circuit condition in the scan chain in response to a second control signal. The second control signal may be a scan register value received via the scan chain.12-22-2011
20080320555RESET-TOLERANT AUTHENTICATION DEVICE - An authentication device comprises a processor having a reset input, a trigger source coupled to the reset input of the processor, and interface circuitry for outputting codes generated by the processor. The trigger source may comprise, for example, a trigger button having an associated switch that when actuated supplies a reset to the reset input. The processor is configured to analyze a given reset applied to the reset input to determine if the reset is an inadvertent reset or a reset generated by the trigger source. The processor generates a code responsive to the reset if the reset is determined to be a reset generated by the trigger source. The code may be supplied to a host device which communicates the code to an authentication server for authentication.12-25-2008
20080313707Token-based system and method for secure authentication to a service provider - A method is provided for authenticating the current user of a device to a service provider. The method comprises (a) capturing an initial set of credentials from the owner of the device; (b) storing the initial set of credentials in a memory provided in the device; (c) storing the owner's secrets corresponding to a plurality of service providers in the memory provided in the device; (d) receiving an authentication request from one of said plurality of service providers; (e) in response to the authentication request, capturing a set of credentials from the current user of the device; and (f) revealing the owner's secrets which correspond to the service provider requesting the authentication if and only if the current user's credentials match the owner's credentials.12-18-2008
20120030730PROVIDING A MULTI-PHASE LOCKSTEP INTEGRITY REPORTING MECHANISM - In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.02-02-2012
20080263630Confidential File Protecting Method and Confidential File Protecting Device for Security Measure Application - A confidential file protecting method for a security measure application is provided that can restrain degradation in the performance of a security measure application, and surely protect a confidential file. The confidential file protecting method for a security measure application according to the present invention is characterized by comprising: a first step of communicating between a authentication module for authenticating an application requesting access to the confidential file and a communication module implemented in the security measure application, and authenticating the application as an application permitted to access the confidential file and recording the application as an authenticated application in a management table if the communication module sends back a valid response code; and a second step by said authentication module, of permitting the request to access to said confidential file to access if the access requesting application is an authenticated application that has been recorded in said management table.10-23-2008
20120066741ELECTRONIC KEY FOR AUTHENTICATION - An electronic key supports a plurality of authentication methods and effectively prevents bidding-down attacks. For this purpose, security information is additionally provided by the electronic key, based on which a card reading device recognizes which authentication methods are supported by the electronic key. When the reading device recognizes based on said information that the electronic key supports a stronger second authentication method, but the authentication method was not recognized by the card reading device, the electronic key is, for example, rejected.03-15-2012
20120066740SYSTEM, METHOD AND APPARATUS FOR ENABLING TRANSACTIONS USING A USER ENABLED PROGRAMMABLE MAGNETIC STRIPE - The present invention provides a system, method and apparatus that includes a user device having a magnetic field generator disposed within a substrate that is normally inactive, an initiator mounted on the substrate, a memory disposed within the substrate and a processor disposed within the substrate that is communicably coupled to the magnetic field generator, the initiator and the memory. The processor is operable to process information received from the initiator, generate a time varying code in response to the received information and activate the magnetic field generator. A power source is also disposed within the substrate. The magnetic field generator can create a spatial magnetic signal using a magnetic stripe and one or more induction coils, or create a time-varying magnetic signal for emulating data obtained from swiping a traditional magnetic stripe card through a magnetic card reader.03-15-2012
20120084832Time Managed Challenge-Response Test - A method of generating a time managed challenge-response test is presented. The method identifies a geometric shape having a volume and generates an entry object of the time managed challenge-response test. The entry object is overlaid onto the geometric shape, such that the entry object is distributed over a surface of the geometric shape, and a portion of the entry object is hidden at any point in time. The geometric shape is rotated, which reveals the portion of the entry object that is hidden. A display region on a display is identified for rendering the geometric shape and the geometric shape is presented in the display region of the display.04-05-2012
20120096516Software Signing Certificate Reputation Model - A request from a software developer is received to digitally sign software included in the request. A security policy associated with the software developer is accessed where the security policy describes criteria for valid request by the software developer. A determination is made whether the request is valid based at least in part on the security policy. The software is digitally signed responsive to the determination indicating that the request is valid. The digitally signed software is provided to the software developer.04-19-2012
20130212642Resilient Device Authentication System - A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data.08-15-2013

Patent applications in class ACCESS CONTROL OR AUTHENTICATION

Patent applications in all subclasses ACCESS CONTROL OR AUTHENTICATION